82 FR 34884 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-039 Foreign Access Management System of Records

DEPARTMENT OF HOMELAND SECURITY
Office of the Secretary

Federal Register Volume 82, Issue 143 (July 27, 2017)

The Department of Homeland Security is giving concurrent notice of a newly established system of records pursuant to the Privacy Act of 1974 for the ``Department of Homeland Security/ALL-039 Foreign Access Management System of Records'' and this proposed rulemaking. In this proposed rulemaking, the Department proposes to exempt portions of this system of records from one or more provisions of the Privacy Act because of criminal, civil, and administrative enforcement requirements.

[Federal Register Volume 82, Number 143 (Thursday, July 27, 2017)]
[Proposed Rules]
[Pages 34884-34885]
From the Federal Register Online  [www.thefederalregister.org]
[FR Doc No: 2017-15751]


========================================================================
Proposed Rules
                                                Federal Register
________________________________________________________________________

This section of the FEDERAL REGISTER contains notices to the public of 
the proposed issuance of rules and regulations. The purpose of these 
notices is to give interested persons an opportunity to participate in 
the rule making prior to the adoption of the final rules.

========================================================================


Federal Register / Vol. 82, No. 143 / Thursday, July 27, 2017 / 
Proposed Rules

[[Page 34884]]



DEPARTMENT OF HOMELAND SECURITY

Office of the Secretary

6 CFR Part 5

[Docket No. DHS-2017-0025]


Privacy Act of 1974: Implementation of Exemptions; Department of 
Homeland Security/ALL-039 Foreign Access Management System of Records

AGENCY: Privacy Office, DHS.

ACTION: Notice of proposed rulemaking.

-----------------------------------------------------------------------

SUMMARY: The Department of Homeland Security is giving concurrent 
notice of a newly established system of records pursuant to the Privacy 
Act of 1974 for the ``Department of Homeland Security/ALL-039 Foreign 
Access Management System of Records'' and this proposed rulemaking. In 
this proposed rulemaking, the Department proposes to exempt portions of 
this system of records from one or more provisions of the Privacy Act 
because of criminal, civil, and administrative enforcement 
requirements.

DATES: Comments must be received on or before August 28, 2017.

ADDRESSES: You may submit comments, identified by docket number DHS-
2017-0025, by one of the following methods:
     Federal e-Rulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.
     Fax: 202-343-4010.
     Mail: Jonathan R. Cantor, Acting Chief Privacy Officer, 
Privacy Office, Department of Homeland Security, Washington, DC 20528.
    Instructions: All submissions received must include the agency name 
and docket number for this document. All comments received will be 
posted without change to http://www.regulations.gov, including any 
personal information provided.
    Docket: For access to the docket to read background documents or 
comments received, go to http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: For general and privacy-related 
questions please contact: Jonathan R. Cantor, (202-343-1717), Acting 
Chief Privacy Officer, Privacy Office, Department of Homeland Security, 
Washington, DC 20528.

SUPPLEMENTARY INFORMATION: 

I. Background

    The Department of Homeland Security (DHS) is proposing to update 
applicable regulations to exempt portions of a newly established system 
of records from certain provisions of the Privacy Act. Specifically, 
this rule exempts portions of the ``DHS/ALL-039 Foreign Access 
Management System of Records,'' which is being proposed concurrently 
with this Notice of Proposed Rulemaking elsewhere in this issue of the 
Federal Register, from one or more provisions of the Privacy Act 
because of criminal, civil, and administrative enforcement 
requirements, pursuant to 5 U.S.C. 552a(k)(1), (k)(2), and (k)(5). 
Furthermore, to the extent certain categories of records are ingested 
from other systems, the exemptions applicable to the source systems 
will remain in effect.
    DHS is publishing this system of records document to provide 
transparency on how DHS collects, uses, maintains, and disseminates 
information relating to foreign nationals who seek access to DHS and 
partner U.S. Government (USG) agency personnel, information, 
facilities, programs, research, studies, and information technology 
(IT) systems. The DHS Office of the Chief Security Officer (OCSO)/
Center for International Safety & Security (CISS) Foreign Access 
Management (FAM) program uses the Foreign Access Management System 
(FAMS) to manage the risk assessment process for foreign nationals 
requesting access to DHS and partner agencies. DHS is responsible for 
conducting screening of all foreign nationals and foreign entities 
seeking access to DHS personnel, information, facilities, programs, and 
IT systems, including: Dual U.S. citizens and lawful permanent 
residents (LPR) representing foreign interests; LPRs providing 
construction or contractual services (e.g., food services, janitorial 
services); and foreign contacts and foreign visitors reported by DHS 
and partner USG agency employees who have met and/or befriended such 
contacts and visitors outside the scope of the employee's official 
duties.

II. Privacy Act

    The Privacy Act embodies fair information practice principles in a 
statutory framework governing the means by which Federal Government 
agencies collect, maintain, use, and disseminate individuals' records. 
The Privacy Act applies to information that is maintained in a ``system 
of records.'' A ``system of records'' is a group of any records under 
the control of an agency from which information is retrieved by the 
name of an individual or by some identifying number, symbol, or other 
identifying particular assigned to the individual. In the Privacy Act, 
an individual is defined to encompass U.S. citizens and lawful 
permanent residents. Additionally, and similarly, the Judicial Redress 
Act (JRA) provides a statutory right to covered persons to make 
requests for access and amendment to covered records, as defined by the 
JRA, along with judicial review for denials of such requests. In 
addition, the JRA prohibits disclosures of covered records, except as 
otherwise permitted by the Privacy Act.
    The Privacy Act allows government agencies to exempt certain 
records from the access and amendment provisions. If an agency claims 
an exemption, however, it must issue a Notice of Proposed Rulemaking to 
make clear to the public the reasons why a particular exemption is 
claimed.
    DHS is claiming exemptions from certain requirements of the Privacy 
Act for DHS/ALL-039 Foreign Access Management System of Records. Some 
information in DHS/ALL-039 Foreign Access Management System of Records 
relates to official DHS national security, law enforcement, 
immigration, intelligence activities. These exemptions are needed to 
protect information relating to DHS activities from disclosure to 
subjects or others related to these activities. Specifically, the 
exemptions are required to avoid disclosure of screening techniques; to 
protect the identities and physical safety of confidential informants 
and law enforcement personnel; to ensure DHS's ability to obtain 
information from third

[[Page 34885]]

parties and other sources; to protect the privacy of third parties; and 
to safeguard classified information. Disclosure of information to the 
subject of the inquiry could also permit the subject to avoid detection 
or apprehension.
    In appropriate circumstances, when compliance would not appear to 
interfere with or adversely affect the law enforcement purposes of this 
system and the overall law enforcement process, the applicable 
exemptions may be waived on a case by case basis.
    A notice of system of records for DHS/ALL-039 Foreign Access 
Management System of Records is also published in this issue of the 
Federal Register.

List of Subjects in 6 CFR Part 5

    Freedom of information, Privacy.

    For the reasons stated in the preamble, DHS proposes to amend 
chapter I of title 6, Code of Federal Regulations, as follows:

PART 5--DISCLOSURE OF RECORDS AND INFORMATION

0
1. Revise the authority citation for part 5 to read as follows:

    Authority: 6 U.S.C. 101 et seq.; Pub. L. 107-296, 116 Stat. 
2135; 5 U.S.C. 301.

0
2. Amend appendix C to part 5 by adding paragraph 78 to read as 
follows:

Appendix C to Part 5--DHS Systems of Records Exempt From the Privacy 
Act

* * * * *
    78. The DHS/ALL-039 Foreign Access Management System of Records 
consists of electronic and paper records and will be used by DHS and 
its components. The DHS/ALL-039 Foreign Access Management System of 
Records is a repository of information held by DHS in connection with 
its several and varied missions and functions, including, but not 
limited to the enforcement of civil and criminal laws; investigations, 
inquiries, and proceedings there under; and national security and 
intelligence activities. The DHS/ALL-039 Foreign Access Management 
System of Records contains information that is collected by, on behalf 
of, in support of, or in cooperation with DHS and its components and 
may contain personally identifiable information collected by other 
federal, state, local, tribal, foreign, or international government 
agencies.
    The Secretary of Homeland Security, pursuant to 5 U.S.C. 
552a(k)(1), (k)(2), and (k)(5), has exempted this system from the 
following provisions of the Privacy Act: 5 U.S.C. 552a(c)(3); (d); 
(e)(1), (e)(4)(G), (e)(4)(H), (e)(4)(I); and (f). When a record 
received from another system has been exempted in that source system 
under 5 U.S.C. 552a(j)(2), DHS will claim the same exemptions for those 
records that are claimed for the original primary systems of records 
from which they originated and claims any additional exemptions set 
forth here.
    Exemptions from these particular subsections are justified, on a 
case-by-case basis to be determined at the time a request is made, for 
the following reasons:
    (a) From subsection (c)(3) (Accounting for Disclosures) because 
release of the accounting of disclosures could alert the subject of an 
investigation of an actual or potential criminal, civil, or regulatory 
violation to the existence of that investigation and reveal 
investigative interest on the part of DHS as well as the recipient 
agency. Disclosure of the accounting would therefore present a serious 
impediment to law enforcement efforts and efforts to preserve national 
security. Disclosure of the accounting would also permit the individual 
who is the subject of a record to impede the investigation, to tamper 
with witnesses or evidence, and to avoid detection or apprehension, 
which would undermine the entire investigative process. When an 
investigation has been completed, information on disclosures made may 
continue to be exempted if the fact that an investigation occurred 
remains sensitive after completion.
    (b) From subsection (d) (Access and Amendment to Records) because 
access to the records contained in this system of records could inform 
the subject of an investigation of an actual or potential criminal, 
civil, or regulatory violation to the existence of that investigation 
and reveal investigative interest on the part of DHS or another agency. 
Access to the records could permit the individual who is the subject of 
a record to impede the investigation, to tamper with witnesses or 
evidence, and to avoid detection or apprehension. Amendment of the 
records could interfere with ongoing investigations and law enforcement 
activities and would impose an unreasonable administrative burden by 
requiring investigations to be continually reinvestigated. In addition, 
permitting access and amendment to such information could disclose 
security-sensitive information that could be detrimental to homeland 
security.
    (f) From subsections (e)(4)(G), (e)(4)(H), and (e)(4)(I) (Agency 
Requirements) and (f) (Agency Rules), because portions of this system 
are exempt from the individual access provisions of subsection (d) for 
the reasons noted above, and therefore DHS is not required to establish 
requirements, rules, or procedures with respect to such access. 
Providing notice to individuals with respect to existence of records 
pertaining to them in the system of records or otherwise setting up 
procedures pursuant to which individuals may access and view records 
pertaining to themselves in the system would undermine investigative 
efforts and reveal the identities of witnesses, and potential 
witnesses, and confidential informants.

    Dated: July 20, 2017.
Jonathan R. Cantor,
Acting Chief Privacy Officer, Department of Homeland Security.
[FR Doc. 2017-15751 Filed 7-26-17; 8:45 am]
BILLING CODE 9110-9B-P