[Federal Register Volume 79, Number 96 (Monday, May 19, 2014)]
[Notices]
[Pages 28752-28757]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2014-11431]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Office of the Secretary

[Docket No. DHS-2014-0013]


Privacy Act of 1974; Department of Homeland Security National 
Protection and Programs Directorate--002 Chemical Facility Anti-
Terrorism Standards Personnel Surety Program System of Records

AGENCY: Department of Homeland Security, Privacy Office.

ACTION: Notice of Privacy Act System of Records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, the Department of 
Homeland Security proposes to update and reissue a current Department 
of Homeland Security system of records titled, ``Department of Homeland 
Security/National Protection and Programs Directorate--002 Chemical 
Facility Anti-Terrorism Standards Personnel Surety Program System of 
Records.'' This system of records allows the Department of Homeland 
Security/National Protection and Programs Directorate to collect and 
maintain records on individuals--facility personnel and unescorted 
visitors--who have or are seeking access to restricted areas and 
critical assets at high-risk chemical facilities and compare this 
information to the Terrorist Screening Database, the terrorist 
watchlist maintained by the Federal Bureau of Investigation's Terrorist 
Screening Center. As a result of a biennial review of this system and 
changes to the Chemical Facility Anti-Terrorism Standards Personnel 
Surety Program, the Department of Homeland Security/National Protection 
and Programs Directorate is updating this system of records notice to 
include a new category of record and routine use. Administrative 
updates are being made globally to better align the description of the 
program with other CFATS Personnel Surety Program documentation. 
Additionally, the Department of Homeland Security is concurrently 
issuing a Final Rule to exempt this system of records from certain 
provisions of the Privacy Act, elsewhere in the Federal Register. This 
notice also includes non-substantive changes to simplify the formatting 
and text of the previously published notice. This updated system will 
be included in the Department of Homeland Security's inventory of 
record systems.

DATES: Submit comments on or before June 18, 2014. This updated system 
will be effective June 18, 2014.

ADDRESSES: You may submit comments, identified by docket number DHS-
2014-0013 by one of the following methods:
     Federal e-Rulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.
     Fax: 202-343-4010.
     Mail: Karen L. Neuman, Chief Privacy Officer, Privacy 
Office, Department of Homeland Security, Washington, DC 20528.
    Instructions: All submissions received must include the agency name 
and docket number for this rulemaking. All comments received will be 
posted without change to http://www.regulations.gov, including any 
personal information provided.
    Docket: For access to the docket to read background documents or 
comments received, please visit http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: For general questions, please contact: 
Emily Andrew, (703) 235-2182, Privacy Officer, National Protection and 
Programs Directorate, Department of Homeland Security, Washington, DC 
20528. For privacy questions, please contact: Karen L. Neuman, (202) 
343-1717, Chief Privacy Officer, Privacy Office, Department of Homeland 
Security, Washington, DC 20528.

SUPPLEMENTARY INFORMATION:

I. Background

    In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the 
Department of Homeland Security (DHS) National Protection and Programs 
Directorate (NPPD) proposes to update and reissue a current DHS system 
of records titled, ``DHS/NPPD--002 Chemical Facility Anti-Terrorism 
Standards Personnel Surety Program System of Records.''
    On October 4, 2006, the President signed the DHS Appropriations Act 
of 2007 (the Act), Public Law 109-295. Section 550 of the Act (Section 
550) provides DHS with the authority to regulate the security of high-
risk chemical facilities. DHS has promulgated regulations implementing 
Section 550, the Chemical Facility Anti-Terrorism Standards (CFATS), 6 
CFR Part 27.

[[Page 28753]]

    Section 550 requires that DHS establish Risk Based Performance 
Standards (RBPS) as part of CFATS. RBPS-12 (6 CFR 27.230(a)(12)(iv)) 
requires that regulated chemical facilities implement ``measures 
designed to identify people with terrorist ties.'' The ability to 
identify individuals with terrorist ties is an inherently governmental 
function and requires the use of information held in government-
maintained databases, which are unavailable to high-risk chemical 
facilities. Therefore, DHS is implementing the CFATS Personnel Surety 
Program, which will allow chemical facilities to comply with RBPS-12 by 
implementing ``measures designed to identify people with terrorist 
ties.''
    The CFATS Personnel Surety Program will work with the DHS 
Transportation Security Administration (TSA) to identify individuals 
who have terrorist ties by vetting information submitted by each high-
risk chemical facility against the Terrorist Screening Database (TSDB). 
The TSDB is the Federal Government's consolidated and integrated 
terrorist watchlist of known and suspected terrorists, maintained by 
the Department of Justice (DOJ) Federal Bureau of Investigation's (FBI) 
Terrorist Screening Center (TSC). For more information on the TSDB, see 
DOJ/FBI--019 Terrorist Screening Records System, 72 FR 47073 (August 
22, 2007).
    High-risk chemical facilities or their designees will submit the 
information of: (1) Facility personnel who have or who are seeking 
access, either unescorted or otherwise, to restricted areas or critical 
assets; and (2) unescorted visitors who have or who are seeking access 
to restricted areas or critical assets. These persons, about whom high-
risk chemical facilities and facilities' designees will submit 
information to DHS, are referred to in this notice as ``affected 
individuals.'' Individual high-risk facilities may classify particular 
contractors or categories of contractors either as ``facility 
personnel'' or as ``visitors.'' This determination should be a 
facility-specific determination, and should be based on facility 
security, operational requirements, and business practices.
    With the publication of this updated system of records, DHS is 
making the following changes: (1) Category of records has been updated 
to include Trusted Traveler Program information and information 
necessary to assist in verifying status of enrollment in another DHS 
program; and (2) routine use K has been added. Under routine use K, DHS 
may provide records to high-risk chemical facilities, or their 
designees, for the purpose of ensuring that information on all affected 
individuals submitted by or on behalf of the facility who have or are 
seeking access to restricted areas or critical assets has been 
appropriately submitted to DHS. A high-risk chemical facility may have 
access to information on the affected individuals that were submitted 
by the facility or on behalf of the facility. Designees of high-risk 
chemical facilities may only have access to information on the affected 
individuals that the designee submitted on behalf of the facility. 
Routine use K is compatible with the purposes for which the information 
is collected because the information will be used to ensure that the 
appropriate affected individuals are receiving the required terrorist 
ties checks.
    In addition, administrative updates are being made globally to 
better align the description of the program with other CFATS Personnel 
Surety Program documentation. This notice also includes non-substantive 
changes to simplify the formatting and text of the previously published 
notice.
    Under the CFATS Personnel Surety Program, for each affected 
individual a high-risk chemical facility, or its designee, may use the 
following options for submitting information to the Department (in 
addition to other options, not discussed in this systems of records 
notice, that would not involve submission of information to DHS):
    Option 1--Direct vetting: High-risk chemical facilities (or their 
designees) may submit information to NPPD about an affected individual 
to be compared on a recurrent basis against identifying information of 
known or suspected terrorists, and/or
    Option 2--Use of vetting conducted under other DHS programs: High-
risk chemical facilities (or their designees) may submit information to 
NPPD about an affected individual's enrollment in the Transportation 
Worker Identification Credential (TWIC) Program, Hazardous Materials 
Endorsement (HME) Program, or the NEXUS, Secure Electronic Network for 
Travelers Rapid Inspection (SENTRI), Free and Secure Trade (FAST), and 
Global Entry Trusted Traveler Programs. Each of those programs conducts 
recurrent vetting, which is equivalent to the terrorist ties vetting 
conducted under Option 1.
    Information will be submitted to DHS/NPPD through the Chemical 
Security Assessment Tool (CSAT), the online data collection portal for 
CFATS. The high-risk chemical facility or its designees will submit the 
information of affected individuals to DHS through CSAT. The submitters 
of this information (Submitters) for each high-risk chemical facility 
will also affirm, to the best of their knowledge, that the information 
is: (1) True, correct, and complete; and (2) collected and submitted in 
compliance with the facility's Site Security Plan (SSP) or Alternative 
Security Program (ASP), as authorized and/or approved in accordance 
with 6 CFR 27.245. The Submitter(s) of each high-risk chemical facility 
will also affirm that, in accordance with its Site Security Plans, 
notice required by the Privacy Act of 1974, 5 U.S.C. 552a, has been 
given to affected individuals before their information is submitted to 
DHS.
    DHS previously indicated in the June 14, 2011 Chemical Facility 
Anti-Terrorism Standards Personnel Surety Program System of Records 
that it would issue a ``verification of receipt'' to the Submitter(s) 
of each high-risk chemical facility when a high-risk chemical facility: 
(1) Submits information about an affected individual for the first 
time; (2) submits additional, updated, or corrected information about 
an affected individual; or (3) notifies DHS that an affected individual 
no longer has or is seeking access to that facility's restricted areas 
or critical assets. However, DHS now intends to provide high-risk 
chemical facilities, and their designees, the ability to create an 
alert within the CSAT Personnel Surety application that can notify them 
when DHS has received information about an affected individual(s) under 
Option 1 or Option 2. Further, DHS will also allow high-risk chemical 
facilities the ability to view the status (e.g., that some information 
about an affected individual has been inputted into CSAT but not yet 
submitted to DHS under Option 1 or Option 2; or that information about 
an affected individual has been submitted) of records about affected 
individuals associated with their facility within the CSAT Personnel 
Surety application. High-risk chemical facilities may also have the 
ability to download reports from CSAT. These reports may include 
information submitted about affected individuals with access to that 
facility as well as status of enrollment in other DHS programs. High-
risk chemical facilities will be responsible for managing their user 
roles and determining what access each user may have within the CFATS 
Personnel Surety application to ensure that only the appropriate users 
have access to the information about affected individuals being 
submitted to DHS.
    Upon receipt of each affected individual's information in CSAT 
using Option 1--Direct vetting, DHS/NPPD

[[Page 28754]]

will send a copy of the information to DHS/TSA. Within DHS/TSA, the 
Office of Transportation Threat Assessment and Credentialing (TTAC) 
conducts vetting against the TSDB for several DHS programs. DHS/TSA/
TTAC will compare the information of affected individuals collected by 
DHS (via CSAT) to information in the TSDB on a recurrent basis. DHS/
TSA/TTAC will forward potential matches to the DOJ/FBI/TSC, which will 
make a final determination of whether an individual's information is 
identified as a match to a record in the TSDB.
    Upon receipt of each affected individual's information in CSAT 
using Option 2--Use of vetting conducted under other DHS programs, DHS/
NPPD will send information to DHS/TSA to verify enrollment in the TWIC 
or HME Program or to DHS/U.S. Customs and Border Protection (CBP) to 
verify enrollment in the Trusted Traveler Program. If an affected 
individual's enrollment in one of these programs is verified, NPPD will 
periodically re-verify the affected individual's continued enrollment. 
If the affected individual's enrollment in one of these programs is no 
longer verified, then NPPD will notify the high-risk chemical facility, 
or its designee. NPPD may initiate vetting under Option 1, as 
appropriate. The high-risk chemical facility will be responsible for 
taking action in accordance with its SSP or ASP, which may include 
submitting new or updated information on that affected individual.
    In certain instances, DHS/NPPD may contact a high-risk chemical 
facility to request additional information (e.g., visa information) 
pertaining to particular individuals in order to clarify suspected data 
errors or resolve potential matches (e.g., when an affected individual 
has a common name). Such requests do not imply, and should not be 
construed to indicate that an individual's information has been 
confirmed as a match to a TSDB record.
    DHS/NPPD may also conduct data accuracy reviews and audits as part 
of the CFATS Personnel Surety Program. High-risk chemical facilities 
may propose to maintain different sorts of records or information 
related to RBPS 12 as part of their SSP or ASP, and DHS expects that 
the records or information available could vary from one high-risk 
chemical facility to another. The types of information DHS may request 
from high-risk chemical facilities as part of data accuracy reviews or 
audits could thus vary from facility to facility, based on each 
facility's standard business practices and SSP or ASP. The records 
requested may contain information pertaining to affected individuals 
that was previously provided to DHS/NPPD by the high-risk chemical 
facility.
    Consistent with DHS's information-sharing mission, information 
stored in the DHS/NPPD--002 Chemical Facility Anti-Terrorism Standards 
Personnel Surety Program System of Records may be shared with other DHS 
components that have a need to know the information to carry out their 
national security, law enforcement, immigration, intelligence, or other 
homeland security functions. In addition, DHS/NPPD may share 
information with appropriate federal, state, local, tribal, 
territorial, foreign, or international government agencies consistent 
with the routine uses set forth in this system of records notice.
    Additionally, DHS is concurrently issuing a Final Rule to exempt 
this system of records from certain provisions of the Privacy Act 
elsewhere in the Federal Register. This updated system will be included 
in DHS's inventory of record systems.

II. Privacy Act

    The Privacy Act embodies fair information practice principles in a 
statutory framework governing the means by which federal government 
agencies collect, maintain, use, and disseminate individuals' records. 
The Privacy Act applies to information that is maintained in a ``system 
of records.'' A ``system of records'' is a group of any records under 
the control of an agency from which information is retrieved by the 
name of an individual or by some identifying number, symbol, or other 
identifying particular assigned to the individual. In the Privacy Act, 
an individual is defined to encompass U.S. citizens and lawful 
permanent residents. As a matter of policy, DHS extends administrative 
Privacy Act protections to all individuals when systems of records 
maintain information on U.S. citizens, lawful permanent residents, and 
visitors.
    Below is the description of the DHS/NPPD--002 Chemical Facility 
Anti-Terrorism Standards Personnel Surety Program System of Records.
    In accordance with 5 U.S.C. 552a(r), DHS has provided a report of 
this system of records to the Office of Management and Budget and to 
Congress.
System of Records
    Department of Homeland Security (DHS)/National Protection and 
Programs Directorate (NPPD)--002.

System name:
    DHS/NPPD--002 Chemical Facility Anti-Terrorism Standards Personnel 
Surety Program

Security classification:
    Unclassified, Sensitive, For Official Use Only, Law Enforcement-
Sensitive, and Classified.

System location:
    Records are maintained at the DHS and NPPD Headquarters in 
Washington, DC and field offices.

Categories of individuals covered by the system:
    (1) High-risk chemical facility personnel and unescorted visitors 
who have or are seeking access to restricted areas or critical assets 
at high-risk chemical facilities (see 6 CFR 27.230(a)(12)), referred to 
in this notice as ``affected individuals'';
    (2) High-risk chemical facility personnel or designees who contact 
DHS/NPPD or a federal law enforcement entity with follow-up questions 
regarding submission of an individual's information to DHS/NPPD;
    (3) Individuals listed in the TSDB against whom potential or 
confirmed matches have been made; and
    (4) Individuals who have been or seek to be distinguished from 
individuals listed in the TSDB through redress or other means as a 
result of the Personnel Surety Program.

Categories of records in the system:
    (1) High-risk chemical facilities are required to submit the 
following information on all facility personnel and unescorted visitors 
who have or are seeking access to restricted areas or critical assets:
    a. U.S. Citizens and Lawful Permanent Residents
    i. Full name;
    ii. Date of birth; and
    iii. Citizenship or Gender.
    b. Non-U.S. persons
    i. Full name;
    ii. Date of birth;
    iii. Citizenship; and
    iv. Passport information and/or alien registration number.
    (2) To reduce the likelihood of false positives in matching against 
the TSDB, high-risk chemical facilities may also (optionally) submit 
the following information on facility personnel and unescorted visitors 
who have or are seeking access to restricted areas or critical assets:
    a. Aliases;
    b. Gender (for Non-U.S. persons);
    c. Place of birth; and
    d. Redress Number.

[[Page 28755]]

    (3) High-risk chemical facilities may submit different information 
on individuals who maintain DHS screening program credentials or 
endorsements that require TSDB checks equivalent to the checks to be 
performed as part of the CFATS Personnel Surety Program. Instead of 
submitting the information listed in category (1), above, high risk 
chemical facilities may submit the following information for such 
individuals:
    a. Full name;
    b. Date of birth;
    c. Name of the DHS program that conducts equivalent vetting against 
the TSDB, such as the Transportation Worker Identification Credential 
(TWIC) Program, the Hazardous Materials Endorsement (HME) Program, or 
Trusted Traveler Program;
    d. Unique number, or other program specific verifying information 
associated with a DHS screening program, necessary to verify an 
individual's enrollment, such as TWIC Serial Number for the TWIC 
Program, Commercial Driver's License (CDL) Number and CDL issuing 
state(s) for the HME Program, or PASS ID Number for the Trusted 
Traveler Program; and
    e. Expiration date of the credential endorsed or issued by the DHS 
screening program.
    This alternative is optional--high-risk chemical facilities may 
either submit the information listed in category (1) for such 
individuals, or may submit the information listed in category (3) for 
such individuals.
    (4) When high-risk chemical facilities choose to submit the 
information listed in category (3), above, they may also (optionally) 
submit the following information on facility personnel and unescorted 
visitors who have or are seeking access to restricted areas or critical 
assets:
    a. Aliases;
    b. Place of Birth;
    c. Gender;
    d. Citizenship; and
    e. Redress Number.
    (5) DHS could collect additional identifying information from a 
high-risk chemical facility as necessary to confirm or clear a 
potential match to a TSDB record. Information collected by high-risk 
chemical facilities and submitted to DHS for this purpose could include 
any information listed in categories (1) through (4), passport 
information, visa information, driver's license information, or other 
available identifying particulars, used to compare the identity of an 
individual being screened with information listed in the TSDB;
    (6) In the event that a confirmed match is identified as part of 
the CFATS Personnel Surety Program, in addition to other records listed 
under the categories of records section of this SORN, DHS will obtain 
references to or information from other government law enforcement and 
intelligence databases, as well as other relevant databases that may 
contain terrorism information;
    (7) Information necessary to assist in tracking submissions and 
transmission of records or verifying status of enrollment in another 
DHS program, including electronic verification that DHS has received a 
particular record; and
    (8) Information provided by individuals covered by this system in 
support of any redress request, including DHS Redress Numbers and/or 
any of the above categories of records.

Authority for maintenance of the system:
    DHS Appropriations Act of 2007, Section 550, Public Law 109-295, 
120 Stat. 1355 (October 4, 2006), as amended; and the Chemical Facility 
Anti-Terrorism Standards, 6 CFR Part 27.

Purpose(s):
    The purpose of this system is to identify persons listed in the 
TSDB who have or are seeking access to restricted areas or critical 
assets at high-risk chemical facilities.

Routine uses of records maintained in the system, including categories 
of users and the purposes of such uses:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside DHS as a 
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    A. To the Department of Justice (DOJ), including Offices of the 
U.S. Attorneys, or other federal agencies conducting litigation or in 
proceedings before any court, adjudicative, or administrative body, 
when it is relevant or necessary to the litigation and one of the 
following is a party to the litigation or has an interest in such 
litigation:
    1. DHS or any component thereof;
    2. Any employee or former employee of DHS in his/her official 
capacity;
    3. Any employee or former employee of DHS in his/her individual 
capacity when DOJ or DHS has agreed to represent the employee; or
    4. The U.S. or any agency thereof.
    B. To a congressional office from the record of an individual in 
response to an inquiry from that congressional office made at the 
request of the individual to whom the record pertains.
    C. To the National Archives and Records Administration (NARA) or 
General Services Administration pursuant to records management 
inspections being conducted under the authority of 44 U.S.C. 2904 and 
2906.
    D. To an agency or organization for the purpose of performing audit 
or oversight operations as authorized by law, but only such information 
as is necessary and relevant to such audit or oversight function.
    E. To appropriate agencies, entities, and persons when:
    1. DHS suspects or has confirmed that the security or 
confidentiality of information in the system of records has been 
compromised;
    2. DHS has determined that as a result of the suspected or 
confirmed compromise, there is a risk of identity theft or fraud, harm 
to economic or property interests, harm to an individual, or harm to 
the security or integrity of this system or other systems or programs 
(whether maintained by DHS or another agency or entity) that rely upon 
the compromised information; and
    3. The disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with DHS's efforts to 
respond to the suspected or confirmed compromise and prevent, minimize, 
or remedy such harm.
    F. To contractors and their agents, grantees, experts, consultants, 
and others performing or working on a contract, service, grant, 
cooperative agreement, or other assignment for DHS, when necessary to 
accomplish an agency function related to this system of records. 
Individuals provided information under this routine use are subject to 
the same Privacy Act requirements and limitations on disclosure as are 
applicable to DHS officers and employees.
    G. To an appropriate federal, state, tribal, local, international, 
or foreign law enforcement agency or other appropriate authority 
charged with investigating or prosecuting a violation or enforcing or 
implementing a law, rule, regulation, or order, when a record, either 
on its face or in conjunction with other information, indicates a 
violation or potential violation of law, which includes criminal, 
civil, or regulatory violations and such disclosure is proper and 
consistent with the official duties of the person making the 
disclosure.
    H. To federal, state, local, tribal, territorial, foreign, 
multinational, or private sector entities as appropriate to assist in 
coordination of terrorist threat

[[Page 28756]]

awareness, assessment, analysis, or response.
    I. To an appropriate federal, state, tribal, local, international, 
or foreign agency or other appropriate authority regarding individuals 
who pose, or are suspected of posing a risk to national security.
    J. To an appropriate federal, state, tribal, local, international, 
foreign agency, other appropriate governmental entities or authority 
to:
    1. Determine whether an individual is a positive identity match to 
an identity in the TSDB;
    2. Facilitate operational, law enforcement, or intelligence 
responses, if appropriate, when vetted individuals' identities match 
identities contained in the TSDB;
    3. Provide information and analysis about terrorist encounters and 
known or suspected terrorists to appropriate domestic and foreign 
government agencies and officials for counterterrorism purposes; or
    4. Perform technical implementation functions necessary for the 
CFATS Personnel Surety Program.
    K. To high-risk chemical facilities, or their designees, for the 
purpose of ensuring that information on all affected individuals 
submitted by or on behalf of the facility who have or are seeking 
access to restricted areas or critical assets at a high-risk chemical 
facility has been appropriately submitted to the Department.
    L. To the news media and the public, with the approval of the Chief 
Privacy Officer in consultation with counsel, when there exists a 
legitimate public interest in the disclosure of the information, when 
disclosure is necessary to preserve confidence in the integrity of DHS, 
or when disclosure is necessary to demonstrate the accountability of 
DHS's officers, employees, or individuals covered by the system, except 
to the extent the Chief Privacy Officer determines that release of the 
specific information in the context of a particular case would 
constitute an unwarranted invasion of personal privacy.

Disclosure to consumer reporting agencies:
    None.

Policies and practices for storing, retrieving, accessing, retaining, 
and disposing of records in the system:
Storage:
    DHS/NPPD stores records in this system electronically or on paper 
in secure facilities in a locked drawer behind a locked door. The 
records may be stored on magnetic disc, tape, digital media.

Retrievability:
    Records may be retrieved by searching any of the categories of 
records listed above. Records may also be retrievable by relevant 
chemical facility name, chemical facility location, chemical facility 
contact information, and by other facility-specific data points.

Safeguards:
    DHS/NPPD safeguards records in this system according to applicable 
rules and policies, including all applicable DHS automated systems 
security and access policies. NPPD has imposed strict controls to 
minimize the risk of compromising the information that is being stored. 
Access to the computer system containing the records in this system is 
limited to those individuals who have a need to know the information 
for the performance of their official duties and who have appropriate 
clearances or permissions.

Retention and disposal:
    A proposed schedule for the retention and disposal of records 
collected under the DHS/NPPD--002 Chemical Facility Anti-Terrorism 
Standards Personnel Surety Program System of Records is being developed 
by the DHS and NPPD Offices of Records Management for approval by NARA.
    The length of time DHS/NPPD will retain information on individuals 
will depend on individual TSDB vetting results. Specifically, 
individuals' information will be retained as described below, based on 
the individuals' placements into three categories:
    (1) Information pertaining to an individual who is not a potential 
or confirmed match to a TSDB record will be retained for one year after 
a high-risk chemical facility has notified NPPD that the individual no 
longer has or is seeking access to the restricted areas or critical 
assets of the facility;
    (2) Information pertaining to an individual who may originally have 
appeared to be a match a TSDB record, but who was subsequently 
determined not to be a match, will be retained for seven years after 
completion of TSDB matching, or one year after the high-risk chemical 
facility that submitted that individual's information has notified DHS/
NPPD that the individual no longer has or is seeking access to the 
restricted areas or critical assets of the facility, whichever is 
later; and
    (3) Information pertaining to an individual who is a positive match 
to a TSDB record will be retained for ninety-nine years after 
completion of matching activity, or seven years after DHS/NPPD learns 
that the individual is deceased, whichever is earlier.
    DHS/TSA/TTAC will maintain records within its possession in 
accordance with the DHS/TSA-002--Transportation Security Threat 
Assessment System of Records, 75 FR 28046 (May 19, 2010). DHS/CBP will 
maintain records in its possession in accordance with the DHS/CBP-002--
Global Enrollment System of Records, 71 FR 20708 (April 21, 2006).
    DHS/NPPD will also retain records to conduct inspections or audits 
under 6 CFR 27.245 and 6 CFR 27.250 to ensure that high-risk chemical 
facilities are in compliance with CFATS. These records could include 
the names of individuals with access to high-risk chemical facilities' 
restricted areas and critical assets, the periods of time during which 
high-risk chemical facilities indicate that such individuals have/had 
access, and any other information listed elsewhere in this notice, as 
appropriate.
    The retention periods for these records provide reasonable amounts 
of time for law enforcement, intelligence, or redress matters involving 
individuals who have or are seeking access to restricted areas or 
critical assets at high-risk chemical facilities.

System Manager and address:
    CFATS Personnel Surety Program Manager, 250 Murray Lane SW., Mail 
Stop 0610, Washington, DC 20528.

Notification procedure:
    The Secretary of Homeland Security has exempted this system from 
the notification, access, and amendment procedures of the Privacy Act. 
However, DHS/NPPD will consider individual requests to determine 
whether or not information may be released. Thus, individuals seeking 
notification of and access to any record contained in this system of 
records, or seeking to contest its content, may submit a request in 
writing to the Chief Privacy Officer and DHS or NPPD FOIA Officer, 
whose contact information can be found at http://www.dhs.gov/foia under 
``Contacts.'' If an individual believes more than one component 
maintains Privacy Act records concerning him or her, the individual may 
submit the request to the Chief Privacy Officer and Chief Freedom of 
Information Act Officer, Department of Homeland Security, 245 Murray 
Drive SW., Building 410, Mail Stop 0655, Washington, DC 20528.
    When seeking records about yourself from this system of records or 
any other Departmental system of records, your request must conform 
with the Privacy Act regulations set forth in 6 CFR Part

[[Page 28757]]

5. You must first verify your identity, meaning that you must provide 
your full name, current address, and date and place of birth. You must 
sign your request, and your signature must either be notarized or 
submitted under 28 U.S.C. Sec.  1746, a law that permits statements to 
be made under penalty of perjury as a substitute for notarization. 
While no specific form is required, you may obtain forms for this 
purpose from the Chief Privacy Officer and Chief Freedom of Information 
Act Officer, http://www.dhs.gov/foia or 1-866-431-0486. In addition, 
you should:
     Explain why you believe the Department would have 
information on you;
     Identify which component(s) of the Department you believe 
may have the information about you;
     Specify when you believe the records would have been 
created; and
     Provide any other information that will help the FOIA 
staff determine which DHS component agency may have responsive records;
    If your request is seeking records pertaining to another living 
individual, you must include a statement from that individual 
certifying his/her agreement for you to access his/her records.
    Without the above information, the component(s) may not be able to 
conduct an effective search, and your request may be denied due to lack 
of specificity or lack of compliance with applicable regulations.

Record access procedures:
    See ``Notification procedure'' above.

Contesting record procedures:
    See ``Notification procedure'' above.

Record source categories:
    NPPD obtains records from high-risk chemical facilities and their 
designees. High-risk chemical facilities must provide notice to each 
affected individual prior to submission of the affected individual's 
information to DHS/NPPD. This will include notice that additional 
information may be requested after the initial submission. NPPD may 
also obtain information from other DHS programs when DHS verifies 
enrollment of an affected individual in another vetting or 
credentialing program. Information may also be obtained from the DOJ/
FBI--019 Terrorist Screening Records System, 72 FR 47073 (August 22, 
2007), or from other FBI sources.

Exemptions claimed for the system:
    The Secretary of Homeland Security, pursuant to 5 U.S.C. 552a(k)(1) 
and (k)(2), has exempted this system from the following provisions of 
the Privacy Act, 5 U.S.C. 552a(c)(3); (d); (e)(1); (e)(4)(G), 
(e)(4)(H), (e)(4)(I); and (f).
    When this system receives a record from another system exempted in 
that source system under 5 U.S.C. 552a(j) or (k), DHS will claim the 
same exemptions for those records that are claimed for the original 
primary systems of records from which they originated and claims any 
additional exemptions set forth here. For more information on the FBI's 
Terrorist Screening Records System, see DOJ/FBI--019 Terrorist 
Screening Records System, 72 FR 47073 (August 22, 2007).
    DHS does not claim any exemptions for the information high-risk 
chemical facilities or their designees submit to DHS as part of this 
system of records.

    Dated: May 1, 2014.
Karen L. Neuman,
Chief Privacy Officer, Department of Homeland Security.
[FR Doc. 2014-11431 Filed 5-16-14; 8:45 am]
BILLING CODE 9110-9P-P