Privacy Act of 1974, 14369-14372 [2024-03936]

Agencies

• DEPARTMENT OF HOMELAND SECURITY
• Office of the Secretary

[Federal Register Volume 89, Number 39 (Tuesday, February 27, 2024)]
[Rules and Regulations]
[Pages 14369-14372]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-03936]



========================================================================
Rules and Regulations
                                                Federal Register
________________________________________________________________________

This section of the FEDERAL REGISTER contains regulatory documents 
having general applicability and legal effect, most of which are keyed 
to and codified in the Code of Federal Regulations, which is published 
under 50 titles pursuant to 44 U.S.C. 1510.

The Code of Federal Regulations is sold by the Superintendent of Documents. 

========================================================================


Federal Register / Vol. 89, No. 39 / Tuesday, February 27, 2024 / 
Rules and Regulations

[[Page 14369]]



DEPARTMENT OF HOMELAND SECURITY

Office of the Secretary

6 CFR Part 5


Privacy Act of 1974

AGENCY: Office of the Secretary, Department of Homeland Security.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: The Department of Homeland Security (DHS or Department) is 
updating and clarifying its regulations related to the procedures for 
receiving Freedom of Information Act (FOIA) and Privacy Act of 1974 
requests.

DATES: This final rule is effective March 28, 2024.

FOR FURTHER INFORMATION CONTACT: Mason Clutter, Chief Privacy Officer, 
Privacy Office, Department of Homeland Security, Washington, DC 20528, 
(202) 343-1717, [email protected].

SUPPLEMENTARY INFORMATION: Specifically, DHS is updating Title 6, part 
5, subsections 5.3(a)(2), 5.4(c), 5.21(a)(2), 5.21(a)(6), 5.22(c), and 
Appendix A to part 5.

I. Background

    The Secretary of Homeland Security has authority under 5 U.S.C. 
301, 552, and 552a, and 6 U.S.C. 112(e) to issue FOIA and Privacy Act 
regulations. That authority has been delegated to the Chief Privacy 
Officer of the Department pursuant to 6 U.S.C. 142 and DHS Del. No. 
13001, Rev. 01 (June 2, 2020). The Department last updated its 
regulations under the FOIA and Privacy Act, 6 CFR part 5 on November 
16, 2022 (87 FR 68599).

II. Discussion of Final Rule

    This rule provides clarifying and procedural updates to Title 6, 
part 5, paragraphs 5.3(a)(2) and 5.21(a)(6), which provides 
instructions to requesters on how and where to make FOIA and Privacy 
Act (and Judicial Redress Act (JRA) if applicable) requests for DHS 
records. Specifically, DHS is adding a reference to Appendix A to part 
5 for requesters to know when and how to submit a request to DHS 
component FOIA Offices. Furthermore, DHS is providing additional 
instructions in those sections on how the DHS Privacy Office can assist 
a requester if the requester does not know which component may have 
responsive records.
    In addition, DHS is updating Title 6, part 5, paragraphs 5.3(a)(2), 
5.21(a)(2), 5.21(a)(6) by replacing the URL https://www.dhs.gov/dhs-foia-request-submission-form with the following URL https://www.dhs.gov/foia. DHS is updating Appendix A to part 5 ``FOIA/Privacy 
Act Offices of the Department of Homeland Security,'' by replacing the 
electronic URL where individuals can submit requests by way of 
instructions from DHS's FOIA website from https://foiarequest.dhs.gov/ 
to https://www.dhs.gov/foia.
    As background, the DHS Headquarters Privacy Office maintains the 
contract for a FOIA processing solution used by most DHS component FOIA 
Offices. The DHS Headquarters Privacy Office updated its FOIA 
processing solution in 2023 and is now utilizing new technology and 
software services in order to receive electronic submission via a new 
FOIA online portal. This solution includes several features that will 
lessen the administrative burden associated with FOIA and provide DHS 
processors access to powerful information processing tools that will 
make it significantly easier to locate and efficiently process records. 
As such, DHS has decided to change the URL in those subsections and the 
appendix to link to the new portal. Further, for clarity, a 
parenthetical ``(or JRA if applicable)'' was added in Section II of 
Appendix A to part 5 to clarify that such requests, in addition to FOIA 
and Privacy Act requests, may be made to those DHS components listed in 
that section.
    In 6 CFR 5.4(c), DHS is changing the title of this paragraph to 
``Forwarding misdirected requests.'' In addition, DHS is modifying 
subsection 5.4(c) to clarify when and how a misdirected request should 
be forwarded. A request is not a misdirected request if the receiving 
DHS component may maintain records responsive to any portion of the 
request. This is true even if the request may cover records that are 
maintained by a different DHS component. Under such circumstances, the 
receiving DHS component is under no obligation to refer the request to 
a different DHS component or other Federal agency responsible for 
maintaining other records identified in the request. If another agency 
should have received the request, the DHS component can, but is not 
required, to advise the requester to send their request to that other 
agency.
    Finally, DHS is revising 6 CFR 5.22(c) to modify the title of 
paragraph 5.22(c) and modify the subsection to include and clarify that 
any misdirected Privacy Act or Judicial Redress Act (JRA) requests must 
be forwarded under the same procedures of 6 CFR 5.4(c).

III. Regulatory History

    DHS did not publish a notice of proposed rulemaking for this rule. 
Under Title 5 of the United States Code (U.S.C.), Section 553(b)(A), 
this final rule is exempt from notice and public comment rulemaking 
requirements because the change involves rules of agency organization, 
procedure, or practice. In addition, under 5 U.S.C. 553(b)(B), an 
agency may waive the notice and comment requirements if it finds, for 
good cause, that notice and comment is impracticable, unnecessary, or 
contrary to the public interest. DHS finds that notice and comment is 
unnecessary under 5 U.S.C. 553(b)(B) because the procedures for 
receiving FOIA and Privacy Act requests is an agency procedural update 
that will have no substantive effect on the public. For the same 
reasons, DHS finds that good cause exists under 5 U.S.C. 553(d) for 
making this final rule effective immediately upon publication.

IV. Regulatory Analyses

Executive Orders 12866, 13563 and 14094--Regulatory Review

    Executive Orders 12866 (Regulatory Planning and Review), as amended 
by Executive Order 14094 (Modernizing Regulatory Review), and 13563 
(Improving Regulation and Regulatory Review) direct agencies to assess 
the costs and benefits of available regulatory alternatives and, if 
regulation is necessary, to select regulatory approaches that maximize 
net benefits (including potential economic,

[[Page 14370]]

environmental, public health and safety effects, distributive impacts, 
and equity). Executive Order 13563 emphasizes the importance of 
quantifying costs and benefits, reducing costs, harmonizing rules, and 
promoting flexibility.
    The Office of Management and Budget (OMB) has not designated this 
rule a significant regulatory action under section 3(f) of Executive 
Order 12866, as amended by Executive Order 14094. Accordingly, OMB has 
not reviewed this regulatory action.
    This rule will not impose any additional costs on the public or the 
government. This rule provides an updated URL for requesters to submit 
a FOIA request and DHS is providing additional instructions how the DHS 
Privacy Office can assist a requester if the requester does not know 
which component may have responsive records. DHS believes the updates 
in these regulations will allow DHS to more efficiently process FOIA 
requests.

Unfunded Mandates Reform Act of 1995

    This rule will not result in the expenditure by state, local, and 
tribal governments, in the aggregate, or by the private sector, of 
$100,000,000 or more in any one year, and it will not significantly or 
uniquely affect small governments. Therefore, no written statement was 
deemed necessary under the provisions of the Unfunded Mandates Reform 
Act of 1995.

Regulatory Flexibility Act

    Under the Regulatory Flexibility Act (RFA), 5 U.S.C. 601-612, and 
section 213(a) of the Small Business Regulatory Enforcement Fairness 
Act of 1996, 5 U.S.C. 601 note, agencies must consider the impact of 
their rulemakings on ``small entities'' (small businesses, small 
organizations, and local governments). The term ``small entities'' 
comprises small businesses, not-for-profit organizations that are 
independently owned and operated and are not dominant in their fields, 
and governmental jurisdictions with populations of less than 50,000. 
The RFA's regulatory flexibility analysis requirements apply only to 
those rules for which an agency is required to publish a general notice 
of proposed rulemaking pursuant to 5 U.S.C. 553(b) or any other law. 
See 5 U.S.C. 604(a). DHS did not issue a notice of proposed rulemaking 
for this action. Therefore, a regulatory flexibility analysis is not 
required for this rule.

Small Business Regulatory Enforcement Fairness Act of 1996

    This rule is not a major rule as defined by section 251 of the 
Small Business Regulatory Enforcement Fairness Act of 1996 (as 
amended), 5 U.S.C. 804(2). The Office of Management and Budget's Office 
of Information and Regulatory Affairs has not found that this rule is 
likely to result in an annual effect on the economy of $100,000,000 or 
more; a major increase in costs or prices; or significant adverse 
effects on competition, employment, investment, productivity, 
innovation, or on the ability of United States-based companies to 
compete with foreign-based companies in domestic and export markets.

National Environmental Policy Act

    DHS reviews proposed actions to determine whether the National 
Environmental Policy Act (NEPA) applies to them and, if so, what degree 
of analysis is required. DHS Directive 023-01 Rev. 01 (Directive) and 
Instruction Manual 023-01-001-01 Rev. 01 (Instruction Manual) establish 
the procedures that DHS and its components use to comply with NEPA and 
the Council on Environmental Quality (CEQ) regulations for implementing 
NEPA, 40 CFR parts 1500 through 1508.
    The CEQ regulations require Federal agencies to establish, with CEQ 
review and concurrence, categories of actions (``categorical 
exclusions'') which experience has shown do not individually or 
cumulatively have a significant effect on the human environment and, 
therefore, do not require an Environmental Assessment (EA) or 
Environmental Impact Statement (EIS). 40 CFR 1501.4(a); 1507.3(c)(8). 
Under DHS NEPA implementing procedures, for an action to be 
categorically excluded, it must satisfy each of the following three 
conditions: (1) the entire action clearly fits within one or more of 
the categorical exclusions; (2) the action is not a piece of a larger 
action; and (3) no extraordinary circumstances exist that create the 
potential for a significant environmental effect. Instruction Manual 
section V.B(2)(a)-(c).
    As discussed above, this rule makes clarifying and procedural 
updates to CFR Title 6, part 5, paragraphs 5.3(a)(2), 5.4(c), 
5.21(a)(6), and 5.22(a) regarding requests for DHS records and, 
therefore, clearly fits within categorical exclusion A3(a): 
``Promulgation of rules . . . of a strictly administrative or 
procedural nature.'' Instruction Manual, Appendix A, Table 1. 
Furthermore, this rule is not part of a larger action and presents no 
extraordinary circumstances creating the potential for significant 
environmental impacts. Therefore, this rule is categorically excluded 
from further NEPA review and documentation.

List of Subjects in 6 CFR Part 5

    Classified information, Courts, Freedom of information, Government 
employees, Privacy.

    For the reasons stated in the preamble, DHS amends Chapter I, part 
5 of Title 6, Code of Federal Regulations, as follows:

PART 5--DISCLOSURE OF RECORDS AND INFORMATION

0
1. The authority citation for part 5 continues to read as follows:

    Authority:  6 U.S.C. 101 et seq.; Pub. L. 107-296, 116 Stat. 
2135; 5 U.S.C. 301; 6 U.S.C. 142; DHS Del. No. 13001, Rev. 01 (June 
2, 2020).
    Subpart A also issued under 5 U.S.C. 552.
    Subpart B also issued under 5 U.S.C. 552a and 552 note.2.


0
2. Revise Sec.  5.3(a)(2) to read as follows:


Sec.  5.3  Requirements for making requests.

    (a) * * *
    (2) A requester may send their request to the Privacy Office, U.S. 
Department of Homeland Security, 2707 Martin Luther King Jr. Ave. SE, 
STOP-0655, or via the internet at https://www.dhs.gov/foia, or via fax 
to (202) 343-4011, for any of the Headquarters Offices of the 
Department of Homeland Security listed in Appendix A to Subpart 5. In 
addition, if a requester does not know which DHS component may maintain 
responsive records to a request, the requester may explicitly ask for 
assistance from the DHS Privacy Office with identifying the proper 
component that most likely maintains any potential responsive records. 
Upon a request for assistance and based on information provided in the 
FOIA request and by the requester, the Privacy Office will forward the 
request to the DHS component(s) that it determines to be most likely, 
as of the date of the request for information, to maintain the records 
that are sought. The Privacy Office will notify the requester that it 
is forwarding the request, including identifying the component(s) where 
the request has been sent, provide the FOIA Public Liaison contact 
information for the respective component(s), and provide administrative 
appeal rights in the response. If the requester does not agree with the 
Privacy Office's determination regarding which components would likely 
have records responsive to the

[[Page 14371]]

request, the requester must submit a timely appeal of the Privacy 
Office's determination. Although these are not to be considered 
misdirected requests, the recipient DHS component shall be granted the 
same number of days to respond as permitted by 6 CFR 5.4(c) and 5.5(a).
* * * * *

0
3. Revise Sec.  5.4(c) to read as follows:


Sec.  5.4  Responsibility for responding to requests.

* * * * *
    (c) Forwarding misdirected requests. Where a component's FOIA 
office determines that a request was misdirected within DHS, the 
receiving component's FOIA office, within 10 working days, shall route 
the request to the FOIA office of the proper component(s) for 
processing. Once the misdirected request has been forwarded and 
received by the appropriate DHS component, the 20-working day-time 
period to respond to the request commences, but in any event not later 
than 10 days after the request is first received by any DHS component 
that is designated in the DHS regulations to receive FOIA requests. A 
request is not a misdirected request if the receiving DHS component may 
maintain records responsive to any portion of the request. In other 
words, the receiving DHS component is not obligated to forward to other 
DHS components that may maintain responsive records unless those other 
DHS components are explicitly listed in the request.
* * * * *

0
4. Revise Sec.  5.21(a)(2) and (a)(6) to read as follows:


Sec.  5.21  Requests for access to records.

    (a) * * *
    (2) An individual may make a request for access to a Department of 
Homeland Security record about that individual covered by a DHS-wide or 
component system of records notice (SORN) by writing directly to the 
Department component that maintains the record at the address listed in 
appendix A to this part or via the internet at https://www.dhs.gov/foia. A description of all DHS-wide and component SORNs may be found 
here: https://www.dhs.gov/system-records-notices-sorns.
    * * *
    (6) An individual may send a request to the Privacy Office, Mail 
Stop 0655, U.S. Department of Homeland Security, 2707 Martin Luther 
King Jr. Ave. SE, Washington, DC 20528-0655, or via the internet at 
https://www.dhs.gov/foia, or via fax to (202) 343-4011 for any of the 
Headquarters Offices of the Department of Homeland Security listed 
Appendix A to Subpart 5. In addition, if a requester does not know 
which DHS component may maintain responsive records to a request, the 
requester may explicitly ask for assistance from the DHS Privacy Office 
with identifying the proper component that most likely maintains any 
potential responsive records citing this section of the regulations. 
Upon a request for assistance and based on information provided in the 
FOIA request and by the requester, the Privacy Office will forward the 
request to the DHS component(s) that it determines to be most likely, 
as of the date of the request for information, to maintain the records 
that are sought. The Privacy Office will notify the requester that it 
is forwarding the request, including identifying the component(s) where 
the request has been sent, provide the FOIA Public Liaison contact 
information for the respective component(s), and provide administrative 
appeal rights in the response. If the requester does not agree with the 
Privacy Office's determination regarding which components would likely 
have records responsive to the request, the requester must submit a 
timely appeal of the Privacy Office's determination. For the quickest 
possible handling, the requester should mark both the request letter 
and the envelope ``Privacy Act Request'' or ``Judicial Redress Act 
Request.''
* * * * *

0
5. Revise Sec.  5.22(c) to read as follows:


Sec.  5.22   Responsibility for responding to requests for access to 
records.

* * * * *
    (c) Misdirected requests, consultations, coordination, and 
referrals. All misdirected requests and consultations, coordination, 
and referrals for requests of records subject to the Privacy Act or JRA 
will follow the same process and procedures as described in Sec.  
5.4(c) and Sec.  5.4(d), including how to handle those requests that 
pertain to law enforcement information, as specified in Sec.  
5.4(d)(2), and classified information, as specified in Sec.  5.4(d)(2) 
and (e). Further, whenever a request is made for access to a record 
containing information that has been classified by or may be 
appropriate for classification by another component or agency under any 
relevant Executive order concerning the classification of records, the 
receiving component will refer to Sec.  5.24 for processing.
* * * * *

0
6. Revise Appendix A to Part 5 to read as follows:

Appendix A to Part 5--FOIA/Privacy Act Offices of the Department of 
Homeland Security

    I. For Headquarters Offices of the Department of Homeland 
Security, FOIA and Privacy Act (or JRA if applicable) requests 
should either be mailed to the Department's Privacy Office, Mail 
Stop 0655, U.S. Department of Homeland Security, 2707 Martin Luther 
King Jr. Ave. SE, Washington, DC 20528-0655, or submitted 
electronically via https://foiarequest.dhs.gov/. For a listing of 
Headquarters Offices and contact information, please see https://www.dhs.gov/foia-contact-information. To help us respond to your 
request as quickly as possible, we strongly encourage you to submit 
your request electronically. Additional contact information for 
questions: Phone: 202-343-1743 or 866-431-0486, Fax: 202-343-4011, 
or Email: [email protected]. The Public Liaison may also be contacted 
using this information.
    II. For the following components and offices of the Department 
of Homeland Security, FOIA and Privacy Act (or JRA if applicable) 
requests should be sent to the component's FOIA Office, unless 
otherwise noted below. For each component, the Public Liaison may 
also be contacted using the information below. The components are:

Cybersecurity and Infrastructure Security Agency (CISA)

    All requests should be either be mailed to the Department's 
Privacy Office, Mail Stop 0655, U.S. Department of Homeland 
Security, 2707 Martin Luther King Jr. Ave. SE, Washington, DC 20528-
0655, or submitted electronically by way of instructions at https://www.dhs.gov/foia-contact-information. To help us respond to your 
request as quickly as possible, we strongly encourage you to submit 
your request electronically. Additional contact information for 
questions: Phone: 202-343-1743 or 866-431-0486, Fax: 202-343-4011, 
or Email: [email protected].

U.S. Customs and Border Protection (CBP)

    All requests should be mailed to U.S. Customs and Border 
Protection, Office of Privacy and Diversity Office, 90 K Street NE, 
Mail Stop 1181, 9th Floor, Washington, DC 20002 or submitted 
electronically by way of instructions at https://www.dhs.gov/foia-
contact-information. To help us respond to your request as quickly 
as possible, we strongly encourage you to submit your request 
electronically. Additional contact information for questions: Phone: 
202-325-0150 or Email: [email protected].

Federal Emergency Management Agency (FEMA)

    All requests should be mailed to FOIA Officer, 500 C Street SW, 
Room 840, Washington, DC 20472, or submitted electronically by way 
of instructions at https://www.dhs.gov/foia-contact-information. To 
help us respond to your request as quickly as possible, we strongly 
encourage you to submit your request electronically. Additional 
contact information for questions: Phone: 202-646-

[[Page 14372]]

3323, Fax: 202-646-3347, or Email: [email protected].

Federal Law Enforcement Training Center (FLETC)

    All requests should be mailed to Freedom of Information Act 
Officer, Building #681, Suite B187, 1131 Chapel Crossing Road, 
Glico, GA 31524, or submitted electronically by way of instructions 
at https://www.dhs.gov/foia-contact-information. To help us respond 
to your request as quickly as possible, we strongly encourage you to 
submit your request electronically. Additional contact information 
for questions: Phone: 912-267-3103, Fax: 912-267-3113, or Email: 
[email protected].

Immigration and Customs Enforcement (ICE)

    All requests should be mailed to Freedom of Information Act 
Office, 500 12th Street SW, Stop 5009, Washington, DC 20536-5009, or 
submitted electronically by way of instructions at https://www.dhs.gov/foia-contact-information. To help us respond to your 
request as quickly as possible, we strongly encourage you to submit 
your request electronically. Additional contact information for 
questions: Phone: 866-633-1182, Fax: 202-732-4265, or Email: [email protected].

Office of Inspector General

    All requests should be mailed to the OIG Office of Counsel, 245 
Murray Lane SW, Mail Stop-0305, Washington, DC 20528-0305, or 
submitted electronically by way of instructions at https://www.dhs.gov/foia-contact-information. To help us respond to your 
request as quickly as possible, we strongly encourage you to submit 
your request electronically. Additional contact information for 
questions: Phone: 202-981-6100, or Email: [email protected].

Transportation Security Administration (TSA)

    All requests should be mailed to Freedom of Information Act 
Branch, 6595 Springfield Center Drive, Springfield, VA 20598-6020, 
or submitted electronically by way of instructions at https://www.dhs.gov/foia-contact-information. To help us respond to your 
request as quickly as possible, we strongly encourage you to submit 
your request electronically. Additional contact information for 
questions: Phone: 1-866-FOIA-TSA or 571-227-2300, Fax: 571-227-1406, 
or Email: [email protected].

U.S. Citizenship and Immigration Services (USCIS)

    All requests should be mailed to National Records Center, FOIA/
PA Office, P.O. Box 648010, Lee's Summit, MO 64064-8010, or 
submitted electronically by way of instructions at https://www.dhs.gov/foia-contact-information. To help us respond to your 
request as quickly as possible, we strongly encourage you to submit 
your request electronically. Additional contact information for 
questions: Phone:1-800-375-5283, USCIS Contact Center, or Email: 
[email protected].

U.S. Coast Guard (USCG)

    All requests should be mailed to Commandant (CG-6P), 2703 Martin 
Luther King Jr. Ave. SE, Stop 7710, Washington, DC 20593-7710, or 
submitted electronically by way of instructions at https://www.dhs.gov/foia-contact-information. To help us respond to your 
request as quickly as possible, we strongly encourage you to submit 
your request electronically. Additional contact information for 
questions: Phone: 202-475-3522, Fax: 202-372-8413, or Email: 
[email protected].

U.S. Secret Service (USSS)

    All requests should be mailed to Freedom of Information Act and 
Privacy Act Branch, 245 Murray Lane SW, Building T-5, Washington, DC 
20223, or submitted electronically by way of instructions at https://www.dhs.gov/foia-contact-information. To help us respond to your 
request as quickly as possible, we strongly encourage you to submit 
your request electronically. Additional contact information for 
questions: Phone: 202-406-6370, Fax: 202-406-5586, or Email: 
[email protected].

Mason Clutter,
Chief Privacy Officer, Department of Homeland Security.
[FR Doc. 2024-03936 Filed 2-26-24; 8:45 am]
BILLING CODE 9110-9L-P