Privacy Act of 1974; Department of Homeland/U.S. Customs and Border Protection-002 Global Enrollment System (GES), System of Records, 3441-3446 [2013-00804]

Agencies

• DEPARTMENT OF HOMELAND SECURITY
• Office of the Secretary

[Federal Register Volume 78, Number 11 (Wednesday, January 16, 2013)]
[Notices]
[Pages 3441-3446]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2013-00804]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Office of the Secretary

[Docket No. DHS-2012-0076]


Privacy Act of 1974; Department of Homeland/U.S. Customs and 
Border Protection--002 Global Enrollment System (GES), System of 
Records

AGENCY: Department of Homeland Security, Privacy Office.

ACTION: Notice of Privacy Act System of Records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, as amended, the 
Department of Homeland Security proposes to update and reissue the 
Department of Homeland Security system of records titled, ``Department 
of Homeland Security/U.S. Customs and Border Protection--002 Global 
Enrollment System'' system of records. This system of records allows 
the Department of Homeland Security/U.S. Customs and Border Protection 
to collect and maintain records on individuals who voluntarily provide 
personally identifiable information to U.S. Customs and Border 
Protection in return for enrollment in a program that will make them 
eligible for expedited processing at designated U.S. border ports of 
entry, including all trusted traveler and registered traveler programs. 
This system of records notice is being re-published to update the 
categories of records, authorities, purposes, routine uses, 
retrievability, retention and disposal, notification procedures, record 
sources, and exemptions sections of the system. Additionally, this 
notice includes non-substantive changes to simplify the formatting and 
text of the previously published notice. The Global Enrollment System 
will now maintain law enforcement information as part of the vetting 
results, therefore the Department of Homeland Security is issuing a 
Notice of Proposed Rulemaking, to exempt this system of records from 
certain provisions of the Privacy Act of 1974, as amended, elsewhere in 
the Federal Register. This updated system will be included in the 
Department of Homeland Security's inventory of record systems.

DATES: Submit comments on or before February 15, 2013. This updated 
system will be effective February 15, 2013.

ADDRESSES: You may submit comments, identified by docket number DHS-
2012-0076 by one of the following methods:

[[Page 3442]]

     Federal e-Rulemaking Portal: https://www.regulations.gov. 
Follow the instructions for submitting comments.
     Fax: 202-343-4010.
     Mail: Jonathan R. Cantor, Acting Chief Privacy Officer, 
Privacy Office, Department of Homeland Security, Washington, DC 20528.
    Instructions: All submissions received must include the agency name 
and docket number for this rulemaking. All comments received will be 
posted without change to https://www.regulations.gov, including any 
personal information provided.
    Docket: For access to the docket to read background documents or 
comments received, please visit https://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: For general questions, please contact: 
Laurence Castelli, (202) 325-0280, CBP Privacy Officer, U.S. Customs 
and Border Protection, Mint Annex, 799 Ninth Street NW., Washington, DC 
20229. For privacy questions, please contact: Jonathan R. Cantor, (202) 
343-1717, Acting Chief Privacy Officer, Privacy Office, Department of 
Homeland Security, Washington, DC 20528.

SUPPLEMENTARY INFORMATION:

I. Background

    In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the 
Department of Homeland Security (DHS) U.S. Customs and Border 
Protection (CBP) proposes to update and reissue a current DHS system of 
records titled, ``DHS/CBP-002 Global Enrollment System (GES).''
    Global Entry (GE) is the DHS/CBP program that enables CBP to 
expedite the inspection and security process for lower risk travelers 
and allows more scrutiny for those travelers who present an unknown 
risk. GE, previously a pilot program, is now a permanent trusted 
traveler program (77 FR 5681 (Feb. 6, 2012)). Under GE, expedited 
processing into the United States and certain foreign countries will be 
expanded through a growing number of participating U.S. and foreign 
international airports and foreign partnerships. Through such 
partnerships, U.S. citizens and citizens of certain foreign countries 
will be able to apply for expedited processing at their respective 
airports.
    CBP has signed a number of joint statements with foreign partners 
that provide the basic framework for allowing U.S. citizens and 
citizens of the applicable foreign countries to apply for expedited 
processing at their respective airports. The general purpose of the 
joint statement is to offer expedited processing to U.S. citizens and 
the citizens of the foreign country that is party to that joint 
statement, based on a mutually determined set of vetting criteria and 
standards. CBP continues to work with government border authorities in 
various countries to create this growing international network in 
which, once individuals are screened and deemed trusted by the 
authorities in their own country, the other country in the alliance 
will accept them in their respective national trusted traveler 
programs.
    Depending on the nature of the agreement with the foreign partner, 
DHS/CBP will maintain and share different personally identifiable 
information. In certain instances the joint statements commit to 
allowing citizens of foreign countries to apply for GE after the 
appropriate Interconnectivity Service Agreement (ISA) has been 
implemented. In other instances, the joint statements commit to sharing 
information about citizens who apply to be members of both countries' 
trusted traveler program after the appropriate ISA has been 
implemented. As part of the procedures for implementing a joint 
statement and adding foreign partners to GE, CBP and each foreign 
partner are executing parallel protocols that incorporate privacy 
protections. A more in-depth discussion of the arrangements by country 
is made available in DHS/CBP/PIA--002(b) GES Privacy Impact Assessment 
and Appendix A ``CBP Global Entry Expansion: Joint Statements,'' which 
is being published in conjunction with this system of records and will 
be updated with relevant information.
    In addition to new foreign partners, CBP has consolidated the 
registered traveler programs under GES to include the Small Vessel 
Reporting System (SVRS) and the Decal and Transponder Online 
Procurement System (DTOPS). SVRS, as an enhancement to the Local Boater 
Option (LBO) pilot program, allows individuals with advance submission 
and CBP approval of float plans to use a designated telephone line to 
notify a CBP officer of their arrival to the United States. DTOPS is a 
registered traveler program that allows individuals to purchase, renew, 
or transfer user fees related to the transponders/Radio Frequency 
Identification (RFID) tags for their commercial vehicles or to the 
decals for their private aircraft or vessels in advance of crossing a 
U.S. border.
    This system of records notice is being re-published to update the 
categories of records, authorities, purposes, routine uses, 
retrievability, retention and disposal, notification procedures, record 
sources, and Privacy Act exemptions for this system of records. 
Specifically, DHS is updating the category of records to clarify that 
GES maintains limited law enforcement information, consisting of the 
case number references to law enforcement databases used to support or 
deny the membership decision for GES trusted traveler programs, as well 
as the membership decision for trusted traveler programs with foreign 
partners. These results were previously covered by the DHS/CBP--011 
TECS SORN (73 FR 77778 (Dec. 19, 2008.)) In cases when the applicant 
has opted to share information with a foreign government trusted 
traveler program, DHS/CBP is also retaining other foreign governments' 
decisions either to approve or deny an application, pursuant to the 
applicable joint statements.
    The authority for GES derives from CBP's mandate to secure the 
borders of the United States, and to facilitate legitimate trade and 
travel. The statutes that permit and define GES include:
     Section 7208 of the Intelligence Reform and Terrorism 
Prevention Act of 2004 (IRTPA), as amended, 8 U.S.C. 1365b(k);
     Section 215 of the Immigration and Nationality Act, as 
amended, 8 U.S.C. 1185;
     Section 402 of the Homeland Security Act of 2002, as 
amended, 6 U.S.C. 202;
     Section 404 of the Enhanced Border Security and Visa 
Reform Act of 2002, 8 U.S.C. 1753; and
     Section 433 of the Tariff Act of 1930, as amended, 19 
U.S.C. 1433.
    The Regulations that permit and define GES include Parts 103 and 
235 of Title 8 of the Code of Federal Regulations. See, especially, 8 
CFR 103.2, 103.7, 103.16, 235.1, 235.2, 235.7, and 235.12. Pursuant to 
the Independent Offices Appropriations Act of 1952, 31 U.S.C. 9701, 
individuals seeking to enroll in trusted traveler or registered 
traveler programs must pay a fee when they apply or renew their 
membership. See 8 CFR 103.7(b)(1)(ii)(M).
    The purposes of GES have been simplified to reflect that this 
system collects information, in advance, from recurring travelers so 
that DHS and CBP can assess applicants' eligibility for enrollment in a 
GES-supported trusted traveler and registered traveler programs.
    DHS changed the order of routine uses to be consistent with its 
practice across all DHS SORNs and for ease of use by DHS personnel. 
This change affects the following uses, which were not substantially 
changed: Former routine use A is now routine use I;

[[Page 3443]]

former routine use B is now routine use G; former routine use C is now 
routine use B; former routine use D is now routine use C; former 
routine use E is now routine use A; and former routine use G is now 
routine use D.
    This SORN update includes the following substantive changes to 
routine uses: In routine use F, the sentence has been added, 
``Individuals provided information under this routine use are subject 
to the same Privacy Act requirements and limitations on disclosure as 
are applicable to DHS officers and employees.'' In routine use G, 
reference to ``organizations that are lawfully engaged in collecting 
intelligence [* * *] to carry out intelligence responsibilities'' has 
been removed because of redundancy. Routine use H has been added to 
provide additional transparency on the sharing with foreign governments 
for trusted traveler programs and only at the behest of the individual. 
Routine use L has been added to allow the Department to share 
information with the public when the interests of the public outweigh 
those of the individual and only after approval by the DHS Chief 
Privacy Officer in consultation with counsel.
    Sharing GES information with partnering foreign countries is 
consistent with the routine uses proposed in this System of Records 
Notice (SORN), which allows for disclosure to foreign government 
agencies to elicit information necessary to make decisions on 
applications. Pursuant to CBP's reciprocal joint statements, CBP will 
share biographic GE application data and vetting results in the form of 
a ``pass/fail'' transmission of U.S. citizens with these foreign 
governments only upon receiving the same type of data from those 
governments on their citizens who are applying for expedited processing 
into the United States. Because of these international information 
sharing relationships, CBP is able to make well-informed decisions on 
GE applications of citizens from a growing number of countries.
    The retrievability section has been updated to reflect that records 
may be retrieved by any of the personal identifiers listed in the 
categories of records.
    The retention and disposal section has been updated to reflect that 
all GES data is retained for the duration of an individual's active 
membership plus three years after an individual's membership is no 
longer active, either as a result of expiration without renewal at the 
end of a five-year term, as a result of abandonment, or as a result of 
CBP termination.
    The notification procedures section has been updated to provide 
notice that individuals may view and edit their information through 
their online accounts, as well as through the standard procedures under 
the Freedom of Information Act and Privacy Act.
    The record source categories have been updated to clarify the 
records obtained from the individual and background checks of external 
law enforcement systems, as well as providing notice that GES collects 
from membership determinations about trusted traveler applicants from 
partnering foreign countries.
    Participation in these programs is entirely voluntary. Joint 
Statements with foreign partners establish that each country's use of 
GES information for vetting will be consistent with applicable domestic 
laws and policies. Participants should be aware that when they submit 
their information to a foreign country, or agree to share their 
information with a foreign partner, the foreign country uses, 
maintains, retains, or disseminates their information in accordance 
with that foreign country's laws and privacy protections.
    Consistent with DHS' information sharing mission, information 
stored in GES may be shared with other DHS components whose personnel 
have a need to know the information to carry out their national 
security, law enforcement, immigration, intelligence, or other homeland 
security functions. In addition, information may be shared with 
appropriate federal, state, local, tribal, territorial, foreign, or 
international government agencies consistent with the routine uses set 
forth in this system of records notice.
    DHS/CBP is simultaneously issuing a notice of proposed rulemaking 
to exempt portions of the DHS/CBP--002 GES SORN from the Privacy Act 
requirements. Pursuant to 5 U.S.C. 552a(j)(2) of the Privacy Act, law 
enforcement related records, including the pointer information to other 
law enforcement databases that support the DHS/CBP membership decision, 
and the law enforcement risk assessment worksheet that have been 
created during the background check and vetting process, are exempt 
from 5 U.S.C. 552a(c)(3) and (4); (d); (e)(1), (e)(2), (e)(3), 
(e)(4)(G), (e)(4)(H), (e)(4)(I), (e)(5) and (e)(8); (f); and (g)(1). 
Pursuant to 5 U.S.C. 552a(k)(2), records created during the background 
check and vetting process are exempt from the following provisions of 
the Privacy Act: 5 U.S.C. 552a(c)(3); (d); (e)(1), (e)(4)(G), 
(e)(4)(H), (e)(4)(I); and (f). In addition, when a record contains 
information from other exempt systems of records, DHS/CBP will claim 
the same exemptions for that record as are claimed for the original 
systems of records, and will claim any additional exemptions that this 
notice delineates.
    CBP will not assert any exemptions with regard to accessing or 
amending an individual's application data in a trusted or registered 
traveler program and/or final membership determination in the trusted 
traveler programs. However, this data may be shared with law 
enforcement and/or intelligence agencies pursuant to the routine uses 
identified in the GES SORN. The Privacy Act requires that DHS maintain 
an accounting of such disclosures made pursuant to all routine uses. 
Disclosing the fact that a law enforcement and/or intelligence agency 
has sought particular records may affect ongoing law enforcement 
activity. As such, pursuant to 5 U.S.C. 552a(j)(2) and (k)(2), DHS will 
claim an exemption from (c)(3), (e)(8), and (g)(1) of the Privacy Act, 
as is necessary and appropriate to protect this information. This 
updated system will be included in DHS's inventory of record systems.

II. Privacy Act

    The Privacy Act embodies fair information practice principles in a 
statutory framework governing the means by which federal government 
agencies collect, maintain, use, and disseminate individuals' records. 
The Privacy Act applies to information that is maintained in a ``system 
of records.'' A ``system of records'' is a group of any records under 
the control of an agency from which information is retrieved by the 
name of an individual or by some identifying number, symbol, or other 
identifying particular assigned to the individual. In the Privacy Act, 
an individual is defined to encompass U.S. citizens and lawful 
permanent residents. As a matter of policy, DHS extends administrative 
Privacy Act protections to all individuals when systems of records 
maintain information on U.S. citizens, lawful permanent residents, and 
visitors.
    Below is the description of the DHS/CBP--002 Global Enrollment 
System (GES).
    In accordance with 5 U.S.C. 552a(r), DHS has provided a report of 
this system of records to the Office of Management and Budget and to 
Congress.
System of Records
    Department of Homeland Security (DHS)/U.S. Customs and Border 
Protection (CBP)--002.

[[Page 3444]]

System name:
    DHS DHS/CBP--002 Global Enrollment System (GES).

Security classification:
    Unclassified, Sensitive, For Official Use Only, Law Enforcement-
Sensitive.

System location:
    Records are maintained at the CBP Headquarters in Washington, DC 
and field offices and maintained IT system named the Global Enrollment 
Systems.

Categories of individuals covered by the system:
    Individuals who apply to use any form of automated or other 
expedited inspection for verifying eligibility to cross the border into 
the United States.

Categories of records in the system:
    GES collects the following information on trusted travelers:
    Biographic application data, including:
     Full name;
     Alias(es);
     Date of birth;
     Place of birth;
     Language preference;
     Gender;
     Current and former addresses;
     Telephone numbers;
     Country of citizenship;
     Alien registration number (if applicable);
     Employment history (if available);
     PASS ID or Trusted Traveler membership number;
     Countries visited in the last five years;
     Criminal history (provided by applicant);
     Parental or Legal Guardian permission (if 18 years or 
younger);
     Driver's license number;
     Issuing state or province of the applicant's Driver's 
License;
     Global Online Enrollment System (GOES) user name and 
password (password is maintained in an encrypted format); and
     Answers to security questions to reset password.
    Vehicle or Vessel information, as appropriate, including:
     Flag and home port (where the vessel is foreign flagged);
     Name, registration number, and registration issuing state 
or province of the applicant's vessel;
     Make and model, year, color, VIN number, and license plate 
number of the vehicle; and
     Owner name, gender, and date of birth.
    Biometric data, including:
     Fingerprints (collected and stored through DHS/USVISIT-
0012 DHS Automated Biometric Identification System (IDENT) for future 
identity verification);
     Fingerprint Identification Number (FIN);
     Height;
     Eye color; and
     Facial photographs.
    Information added by DHS/CBP:
     Pointer information to other law enforcement databases 
that support the DHS/CBP membership decision;
     Law Enforcement risk assessment worksheet;
     Pay.gov tracking number;
     GE membership decision in the form of a ``pass/fail;'' and
     Foreign government membership decisions in the form of a 
``pass/fail.''
    The following information is collected on SVRS registered 
travelers:
     Full name;
     Gender;
     Date of birth;
     Place of birth;
     Country of citizenship;
     Address;
     Contact telephone number;
     Alternate telephone number;
     Contact email address;
     Password;
     Document type & number (e.g. U.S. Passport, Permanent 
Resident Card, Birth Certificate, etc.), place of issue, and expiration 
date of document; and
     Vessel information including registration number, hull ID 
number, decal number, registered name, location where vessel is 
registered, and vessel description (e.g., length, type, manufacturer, 
model, year, hull colors, etc.).
    The following information is collected about DTOPS registered 
travelers:
     Account name;
     Physical address;
     Shipping address;
     Pay.gov tracking number;
     FAST ID, if the conveyance's owner is C-TPAT/FAST 
approved;
     Conveyance model year;
     Conveyance manufacturer name;
     Conveyance identification numbers and information, which 
are specific to the type of conveyance (e.g., local registration 
number, an aircraft's tail number, Coast Guard ID number, vessel name);
     Contact name;
     Contact telephone number; and
     Contact email address.

Authority for Maintenance of the System:
    Section 7208 of the Intelligence Reform and Terrorism Prevention 
Act of 2004 (IRTPA), as amended, 8 U.S.C. 1365b(k); Section 215 of the 
Immigration and Nationality Act, as amended, 8 U.S.C. 1185; Section 402 
of the Homeland Security Act of 2002, as amended, 6 U.S.C. 202; Section 
404 of the Enhanced Border Security and Visa Reform Act of 2002, 8 
U.S.C. 1753; and Section 433 of the Tariff Act of 1930, as amended, 19 
U.S.C. 1433; 31 U.S.C. 9701; Parts 103 and 235 of Title 8 of the Code 
of Federal Regulations (See, especially, 8 CFR 103.2, 103.7, 103.16, 
235.1, 235.2, 235.7, and 235.12).

Purpose(s):
    The purpose of this system is to assess on an ongoing basis 
applicants' eligibility for enrollment in DHS/CBP GES-supported trusted 
traveler and/or registered traveler programs.

Routine uses of records maintained in the system, including categories 
of users and the purposes of such uses:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside DHS as a 
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    A. To the Department of Justice (DOJ), including U.S. Attorney 
Offices, or other federal agency conducting litigation or in 
proceedings before any court, adjudicative or administrative body, when 
it is relevant or necessary to the litigation and one of the following 
is a party to the litigation or has an interest in such litigation:
    1. DHS or any component thereof;
    2. Any employee or former employee of DHS in his/her official 
capacity;
    3. Any employee or former employee of DHS in his/her individual 
capacity where DOJ or DHS has agreed to represent the employee; or
    4. The United States or any agency thereof.
    B. To a congressional office from the record of an individual in 
response to an inquiry from that congressional office made at the 
request of the individual to whom the record pertains.
    C. To the National Archives and Records Administration (NARA) or 
General Services Administration pursuant to records management 
inspections being conducted under the authority of 44 U.S.C. 2904 and 
2906.
    D. To an agency or organization for the purpose of performing audit 
or oversight operations as authorized by law, but only such information 
as is necessary and relevant to such audit or oversight function.
    E. To appropriate agencies, entities, and persons when:
    1. DHS suspects or has confirmed that the security or 
confidentiality of information in the system of records has been 
compromised;

[[Page 3445]]

    2. DHS has determined that as a result of the suspected or 
confirmed compromise, there is a risk of identity theft or fraud, harm 
to economic or property interests, harm to an individual, or harm to 
the security or integrity of this system or other systems or programs 
(whether maintained by DHS or another agency or entity) that rely upon 
the compromised information; and
    3. The disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with DHS' efforts to 
respond to the suspected or confirmed compromise and prevent, minimize, 
or remedy such harm.
    F. To contractors and their agents, grantees, experts, consultants, 
and others performing or working on a contract, service, grant, 
cooperative agreement, or other assignment for DHS, when necessary to 
accomplish an agency function related to this system of records. 
Individuals provided information under this routine use are subject to 
the same Privacy Act requirements and limitations on disclosure as are 
applicable to DHS officers and employees.
    G. To an appropriate federal, state, tribal, local, international, 
or foreign law enforcement agency or other appropriate authority 
charged with investigating or prosecuting a violation or enforcing or 
implementing a law, rule, regulation, or order, where a record, either 
on its face or in conjunction with other information, indicates a 
violation or potential violation of law, which includes criminal, 
civil, or regulatory violations and such disclosure is proper and 
consistent with the official duties of the person making the 
disclosure.
    H. To foreign governments, at the request of the individual, for 
the purpose of applying to that country's trusted traveler program.
    I. To an appropriate federal, state, tribal, local, international, 
or foreign law enforcement agency for the purpose of determining an 
individual's eligibility for membership in a trusted traveler or 
registered traveler program.
    J. To federal and foreign government intelligence or 
counterterrorism agencies or components where DHS becomes aware of an 
indication of a threat or potential threat to national or international 
security, or to assist in anti-terrorism efforts.
    K. To an organization or person in either the public or private 
sector, either foreign or domestic, where there is a reason to believe 
that the recipient is or could become the target of a particular 
terrorist activity or conspiracy, or where the information is relevant 
to the protection of life, property, or other vital interests of a 
person.
    L. To the news media and the public, with the approval of the Chief 
Privacy Officer in consultation with counsel, when there exists a 
legitimate public interest in the disclosure of the information or when 
disclosure is necessary to preserve confidence in the integrity of DHS 
or is necessary to demonstrate the accountability of DHS' officers, 
employees, or individuals covered by the system, except to the extent 
it is determined that release of the specific information in the 
context of a particular case would constitute an unwarranted invasion 
of personal privacy.

Disclosure to consumer reporting agencies:
    None.

Policies and practices for storing, retrieving, accessing, retaining, 
and disposing of records in the system:
Storage:
    Records in this system are stored electronically or on paper in 
secure facilities in a locked drawer behind a locked door. The records 
may be stored on magnetic disc, tape, and digital media.

Retrievability:
    Records may be retrieved by any of the personal identifiers listed 
in the categories of records above.

Safeguards:
    Records in this system are safeguarded in accordance with 
applicable rules and policies, including all applicable DHS automated 
systems security and access policies. Strict controls have been imposed 
to minimize the risk of compromising the information that is being 
stored. Access to the computer system containing the records in this 
system is limited to those individuals who have a need to know the 
information for the performance of their official duties and who have 
appropriate clearances or permissions.

Retention and disposal:
    CBP is proposing to NARA the following retention: All GES data is 
retained for the duration of an individual's active membership plus 
three years after an individual's membership is no longer active, 
either as a result of expiration without renewal at the end of a five 
year term, as a result of abandonment, or as a result of CBP 
termination.

System Manager and address:
    Trusted Traveler Program Manager, Office of Field Operations, U.S. 
Customs and Border Protection, and Director, Passenger Systems Program 
Office, Office of Information and Technology, 1300 Pennsylvania Ave. 
NW., Washington, DC 20229.

Notification procedure:
    Individuals may gain access to information on themselves in GES by 
directly logging into GOES. Certain information may be amended directly 
in the system by the individual such as contact information; however, 
other information that was used to determine eligibility, such as date 
of birth or gender, may not be changed without contacting DHS/CBP 
directly. The Secretary of Homeland Security has exempted portions of 
this system from the notification, access, and amendment procedures of 
the Privacy Act because it is a law enforcement system. However, DHS/
CBP will consider individual requests to determine whether or not 
information may be released. Thus, individuals seeking notification of 
and access to any record contained in this system of records, or 
seeking to contest its content, may submit a request in writing to the 
Headquarters or CBP FOIA Officer, whose contact information can be 
found at https://www.dhs.gov/foia under ``Contacts.'' If an individual 
believes more than one component maintains Privacy Act records 
concerning him or her, the individual may submit the request to the 
Chief Privacy Officer and Chief Freedom of Information Act Officer, 
Department of Homeland Security, 245 Murray Drive SW., Building 410, 
STOP-0655, Washington, DC 20528.
    When seeking records about yourself from this system of records or 
any other Departmental system of records, your request must conform 
with the Privacy Act regulations set forth in 6 CFR part 5. You must 
first verify your identity, meaning that you must provide your full 
name, current address, and date and place of birth. You must sign your 
request, and your signature must either be notarized or submitted under 
28 U.S.C. 1746, a law that permits statements to be made under penalty 
of perjury as a substitute for notarization. While no specific form is 
required, you may obtain forms for this purpose from the Chief Privacy 
Officer and Chief Freedom of Information Act Officer, https://www.dhs.gov/foia or 1-866-431-0486. In addition, you should:
     Explain why you believe the Department would have 
information on you;
     Identify which component(s) of the Department you believe 
may have the information about you;

[[Page 3446]]

     Specify when you believe the records would have been 
created; and
     Provide any other information that will help the FOIA 
staff determine which DHS component agency may have responsive records; 
and

    If your request is seeking records pertaining to another living 
individual, you must include a statement from that individual 
certifying his/her agreement for you to access his/her records.
    Without the above information, the component(s) may not be able to 
conduct an effective search, and your request may be denied due to lack 
of specificity or lack of compliance with applicable regulations.

Record access procedures:
    See ``Notification procedure'' above.

Contesting record procedures:
    See ``Notification procedure'' above.

Record source categories:
    Records in GES are obtained from the individual and from external 
law enforcement systems. The main database checked during the vetting 
process, before individuals will be enrolled in any trusted traveler 
program, is TECS, which contains historical and enforcement data on 
travelers, and provides a gateway to other sources of data. These other 
sources include the Terrorist Screening Database, FBI criminal history, 
and National Crime and Information Center outstanding wants/warrants, 
vehicle and driver's license-related data contained in the 
International Justice and Public Safety Network's Nlets system, and 
Department of State alien records, lookouts, and status indicators. 
Vetting results are also based on checks of the FBI's Integrated 
Automated Fingerprint Identification System for criminal history and 
IDENT for immigration related records. Trusted traveler applicants from 
partnering foreign countries will have membership determinations in GES 
from their home country's government.

Exemptions claimed for the system:
    The Secretary of Homeland Security, pursuant to 5 U.S.C. 552a(j)(2) 
has exempted the law enforcement related records, including the pointer 
information to other law enforcement databases that support the DHS/CBP 
membership decision, and the law enforcement risk assessment worksheet 
that have been created during the background check and vetting process, 
from the following provisions of the Privacy Act: 5 U.S.C. 552a(c)(3) 
and (4); (d); (e)(1), (e)(2), (e)(3), (e)(4)(G), (e)(4)(H), (e)(4)(I), 
(e)(5) and (e)(8); (f); and (g)(1). Additionally, the Secretary of 
Homeland Security, pursuant to 5 U.S.C. 552a(k)(2), has exempted 
records created during the background check and vetting process from 
the following provisions of the Privacy Act: 5 U.S.C. 552a(c)(3); (d); 
(e)(1), (e)(4)(G), (e)(4)(H),(e)(4)(I); and (f). In addition, when a 
record contains information from other exempt systems of records, DHS/
CBP will claim the same exemptions for that record as are claimed for 
the original systems of records, and will claim any additional 
exemptions that this notice delineates.
    CBP will not assert any exemptions with regard to accessing or 
amending an individual's application data in a trusted or registered 
traveler program and/or final membership determination in the trusted 
traveler programs. However, this data may be shared with law 
enforcement and/or intelligence agencies pursuant to the routine uses 
identified in the GES SORN. The Privacy Act requires DHS maintain an 
accounting of such disclosures made pursuant to all routine uses. 
Disclosing the fact that a law enforcement and/or intelligence agency 
has sought particular records may affect ongoing law enforcement 
activity. As such, pursuant to 5 U.S.C. 552a (j)(2) and (k)(2), DHS 
will claim an exemption from (c)(3), (e)(8), and (g)(1) of the Privacy 
Act, as is necessary and appropriate to protect this information.

    Dated: December 31, 2012.
Jonathan R. Cantor,
Acting Chief Privacy Officer, Department of Homeland Security.
[FR Doc. 2013-00804 Filed 1-15-13; 8:45 am]
BILLING CODE 9111-14-P