Privacy Act of 1974; Department of Homeland Security National Protection and Programs Directorate-002 Chemical Facility Anti-Terrorism Standards Personnel Surety Program System of Records, 28752-28757 [2014-11431]

Download as PDF 28752 Federal Register / Vol. 79, No. 96 / Monday, May 19, 2014 / Notices Information Act Officer, Department of Homeland Security, 245 Murray Drive SW., Building 410, STOP–0655, Washington, DC 20528. When seeking records about yourself from this system of records or any other Departmental system of records, your request must conform with the Privacy Act regulations set forth in 6 CFR Part 5. You must first verify your identity, meaning that you must provide your full name, current address, and date and place of birth. You must sign your request, and your signature must either be notarized or submitted under 28 U.S.C. 1746, a law that permits statements to be made under penalty of perjury as a substitute for notarization. While no specific form is required, you may obtain forms for this purpose from the Chief Privacy Officer and Chief Freedom of Information Act Officer, https://www.dhs.gov/foia or 1–866–431– 0486. In addition you should: • Explain why you believe the Department would have information on you; • Identify which component(s) of the Department you believe may have the information about you; • Specify when you believe the records would have been created; • Provide any information that will help the FOIA staff determine which DHS component agency may have responsive records; and If your request is seeking records pertaining to another living individual, you must include a statement from that individual certifying his/her agreement for you to access his/her records. Without this bulleted information the component(s) may not be able to conduct an effective search, and your request may be denied due to lack of specificity or lack of compliance with applicable regulations. RECORD ACCESS PROCEDURES: See ‘‘Notification procedure’’ above. CONTESTING RECORD PROCEDURES: See ‘‘Notification procedure’’ above. mstockstill on DSK4VPTVN1PROD with NOTICES RECORD SOURCE CATEGORIES: Records are obtained from individuals who apply for and individuals who are insured under the NFIP; WYO companies; flood insurance agents and lenders; individuals requesting NFIP information; insurance appraisal records, title reports, homeowner reports, notations, and documents from homeowner/condominium associations, and NFIP flood maps. DHS/FEMA and WYO companies use various Housing and Urban Development (HUD) and FEMA forms to collect information within this system of records. VerDate Mar<15>2010 17:17 May 16, 2014 Jkt 232001 EXEMPTIONS CLAIMED FOR THE SYSTEM: None. Dated: May 8, 2014 Karen L. Neuman, Chief Privacy Officer, Department of Homeland Security. [FR Doc. 2014–11386 Filed 5–16–14; 8:45 am] BILLING CODE 4410–10–P DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS–2014–0013] Privacy Act of 1974; Department of Homeland Security National Protection and Programs Directorate—002 Chemical Facility Anti-Terrorism Standards Personnel Surety Program System of Records Department of Homeland Security, Privacy Office. ACTION: Notice of Privacy Act System of Records. AGENCY: In accordance with the Privacy Act of 1974, the Department of Homeland Security proposes to update and reissue a current Department of Homeland Security system of records titled, ‘‘Department of Homeland Security/National Protection and Programs Directorate—002 Chemical Facility Anti-Terrorism Standards Personnel Surety Program System of Records.’’ This system of records allows the Department of Homeland Security/ National Protection and Programs Directorate to collect and maintain records on individuals—facility personnel and unescorted visitors—who have or are seeking access to restricted areas and critical assets at high-risk chemical facilities and compare this information to the Terrorist Screening Database, the terrorist watchlist maintained by the Federal Bureau of Investigation’s Terrorist Screening Center. As a result of a biennial review of this system and changes to the Chemical Facility Anti-Terrorism Standards Personnel Surety Program, the Department of Homeland Security/ National Protection and Programs Directorate is updating this system of records notice to include a new category of record and routine use. Administrative updates are being made globally to better align the description of the program with other CFATS Personnel Surety Program documentation. Additionally, the Department of Homeland Security is concurrently issuing a Final Rule to exempt this system of records from SUMMARY: PO 00000 Frm 00082 Fmt 4703 Sfmt 4703 certain provisions of the Privacy Act, elsewhere in the Federal Register. This notice also includes non-substantive changes to simplify the formatting and text of the previously published notice. This updated system will be included in the Department of Homeland Security’s inventory of record systems. DATES: Submit comments on or before June 18, 2014. This updated system will be effective June 18, 2014. ADDRESSES: You may submit comments, identified by docket number DHS– 2014–0013 by one of the following methods: • Federal e-Rulemaking Portal: https://www.regulations.gov. Follow the instructions for submitting comments. • Fax: 202–343–4010. • Mail: Karen L. Neuman, Chief Privacy Officer, Privacy Office, Department of Homeland Security, Washington, DC 20528. Instructions: All submissions received must include the agency name and docket number for this rulemaking. All comments received will be posted without change to https:// www.regulations.gov, including any personal information provided. Docket: For access to the docket to read background documents or comments received, please visit https:// www.regulations.gov. FOR FURTHER INFORMATION CONTACT: For general questions, please contact: Emily Andrew, (703) 235–2182, Privacy Officer, National Protection and Programs Directorate, Department of Homeland Security, Washington, DC 20528. For privacy questions, please contact: Karen L. Neuman, (202) 343– 1717, Chief Privacy Officer, Privacy Office, Department of Homeland Security, Washington, DC 20528. SUPPLEMENTARY INFORMATION: I. Background In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the Department of Homeland Security (DHS) National Protection and Programs Directorate (NPPD) proposes to update and reissue a current DHS system of records titled, ‘‘DHS/NPPD—002 Chemical Facility Anti-Terrorism Standards Personnel Surety Program System of Records.’’ On October 4, 2006, the President signed the DHS Appropriations Act of 2007 (the Act), Public Law 109–295. Section 550 of the Act (Section 550) provides DHS with the authority to regulate the security of high-risk chemical facilities. DHS has promulgated regulations implementing Section 550, the Chemical Facility AntiTerrorism Standards (CFATS), 6 CFR Part 27. E:\FR\FM\19MYN1.SGM 19MYN1 mstockstill on DSK4VPTVN1PROD with NOTICES Federal Register / Vol. 79, No. 96 / Monday, May 19, 2014 / Notices Section 550 requires that DHS establish Risk Based Performance Standards (RBPS) as part of CFATS. RBPS–12 (6 CFR 27.230(a)(12)(iv)) requires that regulated chemical facilities implement ‘‘measures designed to identify people with terrorist ties.’’ The ability to identify individuals with terrorist ties is an inherently governmental function and requires the use of information held in government-maintained databases, which are unavailable to high-risk chemical facilities. Therefore, DHS is implementing the CFATS Personnel Surety Program, which will allow chemical facilities to comply with RBPS–12 by implementing ‘‘measures designed to identify people with terrorist ties.’’ The CFATS Personnel Surety Program will work with the DHS Transportation Security Administration (TSA) to identify individuals who have terrorist ties by vetting information submitted by each high-risk chemical facility against the Terrorist Screening Database (TSDB). The TSDB is the Federal Government’s consolidated and integrated terrorist watchlist of known and suspected terrorists, maintained by the Department of Justice (DOJ) Federal Bureau of Investigation’s (FBI) Terrorist Screening Center (TSC). For more information on the TSDB, see DOJ/FBI— 019 Terrorist Screening Records System, 72 FR 47073 (August 22, 2007). High-risk chemical facilities or their designees will submit the information of: (1) Facility personnel who have or who are seeking access, either unescorted or otherwise, to restricted areas or critical assets; and (2) unescorted visitors who have or who are seeking access to restricted areas or critical assets. These persons, about whom high-risk chemical facilities and facilities’ designees will submit information to DHS, are referred to in this notice as ‘‘affected individuals.’’ Individual high-risk facilities may classify particular contractors or categories of contractors either as ‘‘facility personnel’’ or as ‘‘visitors.’’ This determination should be a facilityspecific determination, and should be based on facility security, operational requirements, and business practices. With the publication of this updated system of records, DHS is making the following changes: (1) Category of records has been updated to include Trusted Traveler Program information and information necessary to assist in verifying status of enrollment in another DHS program; and (2) routine use K has been added. Under routine use K, DHS may provide records to high-risk chemical facilities, or their designees, VerDate Mar<15>2010 17:17 May 16, 2014 Jkt 232001 for the purpose of ensuring that information on all affected individuals submitted by or on behalf of the facility who have or are seeking access to restricted areas or critical assets has been appropriately submitted to DHS. A high-risk chemical facility may have access to information on the affected individuals that were submitted by the facility or on behalf of the facility. Designees of high-risk chemical facilities may only have access to information on the affected individuals that the designee submitted on behalf of the facility. Routine use K is compatible with the purposes for which the information is collected because the information will be used to ensure that the appropriate affected individuals are receiving the required terrorist ties checks. In addition, administrative updates are being made globally to better align the description of the program with other CFATS Personnel Surety Program documentation. This notice also includes non-substantive changes to simplify the formatting and text of the previously published notice. Under the CFATS Personnel Surety Program, for each affected individual a high-risk chemical facility, or its designee, may use the following options for submitting information to the Department (in addition to other options, not discussed in this systems of records notice, that would not involve submission of information to DHS): Option 1—Direct vetting: High-risk chemical facilities (or their designees) may submit information to NPPD about an affected individual to be compared on a recurrent basis against identifying information of known or suspected terrorists, and/or Option 2—Use of vetting conducted under other DHS programs: High-risk chemical facilities (or their designees) may submit information to NPPD about an affected individual’s enrollment in the Transportation Worker Identification Credential (TWIC) Program, Hazardous Materials Endorsement (HME) Program, or the NEXUS, Secure Electronic Network for Travelers Rapid Inspection (SENTRI), Free and Secure Trade (FAST), and Global Entry Trusted Traveler Programs. Each of those programs conducts recurrent vetting, which is equivalent to the terrorist ties vetting conducted under Option 1. Information will be submitted to DHS/NPPD through the Chemical Security Assessment Tool (CSAT), the online data collection portal for CFATS. The high-risk chemical facility or its designees will submit the information of affected individuals to DHS through PO 00000 Frm 00083 Fmt 4703 Sfmt 4703 28753 CSAT. The submitters of this information (Submitters) for each highrisk chemical facility will also affirm, to the best of their knowledge, that the information is: (1) True, correct, and complete; and (2) collected and submitted in compliance with the facility’s Site Security Plan (SSP) or Alternative Security Program (ASP), as authorized and/or approved in accordance with 6 CFR 27.245. The Submitter(s) of each high-risk chemical facility will also affirm that, in accordance with its Site Security Plans, notice required by the Privacy Act of 1974, 5 U.S.C. 552a, has been given to affected individuals before their information is submitted to DHS. DHS previously indicated in the June 14, 2011 Chemical Facility AntiTerrorism Standards Personnel Surety Program System of Records that it would issue a ‘‘verification of receipt’’ to the Submitter(s) of each high-risk chemical facility when a high-risk chemical facility: (1) Submits information about an affected individual for the first time; (2) submits additional, updated, or corrected information about an affected individual; or (3) notifies DHS that an affected individual no longer has or is seeking access to that facility’s restricted areas or critical assets. However, DHS now intends to provide high-risk chemical facilities, and their designees, the ability to create an alert within the CSAT Personnel Surety application that can notify them when DHS has received information about an affected individual(s) under Option 1 or Option 2. Further, DHS will also allow high-risk chemical facilities the ability to view the status (e.g., that some information about an affected individual has been inputted into CSAT but not yet submitted to DHS under Option 1 or Option 2; or that information about an affected individual has been submitted) of records about affected individuals associated with their facility within the CSAT Personnel Surety application. High-risk chemical facilities may also have the ability to download reports from CSAT. These reports may include information submitted about affected individuals with access to that facility as well as status of enrollment in other DHS programs. High-risk chemical facilities will be responsible for managing their user roles and determining what access each user may have within the CFATS Personnel Surety application to ensure that only the appropriate users have access to the information about affected individuals being submitted to DHS. Upon receipt of each affected individual’s information in CSAT using Option 1—Direct vetting, DHS/NPPD E:\FR\FM\19MYN1.SGM 19MYN1 mstockstill on DSK4VPTVN1PROD with NOTICES 28754 Federal Register / Vol. 79, No. 96 / Monday, May 19, 2014 / Notices will send a copy of the information to DHS/TSA. Within DHS/TSA, the Office of Transportation Threat Assessment and Credentialing (TTAC) conducts vetting against the TSDB for several DHS programs. DHS/TSA/TTAC will compare the information of affected individuals collected by DHS (via CSAT) to information in the TSDB on a recurrent basis. DHS/TSA/TTAC will forward potential matches to the DOJ/ FBI/TSC, which will make a final determination of whether an individual’s information is identified as a match to a record in the TSDB. Upon receipt of each affected individual’s information in CSAT using Option 2—Use of vetting conducted under other DHS programs, DHS/NPPD will send information to DHS/TSA to verify enrollment in the TWIC or HME Program or to DHS/U.S. Customs and Border Protection (CBP) to verify enrollment in the Trusted Traveler Program. If an affected individual’s enrollment in one of these programs is verified, NPPD will periodically reverify the affected individual’s continued enrollment. If the affected individual’s enrollment in one of these programs is no longer verified, then NPPD will notify the high-risk chemical facility, or its designee. NPPD may initiate vetting under Option 1, as appropriate. The high-risk chemical facility will be responsible for taking action in accordance with its SSP or ASP, which may include submitting new or updated information on that affected individual. In certain instances, DHS/NPPD may contact a high-risk chemical facility to request additional information (e.g., visa information) pertaining to particular individuals in order to clarify suspected data errors or resolve potential matches (e.g., when an affected individual has a common name). Such requests do not imply, and should not be construed to indicate that an individual’s information has been confirmed as a match to a TSDB record. DHS/NPPD may also conduct data accuracy reviews and audits as part of the CFATS Personnel Surety Program. High-risk chemical facilities may propose to maintain different sorts of records or information related to RBPS 12 as part of their SSP or ASP, and DHS expects that the records or information available could vary from one high-risk chemical facility to another. The types of information DHS may request from high-risk chemical facilities as part of data accuracy reviews or audits could thus vary from facility to facility, based on each facility’s standard business practices and SSP or ASP. The records requested may contain information VerDate Mar<15>2010 17:17 May 16, 2014 Jkt 232001 pertaining to affected individuals that was previously provided to DHS/NPPD by the high-risk chemical facility. Consistent with DHS’s informationsharing mission, information stored in the DHS/NPPD—002 Chemical Facility Anti-Terrorism Standards Personnel Surety Program System of Records may be shared with other DHS components that have a need to know the information to carry out their national security, law enforcement, immigration, intelligence, or other homeland security functions. In addition, DHS/NPPD may share information with appropriate federal, state, local, tribal, territorial, foreign, or international government agencies consistent with the routine uses set forth in this system of records notice. Additionally, DHS is concurrently issuing a Final Rule to exempt this system of records from certain provisions of the Privacy Act elsewhere in the Federal Register. This updated system will be included in DHS’s inventory of record systems. II. Privacy Act The Privacy Act embodies fair information practice principles in a statutory framework governing the means by which federal government agencies collect, maintain, use, and disseminate individuals’ records. The Privacy Act applies to information that is maintained in a ‘‘system of records.’’ A ‘‘system of records’’ is a group of any records under the control of an agency from which information is retrieved by the name of an individual or by some identifying number, symbol, or other identifying particular assigned to the individual. In the Privacy Act, an individual is defined to encompass U.S. citizens and lawful permanent residents. As a matter of policy, DHS extends administrative Privacy Act protections to all individuals when systems of records maintain information on U.S. citizens, lawful permanent residents, and visitors. Below is the description of the DHS/ NPPD—002 Chemical Facility AntiTerrorism Standards Personnel Surety Program System of Records. In accordance with 5 U.S.C. 552a(r), DHS has provided a report of this system of records to the Office of Management and Budget and to Congress. System of Records Department of Homeland Security (DHS)/National Protection and Programs Directorate (NPPD)—002. PO 00000 Frm 00084 Fmt 4703 Sfmt 4703 SYSTEM NAME: DHS/NPPD—002 Chemical Facility Anti-Terrorism Standards Personnel Surety Program SECURITY CLASSIFICATION: Unclassified, Sensitive, For Official Use Only, Law Enforcement-Sensitive, and Classified. SYSTEM LOCATION: Records are maintained at the DHS and NPPD Headquarters in Washington, DC and field offices. CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: (1) High-risk chemical facility personnel and unescorted visitors who have or are seeking access to restricted areas or critical assets at high-risk chemical facilities (see 6 CFR 27.230(a)(12)), referred to in this notice as ‘‘affected individuals’’; (2) High-risk chemical facility personnel or designees who contact DHS/NPPD or a federal law enforcement entity with follow-up questions regarding submission of an individual’s information to DHS/NPPD; (3) Individuals listed in the TSDB against whom potential or confirmed matches have been made; and (4) Individuals who have been or seek to be distinguished from individuals listed in the TSDB through redress or other means as a result of the Personnel Surety Program. CATEGORIES OF RECORDS IN THE SYSTEM: (1) High-risk chemical facilities are required to submit the following information on all facility personnel and unescorted visitors who have or are seeking access to restricted areas or critical assets: a. U.S. Citizens and Lawful Permanent Residents i. Full name; ii. Date of birth; and iii. Citizenship or Gender. b. Non-U.S. persons i. Full name; ii. Date of birth; iii. Citizenship; and iv. Passport information and/or alien registration number. (2) To reduce the likelihood of false positives in matching against the TSDB, high-risk chemical facilities may also (optionally) submit the following information on facility personnel and unescorted visitors who have or are seeking access to restricted areas or critical assets: a. Aliases; b. Gender (for Non-U.S. persons); c. Place of birth; and d. Redress Number. E:\FR\FM\19MYN1.SGM 19MYN1 mstockstill on DSK4VPTVN1PROD with NOTICES Federal Register / Vol. 79, No. 96 / Monday, May 19, 2014 / Notices (3) High-risk chemical facilities may submit different information on individuals who maintain DHS screening program credentials or endorsements that require TSDB checks equivalent to the checks to be performed as part of the CFATS Personnel Surety Program. Instead of submitting the information listed in category (1), above, high risk chemical facilities may submit the following information for such individuals: a. Full name; b. Date of birth; c. Name of the DHS program that conducts equivalent vetting against the TSDB, such as the Transportation Worker Identification Credential (TWIC) Program, the Hazardous Materials Endorsement (HME) Program, or Trusted Traveler Program; d. Unique number, or other program specific verifying information associated with a DHS screening program, necessary to verify an individual’s enrollment, such as TWIC Serial Number for the TWIC Program, Commercial Driver’s License (CDL) Number and CDL issuing state(s) for the HME Program, or PASS ID Number for the Trusted Traveler Program; and e. Expiration date of the credential endorsed or issued by the DHS screening program. This alternative is optional—high-risk chemical facilities may either submit the information listed in category (1) for such individuals, or may submit the information listed in category (3) for such individuals. (4) When high-risk chemical facilities choose to submit the information listed in category (3), above, they may also (optionally) submit the following information on facility personnel and unescorted visitors who have or are seeking access to restricted areas or critical assets: a. Aliases; b. Place of Birth; c. Gender; d. Citizenship; and e. Redress Number. (5) DHS could collect additional identifying information from a high-risk chemical facility as necessary to confirm or clear a potential match to a TSDB record. Information collected by highrisk chemical facilities and submitted to DHS for this purpose could include any information listed in categories (1) through (4), passport information, visa information, driver’s license information, or other available identifying particulars, used to compare the identity of an individual being screened with information listed in the TSDB; VerDate Mar<15>2010 17:17 May 16, 2014 Jkt 232001 (6) In the event that a confirmed match is identified as part of the CFATS Personnel Surety Program, in addition to other records listed under the categories of records section of this SORN, DHS will obtain references to or information from other government law enforcement and intelligence databases, as well as other relevant databases that may contain terrorism information; (7) Information necessary to assist in tracking submissions and transmission of records or verifying status of enrollment in another DHS program, including electronic verification that DHS has received a particular record; and (8) Information provided by individuals covered by this system in support of any redress request, including DHS Redress Numbers and/or any of the above categories of records. AUTHORITY FOR MAINTENANCE OF THE SYSTEM: DHS Appropriations Act of 2007, Section 550, Public Law 109–295, 120 Stat. 1355 (October 4, 2006), as amended; and the Chemical Facility Anti-Terrorism Standards, 6 CFR Part 27. PURPOSE(S): The purpose of this system is to identify persons listed in the TSDB who have or are seeking access to restricted areas or critical assets at high-risk chemical facilities. ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES: In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed outside DHS as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows: A. To the Department of Justice (DOJ), including Offices of the U.S. Attorneys, or other federal agencies conducting litigation or in proceedings before any court, adjudicative, or administrative body, when it is relevant or necessary to the litigation and one of the following is a party to the litigation or has an interest in such litigation: 1. DHS or any component thereof; 2. Any employee or former employee of DHS in his/her official capacity; 3. Any employee or former employee of DHS in his/her individual capacity when DOJ or DHS has agreed to represent the employee; or 4. The U.S. or any agency thereof. B. To a congressional office from the record of an individual in response to an inquiry from that congressional office PO 00000 Frm 00085 Fmt 4703 Sfmt 4703 28755 made at the request of the individual to whom the record pertains. C. To the National Archives and Records Administration (NARA) or General Services Administration pursuant to records management inspections being conducted under the authority of 44 U.S.C. 2904 and 2906. D. To an agency or organization for the purpose of performing audit or oversight operations as authorized by law, but only such information as is necessary and relevant to such audit or oversight function. E. To appropriate agencies, entities, and persons when: 1. DHS suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised; 2. DHS has determined that as a result of the suspected or confirmed compromise, there is a risk of identity theft or fraud, harm to economic or property interests, harm to an individual, or harm to the security or integrity of this system or other systems or programs (whether maintained by DHS or another agency or entity) that rely upon the compromised information; and 3. The disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with DHS’s efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm. F. To contractors and their agents, grantees, experts, consultants, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for DHS, when necessary to accomplish an agency function related to this system of records. Individuals provided information under this routine use are subject to the same Privacy Act requirements and limitations on disclosure as are applicable to DHS officers and employees. G. To an appropriate federal, state, tribal, local, international, or foreign law enforcement agency or other appropriate authority charged with investigating or prosecuting a violation or enforcing or implementing a law, rule, regulation, or order, when a record, either on its face or in conjunction with other information, indicates a violation or potential violation of law, which includes criminal, civil, or regulatory violations and such disclosure is proper and consistent with the official duties of the person making the disclosure. H. To federal, state, local, tribal, territorial, foreign, multinational, or private sector entities as appropriate to assist in coordination of terrorist threat E:\FR\FM\19MYN1.SGM 19MYN1 28756 Federal Register / Vol. 79, No. 96 / Monday, May 19, 2014 / Notices awareness, assessment, analysis, or response. I. To an appropriate federal, state, tribal, local, international, or foreign agency or other appropriate authority regarding individuals who pose, or are suspected of posing a risk to national security. J. To an appropriate federal, state, tribal, local, international, foreign agency, other appropriate governmental entities or authority to: 1. Determine whether an individual is a positive identity match to an identity in the TSDB; 2. Facilitate operational, law enforcement, or intelligence responses, if appropriate, when vetted individuals’ identities match identities contained in the TSDB; 3. Provide information and analysis about terrorist encounters and known or suspected terrorists to appropriate domestic and foreign government agencies and officials for counterterrorism purposes; or 4. Perform technical implementation functions necessary for the CFATS Personnel Surety Program. K. To high-risk chemical facilities, or their designees, for the purpose of ensuring that information on all affected individuals submitted by or on behalf of the facility who have or are seeking access to restricted areas or critical assets at a high-risk chemical facility has been appropriately submitted to the Department. L. To the news media and the public, with the approval of the Chief Privacy Officer in consultation with counsel, when there exists a legitimate public interest in the disclosure of the information, when disclosure is necessary to preserve confidence in the integrity of DHS, or when disclosure is necessary to demonstrate the accountability of DHS’s officers, employees, or individuals covered by the system, except to the extent the Chief Privacy Officer determines that release of the specific information in the context of a particular case would constitute an unwarranted invasion of personal privacy. DISCLOSURE TO CONSUMER REPORTING AGENCIES: mstockstill on DSK4VPTVN1PROD with NOTICES None. POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM: STORAGE: DHS/NPPD stores records in this system electronically or on paper in secure facilities in a locked drawer behind a locked door. The records may be stored on magnetic disc, tape, digital media. VerDate Mar<15>2010 17:17 May 16, 2014 Jkt 232001 RETRIEVABILITY: Records may be retrieved by searching any of the categories of records listed above. Records may also be retrievable by relevant chemical facility name, chemical facility location, chemical facility contact information, and by other facility-specific data points. SAFEGUARDS: DHS/NPPD safeguards records in this system according to applicable rules and policies, including all applicable DHS automated systems security and access policies. NPPD has imposed strict controls to minimize the risk of compromising the information that is being stored. Access to the computer system containing the records in this system is limited to those individuals who have a need to know the information for the performance of their official duties and who have appropriate clearances or permissions. RETENTION AND DISPOSAL: A proposed schedule for the retention and disposal of records collected under the DHS/NPPD—002 Chemical Facility Anti-Terrorism Standards Personnel Surety Program System of Records is being developed by the DHS and NPPD Offices of Records Management for approval by NARA. The length of time DHS/NPPD will retain information on individuals will depend on individual TSDB vetting results. Specifically, individuals’ information will be retained as described below, based on the individuals’ placements into three categories: (1) Information pertaining to an individual who is not a potential or confirmed match to a TSDB record will be retained for one year after a high-risk chemical facility has notified NPPD that the individual no longer has or is seeking access to the restricted areas or critical assets of the facility; (2) Information pertaining to an individual who may originally have appeared to be a match a TSDB record, but who was subsequently determined not to be a match, will be retained for seven years after completion of TSDB matching, or one year after the high-risk chemical facility that submitted that individual’s information has notified DHS/NPPD that the individual no longer has or is seeking access to the restricted areas or critical assets of the facility, whichever is later; and (3) Information pertaining to an individual who is a positive match to a TSDB record will be retained for ninetynine years after completion of matching activity, or seven years after DHS/NPPD PO 00000 Frm 00086 Fmt 4703 Sfmt 4703 learns that the individual is deceased, whichever is earlier. DHS/TSA/TTAC will maintain records within its possession in accordance with the DHS/TSA–002— Transportation Security Threat Assessment System of Records, 75 FR 28046 (May 19, 2010). DHS/CBP will maintain records in its possession in accordance with the DHS/CBP–002— Global Enrollment System of Records, 71 FR 20708 (April 21, 2006). DHS/NPPD will also retain records to conduct inspections or audits under 6 CFR 27.245 and 6 CFR 27.250 to ensure that high-risk chemical facilities are in compliance with CFATS. These records could include the names of individuals with access to high-risk chemical facilities’ restricted areas and critical assets, the periods of time during which high-risk chemical facilities indicate that such individuals have/had access, and any other information listed elsewhere in this notice, as appropriate. The retention periods for these records provide reasonable amounts of time for law enforcement, intelligence, or redress matters involving individuals who have or are seeking access to restricted areas or critical assets at highrisk chemical facilities. SYSTEM MANAGER AND ADDRESS: CFATS Personnel Surety Program Manager, 250 Murray Lane SW., Mail Stop 0610, Washington, DC 20528. NOTIFICATION PROCEDURE: The Secretary of Homeland Security has exempted this system from the notification, access, and amendment procedures of the Privacy Act. However, DHS/NPPD will consider individual requests to determine whether or not information may be released. Thus, individuals seeking notification of and access to any record contained in this system of records, or seeking to contest its content, may submit a request in writing to the Chief Privacy Officer and DHS or NPPD FOIA Officer, whose contact information can be found at https://www.dhs.gov/foia under ‘‘Contacts.’’ If an individual believes more than one component maintains Privacy Act records concerning him or her, the individual may submit the request to the Chief Privacy Officer and Chief Freedom of Information Act Officer, Department of Homeland Security, 245 Murray Drive SW., Building 410, Mail Stop 0655, Washington, DC 20528. When seeking records about yourself from this system of records or any other Departmental system of records, your request must conform with the Privacy Act regulations set forth in 6 CFR Part E:\FR\FM\19MYN1.SGM 19MYN1 Federal Register / Vol. 79, No. 96 / Monday, May 19, 2014 / Notices 5. You must first verify your identity, meaning that you must provide your full name, current address, and date and place of birth. You must sign your request, and your signature must either be notarized or submitted under 28 U.S.C. § 1746, a law that permits statements to be made under penalty of perjury as a substitute for notarization. While no specific form is required, you may obtain forms for this purpose from the Chief Privacy Officer and Chief Freedom of Information Act Officer, https://www.dhs.gov/foia or 1–866–431– 0486. In addition, you should: • Explain why you believe the Department would have information on you; • Identify which component(s) of the Department you believe may have the information about you; • Specify when you believe the records would have been created; and • Provide any other information that will help the FOIA staff determine which DHS component agency may have responsive records; If your request is seeking records pertaining to another living individual, you must include a statement from that individual certifying his/her agreement for you to access his/her records. Without the above information, the component(s) may not be able to conduct an effective search, and your request may be denied due to lack of specificity or lack of compliance with applicable regulations. RECORD ACCESS PROCEDURES: See ‘‘Notification procedure’’ above. CONTESTING RECORD PROCEDURES: See ‘‘Notification procedure’’ above. mstockstill on DSK4VPTVN1PROD with NOTICES RECORD SOURCE CATEGORIES: NPPD obtains records from high-risk chemical facilities and their designees. High-risk chemical facilities must provide notice to each affected individual prior to submission of the affected individual’s information to DHS/NPPD. This will include notice that additional information may be requested after the initial submission. NPPD may also obtain information from other DHS programs when DHS verifies enrollment of an affected individual in another vetting or credentialing program. Information may also be obtained from the DOJ/FBI—019 Terrorist Screening Records System, 72 FR 47073 (August 22, 2007), or from other FBI sources. EXEMPTIONS CLAIMED FOR THE SYSTEM: The Secretary of Homeland Security, pursuant to 5 U.S.C. 552a(k)(1) and (k)(2), has exempted this system from VerDate Mar<15>2010 19:11 May 16, 2014 Jkt 232001 the following provisions of the Privacy Act, 5 U.S.C. 552a(c)(3); (d); (e)(1); (e)(4)(G), (e)(4)(H), (e)(4)(I); and (f). When this system receives a record from another system exempted in that source system under 5 U.S.C. 552a(j) or (k), DHS will claim the same exemptions for those records that are claimed for the original primary systems of records from which they originated and claims any additional exemptions set forth here. For more information on the FBI’s Terrorist Screening Records System, see DOJ/FBI—019 Terrorist Screening Records System, 72 FR 47073 (August 22, 2007). DHS does not claim any exemptions for the information high-risk chemical facilities or their designees submit to DHS as part of this system of records. Dated: May 1, 2014. Karen L. Neuman, Chief Privacy Officer, Department of Homeland Security. [FR Doc. 2014–11431 Filed 5–16–14; 8:45 am] BILLING CODE 9110–9P–P DEPARTMENT OF HOMELAND SECURITY U.S. Citizenship and Immigration Services [OMB Control Number 1615–0105] Agency Information Collection Activities: Notice of Entry of Appearance as Attorney or Accredited Representative; Notice of Entry of Appearance as Attorney In Matters Outside the Geographical Confines of the United States, Form G–28; G–28I; Revision of a Currently Approved Collection. ACTION: 60-Day notice. The Department of Homeland Security (DHS), U.S. Citizenship and Immigration Services (USCIS) invites the general public and other Federal agencies to comment upon this proposed revision of a currently approved collection of information. In accordance with the Paperwork Reduction Act (PRA) of 1995, the information collection notice is published in the Federal Register to obtain comments regarding the nature of the information collection, the categories of respondents, the estimated burden (i.e., the time, effort, and resources used by the respondents to respond), the estimated cost to the respondent, and the actual information collection instruments. USCIS is also soliciting comments regarding additional features proposed for incorporation into form G–28. The SUMMARY: PO 00000 Frm 00087 Fmt 4703 Sfmt 4703 28757 new features clarify USCIS notification practices relating to represented parties. Specifically, USCIS is revising the G–28 to provide that, for represented parties DHS will send all original notices and documents regarding any application or petition filed with DHS to the applicants and petitioners directly with a courtesy copy sent to the attorney of record or accredited representative. However, on the form the applicant or petitioner may instruct USCIS to (a) send any notice regarding an application or petition that he or she has filed with DHS to the business address of their attorney of record or accredited representative as listed in the form, or; (b) send any secure identity document, such as a Permanent Resident Card or Employment Authorization Document, that he or she is approved, for to the official business address of his or her attorney of record or accredited representative. The proposed new forms are available for review in the docket. DATES: Comments are encouraged and will be accepted for 60 days until July 18, 2014. ADDRESSES: All submissions received must include the OMB Control Number 1615–0105 in the subject box, the agency name and Docket ID USCIS– 2008–0037. To avoid duplicate submissions, please use only one of the following methods to submit comments: (1) Online. Submit comments via the Federal eRulemaking Portal Web site at www.regulations.gov under e-Docket ID number USCIS–2008–0037; (2) Email. Submit comments to USCISFRComment@uscis.dhs.gov; (3) Mail. Submit written comments to DHS, USCIS, Office of Policy and Strategy, Chief, Regulatory Coordination Division, 20 Massachusetts Avenue NW., Washington, DC 20529–2140. SUPPLEMENTARY INFORMATION: Comments Regardless of the method used for submitting comments or material, all submissions will be posted, without change, to the Federal eRulemaking Portal at https://www.regulations.gov, and will include any personal information you provide. Therefore, submitting this information makes it public. You may wish to consider limiting the amount of personal information that you provide in any voluntary submission you make to DHS. DHS may withhold information provided in comments from public viewing that it determines may impact the privacy of an individual or is offensive. For additional information, please read the Privacy Act notice that E:\FR\FM\19MYN1.SGM 19MYN1

Agencies

[Federal Register Volume 79, Number 96 (Monday, May 19, 2014)]
[Notices]
[Pages 28752-28757]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2014-11431]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Office of the Secretary

[Docket No. DHS-2014-0013]


Privacy Act of 1974; Department of Homeland Security National 
Protection and Programs Directorate--002 Chemical Facility Anti-
Terrorism Standards Personnel Surety Program System of Records

AGENCY: Department of Homeland Security, Privacy Office.

ACTION: Notice of Privacy Act System of Records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, the Department of 
Homeland Security proposes to update and reissue a current Department 
of Homeland Security system of records titled, ``Department of Homeland 
Security/National Protection and Programs Directorate--002 Chemical 
Facility Anti-Terrorism Standards Personnel Surety Program System of 
Records.'' This system of records allows the Department of Homeland 
Security/National Protection and Programs Directorate to collect and 
maintain records on individuals--facility personnel and unescorted 
visitors--who have or are seeking access to restricted areas and 
critical assets at high-risk chemical facilities and compare this 
information to the Terrorist Screening Database, the terrorist 
watchlist maintained by the Federal Bureau of Investigation's Terrorist 
Screening Center. As a result of a biennial review of this system and 
changes to the Chemical Facility Anti-Terrorism Standards Personnel 
Surety Program, the Department of Homeland Security/National Protection 
and Programs Directorate is updating this system of records notice to 
include a new category of record and routine use. Administrative 
updates are being made globally to better align the description of the 
program with other CFATS Personnel Surety Program documentation. 
Additionally, the Department of Homeland Security is concurrently 
issuing a Final Rule to exempt this system of records from certain 
provisions of the Privacy Act, elsewhere in the Federal Register. This 
notice also includes non-substantive changes to simplify the formatting 
and text of the previously published notice. This updated system will 
be included in the Department of Homeland Security's inventory of 
record systems.

DATES: Submit comments on or before June 18, 2014. This updated system 
will be effective June 18, 2014.

ADDRESSES: You may submit comments, identified by docket number DHS-
2014-0013 by one of the following methods:
     Federal e-Rulemaking Portal: https://www.regulations.gov. 
Follow the instructions for submitting comments.
     Fax: 202-343-4010.
     Mail: Karen L. Neuman, Chief Privacy Officer, Privacy 
Office, Department of Homeland Security, Washington, DC 20528.
    Instructions: All submissions received must include the agency name 
and docket number for this rulemaking. All comments received will be 
posted without change to https://www.regulations.gov, including any 
personal information provided.
    Docket: For access to the docket to read background documents or 
comments received, please visit https://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: For general questions, please contact: 
Emily Andrew, (703) 235-2182, Privacy Officer, National Protection and 
Programs Directorate, Department of Homeland Security, Washington, DC 
20528. For privacy questions, please contact: Karen L. Neuman, (202) 
343-1717, Chief Privacy Officer, Privacy Office, Department of Homeland 
Security, Washington, DC 20528.

SUPPLEMENTARY INFORMATION:

I. Background

    In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the 
Department of Homeland Security (DHS) National Protection and Programs 
Directorate (NPPD) proposes to update and reissue a current DHS system 
of records titled, ``DHS/NPPD--002 Chemical Facility Anti-Terrorism 
Standards Personnel Surety Program System of Records.''
    On October 4, 2006, the President signed the DHS Appropriations Act 
of 2007 (the Act), Public Law 109-295. Section 550 of the Act (Section 
550) provides DHS with the authority to regulate the security of high-
risk chemical facilities. DHS has promulgated regulations implementing 
Section 550, the Chemical Facility Anti-Terrorism Standards (CFATS), 6 
CFR Part 27.

[[Page 28753]]

    Section 550 requires that DHS establish Risk Based Performance 
Standards (RBPS) as part of CFATS. RBPS-12 (6 CFR 27.230(a)(12)(iv)) 
requires that regulated chemical facilities implement ``measures 
designed to identify people with terrorist ties.'' The ability to 
identify individuals with terrorist ties is an inherently governmental 
function and requires the use of information held in government-
maintained databases, which are unavailable to high-risk chemical 
facilities. Therefore, DHS is implementing the CFATS Personnel Surety 
Program, which will allow chemical facilities to comply with RBPS-12 by 
implementing ``measures designed to identify people with terrorist 
ties.''
    The CFATS Personnel Surety Program will work with the DHS 
Transportation Security Administration (TSA) to identify individuals 
who have terrorist ties by vetting information submitted by each high-
risk chemical facility against the Terrorist Screening Database (TSDB). 
The TSDB is the Federal Government's consolidated and integrated 
terrorist watchlist of known and suspected terrorists, maintained by 
the Department of Justice (DOJ) Federal Bureau of Investigation's (FBI) 
Terrorist Screening Center (TSC). For more information on the TSDB, see 
DOJ/FBI--019 Terrorist Screening Records System, 72 FR 47073 (August 
22, 2007).
    High-risk chemical facilities or their designees will submit the 
information of: (1) Facility personnel who have or who are seeking 
access, either unescorted or otherwise, to restricted areas or critical 
assets; and (2) unescorted visitors who have or who are seeking access 
to restricted areas or critical assets. These persons, about whom high-
risk chemical facilities and facilities' designees will submit 
information to DHS, are referred to in this notice as ``affected 
individuals.'' Individual high-risk facilities may classify particular 
contractors or categories of contractors either as ``facility 
personnel'' or as ``visitors.'' This determination should be a 
facility-specific determination, and should be based on facility 
security, operational requirements, and business practices.
    With the publication of this updated system of records, DHS is 
making the following changes: (1) Category of records has been updated 
to include Trusted Traveler Program information and information 
necessary to assist in verifying status of enrollment in another DHS 
program; and (2) routine use K has been added. Under routine use K, DHS 
may provide records to high-risk chemical facilities, or their 
designees, for the purpose of ensuring that information on all affected 
individuals submitted by or on behalf of the facility who have or are 
seeking access to restricted areas or critical assets has been 
appropriately submitted to DHS. A high-risk chemical facility may have 
access to information on the affected individuals that were submitted 
by the facility or on behalf of the facility. Designees of high-risk 
chemical facilities may only have access to information on the affected 
individuals that the designee submitted on behalf of the facility. 
Routine use K is compatible with the purposes for which the information 
is collected because the information will be used to ensure that the 
appropriate affected individuals are receiving the required terrorist 
ties checks.
    In addition, administrative updates are being made globally to 
better align the description of the program with other CFATS Personnel 
Surety Program documentation. This notice also includes non-substantive 
changes to simplify the formatting and text of the previously published 
notice.
    Under the CFATS Personnel Surety Program, for each affected 
individual a high-risk chemical facility, or its designee, may use the 
following options for submitting information to the Department (in 
addition to other options, not discussed in this systems of records 
notice, that would not involve submission of information to DHS):
    Option 1--Direct vetting: High-risk chemical facilities (or their 
designees) may submit information to NPPD about an affected individual 
to be compared on a recurrent basis against identifying information of 
known or suspected terrorists, and/or
    Option 2--Use of vetting conducted under other DHS programs: High-
risk chemical facilities (or their designees) may submit information to 
NPPD about an affected individual's enrollment in the Transportation 
Worker Identification Credential (TWIC) Program, Hazardous Materials 
Endorsement (HME) Program, or the NEXUS, Secure Electronic Network for 
Travelers Rapid Inspection (SENTRI), Free and Secure Trade (FAST), and 
Global Entry Trusted Traveler Programs. Each of those programs conducts 
recurrent vetting, which is equivalent to the terrorist ties vetting 
conducted under Option 1.
    Information will be submitted to DHS/NPPD through the Chemical 
Security Assessment Tool (CSAT), the online data collection portal for 
CFATS. The high-risk chemical facility or its designees will submit the 
information of affected individuals to DHS through CSAT. The submitters 
of this information (Submitters) for each high-risk chemical facility 
will also affirm, to the best of their knowledge, that the information 
is: (1) True, correct, and complete; and (2) collected and submitted in 
compliance with the facility's Site Security Plan (SSP) or Alternative 
Security Program (ASP), as authorized and/or approved in accordance 
with 6 CFR 27.245. The Submitter(s) of each high-risk chemical facility 
will also affirm that, in accordance with its Site Security Plans, 
notice required by the Privacy Act of 1974, 5 U.S.C. 552a, has been 
given to affected individuals before their information is submitted to 
DHS.
    DHS previously indicated in the June 14, 2011 Chemical Facility 
Anti-Terrorism Standards Personnel Surety Program System of Records 
that it would issue a ``verification of receipt'' to the Submitter(s) 
of each high-risk chemical facility when a high-risk chemical facility: 
(1) Submits information about an affected individual for the first 
time; (2) submits additional, updated, or corrected information about 
an affected individual; or (3) notifies DHS that an affected individual 
no longer has or is seeking access to that facility's restricted areas 
or critical assets. However, DHS now intends to provide high-risk 
chemical facilities, and their designees, the ability to create an 
alert within the CSAT Personnel Surety application that can notify them 
when DHS has received information about an affected individual(s) under 
Option 1 or Option 2. Further, DHS will also allow high-risk chemical 
facilities the ability to view the status (e.g., that some information 
about an affected individual has been inputted into CSAT but not yet 
submitted to DHS under Option 1 or Option 2; or that information about 
an affected individual has been submitted) of records about affected 
individuals associated with their facility within the CSAT Personnel 
Surety application. High-risk chemical facilities may also have the 
ability to download reports from CSAT. These reports may include 
information submitted about affected individuals with access to that 
facility as well as status of enrollment in other DHS programs. High-
risk chemical facilities will be responsible for managing their user 
roles and determining what access each user may have within the CFATS 
Personnel Surety application to ensure that only the appropriate users 
have access to the information about affected individuals being 
submitted to DHS.
    Upon receipt of each affected individual's information in CSAT 
using Option 1--Direct vetting, DHS/NPPD

[[Page 28754]]

will send a copy of the information to DHS/TSA. Within DHS/TSA, the 
Office of Transportation Threat Assessment and Credentialing (TTAC) 
conducts vetting against the TSDB for several DHS programs. DHS/TSA/
TTAC will compare the information of affected individuals collected by 
DHS (via CSAT) to information in the TSDB on a recurrent basis. DHS/
TSA/TTAC will forward potential matches to the DOJ/FBI/TSC, which will 
make a final determination of whether an individual's information is 
identified as a match to a record in the TSDB.
    Upon receipt of each affected individual's information in CSAT 
using Option 2--Use of vetting conducted under other DHS programs, DHS/
NPPD will send information to DHS/TSA to verify enrollment in the TWIC 
or HME Program or to DHS/U.S. Customs and Border Protection (CBP) to 
verify enrollment in the Trusted Traveler Program. If an affected 
individual's enrollment in one of these programs is verified, NPPD will 
periodically re-verify the affected individual's continued enrollment. 
If the affected individual's enrollment in one of these programs is no 
longer verified, then NPPD will notify the high-risk chemical facility, 
or its designee. NPPD may initiate vetting under Option 1, as 
appropriate. The high-risk chemical facility will be responsible for 
taking action in accordance with its SSP or ASP, which may include 
submitting new or updated information on that affected individual.
    In certain instances, DHS/NPPD may contact a high-risk chemical 
facility to request additional information (e.g., visa information) 
pertaining to particular individuals in order to clarify suspected data 
errors or resolve potential matches (e.g., when an affected individual 
has a common name). Such requests do not imply, and should not be 
construed to indicate that an individual's information has been 
confirmed as a match to a TSDB record.
    DHS/NPPD may also conduct data accuracy reviews and audits as part 
of the CFATS Personnel Surety Program. High-risk chemical facilities 
may propose to maintain different sorts of records or information 
related to RBPS 12 as part of their SSP or ASP, and DHS expects that 
the records or information available could vary from one high-risk 
chemical facility to another. The types of information DHS may request 
from high-risk chemical facilities as part of data accuracy reviews or 
audits could thus vary from facility to facility, based on each 
facility's standard business practices and SSP or ASP. The records 
requested may contain information pertaining to affected individuals 
that was previously provided to DHS/NPPD by the high-risk chemical 
facility.
    Consistent with DHS's information-sharing mission, information 
stored in the DHS/NPPD--002 Chemical Facility Anti-Terrorism Standards 
Personnel Surety Program System of Records may be shared with other DHS 
components that have a need to know the information to carry out their 
national security, law enforcement, immigration, intelligence, or other 
homeland security functions. In addition, DHS/NPPD may share 
information with appropriate federal, state, local, tribal, 
territorial, foreign, or international government agencies consistent 
with the routine uses set forth in this system of records notice.
    Additionally, DHS is concurrently issuing a Final Rule to exempt 
this system of records from certain provisions of the Privacy Act 
elsewhere in the Federal Register. This updated system will be included 
in DHS's inventory of record systems.

II. Privacy Act

    The Privacy Act embodies fair information practice principles in a 
statutory framework governing the means by which federal government 
agencies collect, maintain, use, and disseminate individuals' records. 
The Privacy Act applies to information that is maintained in a ``system 
of records.'' A ``system of records'' is a group of any records under 
the control of an agency from which information is retrieved by the 
name of an individual or by some identifying number, symbol, or other 
identifying particular assigned to the individual. In the Privacy Act, 
an individual is defined to encompass U.S. citizens and lawful 
permanent residents. As a matter of policy, DHS extends administrative 
Privacy Act protections to all individuals when systems of records 
maintain information on U.S. citizens, lawful permanent residents, and 
visitors.
    Below is the description of the DHS/NPPD--002 Chemical Facility 
Anti-Terrorism Standards Personnel Surety Program System of Records.
    In accordance with 5 U.S.C. 552a(r), DHS has provided a report of 
this system of records to the Office of Management and Budget and to 
Congress.
System of Records
    Department of Homeland Security (DHS)/National Protection and 
Programs Directorate (NPPD)--002.

System name:
    DHS/NPPD--002 Chemical Facility Anti-Terrorism Standards Personnel 
Surety Program

Security classification:
    Unclassified, Sensitive, For Official Use Only, Law Enforcement-
Sensitive, and Classified.

System location:
    Records are maintained at the DHS and NPPD Headquarters in 
Washington, DC and field offices.

Categories of individuals covered by the system:
    (1) High-risk chemical facility personnel and unescorted visitors 
who have or are seeking access to restricted areas or critical assets 
at high-risk chemical facilities (see 6 CFR 27.230(a)(12)), referred to 
in this notice as ``affected individuals'';
    (2) High-risk chemical facility personnel or designees who contact 
DHS/NPPD or a federal law enforcement entity with follow-up questions 
regarding submission of an individual's information to DHS/NPPD;
    (3) Individuals listed in the TSDB against whom potential or 
confirmed matches have been made; and
    (4) Individuals who have been or seek to be distinguished from 
individuals listed in the TSDB through redress or other means as a 
result of the Personnel Surety Program.

Categories of records in the system:
    (1) High-risk chemical facilities are required to submit the 
following information on all facility personnel and unescorted visitors 
who have or are seeking access to restricted areas or critical assets:
    a. U.S. Citizens and Lawful Permanent Residents
    i. Full name;
    ii. Date of birth; and
    iii. Citizenship or Gender.
    b. Non-U.S. persons
    i. Full name;
    ii. Date of birth;
    iii. Citizenship; and
    iv. Passport information and/or alien registration number.
    (2) To reduce the likelihood of false positives in matching against 
the TSDB, high-risk chemical facilities may also (optionally) submit 
the following information on facility personnel and unescorted visitors 
who have or are seeking access to restricted areas or critical assets:
    a. Aliases;
    b. Gender (for Non-U.S. persons);
    c. Place of birth; and
    d. Redress Number.

[[Page 28755]]

    (3) High-risk chemical facilities may submit different information 
on individuals who maintain DHS screening program credentials or 
endorsements that require TSDB checks equivalent to the checks to be 
performed as part of the CFATS Personnel Surety Program. Instead of 
submitting the information listed in category (1), above, high risk 
chemical facilities may submit the following information for such 
individuals:
    a. Full name;
    b. Date of birth;
    c. Name of the DHS program that conducts equivalent vetting against 
the TSDB, such as the Transportation Worker Identification Credential 
(TWIC) Program, the Hazardous Materials Endorsement (HME) Program, or 
Trusted Traveler Program;
    d. Unique number, or other program specific verifying information 
associated with a DHS screening program, necessary to verify an 
individual's enrollment, such as TWIC Serial Number for the TWIC 
Program, Commercial Driver's License (CDL) Number and CDL issuing 
state(s) for the HME Program, or PASS ID Number for the Trusted 
Traveler Program; and
    e. Expiration date of the credential endorsed or issued by the DHS 
screening program.
    This alternative is optional--high-risk chemical facilities may 
either submit the information listed in category (1) for such 
individuals, or may submit the information listed in category (3) for 
such individuals.
    (4) When high-risk chemical facilities choose to submit the 
information listed in category (3), above, they may also (optionally) 
submit the following information on facility personnel and unescorted 
visitors who have or are seeking access to restricted areas or critical 
assets:
    a. Aliases;
    b. Place of Birth;
    c. Gender;
    d. Citizenship; and
    e. Redress Number.
    (5) DHS could collect additional identifying information from a 
high-risk chemical facility as necessary to confirm or clear a 
potential match to a TSDB record. Information collected by high-risk 
chemical facilities and submitted to DHS for this purpose could include 
any information listed in categories (1) through (4), passport 
information, visa information, driver's license information, or other 
available identifying particulars, used to compare the identity of an 
individual being screened with information listed in the TSDB;
    (6) In the event that a confirmed match is identified as part of 
the CFATS Personnel Surety Program, in addition to other records listed 
under the categories of records section of this SORN, DHS will obtain 
references to or information from other government law enforcement and 
intelligence databases, as well as other relevant databases that may 
contain terrorism information;
    (7) Information necessary to assist in tracking submissions and 
transmission of records or verifying status of enrollment in another 
DHS program, including electronic verification that DHS has received a 
particular record; and
    (8) Information provided by individuals covered by this system in 
support of any redress request, including DHS Redress Numbers and/or 
any of the above categories of records.

Authority for maintenance of the system:
    DHS Appropriations Act of 2007, Section 550, Public Law 109-295, 
120 Stat. 1355 (October 4, 2006), as amended; and the Chemical Facility 
Anti-Terrorism Standards, 6 CFR Part 27.

Purpose(s):
    The purpose of this system is to identify persons listed in the 
TSDB who have or are seeking access to restricted areas or critical 
assets at high-risk chemical facilities.

Routine uses of records maintained in the system, including categories 
of users and the purposes of such uses:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside DHS as a 
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    A. To the Department of Justice (DOJ), including Offices of the 
U.S. Attorneys, or other federal agencies conducting litigation or in 
proceedings before any court, adjudicative, or administrative body, 
when it is relevant or necessary to the litigation and one of the 
following is a party to the litigation or has an interest in such 
litigation:
    1. DHS or any component thereof;
    2. Any employee or former employee of DHS in his/her official 
capacity;
    3. Any employee or former employee of DHS in his/her individual 
capacity when DOJ or DHS has agreed to represent the employee; or
    4. The U.S. or any agency thereof.
    B. To a congressional office from the record of an individual in 
response to an inquiry from that congressional office made at the 
request of the individual to whom the record pertains.
    C. To the National Archives and Records Administration (NARA) or 
General Services Administration pursuant to records management 
inspections being conducted under the authority of 44 U.S.C. 2904 and 
2906.
    D. To an agency or organization for the purpose of performing audit 
or oversight operations as authorized by law, but only such information 
as is necessary and relevant to such audit or oversight function.
    E. To appropriate agencies, entities, and persons when:
    1. DHS suspects or has confirmed that the security or 
confidentiality of information in the system of records has been 
compromised;
    2. DHS has determined that as a result of the suspected or 
confirmed compromise, there is a risk of identity theft or fraud, harm 
to economic or property interests, harm to an individual, or harm to 
the security or integrity of this system or other systems or programs 
(whether maintained by DHS or another agency or entity) that rely upon 
the compromised information; and
    3. The disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with DHS's efforts to 
respond to the suspected or confirmed compromise and prevent, minimize, 
or remedy such harm.
    F. To contractors and their agents, grantees, experts, consultants, 
and others performing or working on a contract, service, grant, 
cooperative agreement, or other assignment for DHS, when necessary to 
accomplish an agency function related to this system of records. 
Individuals provided information under this routine use are subject to 
the same Privacy Act requirements and limitations on disclosure as are 
applicable to DHS officers and employees.
    G. To an appropriate federal, state, tribal, local, international, 
or foreign law enforcement agency or other appropriate authority 
charged with investigating or prosecuting a violation or enforcing or 
implementing a law, rule, regulation, or order, when a record, either 
on its face or in conjunction with other information, indicates a 
violation or potential violation of law, which includes criminal, 
civil, or regulatory violations and such disclosure is proper and 
consistent with the official duties of the person making the 
disclosure.
    H. To federal, state, local, tribal, territorial, foreign, 
multinational, or private sector entities as appropriate to assist in 
coordination of terrorist threat

[[Page 28756]]

awareness, assessment, analysis, or response.
    I. To an appropriate federal, state, tribal, local, international, 
or foreign agency or other appropriate authority regarding individuals 
who pose, or are suspected of posing a risk to national security.
    J. To an appropriate federal, state, tribal, local, international, 
foreign agency, other appropriate governmental entities or authority 
to:
    1. Determine whether an individual is a positive identity match to 
an identity in the TSDB;
    2. Facilitate operational, law enforcement, or intelligence 
responses, if appropriate, when vetted individuals' identities match 
identities contained in the TSDB;
    3. Provide information and analysis about terrorist encounters and 
known or suspected terrorists to appropriate domestic and foreign 
government agencies and officials for counterterrorism purposes; or
    4. Perform technical implementation functions necessary for the 
CFATS Personnel Surety Program.
    K. To high-risk chemical facilities, or their designees, for the 
purpose of ensuring that information on all affected individuals 
submitted by or on behalf of the facility who have or are seeking 
access to restricted areas or critical assets at a high-risk chemical 
facility has been appropriately submitted to the Department.
    L. To the news media and the public, with the approval of the Chief 
Privacy Officer in consultation with counsel, when there exists a 
legitimate public interest in the disclosure of the information, when 
disclosure is necessary to preserve confidence in the integrity of DHS, 
or when disclosure is necessary to demonstrate the accountability of 
DHS's officers, employees, or individuals covered by the system, except 
to the extent the Chief Privacy Officer determines that release of the 
specific information in the context of a particular case would 
constitute an unwarranted invasion of personal privacy.

Disclosure to consumer reporting agencies:
    None.

Policies and practices for storing, retrieving, accessing, retaining, 
and disposing of records in the system:
Storage:
    DHS/NPPD stores records in this system electronically or on paper 
in secure facilities in a locked drawer behind a locked door. The 
records may be stored on magnetic disc, tape, digital media.

Retrievability:
    Records may be retrieved by searching any of the categories of 
records listed above. Records may also be retrievable by relevant 
chemical facility name, chemical facility location, chemical facility 
contact information, and by other facility-specific data points.

Safeguards:
    DHS/NPPD safeguards records in this system according to applicable 
rules and policies, including all applicable DHS automated systems 
security and access policies. NPPD has imposed strict controls to 
minimize the risk of compromising the information that is being stored. 
Access to the computer system containing the records in this system is 
limited to those individuals who have a need to know the information 
for the performance of their official duties and who have appropriate 
clearances or permissions.

Retention and disposal:
    A proposed schedule for the retention and disposal of records 
collected under the DHS/NPPD--002 Chemical Facility Anti-Terrorism 
Standards Personnel Surety Program System of Records is being developed 
by the DHS and NPPD Offices of Records Management for approval by NARA.
    The length of time DHS/NPPD will retain information on individuals 
will depend on individual TSDB vetting results. Specifically, 
individuals' information will be retained as described below, based on 
the individuals' placements into three categories:
    (1) Information pertaining to an individual who is not a potential 
or confirmed match to a TSDB record will be retained for one year after 
a high-risk chemical facility has notified NPPD that the individual no 
longer has or is seeking access to the restricted areas or critical 
assets of the facility;
    (2) Information pertaining to an individual who may originally have 
appeared to be a match a TSDB record, but who was subsequently 
determined not to be a match, will be retained for seven years after 
completion of TSDB matching, or one year after the high-risk chemical 
facility that submitted that individual's information has notified DHS/
NPPD that the individual no longer has or is seeking access to the 
restricted areas or critical assets of the facility, whichever is 
later; and
    (3) Information pertaining to an individual who is a positive match 
to a TSDB record will be retained for ninety-nine years after 
completion of matching activity, or seven years after DHS/NPPD learns 
that the individual is deceased, whichever is earlier.
    DHS/TSA/TTAC will maintain records within its possession in 
accordance with the DHS/TSA-002--Transportation Security Threat 
Assessment System of Records, 75 FR 28046 (May 19, 2010). DHS/CBP will 
maintain records in its possession in accordance with the DHS/CBP-002--
Global Enrollment System of Records, 71 FR 20708 (April 21, 2006).
    DHS/NPPD will also retain records to conduct inspections or audits 
under 6 CFR 27.245 and 6 CFR 27.250 to ensure that high-risk chemical 
facilities are in compliance with CFATS. These records could include 
the names of individuals with access to high-risk chemical facilities' 
restricted areas and critical assets, the periods of time during which 
high-risk chemical facilities indicate that such individuals have/had 
access, and any other information listed elsewhere in this notice, as 
appropriate.
    The retention periods for these records provide reasonable amounts 
of time for law enforcement, intelligence, or redress matters involving 
individuals who have or are seeking access to restricted areas or 
critical assets at high-risk chemical facilities.

System Manager and address:
    CFATS Personnel Surety Program Manager, 250 Murray Lane SW., Mail 
Stop 0610, Washington, DC 20528.

Notification procedure:
    The Secretary of Homeland Security has exempted this system from 
the notification, access, and amendment procedures of the Privacy Act. 
However, DHS/NPPD will consider individual requests to determine 
whether or not information may be released. Thus, individuals seeking 
notification of and access to any record contained in this system of 
records, or seeking to contest its content, may submit a request in 
writing to the Chief Privacy Officer and DHS or NPPD FOIA Officer, 
whose contact information can be found at https://www.dhs.gov/foia under 
``Contacts.'' If an individual believes more than one component 
maintains Privacy Act records concerning him or her, the individual may 
submit the request to the Chief Privacy Officer and Chief Freedom of 
Information Act Officer, Department of Homeland Security, 245 Murray 
Drive SW., Building 410, Mail Stop 0655, Washington, DC 20528.
    When seeking records about yourself from this system of records or 
any other Departmental system of records, your request must conform 
with the Privacy Act regulations set forth in 6 CFR Part

[[Page 28757]]

5. You must first verify your identity, meaning that you must provide 
your full name, current address, and date and place of birth. You must 
sign your request, and your signature must either be notarized or 
submitted under 28 U.S.C. Sec.  1746, a law that permits statements to 
be made under penalty of perjury as a substitute for notarization. 
While no specific form is required, you may obtain forms for this 
purpose from the Chief Privacy Officer and Chief Freedom of Information 
Act Officer, https://www.dhs.gov/foia or 1-866-431-0486. In addition, 
you should:
     Explain why you believe the Department would have 
information on you;
     Identify which component(s) of the Department you believe 
may have the information about you;
     Specify when you believe the records would have been 
created; and
     Provide any other information that will help the FOIA 
staff determine which DHS component agency may have responsive records;
    If your request is seeking records pertaining to another living 
individual, you must include a statement from that individual 
certifying his/her agreement for you to access his/her records.
    Without the above information, the component(s) may not be able to 
conduct an effective search, and your request may be denied due to lack 
of specificity or lack of compliance with applicable regulations.

Record access procedures:
    See ``Notification procedure'' above.

Contesting record procedures:
    See ``Notification procedure'' above.

Record source categories:
    NPPD obtains records from high-risk chemical facilities and their 
designees. High-risk chemical facilities must provide notice to each 
affected individual prior to submission of the affected individual's 
information to DHS/NPPD. This will include notice that additional 
information may be requested after the initial submission. NPPD may 
also obtain information from other DHS programs when DHS verifies 
enrollment of an affected individual in another vetting or 
credentialing program. Information may also be obtained from the DOJ/
FBI--019 Terrorist Screening Records System, 72 FR 47073 (August 22, 
2007), or from other FBI sources.

Exemptions claimed for the system:
    The Secretary of Homeland Security, pursuant to 5 U.S.C. 552a(k)(1) 
and (k)(2), has exempted this system from the following provisions of 
the Privacy Act, 5 U.S.C. 552a(c)(3); (d); (e)(1); (e)(4)(G), 
(e)(4)(H), (e)(4)(I); and (f).
    When this system receives a record from another system exempted in 
that source system under 5 U.S.C. 552a(j) or (k), DHS will claim the 
same exemptions for those records that are claimed for the original 
primary systems of records from which they originated and claims any 
additional exemptions set forth here. For more information on the FBI's 
Terrorist Screening Records System, see DOJ/FBI--019 Terrorist 
Screening Records System, 72 FR 47073 (August 22, 2007).
    DHS does not claim any exemptions for the information high-risk 
chemical facilities or their designees submit to DHS as part of this 
system of records.

    Dated: May 1, 2014.
Karen L. Neuman,
Chief Privacy Officer, Department of Homeland Security.
[FR Doc. 2014-11431 Filed 5-16-14; 8:45 am]
BILLING CODE 9110-9P-P
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.