Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/National Protection and Programs Directorate-002 Chemical Facility Anti-Terrorism Standards Personnel Surety Program System of Records, 34616-34618 [2011-14386]

Agencies

• Office of the Secretary
• DEPARTMENT OF HOMELAND SECURITY

[Federal Register Volume 76, Number 114 (Tuesday, June 14, 2011)]
[Proposed Rules]
[Pages 34616-34618]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2011-14386]


========================================================================
Proposed Rules
                                                Federal Register
________________________________________________________________________

This section of the FEDERAL REGISTER contains notices to the public of 
the proposed issuance of rules and regulations. The purpose of these 
notices is to give interested persons an opportunity to participate in 
the rule making prior to the adoption of the final rules.

========================================================================


Federal Register / Vol. 76, No. 114 / Tuesday, June 14, 2011 / 
Proposed Rules

[[Page 34616]]



DEPARTMENT OF HOMELAND SECURITY

Office of the Secretary

6 CFR Part 5

[Docket No. DHS-2011-0033]


Privacy Act of 1974: Implementation of Exemptions; Department of 
Homeland Security/National Protection and Programs Directorate--002 
Chemical Facility Anti-Terrorism Standards Personnel Surety Program 
System of Records

AGENCY: Privacy Office, DHS.

ACTION: Notice of proposed rulemaking.

-----------------------------------------------------------------------

SUMMARY: The Department of Homeland Security is giving concurrent 
notice of a newly established system of records pursuant to the Privacy 
Act of 1974 for the Department of Homeland Security/National Protection 
and Programs Directorate--002 Chemical Facility Anti-Terrorism 
Standards Personnel Surety Program System of Records and this proposed 
rulemaking. In this proposed rulemaking, the Department proposes to 
exempt portions of the system of records from one or more provisions of 
the Privacy Act because of criminal, civil, and administrative 
enforcement requirements.

DATES: Comments must be received on or before July 14, 2011.

ADDRESSES: You may submit comments, identified by docket number DHS-
2011-0033, by one of the following methods:
     Federal e-Rulemaking Portal: https://www.regulations.gov. 
Follow the instructions for submitting comments.
     Fax: 703-483-2999.
     Mail: Mary Ellen Callahan, Chief Privacy Officer, Privacy 
Office, Department of Homeland Security, Washington, DC 20528.
     Instructions: All submissions received must include the 
agency name and docket number for this rulemaking. All comments 
received will be posted without change to https://www.regulations.gov, 
including any personal information provided.
     Docket: For access to the docket to read background 
documents or comments received go to https://www.regulations.gov.
    Instructions: All submissions received must include the agency name 
and docket number for this notice. All comments received will be posted 
without change to https://www.regulations.gov, including any personal 
information provided.
    Docket: For access to the docket to read background documents or 
comments received, go to https://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: For general questions please contact: 
Emily Andrew (703-235-2182), Privacy Officer, National Protection and 
Programs Directorate, Department of Homeland Security, Washington, DC 
20528. For privacy issues please contact: Mary Ellen Callahan (703-235-
0780), Chief Privacy Officer, Privacy Office, Department of Homeland 
Security, Washington, DC 20528.

SUPPLEMENTARY INFORMATION: 

I. Background

    In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the 
Department of Homeland Security (DHS)/National Protection and Programs 
Directorate (NPPD) proposes to establish a DHS system of records 
titled, ``DHS/NPPD--002 Chemical Facility Anti-Terrorism Standards 
Personnel Surety Program System of Records.''
    On October 4, 2006, the President signed the DHS Appropriations Act 
of 2007 (the Act), Public Law 109-295. Section 550 of the Act (Section 
550) provides DHS with the authority to regulate the security of high-
risk chemical facilities. DHS has promulgated regulations implementing 
Section 550, the Chemical Facility Anti-Terrorism Standards (CFATS), 6 
CFR part 27.
    Section 550 requires that DHS establish Risk Based Performance 
Standards (RBPS) as part of CFATS. RBPS-12 (6 CFR 27.230(a)(12)(iv)) 
requires that regulated chemical facilities implement ``measures 
designed to identify people with terrorist ties.'' The ability to 
identify individuals with terrorist ties is an inherently governmental 
function and requires the use of information held in government-
maintained databases, which are unavailable to high-risk chemical 
facilities. Therefore, DHS is implementing the CFATS Personnel Surety 
Program, which will allow chemical facilities to comply with RBPS-12 by 
implementing ``measures designed to identify people with terrorist 
ties.''
    The CFATS Personnel Surety Program will work with the DHS 
Transportation Security Administration (TSA) to identify individuals 
who have terrorist ties by vetting information submitted by each high-
risk chemical facility against the Terrorist Screening Database (TSDB). 
The TSDB is the Federal government's consolidated and integrated 
terrorist watchlist of known and suspected terrorists, maintained by 
the Department of Justice (DOJ) Federal Bureau of Investigation's (FBI) 
Terrorist Screening Center (TSC). For more information on the TSDB, see 
DOJ/FBI--019 Terrorist Screening Records System, 72 FR 47073 (August 
22, 2007).
    High-risk chemical facilities or their designees will submit the 
information of: (1) Facility personnel who have or are seeking access, 
either unescorted or otherwise, to restricted areas or critical assets; 
and (2) unescorted visitors who have or are seeking access to 
restricted areas or critical assets. These persons, about whom high-
risk chemical facilities and facilities' designees will submit 
information to DHS, are referred to in this notice as ``affected 
individuals.'' Individual high-risk facilities may classify particular 
contractors or categories of contractors either as ``facility 
personnel'' or as ``visitors.'' This determination should be a 
facility-specific determination, and should be based on facility 
security, operational requirements, and business practices.
    Information will be submitted to DHS/NPPD through the Chemical 
Security Assessment Tool (CSAT), the online data collection portal for 
CFATS. The high-risk chemical facility or its designees will submit the 
information of affected individuals to DHS through CSAT. The submitters 
of this information (``Submitters'') for each high-risk chemical 
facility will also affirm, to the best of their ability, that the 
information is: (1) True, correct, and complete; and (2) collected and 
submitted in compliance with the facility's Site Security Plan (SSP) or

[[Page 34617]]

Alternative Security Program (ASP), as reviewed and authorized and/or 
approved in accordance with 6 CFR 27.245. The Submitter(s) of each 
high-risk chemical facility will also affirm that, in accordance with 
their Site Security Plans, notice required by the Privacy Act of 1974, 
5 U.S.C. Sec.  552a, has been given to affected individuals before 
their information is submitted to DHS.
    DHS will send a verification of receipt to the Submitter(s) of each 
high-risk chemical facility when a high-risk chemical facility: (1) 
Submits information about an affected individual for the first time; 
(2) submits additional, updated, or corrected information about an 
affected individual; and/or (3) notifies DHS that an affected 
individual no longer has or is seeking access to that facility's 
restricted areas or critical assets.
    Upon receipt of each affected individual's information in CSAT, 
DHS/NPPD will send a copy of the information to DHS/TSA. Within DHS/
TSA, the Office of Transportation Threat Assessment and Credentialing 
(TTAC) conducts vetting against the TSDB for several DHS programs. DHS/
TSA/TTAC will compare the information of affected individuals collected 
by DHS (via CSAT) to information in the TSDB. DHS/TSA/TTAC will forward 
potential matches to the DOJ/FBI/TSC, which will make a final 
determination of whether an individual's information is identified as a 
match to a record in the TSDB.
    In certain instances, DHS/NPPD may contact a high-risk chemical 
facility to request additional information (e.g., visa information) 
pertaining to particular individuals in order to clarify suspected data 
errors or resolve potential matches (e.g., in situations where an 
affected individual has a common name). Such requests will not imply, 
and should not be construed to indicate, that an individual's 
information has been confirmed as a match to a TSDB record.
    DHS/NPPD may also conduct data accuracy reviews and audits as part 
of the CFATS Personnel Surety Program. Such reviews may be conducted on 
random samples of affected individuals. To assist with this activity, 
DHS/NPPD may request information pertaining to affected individuals, 
previously provided to DHS/NPPD by high-risk chemical facilities, in 
order to confirm the accuracy of that information.
    Consistent with the Department's information sharing mission, 
information stored in the DHS/NPPD--002 Chemical Facility Anti-
Terrorism Standards Personnel Surety Program System of Records may be 
shared with other DHS components, as well as appropriate Federal, 
state, local, Tribal, foreign, or international government agencies. 
This sharing will only take place after DHS determines that the 
receiving component or agency has a need to know the information to 
carry out national security, law enforcement, immigration, 
intelligence, or other functions consistent with the routine uses set 
forth in this system of records notice.

II. Privacy Act

    The Privacy Act embodies fair information principles in a statutory 
framework governing the means by which the United States government 
collects, maintains, uses, and disseminates personally identifiable 
information. The Privacy Act applies to information that is maintained 
in a ``system of records.'' A ``system of records'' is a group of any 
records under the control of an agency from which information is 
retrieved by the name of the individual or by some identifying number, 
symbol, or other identifying particular assigned to the individual. 
Individuals may request their own records that are maintained in a 
system of records in the possession or under the control of DHS by 
complying with DHS Privacy Act regulations, 6 CFR part 5.
    The Privacy Act requires each agency to publish in the Federal 
Register a description denoting of the type and character of each 
system of records that the agency maintains, and the routine uses made 
of records in each system. These requirements exist in order to make 
agency recordkeeping practices transparent, to notify individuals 
regarding the uses to which personally identifiable information is put, 
and to assist individuals in finding records containing information 
about them.
    The Privacy Act allows government agencies to exempt certain 
records from the access and amendment provisions of the Privacy Act. If 
an agency claims exemptions from Privacy Act requirements, however, it 
must issue a Notice of Proposed Rulemaking (NPRM), followed by a Final 
Rulemaking, to make clear to the public the reasons for claiming 
particular exemptions.
    DHS is claiming exemptions from certain requirements of the Privacy 
Act for the DHS/NPPD--002 Chemical Facility Anti-Terrorism Standards 
Personnel Surety Program System of Records. Some information in the 
DHS/NPPD--002 Chemical Facility Anti-Terrorism Standards Personnel 
Surety Program System of Records may contain records or information 
recompiled from or created from information contained in the DOJ/FBI--
019 Terrorist Screening Records System, 72 FR 47073 (August 22, 2007). 
Therefore, some information contained in the DHS/NPPD--002 Chemical 
Facility Anti-Terrorism Standards Personnel Surety Program System of 
Records relates to national security, law enforcement, and 
intelligence. These exemptions are needed to protect this information 
from disclosure to subjects or others related to these activities. 
Specifically, the exemptions are required to preclude subjects of these 
activities from frustrating these activities; to avoid disclosure of 
activity techniques; to protect the identities and physical safety of 
confidential informants and law enforcement personnel; to ensure the 
Department's ability to obtain information from third parties and other 
sources; to protect the privacy of third parties; to safeguard 
classified information; and to safeguard records. Disclosure of 
information to the subject of an inquiry could also permit the subject 
to avoid detection or apprehension.
    The exemptions proposed here are standard law enforcement and 
national security exemptions exercised by a large number of Federal law 
enforcement and intelligence agencies. In appropriate circumstances, 
where compliance would not appear to interfere with or adversely affect 
the law enforcement purposes of this system and the overall law 
enforcement process, the applicable exemptions may be waived on a case 
by case basis.
    A system of records notice for the DHS/NPPD--002 Chemical Facility 
Anti-Terrorism Standards Personnel Surety Program System of Records is 
also published in this issue of the Federal Register.

List of Subjects in 6 CFR Part 5

    Freedom of information; Privacy.

    For the reasons stated in the preamble, DHS proposes to amend 
Chapter I of Title 6, Code of Federal Regulations, as follows:

PART 5--DISCLOSURE OF RECORDS AND INFORMATION

    1. The authority citation for Part 5 continues to read as follows:

    Authority: 6 U.S.C. 101 et seq.; Pub. L. 107-296, 116 Stat. 
2135; 5 U.S.C. 301. Subpart A also issued under 5 U.S.C. 552. 
Subpart B also issued under 5 U.S.C. 552a.

    2. Add at the end of Appendix C to Part 5, the following new 
paragraph ``<54>'':

Appendix C to Part 5--DHS Systems of Records Exempt From the Privacy 
Act

* * * * *


[[Page 34618]]


    <54>. The DHS/NPPD--002 Chemical Facility Anti-Terrorism 
Standards Personnel Surety Program System of Records consists of 
electronic and paper records and will be used by DHS. The DHS/NPPD--
002 Chemical Facility Anti-Terrorism Standards Personnel Surety 
Program System of Records is a repository of information held by DHS 
in connection with its several and varied missions and functions 
including, but not limited to, the enforcement of civil and criminal 
laws; investigations, inquiries, and proceedings there under; 
national security and intelligence activities. The DHS/NPPD--002 
Chemical Facility Anti-Terrorism Standards Personnel Surety Program 
System of Records contains information that is collected by, on 
behalf of, in support of, or in cooperation with DHS and its 
components and may contain personally identifiable information 
collected by other Federal, state, local, Tribal, foreign, or 
international government agencies.
    The Secretary of Homeland Security is publishing a notice of 
proposed rulemaking, proposing to exempt this system from the 
following provisions of the Privacy Act, subject to the limitation 
set forth therein: 5 U.S.C. 552a(c)(3); (d); (e)(1), (e)(4)(G), 
(e)(4)(H), (e)(4)(I); and (f). These exemptions are made pursuant to 
5 U.S.C. 552a(k)(1) and (k)(2).
    In addition to records under the control of DHS, the DHS/NPPD--
002 Chemical Facility Anti-Terrorism Standards Personnel Surety 
Program System of Records may include records originating from 
systems of records of other law enforcement and intelligence 
agencies, which may be exempt from certain provisions of the Privacy 
Act. DHS does not, however, assert exemption from any provisions of 
the Privacy Act with respect to information submitted by high-risk 
chemical facilities.
    To the extent the DHS/NPPD--002 Chemical Facility Anti-Terrorism 
Standards Personnel Surety Program System of Records contains 
records originating from other systems of records, DHS will rely on 
the exemptions claimed for those records in the originating systems 
of records. Exemptions from these particular subsections are 
justified, on a case-by-case basis to be determined at the time a 
request is made, for the following reasons:
    (a) From subsection (c)(3) (Accounting for Disclosures) because 
release of the accounting of disclosures could alert the subject of 
an investigation of an actual or potential criminal, civil, or 
regulatory violation to the existence of that investigation and 
reveal investigative interest, on the part of DHS as well as the 
recipient agency. Disclosure of the accounting would therefore 
present a serious impediment to law enforcement efforts and/or 
efforts to preserve national security. Disclosure of the accounting 
would also permit the individual who is the subject of a record to 
impede the investigation, to tamper with witnesses or evidence, and 
to avoid detection or apprehension, which would undermine the entire 
investigative process.
    (b) From subsection (d) (Access to Records) because access to 
the records contained in this system of records could inform the 
subject of an investigation of an actual or potential criminal, 
civil, or regulatory violation to the existence of that 
investigation and reveal investigative interest on the part of DHS 
or another agency. Access to the records could permit the individual 
who is the subject of a record to impede the investigation, to 
tamper with witnesses or evidence, and to avoid detection or 
apprehension. Amendment of the records could interfere with ongoing 
investigations and law enforcement activities and would impose an 
unreasonable administrative burden by requiring investigations to be 
continually reinvestigated. In addition, permitting access and 
amendment to such information could disclose security-sensitive 
information that could be detrimental to homeland security.
    (c) From subsection (e)(1) (Relevancy and Necessity of 
Information) because in the course of investigations into potential 
violations of Federal law, the accuracy of information obtained or 
introduced occasionally may be unclear, or the information may not 
be strictly relevant or necessary to a specific investigation. In 
the interests of effective law enforcement, it is appropriate to 
retain all information that may aid in establishing patterns of 
unlawful activity.
    (d) From subsections (e)(4)(G), (e)(4)(H), and (e)(4)(I) (Agency 
Requirements) and (f) (Agency Rules), because portions of this 
system are exempt from the individual access provisions of 
subsection (d) for the reasons noted above, and therefore DHS is not 
required to establish requirements, rules, or procedures with 
respect to such access. Providing notice to individuals with respect 
to existence of records pertaining to them in the system of records 
or otherwise setting up procedures pursuant to which individuals may 
access and view records pertaining to themselves in the system would 
undermine investigative efforts and reveal the identities of 
witnesses, and potential witnesses, and confidential informants.

    Dated: June 6, 2011.
Mary Ellen Callahan
Chief Privacy Officer, Department of Homeland Security.
[FR Doc. 2011-14386 Filed 6-13-11; 8:45 am]
BILLING CODE 9110-9P-P