[Federal Register Volume 79, Number 98 (Wednesday, May 21, 2014)]
[Rules and Regulations]
[Pages 29072-29074]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2014-11433]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Office of the Secretary

6 CFR Part 5

[Docket No. DHS-2011-0033]


Privacy Act of 1974: Implementation of Exemptions; Department of 
Homeland Security/National Protection and Programs Directorate--002 
Chemical Facility Anti-Terrorism Standards Personnel Surety Program 
System of Records

AGENCY: Privacy Office, DHS.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: The Department of Homeland Security is issuing a final rule to 
amend its regulations to exempt portions of a newly established system 
of records titled, ``Department of Homeland Security/National 
Protection and Programs Directorate--002 Chemical Facility Anti-
Terrorism Standards Personnel Surety Program System of Records'' from 
certain provisions of the Privacy Act. Specifically, the Department 
exempts portions of the ``Department of Homeland Security/National 
Protection and Programs Directorate--002 Chemical Facility Anti-
Terrorism Standards Personnel Surety Program System of Records'' from 
one or more provisions of the Privacy Act because of criminal, civil, 
and administrative enforcement requirements.

DATES: Effective Date: This final rule is effective May 21, 2014.

FOR FURTHER INFORMATION CONTACT: For general questions please contact: 
Emily Andrew (703) 235-2182, Senior Privacy Officer, National 
Protection and Programs Directorate, Department of Homeland Security, 
Washington, DC 20528. For privacy issues please contact: Karen L. 
Neuman (202) 343-1717, Chief Privacy Officer, Privacy Office, 
Department of Homeland Security, Washington, DC 20528.

SUPPLEMENTARY INFORMATION:

Background

    The Department of Homeland Security (DHS) National Protection and 
Programs Directorate (NPPD) published a notice of proposed rulemaking 
in the Federal Register, 76 FR 34616, on June 14, 2011, proposing to 
exempt portions of the system of records from one or more provisions of 
the Privacy Act because of criminal, civil, and administrative 
enforcement requirements. The system of records is the DHS/NPPD--002 
Chemical Facility Anti-Terrorism Standards Personnel Surety Program 
System of Records. The DHS/NPPD--002 Chemical Facility Anti-Terrorism 
Standards Personnel Surety Program system of records notice (SORN) was 
published concurrently in the Federal Register, 76 FR 34732, June 14, 
2011, and comments were invited on both the notice of proposed 
rulemaking (NPRM) and SORN.

Public Comments

    DHS received three comments on the NPRM and one comment on the 
SORN. Comments on the NPRM and the SORN are outlined below, followed by 
the Department's responses.
    DHS also received a comment in the public docket for the SORN 
(Document DHS-2011-0032-0003), which addressed the Chemical Facility 
Anti-Terrorism Standards (CFATS) Personnel Surety Program Information 
Collection Request (Docket DHS-2009-0026) and other aspects of the 
Personnel Surety Program, but did not address the SORN, the NPRM, or 
privacy issues. DHS reviewed that comment, and responded to it in a 
Federal Register notice, 78 FR 17680, March 22, 2013.

NPRM

    Comment: One commenter suggested that the Department did not make 
``a good faith effort to provide the public with specific reasons or 
requirements'' to justify Privacy Act exemptions. For this reason the 
commenter opposed DHS's proposed exemptions.
    Response: The Department believes that it provided adequate 
justification to support the Privacy Act exemptions described in the 
NPRM. These exemptions are needed to protect the information (i.e., 
categories of records) listed in the SORN from disclosure to subjects 
or others related to the vetting activities described in the SORN. 
Specifically, the exemptions are required to preclude subjects of the 
CFATS Personnel Surety Program's vetting activities from frustrating 
these vetting activities; to avoid disclosure of vetting activity 
techniques; to protect the identities and physical safety of 
confidential informants and law enforcement personnel; to ensure the 
Department's ability to obtain information from third parties and other 
sources; to protect the privacy of third parties; to safeguard 
classified information; to safeguard records; and for other reasons 
discussed in the NPRM. Disclosure of information about persons vetted 
under the CFATS Personnel Surety Program to those persons could also 
permit them to avoid detection or apprehension. The exemptions proposed 
here are standard law enforcement and national security exemptions 
exercised by a large number of Federal law enforcement and intelligence 
agencies.
    Comment: A commenter is pleased that third-party individuals may be 
designated to act on behalf of facilities as ``Submitters'' under the 
CFATS Personnel Surety Program, and seeks clarification on how this 
will be accomplished. Specifically, the commenter sought clarification 
from DHS on two points: (a) ``any security or information protection 
requirements that may be required to serve as a `Submitter' in light of 
the potential Privacy Act exemption DHS currently seeks and may 
receive''; and (b) the mechanics of ``[h]ow, specifically, authorized 
third parties will serve as a facility's agent for elements of TSDB 
compliance[.]''
    Response: The Department does not currently envision any additional 
or new security or information protection

[[Page 29073]]

requirements that will apply to Submitters in light of the Privacy Act 
exemptions that are the subject of this rulemaking. The Department will 
publish a user manual when the CFATS Personnel Surety Program is 
implemented, discussing how different users can access and use the Web 
portal that the Department intends to establish for the CFATS Personnel 
Surety Program.
    Comment: A commenter stated that the Department's proposal does 
``comply with the Privacy Act or follow the corresponding lawful and 
reasonable exemptions provided in this case by the corresponding 
Department of Homeland Security Appropriations Act of 2007.'' The 
commenter also expressed concerns relating to: (a) The length of time 
it will take the government to conduct screening, and the number of 
government entities involved in screening; (b) the scope of information 
being requested and the resulting burden on high-risk chemical 
facilities; and (c) the duplication involved for those individuals who 
have already been vetted against the Terrorist Screening Database 
(TSDB) as part of other government screening programs. The commenter 
was in favor of the proposed exemptions from portions of the Privacy 
Act.
    Response: The commenter's concerns about the screening procedure, 
the scope of information requested, and duplicative screening efforts 
and recommendations are outside the scope of the SORN and this Privacy 
Act exemptions rulemaking. Nevertheless, the Department addressed the 
commenter's other concerns in a Federal Register notice that solicited 
comments about the CFATS Personnel Surety Program Information 
Collection Request, 78 FR 17680, March 22, 2013.

SORN

    Comment: One commenter asked whether or not individuals with 
national security clearances, individuals with access to restricted 
areas under the U.S. Army's Chemical Personnel Reliability Program 
(CPRP), or individuals processed by ``the DHS suitability program'' 
could be exempted from the TSDB vetting requirements of the Personnel 
Surety Program.
    Response: Whether an individual (or category of individuals) could 
be exempted from the CFATS Personnel Surety Program is not within the 
scope of the SORN or this Privacy Act exemptions rulemaking. DHS's 
responses to comments in this document are limited to addressing the 
SORN for the Personnel Surety Program, and to Privacy Act exemptions 
related to the collection and disclosure of information under the 
Personnel Surety Program Systems of Records.
    After considering public comments, the Department will implement 
the rulemaking as proposed.

List of Subjects in 6 CFR Part 5

    Freedom of information; Privacy.

    For the reasons stated in the preamble, Chapter I of Title 6, Code 
of Federal Regulations, is amended as follows:

PART 5--DISCLOSURE OF RECORDS AND INFORMATION

0
1. The authority citation for part 5 continues to read as follows:

    Authority: 6 U.S.C. 101 et seq.; Pub. L. 107-296, 116 Stat. 
2135; 5 U.S.C. 301. Subpart A also issued under 5 U.S.C. 552. 
Subpart B also issued under 5 U.S.C. 552a.


0
2. Add at the end of Appendix C to part 5, the following new paragraph 
``73'':

Appendix C to Part 5--DHS Systems of Records Exempt From the Privacy 
Act

* * * * *
    73. The DHS/NPPD--002 Chemical Facility Anti-Terrorism Standards 
Personnel Surety Program System of Records consists of electronic 
and paper records and will be used by DHS and its components. The 
DHS/NPPD--002 Chemical Facility Anti-Terrorism Standards Personnel 
Surety Program System of Records is a repository of information held 
by DHS in connection with its several and varied missions and 
functions, including, but not limited to the enforcement of civil 
and criminal laws; investigations, inquiries, and proceedings 
thereunder; and national security and intelligence activities. The 
DHS/NPPD--002 Chemical Facility Anti-Terrorism Standards Personnel 
Surety Program System of Records contains information that is 
collected by, on behalf of, in support of, or in cooperation with 
DHS and its components and may contain personally identifiable 
information collected by other federal, state, local, tribal, 
foreign, or international government agencies. The Secretary of 
Homeland Security has exempted this system from the following 
provisions of the Privacy Act, subject to limitations set forth 
therein: 5 U.S.C. 552a(c)(3); (d); (e)(1), (e)(4)(G), (e)(4)(H), 
(e)(4)(I); and (f). These exemptions are made pursuant to 5 U.S.C. 
552a(k)(1) and (k)(2).
    In addition to records under the control of DHS, the DHS/NPPD--
002 Chemical Facility Anti-Terrorism Standards Personnel Surety 
Program System of Records may include records originating from 
systems of records of other law enforcement and intelligence 
agencies, which may be exempt from certain provisions of the Privacy 
Act. DHS does not, however, assert exemption from any provisions of 
the Privacy Act with respect to information submitted by high-risk 
chemical facilities.
    To the extent the DHS/NPPD--002 Chemical Facility Anti-Terrorism 
Standards Personnel Surety Program System of Records contains 
records originating from other systems of records, DHS will rely on 
the exemptions claimed for those records in the originating systems 
of records. Exemptions from these particular subsections are 
justified, on a case-by-case basis to be determined at the time a 
request is made, for the following reasons:
    (a) From subsection (c)(3) (Accounting for Disclosures) because 
release of the accounting of disclosures could alert the subject of 
an investigation of an actual or potential criminal, civil, or 
regulatory violation to the existence of that investigation and 
reveal investigative interest, on the part of DHS as well as the 
recipient agency. Disclosure of the accounting would therefore 
present a serious impediment to law enforcement efforts and/or 
efforts to preserve national security. Disclosure of the accounting 
would also permit the individual who is the subject of a record to 
impede the investigation, to tamper with witnesses or evidence, and 
to avoid detection or apprehension, which would undermine the entire 
investigative process.
    (b) From subsection (d) (Access to Records) because access to 
the records contained in this system of records could inform the 
subject of an investigation of an actual or potential criminal, 
civil, or regulatory violation to the existence of that 
investigation and reveal investigative interest on the part of DHS 
or another agency. Access to the records could permit the individual 
who is the subject of a record to impede the investigation, to 
tamper with witnesses or evidence, and to avoid detection or 
apprehension. Amendment of the records could interfere with ongoing 
investigations and law enforcement activities and would impose an 
unreasonable administrative burden by requiring investigations to be 
continually reinvestigated. In addition, permitting access and 
amendment to such information could disclose security-sensitive 
information that could be detrimental to homeland security.
    (c) From subsection (e)(1) (Relevancy and Necessity of 
Information) because in the course of investigations into potential 
violations of federal law, the accuracy of information obtained or 
introduced occasionally may be unclear, or the information may not 
be strictly relevant or necessary to a specific investigation. In 
the interests of effective law enforcement, it is appropriate to 
retain all information that may aid in establishing patterns of 
unlawful activity.
    (d) From subsections (e)(4)(G), (e)(4)(H), and (e)(4)(I) (Agency 
Requirements) and (f) (Agency Rules), because portions of this 
system are exempt from the individual access provisions of 
subsection (d) for the reasons noted above, and therefore DHS is not 
required to establish requirements, rules, or procedures with 
respect to such access. Providing notice to individuals with respect 
to existence of records pertaining to them in the system of records 
or otherwise setting up procedures pursuant to which individuals may 
access and view records pertaining to

[[Page 29074]]

themselves in the system would undermine investigative efforts and 
reveal the identities of witnesses, potential witnesses, and 
confidential informants.

    Dated: May 1, 2014.
Karen L. Neuman,
Chief Privacy Officer, Department of Homeland Security.
[FR Doc. 2014-11433 Filed 5-20-14; 8:45 am]
BILLING CODE 9110-10-P