[Federal Register Volume 74, Number 188 (Wednesday, September 30, 2009)]
[Notices]
[Pages 50228-50232]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E9-23522]



[[Page 50228]]

=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Office of the Secretary

[Docket No. DHS-2009-0106]


Privacy Act of 1974; U.S. Immigration and Customs Enforcement-012 
Visa Security Program (VSP) System of Records

AGENCY: Privacy Office, DHS.

ACTION: Notice of Privacy Act system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, the Department of 
Homeland Security proposes to establish a new system of records titled, 
U.S. Immigration and Customs Enforcement DHS/ICE-012 Visa Security 
Program Records (VSPR). The purpose of the VSPR system is to manage, 
review, track, investigate, and document visa security reviews 
conducted by ICE agents pertaining to U.S. visa applicants and to 
document ICE visa recommendations to the U.S. State Department. VSPR 
contains information about individuals who have applied for U.S. visas 
and undergo a visa security review. VSPR also contains data maintained 
in the Office of International Affairs' Visa Security Program Tracking 
System (VSPTS-Net), a software application used by ICE to record, 
track, manage, and report visa security review activities. VSPTS-Net 
manages the workflow associated with visa security reviews by recording 
and tracking all visa applicant reviews, records checks, and follow-up 
investigative activities. Additionally, a Privacy Impact Assessment 
(PIA) for VSPTS-Net will be posted on the Department's privacy Web site 
(see http://www.dhs.gov/privacy and follow the link to ``Privacy Impact 
Assessments.'') Due to urgent homeland security and law enforcement 
mission needs, VSPTS-Net is currently in operation. Recognizing that 
ICE is publishing a notice of system of records for an existing system, 
ICE will carefully consider public comments, apply appropriate 
revisions, and republish the VSPR notice of system of records within 
180 days of receipt of comments. A proposed rulemaking is also 
published in this issue of the Federal Register in which the Department 
proposes to exempt portions of this system of records from one or more 
provisions of the Privacy Act because of criminal, civil and 
administrative enforcement requirements.

DATES: The established system of records will be effective October 30, 
2009. Written comments must be submitted on or before October 30, 2009.

ADDRESSES: You may submit comments, identified by DHS-2009-0106, by one 
of the following methods:
     Federal e-Rulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.
     Fax: 703-483-2999.
     Mail: Mary Ellen Callahan, Chief Privacy Officer, Privacy 
Office, Department of Homeland Security, Washington, DC 20528.
     Instructions: All submissions received must include the 
agency name and docket number for this rulemaking. All comments 
received will be posted without change to http://www.regulations.gov, 
including any personal information provided.
     Docket: For access to the docket to read background 
documents or comments received go to http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: Lyn Rahilly, (202-732-3300) Privacy 
Officer, U.S. Immigration and Customs Enforcement, 500 12th Street, 
SW., Washington, DC 20536; or Mary Ellen Callahan, (703-235-0780), 
Chief Privacy Officer, Privacy Office, U.S. Department of Homeland 
Security, Washington, DC 20528.

SUPPLEMENTARY INFORMATION:

I. Background

    The Visa Security Program Records (VSPR) system of records is owned 
and maintained by the ICE Office of International Affairs (OIA). It 
consists of paper and electronic records created in support of the Visa 
Security Program, the purpose of which is to identify persons who may 
be ineligible for a U.S. visa because of criminal history, terrorism 
association, or other factors and convey that information to the State 
Department, which decides whether to issue the visa. VSPR contains 
records on visa applicants for whom a visa security review is 
conducted. The Visa Security Program Tracking System (VSPTS-Net) is a 
new OIA application scheduled to deploy in September 2009 that supports 
the management of ICE's Visa Security Program. ICE Special Agents use 
VSPTS-Net to record, track, and manage all visa security reviews 
performed by ICE. The VSPR system of records describes records 
maintained in VSPTS-Net and associated paper records.
    In support of Section 428 of the Homeland Security Act of 2002, ICE 
deploys agents to U.S. embassies and consulates (``consular posts'') in 
high-risk areas worldwide to conduct security reviews of visa 
applications. ICE agents assigned to the Visa Security Program examine 
visa applications, initiate investigations of applicants who may be 
ineligible for a visa, coordinate with other law enforcement entities, 
and provide advice and training to the State Department. Through its 
Visa Security Program, ICE also participates in the Security Advisory 
Opinion (SAO) process. which is a U.S. Government mechanism to 
coordinate third-agency checks on visa applicants about whom the State 
Department has security-related concerns. Upon request from the State 
Department, ICE provides information from DHS record systems about visa 
applicants who are selected to undergo the SAO process. The State 
Department in turn provides the results of SAO checks to consular 
officers to aid in adjudicating visa applications. Like the ICE Special 
Agents located at consular posts abroad, ICE agents and analysts 
supporting SAO operations identify persons who may be ineligible for a 
U.S. visa because of criminal history, terrorism association, or other 
factors and convey that information to the State Department, which 
decides whether to issue the visa.
    VSPTS-Net will be used to support the Visa Security Program 
activities described above by recording, tracking, and managing the 
SAOs and visa security reviews and documenting the results that are 
communicated to the State Department. VSPTS-Net will provide ICE agents 
with an intranet-based application that manages the workflow associated 
with visa security reviews and provides the necessary analytical, 
reporting and data storage capabilities. VSPTS-Net will also allow 
users (ICE employees and contractors) to record relevant visa 
application data, derogatory information about applicants, visa 
recommendation data. It also supports the generation of performance 
metrics for the Visa Security program as a whole. Ultimately, the 
system helps the Visa Security Program and the State Department prevent 
known and suspected terrorists, criminals, and other ineligible persons 
from obtaining U.S. visas. A PIA was conducted on VSPTS-Net because it 
is a new system that will maintain personally identifiable information 
(PII). The VSPTS-Net PIA is available on the Department of Homeland 
Security (DHS) Privacy Office Web site at http://www.dhs.gov/privacy.
    The DHS/ICE-012 VSPR system of records will collect, use, 
disseminate, and maintain PII on persons who apply for a visa and 
undergo a visa security review. This collection of information is 
necessary for ICE to conduct visa

[[Page 50229]]

security reviews and to provide the State Department with a visa 
recommendation and/or information that is relevant to the applicant's 
eligibility for a visa under Federal law.
    Consistent with DHS's information sharing mission, information 
stored in the VSPR system of records may be shared with other DHS 
components, as well as appropriate Federal, State, local, Tribal, 
foreign, or international government agencies. This sharing will only 
take place after DHS determines that the receiving component or agency 
has a need to know the information to carry out national security, law 
enforcement, immigration, intelligence, or other functions consistent 
with the routine uses set forth in this system of records notice.
    A proposed rulemaking is published in this issue of the Federal 
Register in which the Department proposes to exempt portions of this 
system of records from one or more provisions of the Privacy Act 
because of criminal, civil and administrative enforcement requirements. 
Individuals may request information about records pertaining to them 
stored in DHS/ICE-012 VSPR system of records as outlined in the 
``Notification Procedure'' section below. ICE reserves the right to 
exempt various records from release pursuant to exemptions 5 U.S.C. 
552a(j)(2), (k)(1), and (k)(2) of the Privacy Act.
    This newly established system will be included in DHS's inventory 
of record systems.

II. Privacy Act

    The Privacy Act embodies fair information principles in a statutory 
framework governing the means by which the United States Government 
collects, maintains, uses, and disseminates personally identifiable 
information. The Privacy Act applies to information that is maintained 
in a ``system of records.'' A ``system of records'' is a group of any 
records under the control of an agency for which information is 
retrieved by the name of an individual or by some identifying number, 
symbol, or other identifying particular assigned to the individual. In 
the Privacy Act, an individual is defined to encompass United States 
citizens and legal permanent residents. As a matter of policy, DHS 
extends administrative Privacy Act protections to all individuals where 
systems of records maintain information on U.S. citizens, lawful 
permanent residents, and visitors. Individuals may request access to 
their own records that are maintained in a system of records in the 
possession or under the control of DHS by complying with DHS Privacy 
Act regulations, 6 CFR Part 5.
    The Privacy Act requires each agency to publish in the Federal 
Register a description denoting the type and character of each system 
of records that the agency maintains, and the routine uses that are 
contained in each system in order to make agency record keeping 
practices transparent, to notify individuals regarding the uses to 
which personally identifiable information is put, and to assist 
individuals to more easily find such files within the agency. Below is 
the description of the DHS/ICE-012 Visa Security Program Records (VSPR) 
system of records.
    In accordance with 5 U.S.C. 552a(r), DHS has provided a report of 
this new system of records to the Office of Management and Budget and 
to Congress.

SYSTEM OF RECORDS:
    DHS/ICE-012

SYSTEM NAME:
    Visa Security Program Records (VSPR).

CLASSIFICATION:
    Classified; Controlled Unclassified Information.

SYSTEM LOCATION:
    Records are maintained at the U.S. Immigration and Customs 
Enforcement (ICE) Headquarters in Washington, DC, ICE field offices, 
and foreign embassies and consulates.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Categories of individuals covered by this system include:
    (1) Individuals who apply for U.S. visas, and
    (2) Other individuals who are identified on the visa application, 
such as the applicant's spouse, individuals traveling with applicant, 
application preparer's name, and individuals identified by the 
applicant as the person in the U.S. with whom the applicant will stay 
(hereafter, applicant point of contact).

CATEGORIES OF RECORDS IN THE SYSTEM:
    Categories of records in this system may include:
    (1) Biographic, employment, contact, and other types of information 
provided on the visa application, or by the applicant and others during 
interviews, such as name, address, phone number, e-mail address, date 
of birth, country of birth, nationality, passport number, information 
related to applicant's intended travel to the United States, spouse's 
name, names and relationships of individuals traveling with applicant, 
the application preparer's name, and the name and address of the 
applicant point of contact.
    (2) Information obtained during a visa security review from 
interviews, public records, foreign governments, and U.S. government 
databases, such as the State Department's visa control number, lookout 
records, criminal history, admission, visa and immigration history, and 
records indicating a possible threat to homeland or national security 
due to terrorism or other reasons.
    (3) Recommendations and/or other information provided by ICE to the 
State Department pertaining to visa applicants, and the State 
Department's decision on the visa application.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    8 U.S.C. 1103; 8 U.S.C. 1153-55; 8 U.S.C. 1201-1204; Section 428 of 
the Homeland Security Act of 2002; 22 CFR 41.122; Memorandum of 
Understanding between DHS, Federal Bureau of Investigation, and State 
Department Bureau of Consular Affairs on Improved Information Sharing 
Services signed July 18, 2009; Memorandum of Understanding Between the 
Secretaries of State and Homeland Security Concerning the 
Implementation of Section 428 of the Homeland Security Act of 2002 
signed on September 26, 2003; Memorandum of Understanding between the 
Department of State, Bureau of Consular Affairs and the Department of 
Homeland Security, U.S. Immigration and Customs Enforcement for 
Cooperation in Datasharing signed on October 6, 2006; and Memorandum of 
Agreement Between the Department of State and the Department of 
Homeland Security Regarding the Sharing of Visa and Passport Records 
and Immigration and Naturalization and Citizenship Records signed on 
November 18, 2008.

PURPOSE(S):
    (a) To manage, review, track, investigate, document, and report on 
visa security reviews conducted by ICE agents pertaining to U.S. visa 
applicants and to document ICE recommendations to the State Department 
on visa issuance;
    (b) To facilitate communication among ICE personnel on matters 
pertaining to visa applications, visa holders, and visa security 
reviews;
    (c) To enforce the provisions of the Immigration and Nationality 
Act, as amended; and
    (d) To identify potential criminal activity, immigration 
violations, and threats to homeland security; to uphold

[[Page 50230]]

and enforce the law; and to ensure public safety.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside DHS as a 
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    A. To the Department of Justice (including United States Attorney 
Offices) or other Federal agency conducting litigation or in 
proceedings before any court, adjudicative or administrative body, 
when:
    1. DHS or any component thereof;
    2. Any employee of DHS in his/her official capacity;
    3. Any employee of DHS in his/her individual capacity where DOJ or 
DHS has agreed to represent the employee; or
    4. The United States or any agency thereof, is a party to the 
litigation or has an interest in such litigation, and DHS determines 
that the records are both relevant and necessary to the litigation and 
the use of such records is compatible with the purpose for which DHS 
collected the records.
    B. To a congressional office from the record of an individual in 
response to an inquiry from that congressional office made at the 
request of the individual to whom the record pertains.
    C. To the National Archives and Records Administration or other 
Federal government agencies pursuant to records management inspections 
being conducted under the authority of 44 U.S.C. 2904 and 2906.
    D. To an agency, organization, or individual for the purpose of 
performing audit or oversight operations as authorized by law, but only 
such information as is necessary and relevant to such audit or 
oversight function.
    E. To appropriate agencies, entities, and persons when:
    1. DHS suspects or has confirmed that the security or 
confidentiality of information in the system of records has been 
compromised;
    2. The Department has determined that as a result of the suspected 
or confirmed compromise there is a risk of harm to economic or property 
interests, identity theft or fraud, or harm to the security or 
integrity of this system or other systems or programs (whether 
maintained by DHS or another agency or entity) or harm to an individual 
that rely upon the compromised information; and
    3. The disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with DHS's efforts to 
respond to the suspected or confirmed compromise and prevent, minimize, 
or remedy such harm.
    F. To contractors and their agents, grantees, experts, consultants, 
and others performing or working on a contract, service, grant, 
cooperative agreement, or other assignment for DHS, when necessary to 
accomplish an agency function related to this system of records. 
Individuals provided information under this routine use are subject to 
the same Privacy Act requirements and limitations on disclosure as are 
applicable to DHS officers and employees.
    G. To an appropriate Federal, State, Tribal, local, international, 
or foreign law enforcement agency or other appropriate authority 
charged with investigating or prosecuting a violation or enforcing or 
implementing a law, rule, regulation, or order, where a record, either 
on its face or in conjunction with other information, indicates a 
violation or potential violation of law, which includes criminal, 
civil, or regulatory violations and such disclosure is proper and 
consistent with the official duties of the person making the 
disclosure.
    H. To a court, magistrate, or administrative tribunal in the course 
of presenting evidence, including disclosures to opposing counsel or 
witnesses in the course of civil discovery, litigation, or settlement 
negotiations or in connection with criminal law proceedings or in 
response to a subpoena.
    I. To Federal and foreign government intelligence or 
counterterrorism agencies when DHS reasonably believes there to be a 
threat or potential threat to national or international security for 
which the information may be useful in countering the threat or 
potential threat, when DHS reasonably believes such use is to assist in 
anti-terrorism efforts, and disclosure is appropriate to the proper 
performance of the official duties of the person making the disclosure.
    J. To the Department of State in the processing of petitions or 
applications for benefits under the Immigration and Nationality Act, 
and all other immigration and nationality laws including treaties and 
reciprocal agreements.
    K. To an organization or individual in either the public or private 
sector, either foreign or domestic, where there is a reason to believe 
that the recipient is or could become the target of a particular 
terrorist activity or conspiracy, to the extent the information is 
relevant to the protection of life or property and disclosure is 
appropriate to the proper performance of the official duties of the 
person making the disclosure.
    L. To appropriate Federal, State, local, Tribal, or foreign 
governmental agencies or multilateral governmental organizations 
responsible for investigating or prosecuting the violations of, or for 
enforcing or implementing, a statute, rule, regulation, order, license, 
or treaty where DHS determines that the information would assist in the 
enforcement of civil or criminal laws.
    M. To appropriate Federal, State, local, Tribal, or foreign 
governmental agencies or multilateral governmental organizations where 
DHS is aware of a need to utilize relevant data for purposes of testing 
new technology and systems designed to enhance national security or 
identify other violations of law.
    N. To third parties during the course of a visa security review to 
the extent necessary to obtain information pertinent to the review, 
provided disclosure is appropriate to the proper performance of the 
official duties of the person making the disclosure.
    O. To international and foreign governmental authorities in 
accordance with law and formal or informal international arrangements.
    P. To a Federal, State, or local agency, or other appropriate 
entity or individual, or through established liaison channels to 
selected foreign governments, in order to provide intelligence, 
counterintelligence, or other information for the purposes of 
intelligence, counterintelligence, or antiterrorism activities 
authorized by U.S. law, Executive Order, or other applicable national 
security directive.
    Q. To a Federal, State, Tribal, local, international, or foreign 
government agency or entity for the purpose of consulting with that 
agency or entity: (1) To assist in making a determination regarding 
redress for an individual in connection with the operations of a DHS 
component or program; (2) for the purpose of verifying the identity of 
an individual seeking redress in connection with the operations of a 
DHS component or program; or (3) for the purpose of verifying the 
accuracy of information submitted by an individual who has requested 
such redress on behalf of another individual.
    R. To the Federal Bureau of Investigation, the National Counter-
Terrorism Center (NCTC), the Terrorist Screening Center (TSC), or other 
appropriate Federal agencies, for the integration and use of such 
information to protect against terrorism, if that record is about one 
or more individuals

[[Page 50231]]

known, or suspected, to be or to have been involved in activities 
constituting, in preparation for, in aid of, or related to terrorism. 
Such information may be further disseminated by recipient agencies to 
Federal, State, local, territorial, Tribal, and foreign government 
authorities, and to support private sector processes as contemplated in 
Homeland Security Presidential Directive/HSPD-6 and other relevant laws 
and directives, for terrorist screening, threat-protection and other 
homeland security purposes.
    S. To appropriate Federal, State, local, Tribal, or foreign 
governmental agencies or multilateral government organizations for the 
purpose of protecting the vital interests of a data subject or other 
persons, including to assist such agencies or organizations in 
preventing exposure to or transmission of a communicable or 
quarantinable disease or to combat other significant public health 
threats; appropriate notice will be provided of any identified health 
risk, as practicable.
    T. To the news media and the public, with the approval of the Chief 
Privacy Officer in consultation with counsel, when there exists a 
legitimate public interest in the disclosure of the information or when 
disclosure is necessary to preserve confidence in the integrity of DHS 
or is necessary to demonstrate the accountability of DHS's officers, 
employees, or individuals covered by the system, except to the extent 
it is determined that release of the specific information in the 
context of a particular case would constitute an unwarranted invasion 
of personal privacy.

DISCLOSURE TO CONSUMER REPORTING AGENCIES:
    None.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records in this system are stored electronically or on paper in 
secure facilities in a locked drawer behind a locked door. The 
electronic records are stored on magnetic disc, tape, digital media, 
and CD-ROM.

RETRIEVABILITY:
    Records may be retrieved by visa applicant name, passport number, 
or visa control number.

SAFEGUARDS:
    Records in this system are safeguarded in accordance with 
applicable rules and policies, including all applicable DHS automated 
systems security and access policies. Strict controls have been imposed 
to minimize the risk of compromising the information that is being 
stored. Access to the computer system containing the records in this 
system is limited to those individuals who have a need to know the 
information for the performance of their official duties and who have 
appropriate clearances or permissions. The system maintains a real-time 
auditing function of individuals who access the system.

RETENTION AND DISPOSAL:
    ICE is in the process of drafting a proposed record retention 
schedule for the information maintained in VSPR, including system 
information maintained in VSPTS-Net. ICE anticipates retaining the 
following records for 25 years after the date of review: visa security 
reviews where ICE has no adverse finding and does not object to the 
issuance of a visa, visa security reviews where ICE does not object to 
the issuance of a visa but provides derogatory information to the 
Department of State regarding the applicant, and visa security reviews 
where ICE recommends against the issuance of a visa, with no nexus to 
terrorism. ICE anticipates retaining the following records for 75 years 
after the date of review: visa security reviews where ICE recommends 
against the issuance of a visa due to a nexus to terrorism, or where 
ICE does not object to the issuance of the visa but provides terrorism-
related information to the State Department regarding the applicant. 
ICE also anticipates that extracts of visa applicant data created for 
the purpose of creating VSPTS-Net records will be retained by ICE for 
one week and then destroyed/deleted.

SYSTEM MANAGER AND ADDRESS:
    Visa Security Program Unit Chief, Office of International Affairs, 
U.S. Immigration and Customs Enforcement, 800 N. Capitol Street NW., 
Suite 300, Washington, DC 20536.

NOTIFICATION PROCEDURE:
    The Secretary of Homeland Security has exempted this system from 
the notification, access, and amendment procedures of the Privacy Act 
because it is a law enforcement system. However, ICE will consider 
requests individual requests to determine whether or not information 
may be released. Thus, individuals seeking notification of and access 
to any record contained in this system of records, or seeking to 
contest its content, may submit a request in writing to the component's 
FOIA Officer, whose contact information can be found at http://www.dhs.gov/foia under ``contacts.'' If an individual believes more 
than one component maintains Privacy Act records concerning him or her 
the individual may submit the request to the Chief Privacy Officer, 
Department of Homeland Security, 245 Murray Drive, SW., Building 410, 
STOP-0550, Washington, DC 20528.
    When seeking records about yourself from this system of records or 
any other Departmental system of records your request must conform with 
the Privacy Act regulations set forth in 6 CFR Part 5. You must first 
verify your identity, meaning that you must provide your full name, 
current address and date and place of birth. You must sign your 
request, and your signature must either be notarized or submitted under 
28 U.S.C. 1746, a law that permits statements to be made under penalty 
of perjury as a substitute for notarization. While no specific form is 
required, you may obtain forms for this purpose from the Director, 
Disclosure and FOIA, http://www.dhs.gov or 1-866-431-0486. In addition 
you should provide the following:
     An explanation of why you believe the Department would 
have information on you,
     Identify which component(s) of the Department you believe 
may have the information about you,
     Specify when you believe the records would have been 
created,
     Provide any other information that will help the FOIA 
staff determine which DHS component agency may have responsive records,
     If your request is seeking records pertaining to another 
living individual, you must include a statement from that individual 
certifying his/her agreement for you to access his/her records.
    Without this bulleted information the component(s) will not be able 
to conduct an effective search, and your request may be denied due to 
lack of specificity or lack of compliance with applicable regulations.

RECORD ACCESS PROCEDURES:
    See ``Notification procedure'' above.

CONTESTING RECORD PROCEDURES:
    See ``Notification procedure'' above.

RECORD SOURCE CATEGORIES:
    Information is obtained from the visa application, the visa 
applicant, Federal databases, foreign governments, Interpol, Europol, 
employers, family members, public records, the Internet, and other 
individuals or entities from which information is collected during a 
visa security review.

[[Page 50232]]

EXEMPTIONS CLAIMED FOR THE SYSTEM:
    Pursuant to exemption 5 U.S.C. 552a(j)(2) of the Privacy Act, 
portions of this system are exempt from 5 U.S.C. 552a(c)(3) and (4); 
(d); (e)(1), (e)(2), (e)(3), (e)(4)(G), and (e)(4)(H), (e)(5) and 
(e)(8); (f); and (g). Pursuant to 5 U.S.C. 552a(k)(1) and (k)(2), this 
system is exempt from the following provisions of the Privacy Act, 
subject to the limitations set forth in those subsections: 5 U.S.C. 
552a(c)(3), (d), (e)(1), (e)(4)(G), (e)(4)(H), and (f). In addition, to 
the extent a record contains information from other exempt systems of 
records, DHS will rely on the exemptions claimed for those systems.

    Dated: September 23, 2009.
Mary Ellen Callahan,
Chief Privacy Officer, Department of Homeland Security.
[FR Doc. E9-23522 Filed 9-29-09; 8:45 am]
BILLING CODE 9111-28-P