|
This file is available on a Cryptome DVD offered by Cryptome. Donate $25 for a DVD of the Cryptome 10-year archives of 35,000 files from June 1996 to June 2006 (~3.5 GB). Click Paypal or mail check/MO made out to John Young, 251 West 89th Street, New York, NY 10024. Archives include all files of cryptome.org, cryptome2.org, jya.com, cartome.org, eyeball-series.org and iraq-kill-maim.org. Cryptome offers with the Cryptome DVD an INSCOM DVD of about 18,000 pages of counter-intelligence dossiers declassified by the US Army Information and Security Command, dating from 1945 to 1985. No additional contribution required -- $25 for both. The DVDs will be sent anywhere worldwide without extra cost. | |||
12 September 2006
-----------------------------------------------------------------------
[Federal Register: September 12, 2006 (Volume 71, Number 176)]
[Proposed Rules]
[Page 53609-53610]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr12se06-17]
========================================================================
Proposed Rules
Federal Register
________________________________________________________________________
This section of the FEDERAL REGISTER contains notices to the public of
the proposed issuance of rules and regulations. The purpose of these
notices is to give interested persons an opportunity to participate in
the rule making prior to the adoption of the final rules.
========================================================================
[[Page 53609]]
DEPARTMENT OF HOMELAND SECURITY
Office of the Secretary
6 CFR Part 5
[Docket Number 2006-0027]
Privacy Act of 1974: Implementation of Exemptions
AGENCY: Office of Security, Department of Homeland Security.
ACTION: Notice of proposed rulemaking.
-----------------------------------------------------------------------
SUMMARY: The Department of Homeland Security is concurrently
establishing a new system of records pursuant to the Privacy Act of
1974 for the Office of Security entitled the ``Office of Security File
System.'' This system of records will support the administration of a
program that provides security for the Department by safeguarding and
protecting the Department's personnel, property, facilities and
information.
In this proposed rulemaking, the Department proposes to exempt
portions of this system of records from one or more provisions of the
Privacy Act because of criminal, civil and administrative enforcement
requirements.
DATES: Comments must be received on or before October 12, 2006.
ADDRESSES: You may submit comments, identified by docket number DHS-
2006-0027, by one of the following methods:
Federal eRulemaking Portal: http://www.regulations.gov. Follow the
instructions for submitting comments.
Fax: (202) 401-4514 (not a toll-free number).
Mail: Marc E. Frey, Senior Advisor, Office of Security, 245 Murray
Lane, SW., Building 410, Washington, DC 20528; Hugo Teufel III, Chief
Privacy Officer, 601 S. 12th Street, Arlington, VA 22202-4220.
Instructions: All submissions received must include the agency name
and docket number for this notice. All comments received will be posted
without change to http://www.regulations.gov, including any personal
information provided.
Docket: For access to the docket to read background documents or
comments received, go to http://www.regulations.gov.
FOR FURTHER INFORMATION CONTACT: Marc E. Frey, Senior Advisor, Office
of Security, 245 Murray Lane, SW., Building 410, Washington, DC 20528
by telephone (202) 772-5096 or facsimile (202) 401-4514; Hugo Teufel
III, Chief Privacy Officer, 601 S. 12th Street, Arlington, VA 22202-
4220 by telephone (571) 227-3813 or facsimile (571) 227-4171.
SUPPLEMENTARY INFORMATION:
Background
Elsewhere in the Federal Register, the Department of Homeland
Security (DHS) is publishing a Privacy Act system of records notice
describing records in the file system of its Office of Security. DHS
established the Office of Security to protect and safeguard the
Department's personnel, property, facilities, and information. The
Office of Security develops, coordinates, implements, and oversees the
Department's security policies, programs, and standards; delivers
security training and education to DHS personnel; and provides security
support to DHS components when necessary. In addition, the Office of
Security coordinates and collaborates with the Intelligence Community
on security issues and the protection of information. The Office of
Security works to integrate security into every aspect of the
Department's operations.
The Office of Security File System consists of records relating to
the management and operation of the DHS personnel security and
suitability program, including but not limited to, completed standard
form questionnaires issued by the Office of Personnel Management and
other information related to an individual's eligibility for access to
classified or sensitive information.
This system contains records pertaining to numerous categories of
individuals including DHS personnel who may be a subject of a counter-
terrorism, or counter-espionage, or law enforcement investigation;
senders of unsolicited communications that raise a security concern to
the Department or its personnel; state and local government personnel
and private-sector individuals who serve on an advisory committee and
board sponsored by DHS; and state and local government personnel and
private-sector individuals who are authorized by DHS to access
sensitive or classified homeland security information, classified
facilities, communications security equipment, and information
technology systems that process national or homeland security
classified information. The information in this system also relates to
official Security investigations and law enforcement activities.
Accordingly, DHS proposes to exempt this system, in part, from
certain provisions of the Privacy Act and to add that exemption to
Appendix C to Part 5, DHS Systems of Records Exempt from the Privacy
Act. The DHS Office of Security needs this exemption in order to
protect information relating to Security investigations from disclosure
to subjects of investigations and others who could interfere with the
Office of Security's investigatory and law enforcement activities.
Specifically, the exemptions are required to preclude subjects of
investigations from frustrating the investigative process; to avoid
disclosure of investigative techniques; protect the identities and
physical safety of confidential informants and of law enforcement
personnel; ensure the Office of Security's ability to obtain
information from third parties and other sources; protect the privacy
of third parties; and safeguard classified information. Disclosure of
information to the subject of the inquiry could also permit the subject
to avoid detection or apprehension.
In addition, because the Office of Security investigations arise
out of DHS programs and activities, information in this system of
records may pertain to national security and related law enforcement
matters. In such cases, allowing access to such information could alert
subjects of the Office of Security investigations into actual or
potential criminal, civil, or regulatory violations, and could reveal
in an untimely manner, the Office of Security's and other agencies'
investigative interests in law enforcement efforts to preserve national
security.
[[Page 53610]]
The exemptions proposed here are standard law enforcement and
national security exemptions exercised by a large number of Federal law
enforcement and intelligence agencies. In appropriate circumstances,
where compliance would not appear to interfere with or adversely affect
the law enforcement purposes of this system and the overall law
enforcement process, the applicable exemptions may be waived.
List of Subjects in 6 CFR Part 5
Classified information, Privacy, Freedom of information.
For the reasons stated in the preamble, DHS proposes to amend
Chapter I of Title 6, Code of Federal Regulations, as follows:
PART 5--DISCLOSURE OF RECORDS AND INFORMATION
1. The authority citation for part 5 continues to read as follows:
Authority: Pub. L. 107-296, 116 Stat. 2135, 6 U.S.C. 101 et
seq.; 5 U.S.C. 301. Subpart A also issued under 5 U.S.C. 552.
2. At the end of Appendix C to Part 5, add the following new
paragraph:
Appendix C to part 5--DHS Systems of Records Exempt From the Privacy
Act
* * * * *
4. DHS-OS-001, Office of Security File System. This system and
its records are used in the management and implementation of Office
of Security programs and activities that safeguard and support the
protection of the Department's personnel, property, facilities, and
information. Pursuant to 5 U.S.C. 552a(k)(1) and (k)(2), this system
is exempt from the following provisions of the Privacy Act, subject
to the limitations set forth in those subsections: 5 U.S.C.
552a(c)(3), (d), (e)(1), (e)(4)(G), (e)(4)(H), (I) and (f).
Exemptions from these particular subsections are justified, on a
case-by-case basis to be determined at the time a request is made,
for the following reasons:
(a) From subsection (c)(3) (Accounting for Disclosures) because
release of the accounting of disclosures could alert the subject of
an investigation into an actual or potential criminal, civil, or
regulatory violation, to the existence of the investigation, which
in some cases may be classified, and which could reveal
investigative interest on the part of DHS or the Office of Security.
Disclosure of the accounting would therefore present a serious
impediment to law enforcement efforts and/or efforts to preserve
national security. Disclosure of the accounting would also permit
the individual who is the subject of a record to impede the
investigation, tamper with witnesses or evidence, and avoid
detection or apprehension, which would undermine the entire
investigative process.
(b) From subsection (d) (Access to and Amendment of Records)
because access to the records contained in this system of records
could inform the subject of an investigation, which in some cases
may be classified, and prematurely reveal investigative interest on
the part of DHS or another agency. Access to the records could
permit the individual who is the subject of a record to impede the
investigation, tamper with witnesses or evidence, and avoid
detection or apprehension. Amendment of the records could interfere
with ongoing investigations and law enforcement activities and would
impose an impossible administrative burden by requiring
investigations to be continuously reinvestigated. In addition,
permitting access and amendment to such information could disclose
security-sensitive information that could be detrimental to homeland
security.
(c) From subsection (e)(1) (Relevancy and Necessity of
Information) because in the course of investigations into potential
violations of national security or information breaches, the
accuracy of information obtained or introduced occasionally may be
unclear or the information may not be strictly relevant or necessary
to a specific investigation. In the interests of effective law
enforcement and for the protection of national security, it is
appropriate to retain all information that may aid in establishing
patterns of unlawful activity.
(d) From subsections (e)(4)(G), (H) and (I) (Agency
Requirements), and (f) (Agency Rules) because portions of this
system are exempt from the access and amendment provisions of
subsection (d).
(e) From subsection (g) to the extent that the system is exempt
from other specific subsections of the Privacy Act.
Dated: September 1, 2006.
Hugo Teufel III,
Chief Privacy Officer.
[FR Doc. E6-15046 Filed 9-11-06; 8:45 am]
BILLING CODE 4410-10-P
-----------------------------------------------------------------------
[Federal Register: September 12, 2006 (Volume 71, Number 176)]
[Notices]
[Page 53697-53700]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr12se06-69]
-----------------------------------------------------------------------
DEPARTMENT OF HOMELAND SECURITY
Office of the Secretary
[Docket Number DHS-2006-0047]
Privacy Act; Systems of Records
AGENCY: Office of Security, Department of Homeland Security.
ACTION: Notice of Privacy Act system of records.
-----------------------------------------------------------------------
SUMMARY: Pursuant to the Privacy Act of 1974, the Department of
Homeland Security, Office of Security, proposes to add a new system of
records to the Department's inventory, entitled the ``Personal Identity
Verification Management System.'' This system will support the
administration of the HSPD-12 program that directs the use of a common
identification credential for both logical and physical access to
federally controlled facilities and information systems. This system
will enhance security, increase efficiency, reduce identify fraud, and
protect personal privacy.
DATES: The established system of records will be effective October 12,
[[Page 53698]]
2006, unless comments are received that result in a contrary
determination.
ADDRESSES: You may submit comments identified by docket number DHS-
2006-0047 by one of the following methods:
Federal e-Rulemaking Portal: http://www.regulations.gov. Follow the
instructions for submitting comments.
Fax: (202) 401-4514 (not a toll-free number).
Mail: Cynthia Sjoberg, Office, DHS HSPD-12 Program Manager, Office
of Security, 245 Murray Lane, SW., Building 410, Washington, DC 20528;
Hugo Teufel III, Chief Privacy Officer, 601 S. 12th Street, Arlington,
VA 22202.
FOR FURTHER INFORMATION CONTACT: Cynthia Sjoberg, DHS HSPD-12 Program
Manager, Office of Security, 245 Murray Lane, SW., Building 410,
Washington, DC 20528 by telephone (202) 772-5096 or facsimile (202)
401-4514; Hugo Teufel III, Chief Privacy Officer, 601 S. 12th Street,
Arlington, VA 22202 by telephone (571) 227-3813 or facsimile (571) 227-
4171.
SUPPLEMENTARY INFORMATION: The Department of Homeland Security (DHS),
Office of Security is publishing a Privacy Act system of records notice
to cover its collection, use and maintenance of records relating to its
role in the collection and management of personally identifiable
information for the purpose of issuing credentials (ID badges) to meet
the requirements of the Homeland Security Presidential Directive-12
(HSPD-12) and in furtherance of the Office of Security's mission for
the Department. Until now, pursuant to the savings clause in the
Homeland Security Act of 2002, Public Law 107-296, Sec. 1512, 116 Stat.
2310 (Nov. 25, 2002) (6 U.S.C. 552), the Office of Security has been
relying on legacy Privacy Act systems for this purpose.
DHS established the Office of Security to protect and safeguard the
Department's personnel, property, facilities, and information. The
Office of Security develops, coordinates, implements, and oversees the
Department's security policies, programs, and standards; delivers
security training and education to DHS personnel; and provides security
support to DHS components when necessary. In addition, the Office of
Security coordinates and collaborates with the Intelligence Community
on security issues and the protection of information. The Office of
Security works to integrate security into every aspect of the
Department's operations.
The Office of Security is divided into seven divisions, as follows,
and in order of relevance to this notice:
Security Operations: This division implements and
maintains the Department's badging and credentialing programs and
ensures that the Department is in full compliance with all applicable
laws. It is within this Division and area of responsibility that the
Office of Security is giving notice of its intent to create the
Personal Identity Verification Management System (PIVMS) pursuant to
HSPD-12;
Personnel Security: background investigations,
adjudications, and security clearances for DHS employees, as well as
for State and local government personnel and private-sector partners;
Administrative Security: the protection of classified and
sensitive but unclassified information;
Physical Security: security surveys, vulnerability
assessments, and access control for DHS facilities;
Special Security Programs: Sensitive Compartmented
Information (SCI) and Special Access Programs;
Internal Security and Investigations: protection against
espionage, foreign intelligence service elicitation activities, and
terrorist collection efforts directed against the Department;
investigations of crimes against the Department's personnel and
property;
Training and Operations Security: integrated security
training policy and programs.
The PIVMS records will cover all DHS employees, contractors and
their employees, consultants, volunteers engaged by DHS who require
long-term access to federal buildings and emergency ``first
responders'' who work in federally controlled facilities. The personal
information to be collected will consist of data elements necessary to
identify the individual and to perform background or other
investigations concerning the individual. The PIVMS will collect
several data elements from the PIV card applicant, including: date of
birth, Social Security Number, organizational and employee
affiliations, fingerprints, digital color photograph, digital signature
and phone number(s) as well additional verification information. The
Office of Security has designed this system to align closely with their
current business practices.
The Privacy Act embodies fair information principles in a statutory
framework governing the means by which the United States Government
collects, maintains, uses and disseminates personally identifiable
information. The Privacy Act applies to information that a Federal
agency maintains in a ``system of records.'' A ``system of records'' is
a group of any records under the control of an agency from which the
agency retrieves information by the name of the individual or by some
identifying number, symbol, or other identifying particular assigned to
the individual. The Office of Security Personal Identity Verification
Management System is such a system of records.
The Privacy Act requires each agency to publish in the Federal
Register a description denoting the type and character of each system
of records that the agency maintains, and the routine uses that are
contained in each system in order to make agency record keeping
practices transparent, to notify individuals regarding the uses to
which personally identifiable information is put, and to assist
individuals to more easily find such files within the agency. Below is
the description of the Personal Identity Verification Management
System.
In accordance with 5 U.S.C. 552a(r), a report on this system has
been sent to Congress and to the Office of Management and Budget.
DHS-OS-2006-047
System name:
Personal Identity Verification Management System (PIVMS).
Security Classification:
Sensitive but unclassified.
System Location:
Data covered by this system are maintained at the following
location: DHS Data Center, Ashburn, VA.
Categories of Individuals Covered By the System:
The PIVMS records will cover all DHS employees, contractors and
their employees, consultants, volunteers engaged by DHS who require
long-term access to federal buildings and emergency ``first
responders'' who work in federally controlled facilities. Individuals
who require regular, ongoing access to agency facilities, information
technology systems, or information classified in the interest of
national security.
The system does not apply to occasional visitors or short-term
guests to whom DHS will issue temporary identification and credentials.
Categories of Records in the System:
Records maintained on individuals issued a PIV credential by DHS
include the following data fields: full name; Social Security number;
date of birth; current address; digital signature; digital color
photograph; fingerprints; biometric identifiers (two fingerprints);
[[Page 53699]]
organization/office of assignment; employee affiliation; telephone
number(s); copies of identity source documents; signed SF 85 or
equivalent; PIV card issue and expiration dates; PIV request form; PIV
registrar approval digital signature; PIV card serial number; emergency
responder designation; computer system user name; user access and
permission rights, authentication certificates; digital signature
information.
Authority for Maintenance of the System:
5 U.S.C. 301; Federal Information Security Act (Pub.L. 104-106,
Sec. 5113); E-Government Act (Pub.L. 104-347, sec. 203); the Paperwork
Reduction Act of 1995 (44 U.S.C. 3501); and the Government Paperwork
Elimination Act (Pub.L. 105-277, 44 U.S.C. 3504); Homeland Security
Presidential Directive-12 (HSPD-12); Policy for a Common Identification
Standard for Federal Employees and Contractors, August 27, 2004;
Federal Property and Administrative Act of 1949, as amended; the
Intelligence Reform and Terrorism Prevention Act of 2004, P.L. 108-458,
Section 3001 (50 U.S.C. 435b) and the Homeland Security Act of 2002,
P.L. 107-296, as amended.
Purpose(s):
The primary purposes of the system are: (a) To ensure the safety
and security of DHS facilities, systems, or information, and our
occupants and users; (b) To verify that all persons entering Federal
facilities, using Federal information resources, are authorized to do
so; (c) to track and control PIV cards issued to persons entering and
exiting the DHS facilities or using DHS systems.
Routine Uses of Records Maintained in the System Including Categories
of Users and the Purposes of Such Uses:
In addition to those disclosures generally permitted under 5 U.S.C.
Section 552a(b) of the Privacy Act, all or a portion of the records or
information contained in this system may be disclosed outside DHS as a
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
A. To the Department of Justice (DOJ) when: (a) The agency or any
component thereof; or (b) any employee of the agency in his or her
official capacity; (c) any employee of the agency in his or her
individual capacity where agency or the Department of Justice has
agreed to represent the employee; or (d) the United States Government,
is a party to litigation or has an interest in such litigation, and by
careful review, the agency determines that the records are both
relevant and necessary to the litigation and the use of such records by
DOJ is therefore deemed by the agency to be for a purpose compatible
with the purpose for which the agency collected the records.
B. To a court or adjudicative body in a proceeding when: (a) The
agency or any component thereof; (b) any employee of the agency in his
or her official capacity; (c) any employee of the agency in his or her
individual capacity where agency or the Department of Justice has
agreed to represent the employee; or (d) the United States Government,
is a party to litigation or has an interest in such litigation, and by
careful review, the agency determines that the records are both
relevant and necessary to the litigation and the use of such records is
therefore deemed by the agency to be for a purpose that is compatible
with the purpose for which the agency collected the records.
C. Except as noted on Forms SF 85, 85-P, and 86, when a record on
its face, or in conjunction with other records, indicates a violation
or potential violation of law, whether civil, criminal, or regulatory
in nature, and whether arising by general statute or particular program
statute, or by regulation, rule, or order issued pursuant thereto,
disclosure may be made to the appropriate public authority, whether
Federal, foreign, State, local, or tribal, or otherwise, responsible
for enforcing, investigating or prosecuting such violation or charged
with enforcing or implementing the statute, or rule, regulation, or
order issued pursuant thereto, if the information disclosed is relevant
to any enforcement, regulatory, investigative or prosecutorial
responsibility of the receiving entity.
D. To a Member of Congress or to a Congressional staff member in
response to an inquiry of the Congressional office made at the written
request of the constituent about whom the record is maintained.
E. To the National Archives and Records Administration or to the
General Services Administration for records management inspections
conducted under 44 U.S.C. 2904 and 2906.
F. To agency contractors, grantees, or volunteers who have been
engaged to assist the agency in the performance of a contract service,
grant, cooperative agreement, or other activity related to this system
of records and who need to have access to the records in order to
perform their activity. Recipients shall be required to comply with the
requirements of the Privacy Act of 1974, as amended, 5 U.S.C. 552a.
G. To a Federal State, local, foreign, or tribal or other public
authority the fact that this system of records contains information
relevant to the retention of an employee, the retention of a security
clearance, the letting of a contract, or the issuance or retention of a
license, grant, or other benefit. The other agency or licensing
organization may then make a request supported by the written consent
of the individual for the entire record if it so chooses. No disclosure
will be made unless the information has been determined to be
sufficiently reliable to support a referral to another office within
the agency or to another Federal agency for criminal, civil,
administrative personnel or regulatory action.
H. To the Office of Management and Budget when necessary to the
review of private relief legislation pursuant to OMB Circular No. A-19.
I. To a Federal State, or local agency, or other appropriate
entities or individuals, or through established liaison channels to
selected foreign governments, in order to enable an intelligence agency
to carry out its responsibilities under the National Security Act of
1947, as amended, the CIA Act of 1949, as amended, Executive Order
12333 or any successor order, applicable national security directives,
or classified implementing procedures approved by the Attorney General
and promulgated pursuant to such statutes, orders or directives.
J. To notify another Federal agency when, or verify whether, a PIV
card is no longer valid.
K. To the news media or the general public, factual information the
disclosure of which would be in the public interest and which would not
constitute an unwarranted invasion of personal privacy, consistent with
Freedom of Information Act standards.
L. To an agency, organization, or individual for the purposes of
performing authorized audit or oversight operations.
Disclosure to consumer reporting agencies:
Privacy Act information may be reported to consumer reporting
agencies pursuant to 5 U.S.C. 552a(b)(12).
Policies and Practices for Storing, Retrieving, Accessing, Retaining
and Disposing of Records in the System:
Storage:
DHS Headquarters in the Offices of Security and Human Capital and
at the DHS Data Center in Ashburn, VA Records maintain and store the
records in electronic media and paper files.
Retrievability:
Records may be retrieved by name of the individual, Social Security
number
[[Page 53700]]
and/or by any other unique individual identifier.
Safeguards:
The Office of Security protects all records from unauthorized
access through appropriate administrative, physical, and technical
safeguards. Access is restricted on a ``need to know'' basis,
utilization of SmartCard access, and locks on doors and approved
storage containers. DHS buildings have security guards and secured
doors. DHS monitors all entrances through electronic surveillance
equipment. Personally identifiable information is safeguarded and
protected in conformance with all Federal statutory and OMB guidance
requirements. All access has role-based restrictions, and individuals
with access privileges have undergone vetting and suitability
screening. DHS encrypts data storage and transfer. DHS maintains an
audit trail and engages in random periodic reviews to identify
unauthorized access. Persons given roles in the PIV process must
complete training specific to their roles to ensure they are
knowledgeable about how to protect personally identifiable information.
Retention and Disposal:
This is a new program and the Records Management Office (RMO) has
not finalized its retention policy. The DHS RMO will develop a records
retention schedule for approval by the NARA pertaining to this program.
Once NARA has approved the records retention schedule, DHS will amend
this document to include the retention period for the records.
System Manager and address:
DHS HSPD-12 Program Manager, Office of Security, U.S. Department of
Homeland Security, 245 Murray Lane, SW., Building 410, Washington, DC
20528.
Notification procedure:
A request for access to records in this system may be made by
writing to the System Manager, or the Director of Departmental
Disclosure, in conformance with 6 CFR part 5, which provides the rules
for requesting access to records maintained by the Department of
Homeland Security.
Record access procedures:
Same as Notification Procedure above.
Contesting record procedures:
Same as Notification Procedure above. State clearly and concisely
the information being contested, the reasons for contesting it, and the
proposed amendment to the information sought.
Record source categories:
Employee, contractor, or applicant; sponsoring agency; former
sponsoring agency; other Federal agencies; contract employer; former
employer.
Exemptions claimed for the system:
None.
Dated: September 1, 2006.
Hugo Teufel III,
Chief Privacy Officer.
[FR Doc. E6-15044 Filed 9-11-06; 8:45 am]
BILLING CODE 4410-10-P
-----------------------------------------------------------------------
[Federal Register: September 12, 2006 (Volume 71, Number 176)]
[Notices]
[Page 53700-53703]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr12se06-70]
-----------------------------------------------------------------------
DEPARTMENT OF HOMELAND SECURITY
Office of the Secretary
[Docket Number DHS-2006-0025]
Privacy Act; Systems of Records
AGENCY: Office of Security, Department of Homeland Security.
ACTION: Notice of Privacy Act system of records.
-----------------------------------------------------------------------
SUMMARY: Pursuant to the Privacy Act of 1974, the Department of
Homeland Security, Office of Security, proposes to add a new system of
records to the Department's inventory, entitled ``Office of Security
File System.'' This system will support the administration of a program
which provides security for the Department by safeguarding and
protecting the Department's personnel, property, facilities, and
information.
DATES: The established system of records will be effective October 12,
2006, unless comments are received that result in a contrary
determination.
ADDRESSES: You may submit comments identified by docket number DHS-
2006-0025 by one of the following methods:
Federal e-Rulemaking Portal: http://www.regulations.gov. Follow the
instructions for submitting comments.
Fax: (202) 401-4514 (not a toll-free number).
Mail: Marc E. Frey, Senior Advisor, Office of Security, 245 Murray
Lane, SW., Building 410, Washington, DC 20528; Hugo Teufel III, Chief
Privacy Officer, 601 S. 12th Street, Arlington, VA 22202.
FOR FURTHER INFORMATION CONTACT: Marc E. Frey, Senior Advisor, Office
of Security, 245 Murray Lane, SW., Building 410, Washington, DC 20528
by telephone (202) 772-5096 or facsimile (202) 401-4514; Hugo Teufel
III, Chief Privacy Officer, 601 S. 12th Street, Arlington, VA 22202 by
telephone (571) 227-3813 or facsimile (571) 227-4171.
SUPPLEMENTARY INFORMATION: The Department of Homeland Security (DHS),
Office of Security is publishing a Privacy Act system of records notice
to cover its collection, use and maintenance of records relating to its
security mission for the Department. Until now, pursuant to the savings
clause in the Homeland Security Act of 2002, Public Law 107-296, sec.
1512, 116 Stat. 2310 (Nov. 25, 2002) (6 U.S.C. 552), the Office of
Security has been relying on legacy Privacy Act systems for this
purpose.
DHS established the Office of Security to protect and safeguard the
Department's personnel, property, facilities, and information. The
Office of Security develops, coordinates, implements, and oversees the
Department's security policies, programs, and standards; delivers
security training and education to DHS personnel; and provides security
support to DHS components when necessary. In addition, the Office of
Security coordinates and collaborates with the Intelligence Community
on security issues and the protection of information. The Office of
Security works to integrate security into every aspect of the
Department's operations. The Office of Security is divided into seven
divisions, as follows:
Personnel Security: Background investigations,
adjudications, and security clearances for DHS employees, as well as
for State and local government personnel and private-sector partners;
Administrative Security: The protection of classified and
sensitive but unclassified information;
Physical Security: Security surveys, vulnerability
assessments, and access control for DHS facilities;
Special Security Programs: Sensitive Compartmented
Information (SCI) and Special Access Programs;
Internal Security and Investigations: Protection against
espionage, foreign intelligence service elicitation activities, and
terrorist collection efforts directed against the Department;
investigations of crimes against the Department's personnel and
property;
Training and Operations Security: Integrated security
training policy and programs;
Security Operations: Badging and credentialing programs.
The Office of Security records will cover not only DHS employees,
but also contractors, consultants, volunteers, student interns,
visitors, and others who have access to DHS facilities. The personal
information to be collected will consist of data elements necessary to
identify the individual and to
[[Page 53701]]
perform background or other investigations concerning the individual.
The system has been designed to closely align with the Office of
Security's business practices.
The Privacy Act embodies fair information principles in a statutory
framework governing the means by which the United States Government
collects, maintains, uses and disseminates personally identifiable
information. The Privacy Act applies to information that is maintained
in a ``system of records.'' A ``system of records'' is a group of any
records under the control of an agency from which information is
retrieved by the name of the individual or by some identifying number,
symbol, or other identifying particular assigned to the individual. The
Office of Security File System is such a system of records.
The Privacy Act requires each agency to publish in the Federal
Register a description denoting the type and character of each system
of records that the agency maintains, and the routine uses that are
contained in each system in order to make agency record keeping
practices transparent, to notify individuals regarding the uses to
which personally identifiable information is put, and to assist
individuals to more easily find such files within the agency. Below is
the description of the Office of Security File System.
In accordance with 5 U.S.C. 552a(r), a report on this system has
been sent to Congress and to the Office of Management and Budget.
DHS-OS-001
System name:
Office of Security File System.
Security classification:
Unclassified and Classified.
System location:
The records maintained by the Office of Security are located within
the headquarters facilities of the Department of Homeland Security
(DHS), Washington, DC 20528.
Categories of individuals covered by the system:
Individuals involved in, or of interest to, DHS Office of Security
activities, operations, or programs, including, but not limited to:
current and former DHS employees; applicants for employment with DHS
(including student interns); contractors and consultants providing
services to DHS; Sate and local government personnel and private-sector
individuals who maintain an access control card permitting access to a
DHS facility or access to information technology systems that process
national or homeland security information; DHS employees and
contractors who may be a subject of a counter-terrorism,
counterintelligence, or counter-espionage, or law enforcement
investigation; senders of unsolicited communications that raise a
security concern to the Department or its personnel; state and local
government personnel and private-sector individuals who serve on an
advisory committee and board sponsored by DHS; and state and local
government personnel and private-sector individuals who are authorized
by DHS to access sensitive or classified homeland security information,
classified facilities, communications security equipment, and
information technology systems that process national or homeland
security classified information. The system also includes individuals
accused of security violations or found in violation.
Categories of records in the system:
Records relating to the management and operation of the DHS
personnel security and suitability program, including but not limited
to, completed standard form questionnaires issued by the Office of
Personnel Management; originals or copies of background investigative
reports; supporting documentation related to the background
investigations and adjudications; and other information relating to an
individual's eligibility for access to classified or sensitive
information.
Records relating to management and operation of DHS programs to
safeguard classified and sensitive but unclassified information,
including but not limited to, document control registries; courier
authorization requests; non-disclosure agreements; record(s) of
security violations; record(s) of document transmittal(s); and requests
for secure storage and communications equipment.
Records relating to the management and operation of DHS special
security programs, including but not limited to, requests for access to
sensitive compartmented information (SCI); and foreign travel and
foreign contact registries for individuals with SCI access.
Records relating to the management and operation of the DHS
internal security program, including but not limited to, inquiries
relating to suspected security violation(s); recommended remedial
actions for possible security violation(s); reports of investigation
regarding security violations; statements of individuals; affidavits;
correspondence; and other documentation pertaining to investigative or
analytical efforts by the DHS Office of Security to identify threats to
the Department's personnel, property, facilities, and information;
intelligence reports and database results relating to DHS personnel,
applicants or candidates for DHS employment or a DHS contract, or other
individuals interacting or having contact with DHS personnel or
contractors; foreign contact registries for individuals; or unsolicited
communications with DHS personnel or contractors that raise a security
concern.
Records relating to the management and operation of the Office of
Security's physical security, operations security, and security
training and awareness programs, including but not limited to, briefing
and course registries; facility access registries; access control card
requests; and credential registries.
Additionally, specific information from standard forms used to
conduct background investigations.
Authority for maintenance of the system:
Homeland Security Act of 2002; National Security Act of 1947; 44
U.S.C. Chapters 21, 29, 31, 33, and 35; 5 U.S.C. Sections 301, 3301,
and 7902; 40 U.S.C. 1315; Executive Orders 10450,10865, 12333,12356,
12958, as amended, 12968, 13142, 13284; the Intelligence Reform and
Terrorism Prevention Act of 2004, Public Law 108-458, Section 3001 (50
U.S.C. 435b).
Purpose(s):
The records in this system are used in the management and
implementation of Office of Security programs and activities that
support the protection of the Department's personnel, property,
facilities, and information. These purposes include, but are not
limited to, investigation and adjudication of personnel security and
suitability determinations and access to classified national security
information and sensitive but unclassified information; verification of
access to classified national security information; determination of
access to DHS facilities; certification of storage and processing
facilities for classified national security information meet required
standards; audit of contracts involving classified national security
information; inventory of communications security equipment, materials/
keys for such equipment, and classified publications; analysis,
identification, and addressing of efforts to infiltrate the Department
or collect classified or sensitive information; production of access
control cards and audit of access to DHS facilities; notification of
DHS personnel in
[[Page 53702]]
emergency situations; maintenance of a central databank for
investigations of misconduct involving the Department, its personnel,
or its property. The records may be used to document security
violations and supervisory actions taken.
Routine uses of records maintained in the system, including categories
of users and the purposes of such uses:
In addition to those disclosures generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, all or a portion of the records or
information contained in this system may be disclosed outside DHS as a
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
A. To designated officers and employees of Federal, State, local or
international agencies in connection with the hiring or continued
employment of an individual, the conduct of a suitability or security
investigation of an individual, the grant, renewal, suspension, or
revocation of a security clearance, or the certification of security
clearances, to the extent that DHS determines the information is
relevant and necessary to the hiring agency's decision;
B. To designated officers and employees of Federal, State, local or
international agencies maintaining civil, criminal or other relevant
enforcement information or other pertinent information, such as current
licenses, if necessary for DHS to obtain information relevant to an
agency decision concerning the hiring or retention of an employee, the
issuance of a security clearance, the letting of a contract, or the
issuance of a license, grant, or other benefit;
C. Except as noted on national security questionnaires, such as
Forms SF 85, 85-P, and 86, records to an appropriate Federal, State,
territorial, tribal, local, international, or foreign agency law
enforcement authority charged with investigating or prosecuting a
violation or enforcing or implementing a law where a record, either on
its face or in conjunction with other information, indicates a
violation or potential violation of law (e.g. criminal, civil or
regulatory);
D. To a Federal, State, or local agency, or other appropriate
entities or individuals, or through established liaison channels to
selected foreign governments, in order to enable an intelligence agency
to carry out its responsibilities under the National Security Act of
1947, as amended, the CIA Act of 1949, as amended, Executive Order
12333 or any successor order, applicable national security directives,
or classified implementing procedures approved by the Attorney General
and promulgated pursuant to such statutes, orders or directives.
E. To an organization or individual in either the public or private
sector where there is a reason to believe that the recipient is or
could become the target of a particular terrorist activity or
conspiracy, to the extent the information is relevant to the protection
of life or property.
F. To an authorized appeal or grievance examiner, formal complaints
examiner, equal employment opportunity investigator, arbitrator, or
other duly authorized official engaged in investigation or settlement
of a grievance, complaint, or appeal filed by an employee;
G. To the United States Office of Personnel Management, the Merit
Systems Protection Board, Federal Labor Relations Authority, or the
Equal Employment Opportunity Commission when requested in the
performance of their authorized duties;
H. To a congressional office from the record of an individual in
response to an inquiry from that congressional office made at the
request of the individual to whom the record pertains;
I. To contractors, grantees, experts, consultants, students, and
others performing or working on a contract, service, grant, cooperative
agreement, or other assignment for the Federal Government, when
necessary to accomplish an agency function related to this system of
records;
J. To the Department of Justice (DOJ) or in a proceeding before a
court or adjudicative body before which DHS is authorized to appear,
when: (a) DHS, or any component thereof; or, (b) any employee of DHS in
his or her official capacity; or, (c) any employee of DHS in his or her
individual capacity where the DOJ or DHS has agreed to represent the
employee; or (d) the United States, where DHS determines that
litigation is likely to affect the agency or any of its components, is
a party to litigation or has an interest in such litigation, and the
use of such records by the DOJ or by DHS before a court or adjudicative
body is deemed by DHS to be relevant and necessary to the litigation,
provided, however, that in each case, DHS determines that disclosure of
the records is a use of the information contained in the records that
is compatible with the purpose for which the records were collected.
K. To an agency, organization, or individual for the purposes of
performing authorized audit or oversight operations.
L. To any source or potential source from which information is
requested in the course of an investigation concerning the retention of
an employee or other personnel action (other than hiring), or the
retention of a security clearance, contract, grant, license, or other
benefit, to the extent necessary to identify the individual, inform the
source of the nature and purpose of the investigation, and to identify
the type of information requested.
Disclosure to consumer reporting agencies:
Privacy Act information may be reported to consumer reporting
agencies pursuant to 5 U.S.C. 552a(b)(12).
Policies and practices for storing, retrieving, accessing, retaining,
and disposing of records in the system:
Storage:
The records maintained by the Office of Security are located within
the headquarters of DHS, Washington, DC 20528.
The records are maintained in paper files and on electronic media.
Retrievability:
Information in the records may be retrieved by the name of the
individual, social security number, or other unique individual
identifier.
Safeguards:
All records are protected from unauthorized access through
appropriate administrative, physical, and technical safeguards. These
safeguards include restricting access to authorized personnel who have
a ``need-to-know,'' utilization of password protection features, and
locks on doors and approved storage containers. Buildings have security
guards and secured doors, and all entrances are monitored by electronic
surveillance equipment. Classified information is appropriately stored
in accordance with applicable requirements.
Retention and disposal:
The files are destroyed in accordance with legal requirements and
the disposition instructions in the General Records Schedule 18 issued
by the National Archives and Records Administration (NARA).
System Manager and address:
DHS Privacy Office, Director of Departmental Disclosure, U.S.
Department of Homeland Security, 245 Murray Lane, SW., Building 410,
Washington, DC 20528.
Notification procedure:
A request for access to records in this system may be made by
writing to the
[[Page 53703]]
System Manager, the Director of Departmental Disclosure, in conformance
with 6 CFR part 5, which provides the rules for requesting access to
records maintained by the Department of Homeland Security.
Record access procedures:
Same as Notification Procedure above.
Contesting record procedures:
Same as Notification Procedure above. State clearly and concisely
the information being contested, the reasons for contesting it, and the
proposed amendment to the information sought.
Record source categories:
Information in security files may be obtained from other sources,
including the following: Current and former DHS employees (including
student interns); applicants for employment with DHS; contractors and
consultants providing services to DHS; DHS personnel that maintain an
access control card permitting access to a DHS facility; DHS personnel
who may be a subject of a criminal, counter-terrorism, counter-
espionage, or other criminal investigation; senders of unsolicited
communications to the Department or its personnel; foreign nations who
have contact with DHS, its personnel or its offices; State and local
government personnel and private-sector individuals who serve on an
advisory committee and board sponsored by DHS; State and local
government personnel and private-sector individuals who are authorized
by DHS to access sensitive or classified homeland security information,
classified facilities, communications security equipment, and
information technology systems which process national or homeland
security classified information; State and local government personnel
and private-sector individuals who require a DHS access control device
that permits access to information technology systems which process
national or homeland security classified information; law enforcement
agencies; other government agencies; previous employers, colleagues,
neighbors, references, informants or other sources; and representatives
from educational institutions.
Exemptions claimed for the system:
In accordance with 5 U.S.C. 552a (k)(1), (k)(2), and (k)(5), the
personnel security case files in this system of records are exempt from
subsections (c)(3); (d); (e)(1); (e)(4)(G), (H), and (I); and (f) of
the Privacy Act of 1974, as amended.
Dated: September 1, 2006.
Hugo Teufel III,
Chief Privacy Officer.
[FR Doc. E6-15045 Filed 9-11-06; 8:45 am]
BILLING CODE 4410-10-P
-----------------------------------------------------------------------