Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/Federal Emergency Management Agency-012 Suspicious Activity Reporting System of Records

Federal Register, Volume 77 Issue 6 (Tuesday, January 10, 2012)

Federal Register Volume 77, Number 6 (Tuesday, January 10, 2012)

Rules and Regulations

Pages 1387-1388

From the Federal Register Online via the Government Printing Office www.gpo.gov

FR Doc No: 2012-255

Page 1387

DEPARTMENT OF HOMELAND SECURITY

Office of the Secretary

6 CFR Part 5

Docket No. DHS-2011-0119

Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/Federal Emergency Management Agency--012 Suspicious Activity Reporting System of Records

AGENCY: Privacy Office, DHS.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: The Department of Homeland Security is issuing a final rule to amend its regulations to exempt a newly established system of records titled, ``Department of Homeland Security/Federal Emergency Management Agency--012 Suspicious Activity Reporting System of Records'' from certain provisions of the Privacy Act. Specifically, the Department exempts portions of the ``Department of Homeland Security/Federal Emergency Management Agency--012 Suspicious Activity Reporting System of Records'' from one or more provisions of the Privacy Act because of criminal, civil, and administrative enforcement requirements.

DATES: Effective Date: This final rule is effective January 10, 2012.

FOR FURTHER INFORMATION CONTACT: For general questions please contact: Eric M. Leckey, (202) 646-3323), Privacy Officer, Federal Emergency Management Agency, Washington, DC 20478. For privacy issues please contact: Mary Ellen Callahan (703) 235-0780), Chief Privacy Officer, Privacy Office, Department of Homeland Security, Washington, DC 20528.

SUPPLEMENTARY INFORMATION:

Background

The Department of Homeland Security (DHS) Federal Emergency Management Agency (FEMA) published a notice of proposed rulemaking (NPRM) in the Federal Register, 76 FR 60387, September 29, 2011, proposing to exempt a system of records from one or more provisions of the Privacy Act because of criminal, civil, and administrative enforcement requirements. The system of records is the DHS/FEMA--012 Suspicious Activity Reporting System of Records. The DHS/FEMA--012 Suspicious Activity Reporting system of records notice (SORN) was published concurrently in the Federal Register, 76 FR 60067, September 28, 2011, and comments were invited on both the NPRM and SORN.

Public Comments

DHS/FEMA received a total of two public comments. One comment was received on the NPRM and one on the SORN.

NPRM

DHS/FEMA received one public comment from an anonymous individual in support of the NPRM. The private individual notes that ``the DHS/

FEMA's new system of records should be exempt from the public disclosure component of the Privacy Act to further ensure national security and to add a necessary exemption to an act that seeks to protect individuals through information control.'' The private individual further stated ``this proposed rule shouldn't be seen as undermining an individual's right to disclosure of information that involves them, but rather a necessary exemption to ensure national safety * * *. The proposed rule justifiably exempts the DHS/FEMA from disclosure in order to achieve national security goals that will protect citizens from growing homeland threats.''

SORN

DHS/FEMA received one public comment on the SORN from an anonymous individual who noted ``the Notice for the Department of Homeland Security/Federal Emergency Management Agency--012 Suspicious Activity Reporting System of Records should reflect that the effort is part of the larger, federal-wide Nationwide Suspicious Activity Reporting Initiative and that SARs are reported in accordance with ISE SAR Functional Standard 1.5.'' The drafting of the SORN was intended to be broad enough to allow for changes and fluctuation in the Nationwide SAR Initiative as well as implementation at DHS and FEMA. Plans are underway to centralize reporting within DHS of all suspicious activity that meets the Information Sharing Environment (ISE) Functional Standard. Once those plans are put into place, FEMA Office of the Chief Security Officer (OSCO) special agents and/or analysts will enter all vetted SARs into the DHS ISE SAR Vetting Tool (SVT) instead of the FBI e-Guardian system, as stated in the DHS/FEMA/PIA-018 Suspicious Activity Reporting (SAR) Privacy Impact Assessment (PIA) published on September 9, 2011.

After consideration of public comments, the Department decided to remove reference to protection of the president and will implement the rulemaking as described below.

List of Subjects in 6 CFR Part 5

Freedom of information; Privacy.

For the reasons stated in the preamble, DHS/FEMA amends Chapter I of Title 6, Code of Federal Regulations, as follows:

PART 5--DISCLOSURE OF RECORDS AND INFORMATION

0

1. The authority citation for part 5 continues to read as follows:

Authority: 6 U.S.C. 101 et seq.; Pub. L. 107-296, 116 Stat. 2135; 5 U.S.C. 301. Subpart A also issued under 5 U.S.C. 552. Subpart B also issued under 5 U.S.C. 552a.

0

2. Add at the end of Appendix C to part 5, the following new paragraph ``67'':

Appendix C to Part 5--DHS Systems of Records Exempt From the Privacy Act

* * * * *

67. The DHS/FEMA-012 Suspicious Activity Reporting System of Records consists of electronic and paper records and will be used by DHS/FEMA and its components. The DHS/FEMA--012 Suspicious Activity Reporting System of Records is a repository of information held by DHS/FEMA to serve its mission to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to,

Page 1388

recover from, and mitigate all hazards. This system also supports certain other DHS/FEMA programs whose functions include, but are not limited to, the enforcement of civil and criminal laws; investigations, inquiries, and proceedings there under; and national security and intelligence activities. The DHS/FEMA-012 Suspicious Activity Reporting System of Records contains information that is collected by, on behalf of, in support of, or in cooperation with DHS/FEMA and its components and may contain personally identifiable information collected by other federal, state, local, tribal, foreign, or international government agencies. The Secretary of Homeland Security has exempted this system from the following provisions of the Privacy Act pursuant to 5 U.S.C. 552a(k)(2); (c)(3); (d); (e)(1), (e)(4)(G), (e)(4)(H), (e)(4)(I); and (f). Exemptions from these particular subsections are justified, on a case-by-case basis determined at the time a request is made, for the following reasons:

(a) From subsection (c)(3) (Accounting for Disclosures) because release of the accounting of disclosures could alert the subject of an investigation of an actual or potential criminal, civil, or regulatory violation to the existence of that investigation and reveal investigative interest on the part of DHS/FEMA as well as the recipient agency. Disclosure of the accounting would therefore present a serious impediment to law enforcement efforts and/or efforts to preserve national security. Disclosure of the accounting would also permit the individual who is the subject of a record to impede the investigation, to tamper with witnesses or evidence, and to avoid detection or apprehension, which would undermine the entire investigative process.

(b) From subsection (d) (Access to Records) because access to the records contained in this system of records could inform the subject of an investigation of an actual or potential criminal, civil, or regulatory violation to the existence of that investigation and reveal investigative interest on the part of DHS/

FEMA or another agency. Access to the records could permit the individual who is the subject of a record to impede the investigation, to tamper with witnesses or evidence, and to avoid detection or apprehension. Amendment of the records could interfere with ongoing investigations and law enforcement activities and would impose an unreasonable administrative burden by requiring investigations to be continually reinvestigated. In addition, permitting access and amendment to such information could disclose security-sensitive information that could be detrimental to homeland security.

(c) From subsection (e)(1) (Relevancy and Necessity of Information) because in the course of investigations into potential violations of federal law, the accuracy of information obtained or introduced occasionally may be unclear, or the information may not be strictly relevant or necessary to a specific investigation. In the interests of effective law enforcement, it is appropriate to retain all information that may aid in establishing patterns of unlawful activity.

(d) From subsections (e)(4)(G), (e)(4)(H), and (e)(4)(I) (Agency Requirements) and (f) (Agency Rules), because portions of this system are exempt from the individual access provisions of subsection (d) for the reasons noted above, and therefore DHS/FEMA is not required to establish requirements, rules, or procedures with respect to such access. Providing notice to individuals with respect to existence of records pertaining to them in the system of records or otherwise setting up procedures pursuant to which individuals may access and view records pertaining to themselves in the system would undermine investigative efforts and reveal the identities of witnesses, and potential witnesses, and confidential informants.

Dated: December 20, 2011.

Mary Ellen Callahan,

Chief Privacy Officer, Department of Homeland Security.

FR Doc. 2012-255 Filed 1-9-12; 8:45 am

BILLING CODE 9110-17-P