Privacy Act of 1974; Systems of Records

AGENCY:

Privacy Office; Department of Homeland Security.

ACTION:

Notice of Privacy Act system of records.

SUMMARY:

The Bureau of Customs and Border Protection proposes to revise its system of records for collecting carrier, broker and importer/exporter account information to both update the system and to add as a category of records the customs declarations that postal mailers are required to complete for international mail transactions.

DATES:

The new system of records will be effective February 21, 2006 unless comments are received that result in a contrary determination.

ADDRESSES:

You may submit comments, identified by DHS-2005-0054, by one of the following methods:

• Federal eRulemaking Portal: http://www.regulations.gov . Follow the instructions for submitting comments via docket number DHS-2005-0054.
• Fax: 202-572-8727.
• Mail: Comments by mail are to be addressed to the Regulations Branch, Office of Regulations and Rulings, Bureau of Customs and Border Protection, 1300 Pennsylvania Avenue, NW. (Mint Annex), Washington, DC 20229. Comments by mail may also be submitted to Maureen Cooney, Acting Chief Privacy Officer, Department of Homeland Security, 601 S. 12th Street, Arlington, VA 22202-4220.

Instructions: All submissions received must include the agency name and docket number for this rulemaking. All comments received will be posted without change to http://www.regulations.gov , including any personal information provided. For detailed instructions on submitting comments and additional information on the rulemaking process, see the “Public Participation” heading of the SUPPLEMENTARY INFORMATION section of this document.

Docket: For access to the docket to read background documents or comments received, go to http://www.regulations.gov . Submitted comments may also be inspected during regular business days between the hours of 9 a.m. and 4:30 p.m. at the Regulations Branch, Office of Regulations and Rulings, Bureau of Customs and Border Protection, 799 9th Street, NW., 5th Floor, Washington, DC. Arrangements to inspect submitted comments should be made in advance by calling Mr. Joseph Clark at (202) 572-8768.

FOR FURTHER INFORMATION CONTACT:

Laurence E. Castelli (202-572-8712), Chief, Privacy Act Policy and Procedures Branch, Bureau of Customs and Border Protection, Office of Regulations & Rulings, Mint Annex, 1300 Pennsylvania Ave., NW., Washington, DC 20229.

SUPPLEMENTARY INFORMATION:

The Bureau of Customs and Border Protection (CBP) is engaged in a multi-year modernization effort to update its information systems. As part of this modernization effort, CBP has developed the Automated Commercial Environment (ACE) to streamline business processes, to facilitate growth in trade, to ensure cargo security, to provide means to combat terrorism through monitoring what materials and which persons enter and leave the country, and to foster participation in global commerce, while ensuring compliance with U.S. laws and regulations. ACE replaces CBP's current Automated Commercial System, a twenty-plus-year-old trade information database.

The operation of ACE will require that CBP collect personally identifiable information from importers, brokers, truck carriers, and U.S. Postal Service customs declarations. The system will also include personally identifiable information about CBP employees and employees of other agencies. The information that is collected will be used to operate the automated commercial environment in order to assist in protecting the country's borders by monitoring and regulating incoming cargo and people.

The Privacy Act embodies fair information principles in a statutory framework governing the means by which the United States Government collects, maintains, uses and disseminates personally identifiable information. The Privacy Act applies to information that is maintained in a “system of records.” A “system of records” is a group of any records under the control of an agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual. In the Privacy Act, individual is defined to encompass United States citizens and legal permanent residents. ACE involves the collection of information that will be maintained in a system of records.

The Privacy Act requires each agency to publish in the Federal Register a description denoting the type and character of each system of records that the agency maintains, and the routine uses that are contained in each system in order to make agency recordkeeping practices transparent, to notify individuals regarding the uses to which personally identifiable information is put, and to assist the individual to more easily find such files within the agency.

DHS is here publishing a description of the Automated Commercial Environment system of records. In accordance with 5 U.S,C. 552a(r), a report concerning this record system has been sent to the Office of Management and Budget and to the Congress.

Interested persons are invited to participate in this rulemaking by submitting written data, views, or arguments on all aspects of the proposed rule. CBP also invites comments that relate to the economic, environmental, or federalism affects that might result from this proposed rule. Comments that will provide the most assistance to CBP in developing these procedures will reference a specific portion of the proposed rule, explain the reason for any recommended change, and include data, information, or authority that support such recommended change.

DHS/CBP-001

System Name:

Automated Commercial Environment/International Trade Data System (ACE/ITDS).

System Location:

This computer database is located at the Bureau of Customs and Border Protection (CBP) National Data Center in Washington, DC. Computer terminals are located at Customhouses and ports throughout the United States and at CBP Headquarters, Washington, DC, as well as appropriate facilities for other participating government agencies.

Categories of Individuals Covered by the System:

Individuals involved in the importation of merchandise, members of the trade community, including but not limited to truck carriers, vessel, vehicle, and aircraft operators or crew, Customhouse brokers, importers and their authorized agents (i.e., trade users), persons required to file Customs Declarations for international mail transactions (including sender and recipient), DHS/CBP employees, and employees of other Federal Government agencies.

Categories of Records in the System:

The database is comprised of carrier, broker, and importer/exporter account information (this includes personally identifying information (name and address, phone and/or fax), as well as the Significant Activity Log (a message log between the ACE Portal Account Owner and CBP that tracks their communications sent through ACE) and the Action Plans referenced in the Significant Activity Log), entry information, and manifest information. The database also includes information obtained from Customs declarations filed with the United States Postal Service in connection with the import or export of goods through the mail. System files may contain information about DHS/CBP employees, other Federal employees, companies, and individuals involved in commercial land, sea, and/or air border transactions.

The following information may be stored in the database for the establishment of an ACE Secure Data Portal truck carrier account: Carrier name, Carrier address, Carrier identification (i.e., the truck carrier identification SCAC code (the unique Standard Carrier Alpha Code) assigned for each carrier by the National Motor Freight Traffic Association), Department of Transportation number, Taxpayer ID number, DUNS (Dun and Bradstreet Number), Organizational structure, Name of Insurer, Policy number, Date of Issuance and Amount. The carrier can create users and points of contact, and may also choose to store details associated with driver/crew, conveyance, and equipment for purposes of expediting the creation of manifests.

The ACE database is also comprised of manifest information that includes specific details regarding the crew or drivers as well as passengers involved in a commercial land border crossing. For crew or drivers, the system will include:

(1) Person on arriving conveyance who is in charge; (2) Names of all crew members; (3) Date of birth of each crew member; (4) Commercial driver's license (CDL)/drivers license number for each crew member; (5) CDL/driver's license State/province of issuance for each crew member; (6) CDL country of issuance for each crew member; (7) Travel document number for each crew member; (8) Travel document country of issuance for each crew member; (9) Travel document State/province of issuance for each crew member; (10) Travel document type for each crew member; (11) Address for each crew member; (12) Gender of each crew member; (13) Nationality/citizenship of each crew member; (14) Hazmat endorsement for each crew member.

For passengers, the information consists of: (1) Names of all passengers; (2) Date of birth of each passenger; (3) Travel document number for each passenger; (4) Travel document country of issuance for each passenger; (5) Travel document State/province of issuance for each passenger; (6) Travel document type for each passenger; (7) Gender of each passenger; (8) Nationality of each passenger.

Further, the ACE database includes specific details regarding trips, equipment, conveyances, and shipments, but this information does not primarily identify individuals, except those who might be shippers or consignees.

Authority for Maintenance of the System:

19 U.S.C. 66, 1448, 1481, 1483, 1484, 1505, 1624, and 2071.

Routine Uses of Records Maintained in the System, Including Categories of Users and the Purposes of Such Uses:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed outside DHS as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

(1) To the Bureau of the Census by providing magnetic tapes or other form of electronic data transmission containing foreign trade data;

(2) To appropriate Federal, State, local, foreign, or tribal agencies responsible for investigating or prosecuting the violations of, or for enforcing or implementing, a statute, rule, regulation, order, or license, where CBP becomes aware of an indication of a violation or potential violation of civil or criminal law or regulation;

(3) To a Federal, State, local, tribal, territorial, foreign, or international agency, maintaining civil, criminal or other relevant enforcement information or other pertinent information, which has requested information relevant to or necessary to the requesting agency's or the bureau's hiring or retention of an individual, or issuance of a security clearance, license, contract, grant, or other benefit;

(4) To a court, magistrate, or administrative tribunal in the course of presenting evidence, including disclosures to opposing counsel or witnesses in the course of civil discovery, litigation, or settlement negotiations, in response to a subpoena, or in connection with criminal law proceedings;

(5) To third parties during the course of an investigation to the extent necessary to obtain information pertinent to the investigation;

(6) To an agency, organization, or individual for the purposes of performing authorized audit or oversight operations;

(7) To a congressional office from the record of an individual in response to an inquiry from that congressional office made at the request of the individual to whom the record pertains;

(8) To contractors, grantees, experts, consultants, students, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for the Federal Government, when necessary to accomplish an agency function related to this system of records;

(9) To the Department of Justice, the United States Attorney's Office, or a consumer reporting agency for further collection action on any delinquent debt when circumstances warrant;

(10) To a former employee of the Department for purposes of: responding to an official inquiry by a Federal, State, or local government entity or professional licensing authority, in accordance with applicable Department regulations; or facilitating communications with a former employee that may be necessary for personnel-related or other official purposes where the Department requires information and/or consultation assistance from the former employee regarding a matter within that person's former area of responsibility;

(11) To an organization or individual in either the public or private sector, either foreign or domestic, where there is a reason to believe that the recipient is or could become the target of a particular terrorist activity or conspiracy, to the extent the information is relevant to the protection of life or property;

(12) To the Department of Justice or other Federal agency conducting litigation or in proceedings before any court, adjudicative or administrative body, when: (a) DHS, or (b) any employee of DHS in his/her official capacity, or (c) any employee of DHS in his/her individual capacity where DOJ or DHS has agreed to represent the employee, or (d) the United States or any agency thereof, is a party to the litigation or has an interest in such litigation;

(13) To the National Archives and Records Administration or other federal government agencies pursuant to records management inspections being conducted under the authority of 44 U.S.C. Sections 2904 and 2906;

(14) To a Federal, State, local, tribal, territorial, foreign, or international agency, if necessary to obtain information relevant to a Department of Homeland Security decision concerning the hiring or retention of an employee, the issuance of a security clearance, the reporting of an investigation of an employee, the letting of a contract, or the issuance of a license, grant or other benefit;

(15) To a Federal agency, pursuant to the International Trade Data System Memorandum of Understanding, consistent with the receiving agency's legal authority to collect information pertaining to and/or regulate transactions in international trade.

Policies and Practices for Storing, Retrieving, Accessing, Retaining, Disposing of Records in the System:

Storage:

The data is stored electronically at the CBP Data Center for current data and offsite at an alternative data storage facility for historical logs and system backups.

Retrievability:

The data is retrievable by name or personal identifier from an electronic database. Only individuals with a need to know can access the data. The system manager, in addition, has the capability to maintain system back-ups for the purpose of supporting continuity of operations and the discrete need to isolate and copy specific data access transactions for the purpose of conducting security incident investigations.

Safeguards:

Access to the computer area is controlled by a security pass arrangement and personnel not connected with the operation of the computer are prohibited from entering. The building security is protected by a uniformed guard. Access at the ports is in the booths and from any PC connected to the LAN. At the ports of processing, terminal rooms are under close supervision during working hours and locked after close of business. The system security officer issues a unique private five digit identification code to each authorized user. Access to the computer from other than system terminals is controlled through a security software package. Users must input a unique identification code and password during the terminal log-in procedure to gain access to the system. The password is not printed or displayed at the port of processing. The system validates the user ID by transaction type, thereby limiting a system user's access to information on a “need-to-know” basis. A listing of identification codes of authorized users can be printed only by request of the security officer. The passwords are changed periodically to enhance security.

Retention and Disposal:

Files are retained on-line in a system database. Personal information collected in ACE as part of the regulation of incoming cargo and people will be retained in accordance with the U.S. Customs Records Schedules approved by the National Archive and Records Administration for the forms on which the data is submitted. This means that cargo, crew, driver, and passenger information collected from a manifest presented in connection with the arrival of a vessel, vehicle or aircraft will be retained for six years. Information collected in connection with the submission of a Postal Declaration for a mail importation will be retained for a maximum of six years and three months (as set forth pursuant to NARA Authority N1-36-86-1, U.S. Customs Records Schedule, Schedule 9 Entry Processing, Items 4 and 5). Personal information collected in connection with the creation of a carrier, broker, or importer/exporter account will be retained for up to three years following the closing of the account either through withdrawal by the individual or denial of access by CBP. Lastly, information pertaining to CBP and PGA employees will be retained for as long as the individual maintains her or his portal access to ACE and authorization to access the information.

System Manager(s) and Address:

Director, Office of Automated Systems, U.S. Customs and Border Protection Headquarters, 1300 Pennsylvania Avenue, NW., Washington, DC 20229.

Notification Procedures:

To determine whether this system contains records relating to you, write to Customer Satisfaction Unit, Office of Field Operations, U.S. Customs and Border Protection, Room 5.5-C, 1300 Pennsylvania Avenue, NW., Washington, DC 20229 (phone: (202) 344-1850 and fax: (202) 344-2791).

Record Access Procedures:

Requests for notification or access must be in writing and should be addressed to the Customer Satisfaction Unit, Office of Field Operations, U.S. Customs and Border Protection, Room 5.5-C, 1300 Pennsylvania Avenue, NW., Washington, DC 20229. Requests should conform to the requirements of 6 CFR part 5, subpart B, which provides the rules for requesting access to Privacy Act records maintained by DHS. The envelope and letter should be clearly marked “Privacy Act Access Request.” The request should include a general description of the records sound and must include the requester's full name, current address, and data and place of birth. The request must be signed and either notarized or submitted under penalty of perjury.

Additionally, operational record access may be obtained through the ACE Secure Data Portal for those individuals and entities who have been approved access in accordance with the procedures published in the Federal Register at 67 FR 21800 dated May 1, 2002.

Contesting Record Procedures:

Same as “Record Access Procedures.”

Record Source Categories:

The system contains data received on authorized CBP forms or electronic formats from individuals and/or companies incidental to the conduct of foreign trade and required by CBP in administering the tariff laws and regulations of the United States. The system also contains information pertaining to International Mail Transactions, which is obtained from the United States Postal Service by electronic data transmission.

Exemptions Claimed for the System:

None.