AGENCY:

Privacy Office; DHS.

ACTION:

Notice of Privacy Act system of records.

SUMMARY:

In accordance with the Privacy Act of 1974 and as part of the Department of Homeland Security's ongoing effort to review and update legacy system of record notices, the Department of Homeland Security proposes to update and reissue one legacy record system: Justice/INS-019 INS Employment Assistance Program Treatment Referral Records. This system will allow the Department of Homeland Security to collect and maintain records on the Department's Employee Assistance Program. Categories of individuals, categories of records, and the routine uses of this legacy system of records notice has been reviewed and updated to better reflect the Department's Employee Assistance Program record systems. This reclassified system, titled Employee Assistance Program Records, will be included in the Department's inventory of record systems.

DATES:

Submit comments on or before December 1, 2008. This new system will be effective December 1, 2008.

ADDRESSES:

You may submit comments, identified by docket number DHS-2008-0018 by one of the following methods:

• Federal e-Rulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments.
• Fax: 1-866-466-5370.
• Mail: Hugo Teufel III, Chief Privacy Officer, Privacy Office, Department of Homeland Security, Washington, DC 20528.
• Instructions: All submissions received must include the agency name and docket number for this rulemaking. All comments received will be posted without change to http://www.regulations.gov, including any personal information provided.
• Docket: For access to the docket, to read background documents, or comments received go to http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT:

For general questions and privacy issues please contact: Hugo Teufel III (703-235-0780), Chief Privacy Officer, Privacy Office, Department of Homeland Security, Washington, DC 20528.

SUPPLEMENTARY INFORMATION:

I. Background

Pursuant to the savings clause in the Homeland Security Act of 2002, Public Law 107-296, Section 1512, 116 Stat. 2310 (November 25, 2002), the Department of Homeland Security (DHS) and its components and offices have relied on preexisting Privacy Act systems of records notices for the collection and maintenance of records that concern the information relating to DHS's Employee Assistance Program (EAP).

As part of its efforts to streamline and consolidate its Privacy Act records systems, DHS is establishing a new agency-wide system of records under the Privacy Act (5 U.S.C. 552a) for DHS EAP records. The system will consist of records regarding individuals who have sought or been referred to counseling services provided through the EAP. These records may include identifying information, information about the presenting issue (e.g. relationships, behaviors, emotions, legal or financial issues, illegal drug use, alcohol abuse, or the experience of a traumatic event), and the actions taken by EAP.

In accordance with the Privacy Act of 1974 and as part of DHS's ongoing effort to review and update legacy system of record notices, DHS proposes to update and reissue one legacy record system: Justice/INS-019 INS Employment Assistance Program Treatment Referral Records (63 FR 3349 January 22, 1998). This system will allow DHS to collect and maintain records on DHS's Start Printed Page 64972Employee Assistance Program. Categories of individuals, categories of records, and the routine uses of this legacy system of records notices has been reviewed and updated to better reflect DHS's EAP record systems. This reclassified system, titled Employee Assistance Program Records, will be included in the Department's inventory of record systems.

II. Privacy Act

The Privacy Act embodies fair information principles in a statutory framework governing the means by which the United States Government collects, maintains, uses, and disseminates individuals' records. The Privacy Act applies to information that is maintained in a “system of records.” A “system of records” is a group of any records under the control of an agency for which information is retrieved by the name of an individual or by some identifying number, symbol, or other identifying particular assigned to the individual. In the Privacy Act, an individual is defined to encompass United States citizens and legal permanent residents. As a matter of policy, DHS extends administrative Privacy Act protections to all individuals where systems of records maintain information on U.S. citizens, lawful permanent residents, and visitors. Individuals may request access to their own records that are maintained in a system of records in the possession or under the control of DHS by complying with DHS Privacy Act regulations, 6 CFR Part 5.

The Privacy Act requires that each agency publish in the Federal Register a description denoting the type and character of each system of records in order to make agency recordkeeping practices transparent, to notify individuals about the use of their records, and to assist the individual to more easily find files within the agency. Below is a description of the DHS EAP System of Records.

In accordance with 5 U.S.C. 552a(r), DHS has provided a report of this revised system of records to the Office of Management and Budget and to the Congress.

System of Records:

DHS/ALL-015.

System Name:

Department of Homeland Security Employee Assistance Program Records.

Security Classification:

Unclassified.

System Location:

Records are maintained at several Headquarters locations, in component offices of DHS, in both Washington, DC and field locations, and by contractor locations on behalf of DHS.

Categories of Individuals Covered by the System:

Current and former employees of DHS and members of the families of current and former employees of DHS who have been referred for assistance or counseling, are being assisted or counseled, or have been assisted or counseled by DHS EAP.

Categories of Records in the System:

Categories of records in this system include:

• Identifying information regarding the person who has sought or been referred for counseling, including:

○ Name, social security number, home address, duty station, unit name and phone numbers.

○ Date of birth.

○ Job title and grade.

○ Supervisor's name, address, and telephone number (if appropriate).

• Clinical information as appropriate, including:

○ Privacy Act and written consent forms.

○ A psychosocial history and assessment.

○ Medical records.

○ Correspondence with the client.

○ Clinical and education interventions.

○ Sessions held.

○ Employee records of attendance at treatment, kinds of treatment, and counseling programs.

○ Name, address and phone number of individuals providing treatment.

○ Name, address and phone number of treatment facilities.

○ Notes and documentation of internal EAP counselors.

○ Referrals to other providers, include name(s), addresses, and contact information.

○ Insurance data.

○ Prognosis of treatment information.

○ Intervention outcomes.

• Work-related information, especially if the client has been referred by management, including:

○ Leave and attendance records.

○ Performance records.

○ Documentation of alleged inappropriate behavior including records of workplace violence.

○ Documentation of the reason for referral.

○ Documentation of management interventions.

○ Workplace-related recommendations made to supervisors as a result of a team meeting.

• Records of illegal drug or alcohol use if the employee has been referred for those reasons, including:

○ Verified positive test results for use of illegal drugs.

○ Verified positive test results for alcohol consumption on the job above limits as outlined in Department policy.

○ Substance abuse assessment, treatment, aftercare, and monitoring records.

• Sexual Assault Prevention and Response Program case records. These records are used to facilitate services for victims and their family members as appropriate. In addition to information cited above these records may contain Victim Reporting Preference Statement, case notes, and safety plan. Records may also contain descriptions of alleged assaults.
• Victim Support Person or Victim Advocate records. These records are maintained in conjunction with efforts to provide assistance to victims of crime. Records contain signed Victim Support Person or Victim Advocate Statement of Understanding and Victim Support Person or Victim Advocate Supervisor Statement of Understanding, assignment information, and notes regarding results of screening interview, relevant training received, and any other information relevant to the Victim Support Person's or Victim Advocate's provision of support services to victims.
• Critical Incident Stress Management Peer Volunteers records. These records contain statement of understanding, notes regarding screening interview, record of related training received and any other information relevant to the peer's provision of services when deployed after a critical incident.

If the EAP participant is a family member of a DHS employee, the same information may be collected.

Authority for Maintenance of the System:

5 U.S.C. 301; The Federal Records Act, 44 U.S.C. 3101; The Homeland Security Act of 2002; Public Law 107-296; 5 U.S.C. 7361, 7362, 7901, 7904; 42 U.S.C. 290dd-2; Executive Order 9373; and Executive Order 12564.

Purpose(s):

This record system will maintain information gathered by and in the possession of the DHS EAP, an internal agency program designed to assist employees of DHS and, in certain instances, their families, in regard to a variety of personal and/or work-related issues. Start Printed Page 64973

Routine Uses of Records Maintained in the System, Including Categories of Users and the Purposes of Such Uses:

Disclosure of substance abuse records is limited to the parameters set forth in 42 U.S.C. 290dd, 290ee, and Public Law 100-71, Section 503(e). Accordingly, a Federal employee's substance abuse records may not be disclosed without the prior written consent of the employee, unless the disclosure would be one of the following:

A. To the Department of Justice (including United States Attorney Offices) or other Federal agency conducting litigation or in proceedings before any court, adjudicative or administrative body when it is necessary to the litigation and one of the following is a party to the litigation or has an interest in such litigation:

1. DHS or any component thereof;

2. Any employee of DHS in his/her official capacity;

3. Any employee of DHS in his/her individual capacity where the Department of Justice or DHS has agreed to represent the employee; or

4. The United States or any agency thereof, is a party to the litigation or has an interest in such litigation, and DHS determines that the records are both relevant and necessary to the litigation and the use of such records is compatible with the purpose for which DHS collected the records.

B. To the National Archives and Records Administration or other Federal government agencies pursuant to records management inspections being conducted under the authority of 44 U.S.C. 2904 and 2906.

C. To contractors and their agents, grantees, experts, consultants, and others (e.g. providers contracted to provide EAP services to DHS employees) performing or working on a contract, service, grant, cooperative agreement, or other assignment for DHS, when necessary to accomplish an agency function related to this system of records. Individuals provided information under this routine use are subject to the same Privacy Act requirements and limitations on disclosure as are applicable to DHS officers and employees.

D. To appropriate State and local authorities to report, under State law, incidents of suspected child abuse or neglect to the extent described under 42 CFR 2.12.

E. To any person or entity to the extent necessary to prevent an imminent and potential crime which directly threatens loss of life or serious bodily injury.

F. To report to appropriate authorities when an individual is potentially at risk to harm himself or herself or others.

G. To medical personnel to the extent necessary to meet a bona fide medical emergency.

H. To medical personnel to the extent necessary to meet a bona fide medical emergency;

I. To qualified personnel for the purpose of conducting scientific research, management audits, financial audits, or program evaluation provided that employees are individually identified;

J. To the employee's medical review official;

K. To the administrator of any Employee Assistance Program in which the employee is receiving counseling or treatment or is otherwise participating;

L. To any supervisory or management official within the employee's agency having authority to take adverse personnel action against such employee; or

M. Pursuant to the order of a court of competent jurisdiction where required by the United States Government to defend against any challenge against any adverse personnel action. See 42 U.S.C. 290dd, 290ee, and Public Law 100-71, Section 503(e).

Disclosure to Consumer Reporting Agencies:

None.

Policies and Practices for Storing, Retrieving, Accessing, Retaining, and Disposing of Records in the System:

Storage:

Records in this system are stored electronically or on paper in secure facilities in a locked drawer behind a locked door. The records are stored on magnetic disc, tape, digital media, and CD-ROM.

Retrievability:

Data may be retrieved by an individual's name, social security number, date of birth, unit name, and/or other personal identifier related to their specific EAP case.

Safeguards:

Records in this system are safeguarded in accordance with applicable rules and policies, including all applicable DHS automated systems security and access policies. Strict controls have been imposed to minimize the risk of compromising the information that is being stored. Access to the computer system containing the records in this system is limited to those individuals who have a need to know the information for the performance of their official duties and who have appropriate clearances or permissions.

Retention and Disposal:

All records with the exception of the Sexual Abuse Prevention and Response Program records are destroyed three years after termination of counseling for each distinct presenting issue or after the conclusion of litigation, in accordance with National Archives and Records Administration General Records Schedule 1, Item 26.

Sexual Abuse Prevention and Response Program records are retained until five years after the client has ceased contact or, if later, for five years after last disclosure of information from the record.

All records are retained beyond their normal maintenance period until any pending litigation is completed. This will be true whether or not the client has terminated employment with DHS. Individual States may require longer retention. The rules in this system notice should not be construed to authorize any violation of such state laws that have greater restrictions.

System Manager and Address:

For Headquarters of DHS, the System Manager is the Director of Departmental Disclosure, Department of Homeland Security, Washington, DC 20528. For components of DHS, the System Manager can be found at http://www.dhs.gov/​foia under “contacts.”

Notification Procedure:

Individuals seeking notification of and access to any record contained in this system of records, or seeking to contest its content, may submit a request in writing to the Headquarters' or component's FOIA Officer, whose contact information can be found at http://www.dhs.gov/​foia under “contacts.” If an individual believes more than one component maintains Privacy Act records concerning him or her the individual may submit the request to the Chief Privacy Officer, Department of Homeland Security, 245 Murray Drive, SW., Building 410, STOP-0550, Washington, DC 20528.

When seeking records about yourself from this system of records or any other Departmental system of records your request must conform with the Privacy Act regulations set forth in 6 CFR Part 5. You must first verify your identity, meaning that you must provide your full name, current address and date and place of birth. You must sign your request, and your signature must either be notarized or submitted under 28 U.S.C. 1746, a law that permits statements to be made under penalty of Start Printed Page 64974perjury as a substitute for notarization. While no specific form is required, you may obtain forms for this purpose from the Director, Disclosure and FOIA, http://www.dhs.gov or 1-866-431-0486. In addition you should provide the following:

• An explanation of why you believe the Department would have information on you,
• Identify which component(s) of the Department you believe may have the information about you,
• Specify when you believe the records would have been created,
• Provide any other information that will help the FOIA staff determine which DHS component agency may have responsive records,
• If your request is seeking records pertaining to another living individual, you must include a statement from that individual certifying his/her agreement for you to access his/her records.

Without this bulleted information the component(s) may not be able to conduct an effective search, and your request may be denied due to lack of specificity or lack of compliance with applicable regulations.

Record Access Procedures:

See “Notification procedure” above.

Contesting Record Procedures:

See “Notification procedure” above.

Record Source Categories:

Information originates from personnel seeking assistance, DHS and its components and offices, counselors, treatment facilities, and in certain cases family members, friends, and coworkers.

Exemptions Claimed for the System:

None.