Privacy Act of 1974: Implementation of Exemptions; U.S. Department of Homeland Security, U.S. Customs and Border Protection-002 Trusted and Registered Traveler Programs System of Records

AGENCY:

U.S. Customs and Border Protection, U.S. Department of Homeland Security.

ACTION:

Final rule.

SUMMARY:

The U.S. Department of Homeland Security (DHS) is issuing a final rule to amend its regulations to exempt portions of a newly updated and reissued system of records titled, “DHS/U.S. Customs and Border Protection-002 Trusted and Registered Traveler Programs (TRTP) System of Records” from certain provisions of the Privacy Act. Specifically, the Department exempts portions of this system of records from one or more provisions of the Privacy Act because of criminal, civil, and administrative enforcement requirements.

DATES:

This final rule is effective September 10, 2021.

FOR FURTHER INFORMATION CONTACT:

For general questions please contact: Debra Danisek, Privacy.CBP@cbp.dhs.gov, (202) 344-1610, CBP Privacy Officer, U.S. Customs and Border Protection, 1300 Pennsylvania Avenue NW, Washington, DC 20229. For privacy issues please contact: Lynn Parker Dupree, (202) 343-1717, Chief Privacy Officer, Privacy Office, U.S. Department of Homeland Security, Washington, DC 20528.

SUPPLEMENTARY INFORMATION:

I. Background

The U.S. Department of Homeland Security (DHS) U.S. Customs and Border Protection (CBP) published a notice of proposed rulemaking in the Federal Register, 85 FR 14176 (March 11, 2020), proposing to exempt portions of the system of records from one or more provisions of the Privacy Act because of criminal, civil, and administrative enforcement requirements. DHS issued the “DHS/CBP-002 Trusted and Registered Traveler Programs System of Records” in the Federal Register at 85 FR 14214 (March 11, 2020), to provide notice to the public that (1) DHS/CBP updated the name of the system of records from Global Enrollment System (GES); (2) DHS/CBP provided a more comprehensive description of the trusted and registered traveler programs to include Global Entry, NEXUS, Secure Electronic Network for Travelers Rapid Inspection (SENTRI), Free and Secure Trade (FAST) program, and U.S.-Asia Economic Cooperation (APEC) Business Travel Card (ABTC) Program; and (3) DHS/CBP removed references to CBP Trusted Worker Programs which are covered by the DHS/CBP-010 Persons Engaged in International Trade in Customs and Border Protection Licensed/Regulated Activities System of Records Notice, 73 FR 77753 (December 19, 2008).

DHS/CBP invited comments on both the notice of proposed rulemaking (NPRM) and System of Records Notice (SORN).

II. Public Comments

DHS received no comments on the NPRM and one non-substantive comment on the SORN. After full consideration of the public comment, the Department will implement the rulemaking as proposed.

List of Subjects in 6 CFR Part 5

• Freedom of information
• Privacy

For the reasons stated in the preamble, DHS amends chapter I of title 6, Code of Federal Regulations, as follows:

PART 5—DISCLOSURE OF RECORDS AND INFORMATION

1. The authority citation for part 5 continues to read as follows:

Authority: 6 U.S.C. 101 et seq.; Pub. L. 107-296, 116 Stat. 2135; 5 U.S.C. 301.

Subpart A also issued under 5 U.S.C. 552.

Subpart B also issued under 5 U.S.C. 552a.

2. Amend appendix C to part 5 by adding paragraph 84 to read as follows:

Appendix C to Part 5—DHS Systems of Records Exempt From the Privacy Act

84. The U.S. Department of Homeland Security (DHS)/U.S. Customs and Border Protection (CBP)-002 Trusted and Registered Traveler Program (TRTP) System of Records consists of electronic and paper records and will be used by DHS and its components. The DHS/CBP-002 TRTP System of Records collects and maintains records on individuals who voluntarily provide personally identifiable information to U.S. Customs and Border Protection in return for enrollment in a program that will make them eligible for dedicated CBP processing at designated U.S. border ports of entry and foreign preclearance facilities. The DHS/CBP-002 TRTP system of records contains personally identifiable information in biographic application data, biometric information, conveyance information, pointer information to other law enforcement databases that support the DHS/CBP membership decision, Law Enforcement risk assessment worksheets, payment tracking numbers, and U.S. or foreign trusted traveler membership decisions in the form of a “pass/fail.”

The Secretary of Homeland Security, pursuant to 5 U.S.C. 552a(j)(2), has exempted this system from the following provisions of the Privacy Act: 552a(c)(3), (c)(4); (d); (e)(1), (e)(2), (e)(3), (e)(4)(G), (e)(4)(H), (e)(4)(I), (e)(5), (e)(8); (f); and (g)(1). Additionally, the Secretary of Homeland Security, pursuant to 5 U.S.C. 552a(k)(2), has exempted records created during the background check and vetting process from the following provisions of the Privacy Act: 5 U.S.C. 552a(c)(3); (d); (e)(1), (e)(4)(G), (e)(4)(H), (e)(4)(I); and (f).

Also, the Privacy Act requires DHS maintain an accounting of such disclosures made pursuant to all routine uses. However, disclosing the fact that CBP has disclosed records to an external law enforcement and/or intelligence agency may affect ongoing law enforcement, intelligence, or national security activity. As such, the Secretary of Homeland Security, pursuant to 5 U.S.C. 552a(j)(2) and (k)(2) has exempted these records from (c)(3), (e)(8), and (g)(1) of the Privacy Act, as is necessary and appropriate to protect this information.

In addition, when a record received from another system has been exempted in that source system under 5 U.S.C. 552a(j)(2), DHS will claim the same exemptions for those records that are claimed for the original primary systems of records from which they originated and claims any additional exemptions set forth here.

Finally, in its discretion, CBP will not assert any exemptions with regard to accessing or amending an individual's application data in a trusted or registered traveler program or accessing their final membership determination in the trusted or registered traveler programs.

Exemptions from these particular subsections are justified, on a case-by-case basis to be determined at the time a request is made, for the following reasons:

(a) From subsection (c)(3) and (4) (Accounting for Disclosures) because release of the accounting of disclosures could alert the subject of an investigation of an actual or potential criminal, civil, or regulatory violation to the existence of that investigation and reveal investigative interest on the part of DHS as well as the recipient agency. Disclosure of the accounting would therefore present a serious impediment to law enforcement efforts and/or efforts to preserve national security. Disclosure of the accounting would also permit the individual who is the subject of a record to impede the investigation, to tamper with witnesses or evidence, and to avoid detection or apprehension, which would undermine the entire investigative process. When an investigation has been completed, information on disclosures made may continue to be exempted if the fact that an investigation occurred remains sensitive after completion.

(b) From subsection (d) (Access and Amendment to Records) because access to certain records contained in this system of records could inform the subject of an investigation of an actual or potential criminal, civil, or regulatory violation to the existence of that investigation and reveal investigative interest on the part of DHS or another agency. Access to certain records could also permit the individual who is the subject of a record to impede the investigation, to tamper with witnesses or evidence, and to avoid detection or apprehension. Amendment of certain records could interfere with ongoing investigations and law enforcement activities. Further, permitting amendment to counterintelligence records after an investigation has been completed would impose an unmanageable administrative burden. In addition, permitting access and amendment to such information could disclose security-sensitive information that could be detrimental to homeland security.

(c) From subsection (e)(1) (Relevancy and Necessity of Information) because in the course of investigations into potential violations of federal law, the accuracy of information obtained or introduced occasionally may be unclear, or the information may not be strictly relevant or necessary to a specific investigation. In the interests of effective law enforcement, it is appropriate to retain all information that may aid in establishing patterns of unlawful activity.

(d) From subsection (e)(2) (Collection of Information from Individuals) because requiring that information be collected from the subject of an investigation would alert the subject to the nature or existence of the investigation, thereby interfering with that investigation and related law enforcement activities.

(e) From subsection (e)(3) (Notice to Subjects) because providing such detailed information could impede law enforcement by compromising the existence of a confidential investigation or reveal the identity of witnesses or confidential informants.

(f) From subsections (e)(4)(G), (e)(4)(H), and (e)(4)(I) (Agency Requirements) and (f) (Agency Rules), because portions of this system are exempt from the individual access provisions of subsection (d) for the reasons noted above, and therefore DHS is not required to establish requirements, rules, or procedures with respect to such access. Providing notice to individuals with respect to existence of records pertaining to them in the system of records or otherwise setting up procedures pursuant to which individuals may access and view records pertaining to themselves in the system would undermine investigative efforts and reveal the identities of witnesses, and potential witnesses, and confidential informants.

(g) From subsection (e)(5) (Collection of Information) because with the collection of information for law enforcement purposes, it is impossible to determine in advance what information is accurate, relevant, timely, and complete.

(h) From subsection (e)(8) (Notice on Individuals) because compliance would interfere with DHS's ability to obtain, serve, and issue subpoenas, warrants, and other law enforcement mechanisms that may be filed under seal and could result in disclosure of investigative techniques, procedures, and evidence.

(i) From subsection (g)(1) (Civil Remedies) to the extent that the system is exempt from other specific subsections of the Privacy Act.