Privacy Act of 1974; Systems of Records

 
CONTENT
Federal Register, Volume 84 Issue 87 (Monday, May 6, 2019)
[Federal Register Volume 84, Number 87 (Monday, May 6, 2019)]
[Notices]
[Pages 19808-19812]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-09204]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF JUSTICE
[CPCLO Order No. 003-2019]
Privacy Act of 1974; Systems of Records
AGENCY: Federal Bureau of Prisons, United States Department of Justice.
ACTION: Notice of a Modified System of Records.
-----------------------------------------------------------------------
SUMMARY: Pursuant to the Privacy Act of 1974 and Office of Management
and Budget (OMB) Circular No. A-108, notice is hereby given that the
Federal Bureau of Prisons (hereinafter Bureau or BOP), a component
within the United States Department of Justice (DOJ or Department),
proposes to modify a system of records notice titled, ``Inmate Central
Records System,'' JUSTICE/BOP-005, last modified on May 25, 2017.
DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), this notice is
effective upon publication, subject to a 30-day period in which to
comment on the routine uses, described below. Please submit any
comments by June 5, 2019.
ADDRESSES: The public, OMB, and Congress are invited to submit any
comments by mail to the United States Department of Justice, Office of
Privacy and Civil Liberties, ATTN: Privacy Analyst, National Place
Building, 1331 Pennsylvania Avenue NW, Suite 1000, Washington, DC
20530, by facsimile at 202-307-0693, or by email at
[email protected]. To ensure proper handling, please
reference the above CPCLO Order No. on your correspondence.
FOR FURTHER INFORMATION CONTACT: Eugene Baime, Supervisory Attorney,
Freedom of Information Act and Privacy Act Section, Office of General
Counsel, Federal Bureau of Prisons, 320 First Street NW, Suite 924A,
Washington, DC 20534, [email protected].
SUPPLEMENTARY INFORMATION: The BOP is modifying the system of records
to consolidate previously published modifications of the system of
records into one document to promote transparency. For a detailed list
of previously published modifications, please review the ``History''
section below. Additionally, modifications to the system of records
have been made to incorporate OMB guidance, technological advancements,
and a new routine use. Pursuant to OMB Circular No. A-108, various
sections were rearranged and various section titles were edited. BOP
moves the System Manager(s) section in the system of records notice, as
well as edited Policies and Practices for Storing, Retrieving,
Accessing, Retaining, and Disposing of Records in the System: Storage,
Retrievability, Safeguards, and Retention and Disposal to the following
section titles: Policies and Practices for Storage of Records; Policies
and Practices for Retrieval of Records; Policies and Practices for
Retrieval of Records; Policies and Practices for Retention and Disposal
of Records; and Administrative, Technical, and Physical Safeguards.
Technological advancements, such as the ability to store records in the
cloud and creation of stronger authentication methods, and
institutional changes led the BOP to modify and update the Policies and
Practices for Storage of Records, Policies and Practices for Retrieval
of Records, Administrative, Technical, and Physical Safeguards, System
Location, and System Manager(s), and Addresses sections. The new
routine use will help the Department of Treasury ensure only eligible
inmates receive federal benefits in accordance with the Improper
Payments Elimination and Recovery Improvement Act of 2012.
Additionally, as part of the consolidation, previously published
routine uses on breach procedures have been added to the Routine Use
section. Although exemptions from (e)(4)(G) and (e)(4)(I) were
previously added for law enforcement purposes, guidance on
retrievability and access procedures remain. The Record Access
Procedures section is updated to reduce the risk of unauthorized
disclosures of information.
    The component adds a routine use: Routine use (x) will permit BOP
to disclose records to the Department of Treasury for the purpose of
conducting computer matches on behalf of federal agencies to determine
the eligibility of or validate the entitlement of Bureau
[[Page 19809]]
inmates to receive federal benefits pursuant to applicable federal law.
One example of such a federal law is the Improper Payments Elimination
and Recovery Improvement Act of 2012.
    BOP continues to assert the same Privacy Act exemptions as
previously published in 28 CFR 16.97(j) and (k). Additional exemptions
from 5 U.S.C. 552a(e)(4)(G) and (e)(4)(I) were added for law
enforcement purposes. 77 FR 24982 (April 26, 2012).
    Pursuant to updated OMB Guidance, BOP has made administrative edits
to the order and titles of sections in the notice. The BOP makes a
slight change in the ``System Location'' section by adding Archive
Centers to the list of locations. The BOP updates the ``System
Manager(s)'' and Addresses section to reflect administrative changes.
Additionally, the BOP makes a slight change in the ``Policies and
Practices for Storage of Records'' section by adding a secure cloud as
a location files may be stored. The BOP updates the ``Policies and
Practices for Retrieval of Records'' section to include additional
identifying particulars. The BOP makes a slight change in the
``Administrative, Technical, and Physical Safeguards'' section to
clarify that access to data is facilitated via strong authentication
and data is segregated to limit staff's ability to update data absent
authorization. The BOP updates the ``Record Access Procedures'' to
include more detail on how one may access records.
    In accordance with 5 U.S.C. 552a(r), the Department has provided a
report to OMB and Congress on this new system of records.
    Dated: April 30, 2019.
Peter A. Winn,
Acting Chief Privacy and Civil Liberties Officer, United States
Department of Justice.
JUSTICE/BOP--005
SYSTEM NAME AND NUMBER:
    Inmate Central Records System, JUSTICE/BOP--005.
SECURITY CLASSIFICATION:
    Unclassified.
SYSTEM LOCATION:
    Records may be retained at any Department of Justice authorized
location, including the Central Office, Regional Offices, any of the
Federal Bureau of Prisons (Bureau) and/or any contractor-operated
correctional facilities, and National Archive Centers. A list of Bureau
locations may be found at 28 CFR part 503 and on the internet at http://www.bop.gov. Records may also be maintained in secure cloud computing
environments.
SYSTEM MANAGER(S):
    Senior Deputy Assistant Director/Chief Information Officer,
Information, Policy and Public Affairs Division, Federal Bureau of
Prisons, 320 First Street NW, Washington, DC 20534.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    This system is established and maintained under the authority of 18
U.S.C. 3621, 4042, 5003 (state inmates), and section 11201 of Chapter 1
of Subtitle C of Title XI of the National Capital Revitalization and
Self-Government Improvement Act of 1997 (Pub. L. 105-33; 111 Stat.
740).
PURPOSE(S) OF THE SYSTEM:
    This system assists the Attorney General and the Bureau of Prisons
in meeting statutory responsibilities for the safekeeping, care, and
custody of incarcerated persons. It serves as the primary record system
on these individuals and includes information critical to the continued
safety and security of not only incarcerated persons, but also the
federal prisons and the public.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals currently or formerly under the custody of the Attorney
General and/or the Director of the Bureau of Prisons, including those
individuals under custody for criminal and civil commitments.
CATEGORIES OF RECORDS IN THE SYSTEM:
    This system contains records relating to the care, classification,
subsistence, protection, discipline, and programs of federal inmates.
Such records may include:
    (1) Computation of sentence and supporting documentation; (2)
correspondence and other documentation concerning pending charges, and
wanted status, including warrants; (3) requests from other federal and
non-federal law enforcement agencies for notification prior to release;
(4) records of the allowance, forfeiture, withholding and restoration
of good time; (5) information concerning present offense, prior
criminal background, sentence and parole; (6) identification data
including date of birth, Social Security number, driver's license
number, alien registration number, passports, physical description,
sex, race, religious preference, photographs, fingerprints, digital
image, biometric identifiers, drug testing and DNA samples and analysis
records; (7) institution designation and housing assignments, including
separation orders, and supporting documentation; (8) work and payroll
records and benefits information; (9) program selections, assignment
and performance or progress reports; (10) prison conduct records,
including information concerning disciplinary actions, participation in
escapes, assaults, and disturbances; (11) economic, social, and
religious background, including special religious dietary requirements;
(12) educational data, including industrial and vocational training;
(13) physical and mental health data; (14) United States Parole
Commission orders, actions and related forms; (15) correspondence
regarding the inmate, including his or her release, adjustment and
violations; (16) transfer information, including orders and
transportation arrangements; (17) mail, visiting and telephone records;
(18) personal property records; (19) safety reports and rules; (20)
release processing forms and certificates; (21) interview requests;
(22) litigation related records; (23) investigatory information; (24)
institution tracking records to locate archived files; (25) referrals
of non-federal inmates to Bureau custody and/or referrals of Bureau
inmates to state custody.
RECORD SOURCE CATEGORIES:
    Records are generated by: (1) Individual currently or formerly
under custody; (2) federal, state, local, territorial, tribal, foreign
and international law enforcement agencies and personnel; (3) federal
and state prosecutors, courts and probation services; (4) educational
institutions; (5) health care providers; (6) relatives, friends, and
other interested individuals or groups in the community; (7) former or
future employers; (8) state, local and private corrections staff; and
(9) Bureau staff and institution contractors and volunteers.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C.
552a(b), all or a portion of the records or information contained in
this system of records may be disclosed as a routine use pursuant to 5
U.S.C. 552a(b)(3) under the circumstances or for the purposes described
below, to the extent such disclosures are compatible with the purposes
for which the information was collected:
    (a) To officers and employees of the Bureau of Prisons and the
Department of Justice who have a need for the information in the
performance of their duties;
[[Page 19810]]
    (b) To federal, state, local, territorial, tribal, foreign and
international law enforcement agencies and court officials for law
enforcement and court-related purposes such as investigations, possible
criminal prosecutions, civil court actions, or regulatory or parole
proceedings, and, prior to release of an inmate, to the chief law
enforcement officer of the state and local jurisdiction in which the
released inmate will reside, as required by 18 U.S.C. 4042(b);
    (c) To a court or adjudicative body before which the Department of
Justice or the Bureau is authorized to appear, or to a private attorney
authorized by the Department of Justice to represent a Bureau employee,
when any of the following is a party to litigation or has an interest
in litigation and such records are determined by the Bureau to be
arguably relevant to the litigation: (1) The Bureau, or any subdivision
thereof, or the Department of Justice, or (2) any Department of Justice
or Bureau employee in his or her official capacity, or (3) any
Department of Justice or Bureau employee in his or her individual
capacity where the Department of Justice has agreed to provide
representation for the employee, or (4) the United States, where the
Bureau determines that the litigation is likely to affect it or any of
its subdivisions;
    (d) In an appropriate proceeding before a court or administrative
or regulatory body when records are determined by the Department of
Justice to be arguably relevant to the proceeding, including federal,
state, and local licensing agencies or associations which require
information concerning the suitability or eligibility of an individual
for a license, permit, or similar authorization;
    (e) To contractors, grantees, experts, consultants, students, and
others performing or working on a contract, service, grant, cooperative
agreement, or other assignment for the Federal Government, when
necessary to accomplish an agency function related to this system of
records;
    (f) To victims and/or witnesses, pursuant to federal victim/witness
legislation and policy requiring the release of information relating to
an inmate's furlough, parole (including appearance before the United
States Parole Commission), transfer to a community corrections center,
mandatory release, expiration of sentence, escape (including
apprehension), death, and other such release-related information;
    (g) To state agencies and authorities, pursuant to Public Law 98-
135, for the purpose of matching the data against state records to
review eligibility of these inmates for unemployment compensation; the
requesting state is to erase the Bureau data after this determination
has been made;
    (h) To the Social Security Administration (SSA), pursuant to Public
Law 96-473, for the purpose of matching the data against SSA records to
enable the SSA to determine the eligibility of Bureau inmates to
receive benefits under the Social Security Act and for the purpose of
assisting SSA in providing inmate data to the states administering
federal benefit programs such as Food Stamps; SSA is to erase the
Bureau data after the match has been made;
    (i) To the United States Department of Veterans Affairs (VA), for
the purpose of matching the records against VA records to determine the
eligibility or potential eligibility of Bureau inmates to receive
veterans' benefits and/or services;
    (j) To the Federal Aviation Administration (FAA), pursuant to
Public Law 100-690, for the purpose of matching the data against FAA
records to determine the eligibility of Bureau inmates to hold and
obtain airmen certification and qualification;
    (k) To the Internal Revenue Service (IRS) for the purposes of
matching the data against IRS records for fraud detection;
    (l) To the news media and the public pursuant to 28 CFR 50.2 unless
it is determined that release of the specific information in the
context of a particular case would constitute an unwarranted invasion
of personal privacy;
    (m) To a Member of Congress or staff acting upon the Member's
behalf when the Member or staff requests the information on behalf of
and at the request of the individual who is the subject of the record;
    (n) To the National Archives and Records Administration and General
Services Administration in records management inspections conducted
under the authority of 44 U.S.C. 2904 and 2906;
    (o) To any person or entity to the extent necessary to prevent
immediate loss of life or serious bodily injury;
    (p) To a former employee of the Department, pursuant to subsection
(b)(3) of the Privacy Act, for purposes of: Responding to an official
inquiry by a federal, state, or local government entity or professional
licensing authority, in accordance with applicable Department
regulations; or facilitating communications with a former employee that
may be necessary for personnel-related or other official purposes where
the Department requires information and/or consultation assistance from
the former employee regarding a matter within that person's former area
of responsibility;
    (q) To the United States Sentencing Commission (USSC) for the
purpose of providing inmate identification data to enable the USSC to
perform research and conduct studies;
    (r) To the news media and the public, including disclosures of
matters solely of general public record, including name, offense,
sentence data, current and past institution confinements, and release
date, unless it is determined that release of the specific information
would constitute an unwarranted invasion of personal privacy;
    (s) To such recipients and under such circumstances and procedures
as are mandated by federal statute or treaty;
    (t) To federal, state or community health care agencies and
professionals, including physicians, psychiatrists, psychologists, and
state and federal medical facility personnel, who are providing
treatment for a pre-existing condition to former federal inmates, and
to federal, state, or local health care agencies and professionals for
the purpose of securing medical or mental health after-care for current
federal inmates;
    (u) To the Department of State (DOS), for the purpose of matching
the data against DOS records for detection/prevention of criminal
activity under 18 U.S.C. 1544;
    (v) To appropriate agencies, entities, and persons when (1) the
Department suspects or has confirmed that there has been a breach of
the system of records; (2) the Department has determined that as a
result of the suspected or confirmed breach there is a risk of harm to
individuals, DOJ (including its information systems, programs, and
operations), the Federal Government, or national security; and (3) the
disclosure made to such agencies, entities, and persons is reasonably
necessary to assist in connection with the Department's efforts to
respond to the suspected or confirmed breach or to prevent, minimize,
or remedy such harm;
    (w) To another Federal agency or Federal entity, when the
Department determines that information from this system of records is
reasonably necessary to assist the recipient agency or entity in (1)
responding to a suspected or confirmed breach or (2) preventing,
minimizing, or remedying the risk of harm to individuals, the recipient
agency or entity (including its information systems, programs, and
operations), the Federal Government, or national security, resulting
from a suspected or confirmed breach; and
[[Page 19811]]
    (x) To the Department of Treasury for the purpose of matching
federal records on behalf of federal agencies, to determine the
eligibility of or validate the entitlement of Bureau inmates to receive
federal benefits pursuant to applicable federal law.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Information maintained in the system is stored in electronic format
via a configuration of personal computer, client/server, mainframe
systems, and/or cloud architecture and may be accessed by only those
staff with a need-to-know at all Bureau and contractor facilities. Some
information may be stored on computerized media, e.g., hard disk,
magnetic tape, digital recordings, and/or Compact or Digital Video
Discs (CD/DVDs). Documentary (paper) records are maintained in manual
file folders.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved by identifying particulars of the persons
covered by this system, including name, inmate register number, Federal
Register number, Social Security number, alien registration number,
system-generated identification number, passport number, vendor number,
claim number, email address, miscellaneous identification number,
telephone number or mailing address. Records are also retrievable by
institution, date, or type of incident.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records in this system are retained for a period of thirty (30)
years after the expiration of the sentence. Records of an unsentenced
inmate are retained for a period of ten (10) years after the inmate's
release from confinement. Documentary records are destroyed by
shredding; computer records are destroyed by degaussing and/or
shredding.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    System records are maintained in secured access space in BOP-
controlled facilities and offices. Computerized data requires user
authentication for access and all session traffic is encrypted. All BOP
personnel are required to pass an extensive background investigation.
The information in the system is accessed only by authorized DOJ
personnel or by non-DOJ personnel properly authorized to access the
system. The system employs role-based access and authentication
controls and enforcement mechanisms so that each user can access only
the information appropriate for their role. Some data may be stored in
a secure cloud environment by a provider authorized under the Federal
Risk and Authorization Management Program (FedRAMP). Authorized system
users are subject to adequate physical security controls and built-in
system controls to protect against unauthorized personnel gaining
access to the equipment and/or the information stored in it. All
authorized users are required to agree to Rules of Behavior and Terms
of Use limiting use of the information in the system to official
purposes. System audit logs are created and monitored to detect any
misuse of the system.
RECORD ACCESS PROCEDURES:
    The Attorney General has exempted this system of records from the
notification, access, amendment, and contest procedures of the Privacy
Act. These exemptions apply only to the extent that the information in
this system is subject to exemption pursuant to 5 U.S.C. 552a(j) or
(k). Where compliance would not appear to interfere with or adversely
affect the purposes of the system, or the overall law enforcement/
intelligence process, the applicable exemption (in whole or in part)
may be waived by the BOP in its sole discretion.
    All requests for records may be made by writing to the Director,
Federal Bureau of Prisons, 320 First Street NW, Washington, DC 20534,
and should be clearly marked ``Privacy Act Request.'' In addition, the
requester must provide a notarized statement or an unsworn declaration
made in accordance with 28 U.S.C. 1746, in the following format: If
executed outside the United States: ``I declare (or certify, verify, or
state) under penalty of perjury under the laws of the United States of
America that the foregoing is true and correct. Executed on [date].
[Signature].'' If executed within the United States, its territories,
possessions, or commonwealths: ``I declare (or certify, verify, or
state) under penalty of perjury that the foregoing is true and correct.
Executed on [date]. [Signature].''
    While no specific form is required, requesters may obtain a form
(Form DOJ-361) for use in certification of identity, available at
https://www.bop.gov/inmates/docs/certification_of_identity.pdf. In the
initial request, the requester may also include any other identifying
data that the requester may wish to furnish to assist the BOP in making
a reasonable search. The request should include a return address for
use by the BOP in responding; requesters are also encouraged to include
a telephone number to facilitate BOP contacts related to processing the
request. A determination of whether a record may be accessed will be
made after a request is received.
CONTESTING RECORD PROCEDURES:
    Individuals seeking to contest or amend records maintained in this
system of records must direct their requests to the address indicated
in the ``RECORD ACCESS PROCEDURES'' section, above. All requests to
contest or amend records must be in writing and the envelope and letter
should be clearly marked ``Privacy Act Amendment Request.'' All
requests must state clearly and concisely what record is being
contested, the reasons for contesting it, and the proposed amendment to
the record. Some information may be exempt from the amendment
provisions as described in the ``EXEMPTIONS PROMULGATED FOR THE
SYSTEM'' section, below. An individual who is the subject of a record
in this system of records may contest or amend those records that are
not exempt. A determination of whether a record is exempt from the
amendment provisions will be made after a request is received.
    More information regarding the Department's procedures for amending
or contesting records in accordance with the Privacy Act can be found
at 28 CFR 16.46, ``Requests for Amendment or Correction of Records.''
NOTIFICATION PROCEDURES:
    Individuals may be notified if a record in this system of records
pertains to them when the individuals request information utilizing the
same procedures as those identified in the ``RECORD ACCESS PROCEDURES''
section, above.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    The Attorney General has exempted this system from subsections
(c)(3) and (4); (d); (e)(1), (2), (3), (4)(G), (H), and (I), (5), (8);
(f); and (g) of the Privacy Act pursuant to 5 U.S.C. 552a(j). The
Attorney General has also exempted this system from subsections (c)(3);
(d); (e)(1), (e)(4)(G), (H), and (I); and (f) of the Privacy Act
pursuant to 5 U.S.C. 552a(k)(2). The exemptions will be applied only to
the extent that the information in the system is subject to exemption
pursuant to 5 U.S.C. 552a(j) and (k)(2). Rules have been promulgated in
accordance with the requirements of 5 U.S.C. 553(b), (c) and (e), and
have been published in the Federal Register.
HISTORY:
    67 FR 31371 (May 9, 2002): Last published in full;
[[Page 19812]]
    72 FR 3410 (January 25, 2007): Added a routine use;
    77 FR 24982 (April 26, 2012): Added routine uses and claimed
exemptions;
    81 FR 22639 (April 18, 2016): Added a routine use; and
    82 FR 24147 (May 25, 2017): Rescinded 72 FR 3410 and added routine
uses.
[FR Doc. 2019-09204 Filed 5-3-19; 8:45 am]
 BILLING CODE 4410-36-P