From: Subject: FR Doc E8-28053 Date: Wed, 7 Mar 2012 13:57:04 -0500 MIME-Version: 1.0 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Location: http://edocket.access.gpo.gov/2008/E8-28053.htm X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6109 =EF=BB=BF FR Doc E8-28053 
[Federal Register: November 25, 2008 (Volume 73, Number =
228)]
[Notices]              =20
[Page 71659-71661]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr25no08-75]                        =20

-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Office of the Secretary

[Docket No. DHS-2008-0092]

=20
Privacy Act of 1974; Department of Homeland Security Mailing and=20
Other Lists System of Records

AGENCY: Privacy Office; DHS.

ACTION: Notice of Privacy Act system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, the Department of=20
Homeland Security is giving notice that it proposes to update one=20
record system titled, DHS/ALL-002 Department of Homeland Security=20
Mailing and Other Lists System. Categories of records have been changed=20
to reflect the removal of emergency contact information which has been=20
moved to the Emergency Personnel Location System of Records (October=20
17, 2008). The routine uses of this system of records have been updated=20
to include the ability to share information for audits; for breach=20
mitigation; with Federal, State and local agencies; with the Department=20
of Justice; and with the news media. This updated system will be=20
included in DHS's inventory of record systems.

DATES: Written comments must be submitted on or before December 26,=20
2008.

ADDRESSES: You may submit comments, identified by docket number DHS-
2008-0092 by one of the following methods:
     Federal e-Rulemaking Portal: http://fr=
webgate.access.gpo.gov/cgi-bin/leaving.cgi?from=3DleavingFR.html&log=3D=
linklog&to=3Dhttp://www.regulations.gov.=20
Follow the instructions for submitting comments.
     Fax: 1-866-466-5370.
     Mail: Hugo Teufel III, Chief Privacy Officer, Privacy=20
Office, Department of Homeland Security, Washington, DC 20528.
     Instructions: All submissions received must include the=20
agency name and docket number for this rulemaking. All comments=20
received will be posted without change and may be read at http://fr=
webgate.access.gpo.gov/cgi-bin/leaving.cgi?from=3DleavingFR.html&log=3D=
linklog&to=3Dhttp://www.regulations.gov, including any =
personally identifiable information=20
provided.
     Docket: For access to the docket to read background=20
documents or comments received, go to http://fr=
webgate.access.gpo.gov/cgi-bin/leaving.cgi?from=3DleavingFR.html&log=3D=
linklog&to=3Dhttp://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: For general questions and privacy=20
issues please contact: Hugo Teufel III (703-235-0780), Chief Privacy=20
Officer, Privacy Office, Department of Homeland Security, Washington,=20
DC 20528.

SUPPLEMENTARY INFORMATION:

I. Background

    The Department of Homeland Security (DHS) is updating and reissuing=20
an agency-wide system of records under the Privacy Act (5 U.S.C. 552a)=20
for DHS mailing and other lists. These lists are used to facilitate=20
mailings to multiple addressees and other activities in furtherance of=20
DHS duties. DHS and its components and offices use the system to=20
account for all persons appearing on mailing lists collected and=20
maintained throughout DHS to facilitate mailings to multiple addressees=20
and other activities in furtherance of DHS duties.
    In accordance with the Privacy Act of 1974, DHS is giving notice=20
that it proposes to update one record system titled, DHS/ALL-002=20
Department of Homeland Security Mailing and Other Lists System (69 FR=20
70460 December 9, 2004). Categories of records have been changed to=20
reflect the removal of emergency contact information which has been=20
moved to Emergency Personnel Location System of Records (73 FR 61888=20
October 17, 2008). The routine uses of this system of records have been=20
changed to reflect the addition of information sharing for audits of=20
the Department and it's components; for breach mitigation to prevent=20
the unauthorized use or disclosure of information and to prepare for=20
privacy related incidents; with Federal, State and local agencies=20
related to tracking and completion of training; with the Department of=20
Justice; with the news media. This updated system will be included in=20
DHS's inventory of record systems.

II. Privacy Act

    The Privacy Act embodies fair information principles in a statutory=20
framework governing the means by which the United States Government=20
collects, maintains, uses, and disseminates individuals' records. The=20
Privacy Act applies to information that is maintained in a ``system of=20
records.'' A ``system of records'' is a group of any records under the=20
control of an agency for which information is retrieved by the name of=20
an individual or by some identifying number, symbol, or other=20
identifying particular assigned to the individual. In the Privacy Act,=20
an individual is defined to encompass United States citizens and legal=20
permanent residents. As a matter of policy, DHS extends administrative=20
Privacy Act protections to all individuals where systems of records=20
maintain information on U.S. citizens, lawful permanent residents, and=20
visitors. Individuals may request access to their own records that are=20
maintained in a system of records in the possession or under the=20
control of DHS by complying with DHS Privacy Act regulations, 6 CFR=20
Part 5.
    The Privacy Act requires each agency to publish in the Federal=20
Register a description denoting the type and character of each system=20
of records that the agency maintains, and the routine uses that are=20
contained in each system in order to make agency recordkeeping=20
practices transparent, to notify individuals regarding the uses to=20
which their records are put, and to assist individuals to more easily=20
find such files within the agency. Below is the description of the DHS=20
Mailing and Other Lists System of Records.
    In accordance with 5 U.S.C. 552a(r), DHS has provided a report of=20
this updated system of records to the Office of Management and Budget=20
and to Congress.
SYSTEM OF RECORDS
DHS/ALL-002

System name:
    Department of Homeland Security Mailing and Other Lists System of=20
Records.

Security classification:
    Unclassified.

System location:
    This system of records is located in the Department of Homeland=20
Security,

[[Page 71660]]

Washington, DC 20528, as well as in the component DHS offices.

Categories of individuals covered by the system:
    All persons appearing on mailing lists maintained throughout DHS to=20
facilitate mailings to multiple addressees and other activities in=20
furtherance of DHS duties. These lists include persons who have=20
requested DHS material; members of the news media who have provided=20
contact information; persons who serve on DHS boards and committees=20
other than those covered by the Federal Advisory Committee Act which=20
are covered under DHS/ALL 009 Advisory Committees (73 FR 57639), and=20
other individuals having business with DHS who have provided contact=20
information; individuals who enter contests sponsored by DHS;=20
contractors or other individuals who work or attend meetings at DHS;=20
and other persons who attend or have an interest in DHS programs,=20
contests, exhibits, conferences, training courses, and similar events.

Categories of records in the system:
    Categories of records in this system include:
     Individual's name;
     Age;
     School grade; (where appropriate)
     School name; (where appropriate)
     Telephone numbers;
     E-mail address;
     Mailing address;
     Position/title;
     Business affiliation (where appropriate);
     Other contact information provided to DHS by individuals=20
covered by this system of records; and
     Computer-generated identifier or case number where created=20
in order to retrieve information.

Authority for maintenance of the system:
    5 U.S.C. 301; 44 U.S.C. 3101.

Purpose(s):
    The system is maintained for the purpose of mailing informational=20
literature or responses to those who request it; maintaining lists of=20
individuals who attend meetings; maintaining information regarding=20
individuals who enter contests sponsored by DHS; and for other purposes=20
for which mailing or contact lists may be created.

Routine uses of records maintained in the system, including categories=20
of users and the purposes of such uses:
    In addition to those disclosures generally permitted under 5 U.S.C.=20
552a(b) of the Privacy Act, all or a portion of the records of=20
information contained in this system may be disclosed outside=20
Department of Homeland Security (DHS) as a routine use pursuant to 5=20
U.S.C. 552a(b)(3) as follows:
    A. To the Department of Justice or other Federal agency conducting=20
litigation or in proceedings before any court, adjudicative or=20
administrative body, when it is necessary to the litigation and one of=20
the following is a party to the litigation or has an interest in such=20
litigation:
    1. DHS or any component thereof;
    2. Any employee of DHS in his/her official capacity;
    3. Any employee of DHS in his/her individual capacity where DOJ or=20
DHS has agreed to represent the employee; or
    4. The United States or any agency thereof, is a party to the=20
litigation or has an interest in such litigation, and DHS determines=20
that the records are both relevant and necessary to the litigation and=20
the use of such records is compatible with the purpose for which DHS=20
collected the records.
    B. To a congressional office from the record of an individual in=20
response to an inquiry from that congressional office made at the=20
request of the individual to whom the record pertains.
    C. To the National Archives and Records Administration or other=20
Federal government agencies pursuant to records management inspections=20
being conducted under the authority of 44 U.S.C. 2904 and 2906.
    D. To an agency, organization, or individual for the purpose of=20
performing audit or oversight operations as authorized by law, but only=20
such information as is necessary and relevant to such audit or=20
oversight function.
    E. To appropriate agencies, entities, and persons when:
    1. DHS suspects or has confirmed that the security or=20
confidentiality of information in the system of records has been=20
compromised;
    2. The Department has determined that as a result of the suspected=20
or confirmed compromise there is a risk of harm to economic or property=20
interests, identity theft or fraud, or harm to the security or=20
integrity of this system or other systems or programs (whether=20
maintained by DHS or another agency or entity) or harm to the=20
individual that rely upon the compromised information; and
    3. The disclosure made to such agencies, entities, and persons is=20
reasonably necessary to assist in connection with DHS's efforts to=20
respond to the suspected or confirmed compromise and prevent, minimize,=20
or remedy such harm.
    F. To contractors and their agents, grantees, experts, consultants,=20
and others performing or working on a contract, service, grant,=20
cooperative agreement, or other assignment for DHS, when necessary to=20
accomplish an agency function related to this system of records.=20
Individuals provided information under this routine use are subject to=20
the same Privacy Act requirements and limitations on disclosure as are=20
applicable to DHS officers and employees.
    G. To an appropriate Federal, State, tribal, local, international,=20
or foreign law enforcement agency or other appropriate authority=20
charged with investigating or prosecuting a violation or enforcing or=20
implementing a law, rule, regulation, or order, where a record, either=20
on its face or in conjunction with other information, indicates a=20
violation or potential violation of law, which includes criminal,=20
civil, or regulatory violations and such disclosure is proper and=20
consistent with the official duties of the person making the=20
disclosure.
    J. To the news media and the public, with the approval of the Chief=20
Privacy Officer in consultation with counsel, when there exists a=20
legitimate public interest in the disclosure of the information or when=20
disclosure is necessary to preserve confidence in the integrity of DHS=20
or is necessary to demonstrate the accountability of DHS's officers,=20
employees, or individuals covered by the system, except to the extent=20
it is determined that release of the specific information in the=20
context of a particular case would constitute an unwarranted invasion=20
of personal privacy.

Disclosure to consumer reporting agencies:
    None.

Policies and practices for storing, retrieving, accessing, retaining,=20
and disposing of records in the system:
Storage:
    Records in this system are stored electronically or on paper in=20
secure facilities in a locked drawer behind a locked door. The records=20
are stored on magnetic disc, tape, digital media, and CD-ROM.

Retrievability:
    Information typically will be retrieved by an identification number=20
assigned by computer or case number where created for tracking=20
purposes, by e-mail address, or by name of an individual.

Safeguards:
    Records in this system are safeguarded in accordance with

[[Page 71661]]

applicable rules and policies, including all applicable DHS automated=20
systems security and access policies. Strict controls have been imposed=20
to minimize the risk of compromising the information that is being=20
stored. Access to the computer system containing the records in this=20
system is limited to those individuals who have a need to know the=20
information for the performance of their official duties and who have=20
appropriate clearances or permissions.

Retention and disposal:
    Some records are retained and disposed of in accordance with the=20
National Archives and Records Administration's General Records Schedule=20
12 (Communications Records). Other records are retained and disposed of=20
in accordance with General Records Schedule 1. Files may be retained=20
for up to three years or less depending on the record. For records that=20
may be used in litigation, the files related to that litigation will be=20
retained for three years after final court adjudication.

System Manager and address:
    For Headquarters components of the Department of Homeland Security,=20
the System Manager is the Director of Departmental Disclosure,=20
Department of Homeland Security, Washington, DC 20528. For components=20
of the Department of Homeland Security, the System Manager can be found=20
at http://frweb=
gate.access.gpo.gov/cgi-bin/leaving.cgi?from=3DleavingFR.html&log=3Dl=
inklog&to=3Dhttp://www.dhs.gov/foia under ``contacts.''

Notification procedure:
    Individuals seeking notification of and access to any record=20
contained in this system of records, or seeking to contest its content,=20
may submit a request in writing to the component's FOIA Officer, whose=20
contact information can be found at http://frweb=
gate.access.gpo.gov/cgi-bin/leaving.cgi?from=3DleavingFR.html&log=3Dl=
inklog&to=3Dhttp://www.dhs.gov/foia under=20
``contacts.'' If an individual believes more than one component=20
maintains Privacy Act records concerning him or her the individual may=20
submit the request to the Chief Privacy Officer, Department of Homeland=20
Security, 245 Murray Drive, SW., Building 410, STOP-0550, Washington,=20
DC 20528.
    When seeking records about yourself from this system of records or=20
any other Departmental system of records your request must conform with=20
the Privacy Act regulations set forth in 6 CFR Part 5. You must first=20
verify your identity, meaning that you must provide your full name,=20
current address and date and place of birth. You must sign your=20
request, and your signature must either be notarized or submitted under=20
28 U.S.C. 1746, a law that permits statements to be made under penalty=20
of perjury as a substitute for notarization. While no specific form is=20
required, you may obtain forms for this purpose from the Director,=20
Disclosure and FOIA, http://frwebgate.=
access.gpo.gov/cgi-bin/leaving.cgi?from=3DleavingFR.html&log=3Dlinklo=
g&to=3Dhttp://www.dhs.gov or 1-866-431-0486. In addition=20
you should provide the following:
     An explanation of why you believe the Department would=20
have information on you,
     Identify which component(s) of the Department you believe=20
may have the information about you,
     Specify when you believe the records would have been=20
created,
     Provide any other information that will help the FOIA=20
staff determine which DHS component agency may have responsive records,
     If your request is seeking records pertaining to another=20
living individual, you must include a statement from that individual=20
certifying his/her agreement for you to access his/her records.
    Without this bulleted information the component(s) will not be able=20
to conduct an effective search, and your request may be denied due to=20
lack of specificity or lack of compliance with applicable regulations.

Record access procedures:
    See ``Notification procedure'' above.

Contesting record procedures:
    See ``Notification procedure'' above.

Record source categories:
    Information contained in this system is obtained from affected=20
individuals/organizations, public source data, other government=20
agencies and/or information already in other DHS records systems.

Exemptions claimed for the system:
    None.

    Dated: November 18, 2008.
Hugo Teufel III,
Chief Privacy Officer, Department of Homeland Security.
[FR Doc. E8-28053 Filed 11-24-08; 8:45 am]

BILLING CODE 4410-10-P