Privacy Act of 1974; Department of Homeland Security/ALL-035 Common Entity Index Prototype System of Records, 52553-52556 [2013-20635]

Download as PDF Federal Register / Vol. 78, No. 164 / Friday, August 23, 2013 / Notices The toll-free number to participate in the teleconference is 800–369–1872. Indicate to the conference operator that your Participant pass code is ‘‘SMRB.’’ The draft meeting agenda, meeting materials, and other information about the SMRB, will be available at https://smrb.od.nih.gov. Place: National Institutes of Health, Office of the Director, NIH, Office of Science Policy, 6705 Rockledge Drive, Suite 750, Bethesda, MD 20892, (Telephone Conference Call). Contact Person: Juanita Marner, Office of Science Policy, Office of the Director, NIH, National Institutes of Health, 6705 Rockledge Drive, Suite 750, Bethesda, MD 20892, smrb@ mail.nih.gov, (301) 435–1770. (Catalogue of Federal Domestic Assistance Program Nos. 93.14, Intramural Research Training Award; 93.22, Clinical Research Loan Repayment Program for Individuals from Disadvantaged Backgrounds; 93.232, Loan Repayment Program for Research Generally; 93.39, Academic Research Enhancement Award; 93.936, NIH Acquired Immunodeficiency Syndrome Research Loan Repayment Program; 93.187, Undergraduate Scholarship Program for Individuals from Disadvantaged Backgrounds, National Institutes of Health, HHS) Dated: August 19, 2013. Melanie J. Gray, Program Analyst, Office of Federal Advisory Committee Policy. [FR Doc. 2013–20561 Filed 8–22–13; 8:45 am] BILLING CODE 4140–01–P DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS–2013–0058] Privacy Act of 1974; Department of Homeland Security/ALL–035 Common Entity Index Prototype System of Records Privacy Office, Department of Homeland Security. ACTION: Notice of Privacy Act System of Records. AGENCY: In accordance with the Privacy Act of 1974, the Department of Homeland Security proposes to establish a new Department of Homeland Security system of records titled, ‘‘Department of Homeland Security/ALL—035 Common Entity Index Prototype System of Records.’’ This system of records allows the Department of Homeland Security to correlate identity data from select component-level systems and organizes key identifiers that the Department of Homeland Security has collected about that individual. This correlation and consolidation of identity data will facilitate DHS’s ability to carry out its missions with appropriate access tkelley on DSK3SPTVN1PROD with NOTICES SUMMARY: VerDate Mar<15>2010 18:43 Aug 22, 2013 Jkt 229001 control. DHS is building a prototype with an initial set of data for testing and evaluation purposes. If the system passes the testing and evaluation stage and DHS moves to an operational system, either this system will be updated or a new system of records notice will be published. DATES: Submit comments on or before September 23, 2013. This new prototype system will be effective September 23, 2013. ADDRESSES: You may submit comments, identified by docket number DHS– 2013–0058 by one of the following methods: • Federal e-Rulemaking Portal: https://www.regulations.gov. Follow the instructions for submitting comments. • Fax: 202–343–4010. • Mail: Jonathan R. Cantor, Acting Chief Privacy Officer, Privacy Office, Department of Homeland Security, Washington, DC 20528. Instructions: All submissions received must include the agency name and docket number for this rulemaking. All comments received will be posted without change to https:// www.regulations.gov, including any personal information provided. Docket: For access to the docket to read background documents or comments received, please visit https:// www.regulations.gov. FOR FURTHER INFORMATION CONTACT: For questions, please contact: Jonathan R. Cantor, (202) 343–1717, Acting Chief Privacy Officer, Privacy Office, Department of Homeland Security, Washington, DC 20528. SUPPLEMENTARY INFORMATION: I. Background In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the Department of Homeland Security (DHS) proposes to establish a new DHS system of records titled, ‘‘DHS/ALL—035 Common Entity Index Prototype (CEI Prototype).’’ The purpose of this prototype is to determine the feasibility of establishing a centralized index of select biographic information that will allow DHS to provide a consolidated and correlated record, thereby facilitating and improving DHS’s ability to carry out its national security, homeland security, law enforcement, and benefits missions. The ability to perform this task across multiple data sets increases the speed and efficiency of this work and contributes to DHS’s readiness and effectiveness in carrying out its national security, homeland security, law enforcement, and benefits missions. Since 2007, DHS has operated under the ‘‘One DHS’’ policy that was PO 00000 Frm 00058 Fmt 4703 Sfmt 4703 52553 implemented to afford DHS personnel timely access to the relevant and necessary homeland-security information they need to successfully perform their duties. Since this information is subject to privacy, civil rights and civil liberties, and other legal protections, DHS personnel requesting such information must: (1) Have an authorized purpose, authorized mission, and need to know for accessing the information in the performance of his or her duties; (2) possess the requisite security clearance; and (3) assure adequate safeguarding and protection of the information. In the past, however, this access was limited, time intensive, and required personnel to log on and query separate databases in order to determine the extent of DHS holdings pertaining to a particular individual. The CEI Prototype will expedite this time-consuming process by correlating identity information from select DHS source system data sets, resolving differences in the data, and consolidating the data as a more comprehensive identity record about an individual, including reference to the relevant source system records. The correlations to be made will be based on biographic linkages contained within the source system data. The CEI Prototype is being tested and evaluated by DHS to determine whether it can successfully result in a more authoritative and complete biographic picture of the individual about whom information is sought. The resulting correlation will be maintained in the CEI Prototype system of records. The CEI Prototype will correlate biographic data, including full name, date of birth, country of birth, government issued document number(s), phone number, physical address, and email address when available in the source systems. This information will be organized into an updated, common record pertaining to a specific individual. The CEI Prototype thus provides a consolidated, correlated identity record derived from DHS holdings that can then be evaluated for a specific purpose or DHS mission activity. The CEI Prototype uses technical access controls to provide results to a user’s query that are based on that user’s need to know. This approach ensures the appropriate privacy, policy, and safeguarding requirements are applied to the new record. The DHS Privacy Office, Office for Civil Rights and Civil Liberties, Office of the General Counsel, and Office of Policy, in coordination with DHS components, will provide policy recommendations and/or oversight of the correlation process, and E:\FR\FM\23AUN1.SGM 23AUN1 52554 Federal Register / Vol. 78, No. 164 / Friday, August 23, 2013 / Notices tkelley on DSK3SPTVN1PROD with NOTICES evaluate the effectiveness of the prototype. Initially, DHS will use certain biographic data elements and necessary meta data from the following source data sets to populate the CEI Prototype: (1) U.S. Customs and Border Protection (CBP)’s Electronic System for Travel Authorization (ESTA), covered by the DHS/CBP–009—Electronic System for Travel Authorization (ESTA) SORN (July 30, 2012, 77 FR 44642); (2) U.S. Immigration and Customs Enforcement (ICE)’s Student and Exchange Visitor Information System (SEVIS), covered by the DHS/ICE–001—Student and Exchange Visitor Information System SORN (January 5, 2010, 75 FR 412); and (3) U.S. Transportation Security Administration (TSA)’s Alien Flight Student Program (AFS), covered by the DHS/TSA–002—Transportation Security Threat Assessment System SORN (May 19, 2010, 75 FR 28046). These three data sets were identified for the prototype in order to demonstrate how data sets from different components can be correlated while maintaining appropriate access controls. If additional data sets are added to the CEI Prototype, this SORN will be updated. If, based on the results of the CEI prototype, DHS creates an operational system, either this SORN will be updated or a new SORN will be published. For the CEI Prototype, DHS has published limited routine uses but none that are intended to allow missionrelated sharing for national security, homeland security, law enforcement, and benefits purposes. Such sharing is not appropriate for a prototype. The information contained in the CEI Prototype may be shared from the source system pursuant to the appropriate routine uses. II. Privacy Act The Privacy Act embodies fair information practice principles in a statutory framework governing the means by which Federal Government agencies collect, maintain, use, and disseminate individuals’ records. The Privacy Act applies to information that is maintained in a ‘‘system of records.’’ A ‘‘system of records’’ is a group of any records under the control of an agency from which information is retrieved by the name of an individual or by some identifying number, symbol, or other unique identifier particular to the individual. In the Privacy Act, an individual is defined to encompass U.S. citizens and lawful permanent residents. As a matter of policy, DHS extends administrative Privacy Act protections to all individuals when VerDate Mar<15>2010 17:28 Aug 22, 2013 Jkt 229001 systems of records maintain information on U.S. citizens, lawful permanent residents, and visitors. Below is the description of the DHS/ ALL—035 Common Entity Index Prototype System of Records. In accordance with 5 U.S.C. 552a(r), DHS has provided a report of this system of records to the Office of Management and Budget and to Congress. System of Records Department of Homeland Security (DHS)/ALL–035. SYSTEM NAME: DHS/ALL–035 Common Entity Index Prototype (CEI Prototype). SECURITY CLASSIFICATION: Sensitive and unclassified. SYSTEM LOCATION: Records are maintained at the DHS Headquarters in Washington, DC, DHS data centers in Stennis, Mississippi, and in locations where DHS and its components conduct business. CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: Categories of individuals covered by this system include: (1) foreign nationals who may seek to enter the United States by air or sea under the Visa Waiver Program; (2) prospective, current, and former non-immigrants to the United States on an F–1, M–1, or J–1 class of admission and their dependents who have been admitted under an F–2, M–2, or J–2 class of admission (collectively, F/M/J non-immigrants); (3) a proxy, parent or guardian of an F/M/J nonimmigrant; and (4) aliens or other individuals designated by DHS/Transportation Security Administration (TSA), including lawful permanent residents (LPR), who apply for flight training or recurrent training. F nonimmigrants are foreign students pursuing a full course of study in a college, university, seminary, conservatory, academic high school, private elementary school, other academic institution, or language training program in the United States (U.S.) that Student and Exchange Visitor Program (SEVP) has certified to enroll foreign students. M nonimmigrants are foreign students pursuing a full course of study in a vocational or other recognized nonacademic institution (e.g., technical school) in the U.S. that SEVP has certified to enroll foreign students. J nonimmigrants are foreign nationals selected by a sponsor that the Department of State (DOS) has PO 00000 Frm 00059 Fmt 4703 Sfmt 4703 designated to participate in an exchange visitor program in the U.S. CATEGORIES OF RECORDS IN THE SYSTEM: (1) Correlation created by the Common Entity Index Prototype includes • Identity information; • Meta Data related to the Æ source system name, Æ system identification number to tie the biographic information back to the source system record, and Æ date the record was ingested into the CEI Prototype. (2) Source system data elements: • Full Name; • Alias(es); • Gender; • Date of Birth; • Country of Birth; • Country of Citizenship; • Phone Number; • Physical Address; • Email Address; • Fingerprint Identification Number; and • Document Type, Number, Date, and Location of Issuance for the following types of government issued documents: Æ Passport; Æ Driver’s License; Æ Electronic System for Travel Authorization (ESTA); Æ Student and Exchange Visitor Information System (SEVIS) ; Æ Alien Registration; and Æ Visa. AUTHORITY FOR MAINTENANCE OF THE SYSTEM: Homeland Security Act, 6 U.S.C. 343; Clinger-Cohen Act of 1996, Public Law 104–106, codified at 40 U.S.C. 11101, et. seq. PURPOSE(S): The purpose of this prototype is to determine the feasibility of establishing a centralized index of select biographic information that will allow DHS to provide a consolidated and correlated identity, thereby facilitating and improving DHS’s ability to carry out its national security, homeland security, law enforcement, and benefits missions. ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES: In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed outside DHS as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows, except, to the extent any of the data contained in the CEI Prototype relates to refugees, asylum seekers, and asylees, such information may not be E:\FR\FM\23AUN1.SGM 23AUN1 tkelley on DSK3SPTVN1PROD with NOTICES Federal Register / Vol. 78, No. 164 / Friday, August 23, 2013 / Notices disclosed outside DHS as a routine use pursuant to 5 U.S.C. 552a(b)(3), but is subject, as a matter of policy, to the confidentiality provisions of 8 CFR 208.6. A. To the Department of Justice (DOJ), including U.S. Attorney Offices, or other federal agencies conducting litigation or in proceedings before any court, adjudicative, or administrative body, when it is relevant or necessary to the litigation and one of the following is a party to the litigation or has an interest in such litigation: 1. DHS or any component thereof; 2. Any employee or former employee of DHS in his/her official capacity; 3. Any employee or former employee of DHS in his/her individual capacity when DOJ or DHS has agreed to represent the employee; or 4. The United States or any agency thereof. B. To a congressional office from the record of an individual in response to an inquiry from that congressional office made at the request of the individual to whom the record pertains. C. To the National Archives and Records Administration (NARA) or General Services Administration pursuant to records management inspections being conducted under the authority of 44 U.S.C. §§ 2904 and 2906. D. To appropriate agencies, entities, and persons when: 1. DHS suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised; and 2. DHS has determined that as a result of the suspected or confirmed compromise, there is a risk of identity theft or fraud, harm to economic or property interests, harm to an individual, or harm to the security or integrity of this system or other systems or programs (whether maintained by DHS or another agency or entity) that rely upon the compromised information; and 3. The disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with DHS’s efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm. E. To contractors and their agents, grantees, experts, consultants, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for DHS, when necessary to accomplish an agency function related to this system of records. Individuals provided information under this routine use are subject to the same Privacy Act requirements and limitations on VerDate Mar<15>2010 17:28 Aug 22, 2013 Jkt 229001 disclosure as are applicable to DHS officers and employees. DISCLOSURE TO CONSUMER REPORTING AGENCIES: None. POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM: STORAGE: Records in this system are stored electronically in secure facilities in a locked drawer behind a locked door. The records may be stored on magnetic disc, tape, or digital media. RETRIEVABILITY: Records may be retrieved by name or any other unique identifier assigned to the individual. SAFEGUARDS: Records in this system are safeguarded in accordance with applicable rules and policies, including all applicable DHS automated systems security and access policies. Strict controls have been imposed to minimize the risk of compromising the information that is being stored. Access to the computer system containing the records in this system is limited to those individuals who have a need to know the information for the performance of their official duties and who have appropriate clearances or permissions. RETENTION AND DISPOSAL: The CEI Prototype ingests data from source systems, and correlates the data into a CEI Prototype identity. Ingested data is retained in CEI Prototype for no longer than the record retention requirements of the source systems. The CEI Prototype creates a correlated identity that is dynamic not static. The ingested data elements that make up that identity will be subject to the records retention schedules of the source systems from which they came. By design, the deletion or correction of these elements at the appropriate time will affect the correlated record. For example, if a student updates his/her contact information, the correlation will be updated. SYSTEM MANAGER AND ADDRESS: Executive Director, DHS Information Sharing Environment Office, Department of Homeland Security, Washington, DC 20528. NOTIFICATION PROCEDURE: Individuals seeking notification of and access to any record contained in this system of records, or seeking to contest its content, may submit a request in writing to the Headquarters PO 00000 Frm 00060 Fmt 4703 Sfmt 4703 52555 FOIA Officer, whose contact information can be found on the Department’s official Web site at https://www.dhs.gov/foia under ‘‘Contacts.’’ The individual may submit the request to the Chief Privacy Officer and Chief Freedom of Information Act Officer, Department of Homeland Security, 245 Murray Drive, SW., Building 410, STOP–0655, Washington, DC 20528. When seeking records about yourself from this system of records or any other Departmental system of records, your request must conform with the Privacy Act regulations set forth in 6 CFR part 5. You must first verify your identity, meaning that you must provide your full name, current address, and date and place of birth. You must sign your request, and your signature must either be notarized or submitted under 28 U.S.C. 1746, a law that permits statements to be made under penalty of perjury as a substitute for notarization. While no specific form is required, you may obtain forms for this purpose from the Chief Privacy Officer and Chief Freedom of Information Act Officer, on the Department’s official Web site at https://www.dhs.gov/foia or by calling toll free 1–866–431–0486. In addition, you should: • Explain why you believe the Department would have information on you; and • Specify when you believe the records would have been created. If seeking records pertaining to another living individual, include a statement from that individual certifying his/her agreement for you to access his/her records. Without the above information, DHS may not be able to conduct an effective search, and your request may be denied due to lack of specificity or lack of compliance with applicable regulations. RECORD ACCESS PROCEDURES: See ‘‘Notification procedure’’ above. CONTESTING RECORD PROCEDURES: See ‘‘Notification procedure’’ above. RECORD SOURCE CATEGORIES: Initially, DHS will use the following source data sets to populate CEI Prototype: (1) CBP’s ESTA, covered by the DHS/CBP–009—Electronic System for Travel Authorization (ESTA) SORN (July 30, 2012, 77 FR 44642); (2) ICE’s SEVIS, covered by the DHS/ICE–001— Student and Exchange Visitor Information System SORN (January 5, 2010, 75 FR 412); and (3) TSA’s AFS, covered by the DHS/TSA–002— Transportation Security Threat Assessment System SORN (May 19, E:\FR\FM\23AUN1.SGM 23AUN1 52556 Federal Register / Vol. 78, No. 164 / Friday, August 23, 2013 / Notices 2010, 75 FR 28046). If additional data sets are added to CEI Prototype, this SORN will be updated. If deployed for operational use, additional data sources may be used. DHS will update this SORN or issue a new SORN prior to the operational use of the system. EXEMPTIONS CLAIMED FOR THE SYSTEM: The records maintained in the CEI Prototype are the non-exempt portions of the records in the source systems because the information ingested into the CEI Prototype is the information provided directly by the individual for the requested benefit. When a record received from another system has been exempted in that source system under 5 U.S.C. 552a(j)(2) or (k)(1), (k)(2), or (k)(5), DHS will claim the same exemptions for those records that are claimed for the original primary systems of records from which they originated. Dated: August 14, 2013. Jonathan R. Cantor, Acting Chief Privacy Officer, Department of Homeland Security. [FR Doc. 2013–20635 Filed 8–22–13; 8:45 am] BILLING CODE P Dated: August 14, 2013. Ira S. Reese, Executive Director, Laboratories and Scientific Services. DEPARTMENT OF HOMELAND SECURITY U.S. Customs and Border Protection Accreditation and Approval of Saybolt, LP, as a Commercial Gauger and Laboratory U.S. Customs and Border Protection, Department of Homeland Security. ACTION: Notice of accreditation and approval of Saybolt, LP, as a commercial gauger and laboratory. AGENCY: Notice is hereby given, pursuant to CBP regulations, that Saybolt, LP, has been approved to gauge and accredited to test petroleum and petroleum products, organic chemicals and vegetable oils for customs purposes for the next three years as of May 22, 2013. SUMMARY: Effective Dates: The accreditation and approval of Saybolt, LP, as commercial gauger and laboratory became effective on May 22, 2013. The next triennial inspection date will be scheduled for May 2016. FOR FURTHER INFORMATION CONTACT: Approved Gauger and Accredited Laboratories Manager, Laboratories and Scientific Services, U.S. Customs and Border Protection, 1300 Pennsylvania Avenue NW., Suite 1500N, Washington, DC 20229, tel. 202–344–1060. tkelley on DSK3SPTVN1PROD with NOTICES DATES: VerDate Mar<15>2010 17:28 Aug 22, 2013 Jkt 229001 Notice is hereby given pursuant to 19 CFR 151.12 and 19 CFR 151.13, Saybolt, LP, 1123 Highway 43, Saraland, AL 36571, has been approved to gauge and accredited to test petroleum and petroleum products, organic chemicals and vegetable oils for customs purposes, in accordance with the provisions of 19 CFR 151.12 and 19 CFR 151.13. Anyone wishing to employ this entity to conduct laboratory analyses and gauger services should request and receive written assurances from the entity that it is accredited or approved by the U.S. Customs and Border Protection to conduct the specific test or gauger service requested. Alternatively, inquires regarding the specific test or gauger service this entity is accredited or approved to perform may be directed to the U.S. Customs and Border Protection by calling (202) 344–1060. The inquiry may also be sent to cbp.labhq@dhs.gov. Please reference the Web site listed below for a complete listing of CBP approved gaugers and accredited laboratories. https://cbp.gov/ linkhandler/cgov/trade/basic_trade/ labs_scientific_svcs/commercial_ gaugers/gaulist.ctt/gaulist.pdf SUPPLEMENTARY INFORMATION: [FR Doc. 2013–20558 Filed 8–22–13; 8:45 am] BILLING CODE 9111–14–P DEPARTMENT OF HOMELAND SECURITY U.S. Customs and Border Protection FOR FURTHER INFORMATION CONTACT: Approved Gauger and Accredited Laboratories Manager, Laboratories and Scientific Services, U.S. Customs and Border Protection, 1300 Pennsylvania Avenue NW., Suite 1500N, Washington, DC 20229, tel. 202–344–1060. SUPPLEMENTARY INFORMATION: Notice is hereby given pursuant to 19 CFR 151.12 and 19 CFR 151.13, that SGS North America, Inc., 151 James Drive West, St. Rose, LA 70087, has been approved to gauge and accredited to test petroleum and petroleum products, organic chemicals and vegetable oils for customs purposes, in accordance with the provisions of 19 CFR 151.12 and 19 CFR 151.13. Anyone wishing to employ this entity to conduct laboratory analyses and gauger services should request and receive written assurances from the entity that it is accredited or approved by the U.S. Customs and Border Protection to conduct the specific test or gauger service requested. Alternatively, inquiries regarding the specific test or gauger service this entity is accredited or approved to perform may be directed to the U.S. Customs and Border Protection by calling (202) 344– 1060. The inquiry may also be sent to cbp.labhq@dhs.gov. Please reference the Web site listed below for a complete listing of CBP approved gaugers and accredited laboratories. https://cbp.gov/ linkhandler/cgov/trade/basic_trade/ labs_scientific_svcs/commercial_ gaugers/gaulist.ctt/gaulist.pdf. Dated: August 14, 2013. Ira S. Reese, Executive Director, Laboratories and Scientific Services. [FR Doc. 2013–20559 Filed 8–22–13; 8:45 am] Accreditation and Approval of SGS North America, Inc., as a Commercial Gauger and Laboratory U.S. Customs and Border Protection, Department of Homeland Security. ACTION: Notice of accreditation and approval of SGS North America, Inc., as a commercial gauger and laboratory. AGENCY: Notice is hereby given, pursuant to CBP regulations, that SGS North America, Inc., has been approved to gauge and accredited to test petroleum and petroleum products, organic chemicals and vegetable oils for customs purposes for the next three years as of May 23, 2012. DATES: Effective Dates: The accreditation and approval of SGS North America, Inc., as commercial gauger and laboratory became effective on May 23, 2012. The next triennial inspection date will be scheduled for May 2015. SUMMARY: PO 00000 Frm 00061 Fmt 4703 Sfmt 4703 BILLING CODE 9111–14–P DEPARTMENT OF HOMELAND SECURITY U.S. Customs and Border Protection Accreditation and Approval of SGS North America, Inc., as a Commercial Gauger and Laboratory U.S. Customs and Border Protection, Department of Homeland Security. ACTION: Notice of accreditation and approval of SGS North America, Inc., as a commercial gauger and laboratory. AGENCY: Notice is hereby given, pursuant to CBP regulations, that SGS North America, Inc., has been approved to gauge and accredited to test petroleum and petroleum products, organic chemicals and vegetable oils for SUMMARY: E:\FR\FM\23AUN1.SGM 23AUN1

Agencies

[Federal Register Volume 78, Number 164 (Friday, August 23, 2013)]
[Notices]
[Pages 52553-52556]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2013-20635]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Office of the Secretary

[Docket No. DHS-2013-0058]


Privacy Act of 1974; Department of Homeland Security/ALL-035 
Common Entity Index Prototype System of Records

AGENCY: Privacy Office, Department of Homeland Security.

ACTION: Notice of Privacy Act System of Records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, the Department of 
Homeland Security proposes to establish a new Department of Homeland 
Security system of records titled, ``Department of Homeland Security/
ALL--035 Common Entity Index Prototype System of Records.'' This system 
of records allows the Department of Homeland Security to correlate 
identity data from select component-level systems and organizes key 
identifiers that the Department of Homeland Security has collected 
about that individual. This correlation and consolidation of identity 
data will facilitate DHS's ability to carry out its missions with 
appropriate access control. DHS is building a prototype with an initial 
set of data for testing and evaluation purposes. If the system passes 
the testing and evaluation stage and DHS moves to an operational 
system, either this system will be updated or a new system of records 
notice will be published.

DATES: Submit comments on or before September 23, 2013. This new 
prototype system will be effective September 23, 2013.

ADDRESSES: You may submit comments, identified by docket number DHS-
2013-0058 by one of the following methods:
     Federal e-Rulemaking Portal: https://www.regulations.gov. 
Follow the instructions for submitting comments.
     Fax: 202-343-4010.
     Mail: Jonathan R. Cantor, Acting Chief Privacy Officer, 
Privacy Office, Department of Homeland Security, Washington, DC 20528.
    Instructions: All submissions received must include the agency name 
and docket number for this rulemaking. All comments received will be 
posted without change to https://www.regulations.gov, including any 
personal information provided.
    Docket: For access to the docket to read background documents or 
comments received, please visit https://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: For questions, please contact: 
Jonathan R. Cantor, (202) 343-1717, Acting Chief Privacy Officer, 
Privacy Office, Department of Homeland Security, Washington, DC 20528.

SUPPLEMENTARY INFORMATION:

I. Background

    In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the 
Department of Homeland Security (DHS) proposes to establish a new DHS 
system of records titled, ``DHS/ALL--035 Common Entity Index Prototype 
(CEI Prototype).''
    The purpose of this prototype is to determine the feasibility of 
establishing a centralized index of select biographic information that 
will allow DHS to provide a consolidated and correlated record, thereby 
facilitating and improving DHS's ability to carry out its national 
security, homeland security, law enforcement, and benefits missions. 
The ability to perform this task across multiple data sets increases 
the speed and efficiency of this work and contributes to DHS's 
readiness and effectiveness in carrying out its national security, 
homeland security, law enforcement, and benefits missions.
    Since 2007, DHS has operated under the ``One DHS'' policy that was 
implemented to afford DHS personnel timely access to the relevant and 
necessary homeland-security information they need to successfully 
perform their duties. Since this information is subject to privacy, 
civil rights and civil liberties, and other legal protections, DHS 
personnel requesting such information must: (1) Have an authorized 
purpose, authorized mission, and need to know for accessing the 
information in the performance of his or her duties; (2) possess the 
requisite security clearance; and (3) assure adequate safeguarding and 
protection of the information. In the past, however, this access was 
limited, time intensive, and required personnel to log on and query 
separate databases in order to determine the extent of DHS holdings 
pertaining to a particular individual.
    The CEI Prototype will expedite this time-consuming process by 
correlating identity information from select DHS source system data 
sets, resolving differences in the data, and consolidating the data as 
a more comprehensive identity record about an individual, including 
reference to the relevant source system records. The correlations to be 
made will be based on biographic linkages contained within the source 
system data. The CEI Prototype is being tested and evaluated by DHS to 
determine whether it can successfully result in a more authoritative 
and complete biographic picture of the individual about whom 
information is sought. The resulting correlation will be maintained in 
the CEI Prototype system of records.
    The CEI Prototype will correlate biographic data, including full 
name, date of birth, country of birth, government issued document 
number(s), phone number, physical address, and email address when 
available in the source systems. This information will be organized 
into an updated, common record pertaining to a specific individual. The 
CEI Prototype thus provides a consolidated, correlated identity record 
derived from DHS holdings that can then be evaluated for a specific 
purpose or DHS mission activity. The CEI Prototype uses technical 
access controls to provide results to a user's query that are based on 
that user's need to know.
    This approach ensures the appropriate privacy, policy, and 
safeguarding requirements are applied to the new record. The DHS 
Privacy Office, Office for Civil Rights and Civil Liberties, Office of 
the General Counsel, and Office of Policy, in coordination with DHS 
components, will provide policy recommendations and/or oversight of the 
correlation process, and

[[Page 52554]]

evaluate the effectiveness of the prototype.
    Initially, DHS will use certain biographic data elements and 
necessary meta data from the following source data sets to populate the 
CEI Prototype: (1) U.S. Customs and Border Protection (CBP)'s 
Electronic System for Travel Authorization (ESTA), covered by the DHS/
CBP-009--Electronic System for Travel Authorization (ESTA) SORN (July 
30, 2012, 77 FR 44642); (2) U.S. Immigration and Customs Enforcement 
(ICE)'s Student and Exchange Visitor Information System (SEVIS), 
covered by the DHS/ICE-001--Student and Exchange Visitor Information 
System SORN (January 5, 2010, 75 FR 412); and (3) U.S. Transportation 
Security Administration (TSA)'s Alien Flight Student Program (AFS), 
covered by the DHS/TSA-002--Transportation Security Threat Assessment 
System SORN (May 19, 2010, 75 FR 28046). These three data sets were 
identified for the prototype in order to demonstrate how data sets from 
different components can be correlated while maintaining appropriate 
access controls. If additional data sets are added to the CEI 
Prototype, this SORN will be updated. If, based on the results of the 
CEI prototype, DHS creates an operational system, either this SORN will 
be updated or a new SORN will be published.
    For the CEI Prototype, DHS has published limited routine uses but 
none that are intended to allow mission-related sharing for national 
security, homeland security, law enforcement, and benefits purposes. 
Such sharing is not appropriate for a prototype. The information 
contained in the CEI Prototype may be shared from the source system 
pursuant to the appropriate routine uses.

II. Privacy Act

    The Privacy Act embodies fair information practice principles in a 
statutory framework governing the means by which Federal Government 
agencies collect, maintain, use, and disseminate individuals' records. 
The Privacy Act applies to information that is maintained in a ``system 
of records.'' A ``system of records'' is a group of any records under 
the control of an agency from which information is retrieved by the 
name of an individual or by some identifying number, symbol, or other 
unique identifier particular to the individual. In the Privacy Act, an 
individual is defined to encompass U.S. citizens and lawful permanent 
residents. As a matter of policy, DHS extends administrative Privacy 
Act protections to all individuals when systems of records maintain 
information on U.S. citizens, lawful permanent residents, and visitors.
    Below is the description of the DHS/ALL--035 Common Entity Index 
Prototype System of Records.
    In accordance with 5 U.S.C. 552a(r), DHS has provided a report of 
this system of records to the Office of Management and Budget and to 
Congress.
System of Records
    Department of Homeland Security (DHS)/ALL-035.

System name:
    DHS/ALL-035 Common Entity Index Prototype (CEI Prototype).

Security classification:
    Sensitive and unclassified.

System location:
    Records are maintained at the DHS Headquarters in Washington, DC, 
DHS data centers in Stennis, Mississippi, and in locations where DHS 
and its components conduct business.

Categories of individuals covered by the system:
    Categories of individuals covered by this system include:
    (1) foreign nationals who may seek to enter the United States by 
air or sea under the Visa Waiver Program;
    (2) prospective, current, and former non-immigrants to the United 
States on an F-1, M-1, or J-1 class of admission and their dependents 
who have been admitted under an F-2, M-2, or J-2 class of admission 
(collectively, F/M/J non-immigrants);
    (3) a proxy, parent or guardian of an F/M/J nonimmigrant; and
    (4) aliens or other individuals designated by DHS/Transportation 
Security Administration (TSA), including lawful permanent residents 
(LPR), who apply for flight training or recurrent training.
    F nonimmigrants are foreign students pursuing a full course of 
study in a college, university, seminary, conservatory, academic high 
school, private elementary school, other academic institution, or 
language training program in the United States (U.S.) that Student and 
Exchange Visitor Program (SEVP) has certified to enroll foreign 
students. M nonimmigrants are foreign students pursuing a full course 
of study in a vocational or other recognized nonacademic institution 
(e.g., technical school) in the U.S. that SEVP has certified to enroll 
foreign students. J nonimmigrants are foreign nationals selected by a 
sponsor that the Department of State (DOS) has designated to 
participate in an exchange visitor program in the U.S.

Categories of records in the system:
    (1) Correlation created by the Common Entity Index Prototype 
includes
     Identity information;
     Meta Data related to the
    [cir] source system name,
    [cir] system identification number to tie the biographic 
information back to the source system record, and
    [cir] date the record was ingested into the CEI Prototype.
    (2) Source system data elements:
     Full Name;
     Alias(es);
     Gender;
     Date of Birth;
     Country of Birth;
     Country of Citizenship;
     Phone Number;
     Physical Address;
     Email Address;
     Fingerprint Identification Number; and
     Document Type, Number, Date, and Location of Issuance for 
the following types of government issued documents:
    [cir] Passport;
    [cir] Driver's License;
    [cir] Electronic System for Travel Authorization (ESTA);
    [cir] Student and Exchange Visitor Information System (SEVIS) ;
    [cir] Alien Registration; and
    [cir] Visa.

Authority for maintenance of the system:
    Homeland Security Act, 6 U.S.C. 343; Clinger-Cohen Act of 1996, 
Public Law 104-106, codified at 40 U.S.C. 11101, et. seq.

 Purpose(s):
    The purpose of this prototype is to determine the feasibility of 
establishing a centralized index of select biographic information that 
will allow DHS to provide a consolidated and correlated identity, 
thereby facilitating and improving DHS's ability to carry out its 
national security, homeland security, law enforcement, and benefits 
missions.

Routine uses of records maintained in the system, including categories 
of users and the purposes of such uses:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside DHS as a 
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows, except, to the 
extent any of the data contained in the CEI Prototype relates to 
refugees, asylum seekers, and asylees, such information may not be

[[Page 52555]]

disclosed outside DHS as a routine use pursuant to 5 U.S.C. 552a(b)(3), 
but is subject, as a matter of policy, to the confidentiality 
provisions of 8 CFR 208.6.
    A. To the Department of Justice (DOJ), including U.S. Attorney 
Offices, or other federal agencies conducting litigation or in 
proceedings before any court, adjudicative, or administrative body, 
when it is relevant or necessary to the litigation and one of the 
following is a party to the litigation or has an interest in such 
litigation:
    1. DHS or any component thereof;
    2. Any employee or former employee of DHS in his/her official 
capacity;
    3. Any employee or former employee of DHS in his/her individual 
capacity when DOJ or DHS has agreed to represent the employee; or
    4. The United States or any agency thereof.
    B. To a congressional office from the record of an individual in 
response to an inquiry from that congressional office made at the 
request of the individual to whom the record pertains.
    C. To the National Archives and Records Administration (NARA) or 
General Services Administration pursuant to records management 
inspections being conducted under the authority of 44 U.S.C. Sec. Sec.  
2904 and 2906.
    D. To appropriate agencies, entities, and persons when:
    1. DHS suspects or has confirmed that the security or 
confidentiality of information in the system of records has been 
compromised; and
    2. DHS has determined that as a result of the suspected or 
confirmed compromise, there is a risk of identity theft or fraud, harm 
to economic or property interests, harm to an individual, or harm to 
the security or integrity of this system or other systems or programs 
(whether maintained by DHS or another agency or entity) that rely upon 
the compromised information; and
    3. The disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with DHS's efforts to 
respond to the suspected or confirmed compromise and prevent, minimize, 
or remedy such harm.
    E. To contractors and their agents, grantees, experts, consultants, 
and others performing or working on a contract, service, grant, 
cooperative agreement, or other assignment for DHS, when necessary to 
accomplish an agency function related to this system of records. 
Individuals provided information under this routine use are subject to 
the same Privacy Act requirements and limitations on disclosure as are 
applicable to DHS officers and employees.

Disclosure to consumer reporting agencies:
    None.

Policies and practices for storing, retrieving, accessing, retaining, 
and disposing of records in the system:
Storage:
    Records in this system are stored electronically in secure 
facilities in a locked drawer behind a locked door. The records may be 
stored on magnetic disc, tape, or digital media.

Retrievability:
    Records may be retrieved by name or any other unique identifier 
assigned to the individual.

Safeguards:
    Records in this system are safeguarded in accordance with 
applicable rules and policies, including all applicable DHS automated 
systems security and access policies. Strict controls have been imposed 
to minimize the risk of compromising the information that is being 
stored. Access to the computer system containing the records in this 
system is limited to those individuals who have a need to know the 
information for the performance of their official duties and who have 
appropriate clearances or permissions.

Retention and disposal:
    The CEI Prototype ingests data from source systems, and correlates 
the data into a CEI Prototype identity. Ingested data is retained in 
CEI Prototype for no longer than the record retention requirements of 
the source systems. The CEI Prototype creates a correlated identity 
that is dynamic not static. The ingested data elements that make up 
that identity will be subject to the records retention schedules of the 
source systems from which they came. By design, the deletion or 
correction of these elements at the appropriate time will affect the 
correlated record. For example, if a student updates his/her contact 
information, the correlation will be updated.

System Manager and address:
    Executive Director, DHS Information Sharing Environment Office, 
Department of Homeland Security, Washington, DC 20528.

Notification procedure:
    Individuals seeking notification of and access to any record 
contained in this system of records, or seeking to contest its content, 
may submit a request in writing to the Headquarters FOIA Officer, whose 
contact information can be found on the Department's official Web site 
at https://www.dhs.gov/foia under ``Contacts.'' The individual may 
submit the request to the Chief Privacy Officer and Chief Freedom of 
Information Act Officer, Department of Homeland Security, 245 Murray 
Drive, SW., Building 410, STOP-0655, Washington, DC 20528.
    When seeking records about yourself from this system of records or 
any other Departmental system of records, your request must conform 
with the Privacy Act regulations set forth in 6 CFR part 5. You must 
first verify your identity, meaning that you must provide your full 
name, current address, and date and place of birth. You must sign your 
request, and your signature must either be notarized or submitted under 
28 U.S.C. 1746, a law that permits statements to be made under penalty 
of perjury as a substitute for notarization. While no specific form is 
required, you may obtain forms for this purpose from the Chief Privacy 
Officer and Chief Freedom of Information Act Officer, on the 
Department's official Web site at https://www.dhs.gov/foia or by calling 
toll free 1-866-431-0486. In addition, you should:
     Explain why you believe the Department would have 
information on you; and
     Specify when you believe the records would have been 
created.
    If seeking records pertaining to another living individual, include 
a statement from that individual certifying his/her agreement for you 
to access his/her records.
    Without the above information, DHS may not be able to conduct an 
effective search, and your request may be denied due to lack of 
specificity or lack of compliance with applicable regulations.

Record access procedures:
    See ``Notification procedure'' above.

Contesting record procedures:
    See ``Notification procedure'' above.

Record source categories:
    Initially, DHS will use the following source data sets to populate 
CEI Prototype: (1) CBP's ESTA, covered by the DHS/CBP-009--Electronic 
System for Travel Authorization (ESTA) SORN (July 30, 2012, 77 FR 
44642); (2) ICE's SEVIS, covered by the DHS/ICE-001--Student and 
Exchange Visitor Information System SORN (January 5, 2010, 75 FR 412); 
and (3) TSA's AFS, covered by the DHS/TSA-002--Transportation Security 
Threat Assessment System SORN (May 19,

[[Page 52556]]

2010, 75 FR 28046). If additional data sets are added to CEI Prototype, 
this SORN will be updated. If deployed for operational use, additional 
data sources may be used. DHS will update this SORN or issue a new SORN 
prior to the operational use of the system.

Exemptions claimed for the system:
    The records maintained in the CEI Prototype are the non-exempt 
portions of the records in the source systems because the information 
ingested into the CEI Prototype is the information provided directly by 
the individual for the requested benefit. When a record received from 
another system has been exempted in that source system under
    5 U.S.C. 552a(j)(2) or (k)(1), (k)(2), or (k)(5), DHS will claim 
the same exemptions for those records that are claimed for the original 
primary systems of records from which they originated.

    Dated: August 14, 2013.
Jonathan R. Cantor,
Acting Chief Privacy Officer, Department of Homeland Security.
[FR Doc. 2013-20635 Filed 8-22-13; 8:45 am]
BILLING CODE P
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.