Privacy Act; IDENT System of Records

Download PDF
Federal RegisterJun 5, 2007
72 Fed. Reg. 31080 (Jun. 5, 2007)

AGENCY:

Privacy Office, Office of the Secretary, Department of Homeland Security.

ACTION:

Notice of updated Privacy Act system of records notice.

SUMMARY:

The Department of Homeland Security is republishing the Privacy Act system of records notice for the Automated Biometric Identification System in order (1) to add a category of records that comprises unique personal identifiers that links individuals with their encounters, biometrics, records, and other data elements and (2) to add a new routine use consistent with Office of Management and Budget Memorandum M-07-16, Attachment 2 that permits DHS to be in the best position to respond in a timely and effective manner in the event of a data breach. This republished system of records notice will replace the previously published system of records notice for the Automated Biometric Identification System, Federal Register on July 27, 2006 (71 FR 42651).

DATES:

Written comments must be submitted on or before July 5, 2007.

ADDRESSES:

You may submit comments, identified by DOCKET NUMBER DHS-2007-0027 by one of the following methods:

  • Federal e-Rulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments.
  • Fax: 1-866-466-5370.
  • Mail: Hugo Teufel III, Chief Privacy Officer, Privacy Office, Department of Homeland Security, Washington, DC 20528.

FOR FURTHER INFORMATION CONTACT:

Claire Miller, US-VISIT Acting Privacy Officer, Department of Homeland Security, Washington, DC 20528. For privacy issues please contact: Hugo Teufel III, Chief Privacy Officer, Privacy Office, U.S. Department of Homeland Security, Washington, DC 20528.

SUPPLEMENTARY INFORMATION:

In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the Department of Homeland Security (DHS) is publishing a revision to an existing Privacy Act system of records known as Automated Biometric Identification System (IDENT). The notice for these systems of records was last published in the Federal Register on July 27, 2006 (71 FR 42651).

DHS is republishing IDENT in order (1) to add a category of records that comprises unique personal identifiers that links individuals with their encounters, biometrics, records, and other data elements and (2) to add a new routine use consistent with Office of Management and Budget Memorandum M-07-16, Attachment 2 that permits DHS to be in the best position to respond in a timely and effective manner in the event of a data breach. This republished system of records notice will replace the previously published system of records notice for the Automated Biometric Identification System, Federal Register on July 27, 2006 (71 FR 42651).

IDENT is the primary repository of biometric information held by DHS in connection with its several and varied missions and functions, including, but not limited to: The enforcement of civil and criminal laws (including the immigration and customs laws), including investigations, inquiries, and proceedings thereunder; and national security and intelligence activities. IDENT is a centralized and dynamic DHS-wide biometric database that also contains limited biographic and encounter history information needed to place the biometric information in proper context. The information is collected by, on behalf of, in support of, or in cooperation with DHS and its components and may contain personally identifiable information collected by other federal, state, local, tribal, foreign, and international agencies. As part of an effort to more accurately identify individuals and ensure that all encounters are appropriately linked, IDENT will generate, store, and retrieve data by unique numbers or sequence of numbers and characters. This SORN update adds a category of records to IDENT to include these unique numbers or sequence of numbers and characters, also known as enumerators that link individuals with their encounters, biometrics, records, and other data elements. Additionally, this SORN adds a new routine consistent with Office of Management and Budget Memorandum M-07-16, Attachment 2 that permits DHS to be in the best position to respond in a timely and effective manner in the event of a data breach.

In accordance with 5 U.S.C. 552a(r), DHS has provided a report of this system change to the Office of Management and Budget and to Congress.

DHS/US-VISIT-001

System name:

DHS Automated Biometric Identification System (IDENT).

System location:

US-VISIT, Department of Homeland Security (DHS), Washington, DC 20528.

Categories of individuals covered by the system:

Categories of individuals covered by this notice consist of:

A. Individuals whose biometrics are collected by, on behalf of, in support of, or in cooperation with DHS concerning operations that implement and/or enforce laws, regulations, treaties, or orders related to the mission of DHS.

B. Individuals whose biometrics are collected by, on behalf of, in support of, or in cooperation with DHS as part of a background check or security screening in connection with their hiring, retention, performance of a job function, or the issuance of a license or credential.

C. Individuals whose biometrics are collected by federal, state, local, tribal, foreign, or international agencies for national security, law enforcement, immigration, intelligence, or other DHS mission-related functions, and who are the subjects of wants, warrants, or lookouts or any other subject of interest.

Categories of records in the system:

IDENT contains biometric, biographic, unique machine-generated identifiers, and encounter-related data for operation/production, testing, and training environments. Biometric data includes, but is not limited to, fingerprints and photographs. Biographical data includes, but is not limited to, name, date of birth, nationality, and other personal descriptive data. The encounter data provides the context of the interaction with an individual including, but not limited to, location, document numbers, and reason fingerprinted. Unique machine-generated identifiers are identifiers that link individuals with their encounters, biometrics, records, and other data elements. Test data may be real or simulated biometric, biographic, encounter, or identifiers related data.

Authority for maintenance of the system:

6 U.S.C. 202, 8 U.S.C. 1103, 1158, 1201, 1225, 1324, 1357, 1360, 1365a, 1365b, 1379, and 1732; 19 U.S.C. 1589a.

Purpose(s):

This system of records is established and maintained to provide a DHS-wide repository of biometrics captures in DHS or law enforcement encounters. This will enable DHS to carry out its DHS national security, law enforcement, immigration, intelligence, and other mission-related functions, and to provide associated testing, training, management reporting, planning and analysis, and other administrative uses, by allowing DHS to positively identify an individual whether the name information is the same or different based on biometrics.

Routine uses of records maintained in the system, including categories of users and the purposes of such uses:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed outside DHS as a routine use pursuant to 5 U.S.C. 552a(b)(3), as follows:

A. To appropriate federal, state, local, tribal, foreign, or international agencies seeking information on the subjects of wants, warrants, or lookouts, or any other subject of interest, for purpose related to administering or enforcing the law, national security, immigration, or intelligence, where consistent with a DHS mission-related function as determined by DHS.

B. To appropriate federal, state, local tribal, foreign, or international government agencies charged with national security, law enforcement, immigration, intelligence, or other DHS mission-related functions in connection with the hiring or retention by such an agency of an employee, the issuance of a security clearance, the reporting of an investigation of that employee (but only if the System of Records in which the investigatory files are maintained allows such disclosure), the letting of a contract, or the issuance of a license, grant, loan, or other benefit by the requesting agency.

C. To an actual or potential party or to his or her attorney for the purpose of negotiation or discussion on such matters as settlement of the case or matter, or discovery proceedings.

D. To a Congressional office from the record of an individual in response to an inquiry from that Congressional office made at the request of the individual to whom the record pertains.

E. To the National Archives and Records Administration or other Federal government agencies pursuant to records management inspections being conducted under the authority of 44 U.S.C. Sections 2904 and 2906.

F. To individual who are obligors or representatives of obligors of bonds posted.

G. To contractors, grantees, experts, consultants, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for the Federal Government, when necessary to accomplish a DHS mission function related to this system of records. Such recipients are required to comply with the Privacy Act, 5 U.S.C. 552a, as amended.

H. To the Department of Justice (DOJ) or other Federal agency for purposes of conducting litigation or proceedings before any court, adjudicative, or administrative body when (1) DHS; or (2) Any employee of DHS in his/her official capacity; or (3) Any employee of DHS in his/her individual capacity, where DOJ or DHS has agreed to represent the employee; or (4) The United States or any agency thereof is a party to the litigation or proceeding, or has an interest in such litigation or proceeding.

I. To appropriate agencies, entities, and persons when (1) it is suspected or confirmed that the security or confidentiality of information in the system of records has been compromised; (2) DHS has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or ham to the security or integrity of this system or other systems or programs (whether maintained by DHS or another agency or entity) that rely upon the compromised information; and (3) the disclosure is made to such agencies, entities, and persons when reasonably necessary to assist in connection with DHS's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.

Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:

Storage:

Information can be stored in case file folders, cabinets, safes, or a variety of electronic or computer databases and storage media.

Retrievability:

Records may be retrieved by biometrics or select personal identifiers, including but not limited to names, identification numbers, date of birth, nationality, document number, and address.

Safeguards:

The system is protected through multi-layer security mechanisms. The protective strategies are physical, technical, administrative, and environmental in nature, and provide access to control to sensitive data, physical access control to DHS facilities, confidentiality of communications, authentication of sending parties, and personnel screening to ensure that all personnel with access to data are screened through background investigations commensurate with the level of access required to perform their duties.

Retention and disposal:

The following proposal for retention and disposal is pending approval with National Archives and Records Administration (NARA):

Records that are stored in an individual's file will be purged according to the retention and disposition guidelines that relate to the individual's file in DHS/US-VISIT-001, IDENT.

Testing and training data will be purged when the data is no longer required (GRS 20). Electronic records for which the statute of limitations has expired for all criminal violations or that are older than 75 years will be purged. Fingerprint cards, created for the purpose of entering records in the database, will be destroyed after data entry. Work Measurement Reports and Statistical Reports will be maintained within the guidelines set forth in NCI-95-78-5/2 and NCI-85-78-1/2 respectively.

System manager(s) and address:

System Manager, IDENT Program Management Office, US-VISIT Program, U.S. Department of Homeland Security, Washington, DC 20528, USA.

Notification procedure:

To determine whether this system contains records relating to you, write to the US-VISIT Privacy Officer, US-VISIT Program, U.S. Department of Homeland Security, 245 Murray Lane, SW., Washington, DC 20528, USA.

Record access procedures:

The major part of this system is exempted from this requirement pursuant to 5 U.S.C. 552a(j)(2) and (k)(2). A determination as to the granting or denial of access shall be made at the time a request is received. Requests for access to records in this system must be in writing, and should be addressed to the US-VISIT Privacy Officer at the address in the Notification procedure section above. Such request may be submitted either by mail or in person. The envelope and letter shall be clearly marked “Privacy Officer—Access/Redress Request.” To identify a record, the record subject should provide his or her full name, date and place of birth; if appropriate, the date and place of entry into or departure from the United States; verification of identity by submitting a copy of fingerprints if appropriate (in accordance with 8 CFR 103.21(b) and/or pursuant to 28 U.S.C. 1746, make a dated statement under penalty of perjury as a substitute for notarization), and any other identifying information that may be of assistance in locating the record. The requestor shall also provide a return address for transmitting the records to be released.

Contesting record procedures:

The major part of this system is exempted from this requirement pursuant to U.S.C. 552a(j)(2) and (k)(2). A determination as to the granting or denial of a request shall be made at the time a request is received. An individual requesting amendment of records maintained in this system should direct his or her request to the System Manager noted above. The request should state clearly what information is being contested, the reasons for contesting it, and the proposed amendment to the information.

Record source categories:

Basic information contained in this system is supplied by individuals covered by this system, and from Federal, State, local, tribal, or foreign governments; private citizens; and public and private organizations.

Exemptions claimed for the system:

The Secretary of Homeland Security has exempted this system from 5 U.S.C. 552a(c)(3) and (4); (d); (e)(1), (e)(2), (e)(3), (e)(4)(G), (e)(4)(H), (e)(5) and (e)(8); (f)(2) through (5); and (g) pursuant to 5 U.S.C. 552a(j)(2). In addition, the Secretary of Homeland Security has exempted portions of this system from 5 U.S.C. 552a(c)(3), (d), (e)(1), (e)(4)(G), and (e)(4)(H) pursuant to 5 U.S.C. 552a(k)(2). These exemptions apply only to the extent that records in the system are subject to exemption pursuant to 5 U.S.C. 552a(j)(2) and (k)(2).

Dated: May 25, 2007.

Hugo Teufel III,

Chief Privacy Officer.

[FR Doc. 07-2781 Filed 5-31-07; 1:24 pm]

BILLING CODE 4410-10-M