AGENCY:

Privacy Office, DHS.

ACTION:

Final rule.

SUMMARY:

Following a Notice of Proposed Rulemaking (NPRM) and public comment, this rule amends the Department of Homeland Security (DHS) Immigration and Customs Enforcement (ICE)'s regulations by exempting a new system of records from several provisions of the Privacy Act. The Visa Security Program Records system (DHS/ICE-012) includes records used as part of a visa vetting program known as the Visa Security Program Tracking System (VSPTS-Net) in support of Section 428 of the Homeland Security Act of 2002. Under the Visa Security Program, ICE conducts security reviews of visa applicants. DHS ICE is exempting DHS/ICE-012 from provisions of the Privacy Act to the extent necessary to protect the integrity of the law enforcement information that may be included in the system of records.

DATES:

Effective Date: This final rule is effective March 1, 2010.

FOR FURTHER INFORMATION CONTACT:

For general questions and privacy issues, please contact: Lyn Rahilly (202-732-3300), Privacy Officer, U.S. Immigration and Customs Enforcement, ICEPrivacy@dhs.gov; or Mary Ellen Callahan (703-235-0780), Chief Privacy Officer, Privacy Office, U.S. Department of Homeland Security, Washington, DC 20528.

SUPPLEMENTARY INFORMATION:

Background

The Privacy Act of 1974 (Privacy Act), 5 U.S.C. 552a, governs the means by which the U.S. Government collects, maintains, uses, and disseminates personally identifiable information. The Privacy Act applies to information that is maintained in a “system of records.” A “system of records” is a group of any records under the control of an agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual. See 5 U.S.C. 552a(a)(5).

An individual may request access to records containing information about him or herself. 5 U.S.C. 552a(b), (d). However, the Privacy Act authorizes Government agencies to exempt systems of records from access by individuals under certain circumstances, such as where the access or disclosure of such information would impede national security or law enforcement efforts. Exemptions from Privacy Act provisions must be established by regulation. 5 U.S.C. 552a(j), (k).

On September 30, 2009, DHS ICE published a system of records in the Federal Register (74 FR 50228) establishing a new Privacy Act system of records entitled Visa Security Program Records (DHS/ICE-012). The Visa Security Program Records system maintains records for the Visa Security Program Tracking System which carries out the requirement of section 428 of the Homeland Security Act of 2002 and provides for DHS ICE's assumption of visa security reviews.

In conjunction with the establishment and publication for the Visa Security Program Records system of records on September 30, 2009, DHS ICE initiated a proposed rulemaking in the Federal Register (74 FR 50148) to exempt this system of records from a number of provisions of the Privacy Act because this system of records may contain law enforcement sensitive records as well as records of information recompiled from, or created from, information contained in other systems of records which are exempt from certain provisions of the Privacy Act. With the publication of this final rule, in accordance with 5 U.S.C. 552a(j)(2), (k)(1) and (k)(2), DHS ICE is exempting the Visa Security Program Records system from the following provisions of the Privacy Act: 5 U.S.C. 552a(c)(3) and (4); (d); (e)(1), (e)(2), (e)(3), (e)(4)(G), and (e)(4)(H), (e)(5), and (e)(8); (f); and (g).

Discussion of Comments

DHS ICE received three comments on the proposed rule from the public. Some of the comments were in support of the exemptions claimed by DHS ICE. One comment dealt with the ability to access and correct personal information contained within the Visa Security Program Tracking System.

One commenter raised the concern that individuals who are the subjects of visa security reviews may not be able to access and amend their own records due to the proposed exemption of the Visa Security Program Records from 5 U.S.C. 552a(d), which grants the right to individuals to access and amend their records. The commenter acknowledges that providing such access and amendment rights during a visa review could disrupt the visa security process, but questions whether it is necessary to prohibit access and amendment after the visa review has concluded.

DHS ICE recognizes that although there is a need for the exemptions provided for in this document, there may be instances where such exemptions can be waived. There may be times when the Privacy Act exemptions claimed here are not necessary to further a governmental interest. In appropriate circumstances, where compliance would not appear to interfere with, or adversely affect, the law enforcement and national security purposes of the system and the overall law enforcement and security process, the applicable exemptions may be waived. In the case of access and amendment requests from the Visa Security Program Records system, each access request will be evaluated on a case-by-case basis and if no harm to law enforcement interests or national security would ensue from disclosure, the exemption will be waived and the records (or portions of the records) will be disclosed.

In addition, as discussed in the Visa Security Program Tracking System Privacy Impact Assessment, information in the Visa Security Program Records system that consists of or is solely derived from a State Department visa record is subject to statutory Start Printed Page 9086confidentiality requirements pursuant to the Immigration and Nationality Act Section 222(f). Section 222(f) prohibits the visa applicant from accessing or amending certain information in their visa records, including visa records that have been reincorporated into this system of records.

The two remaining commenters expressed support of the exemptions proposed for the Visa Security Program Records system or for the Visa Security Program as a whole.

List of Subjects in 6 CFR Part 5

• Freedom of information; Privacy

For the reasons stated in the preamble, DHS amends Chapter I of Title 6, Code of Federal Regulations, as follows:

PART 5—DISCLOSURE OF RECORDS AND INFORMATION

1. The authority citation for Part 5 continues to read as follows:

Authority: Pub. L. 107-296, 116 Stat. 2135, 6 U.S.C. 101 et seq.; 5 U.S.C. 301. Subpart A also issued under 5 U.S.C. 552. Subpart B also issued under 5 U.S.C. 552a.

2. At the end of Appendix C to Part 5, add the following new paragraph 47 to read as follows:

Appendix C to Part 5—DHS Systems of Records Exempt From the Privacy Act

47. The Visa Security Program Records (VSPR) system of records consists of electronic and paper records and will be used by the Department of Homeland Security (DHS) U.S. Immigration and Customs Enforcement (ICE). VSPR consists of information created in support of the Visa Security Program, the purpose of which is to identify persons who may be ineligible for a U.S. visa because of criminal history, terrorism association, or other factors and convey that information to the State Department, which decides whether to issue the visa. VSPR contains records on visa applicants for whom a visa security review is conducted. VSPR contains information that is collected by, on behalf of, in support of, or in cooperation with DHS and its components and may contain personally identifiable information collected by other Federal, State, local, Tribal, foreign, or international government agencies. Pursuant to exemption 5 U.S.C. 552a(j)(2) of the Privacy Act, portions of this system are exempt from 5 U.S.C. 552a(c)(3) and (4); (d); (e)(1), (e)(2), (e)(3), (e)(4)(G), and (e)(4)(H), (e)(5) and (e)(8); (f); and (g). Pursuant to 5 U.S.C. 552a(k)(1) and (k)(2), this system is exempt from the following provisions of the Privacy Act, subject to the limitations set forth in those subsections: 5 U.S.C. 552a(c)(3), (d), (e)(1), (e)(4)(G), (e)(4)(H), and (f). Exemptions from these particular subsections are justified, on a case-by-case basis to be determined at the time a request is made, for the following reasons:

(a) From subsection (c)(3) and (4) (Accounting for Disclosures) because release of the accounting of disclosures could alert the individual to the existence of an investigation in the form of a visa security review predicated on classified, national security, law enforcement, foreign government, or other sensitive information. Disclosure of the accounting would therefore present a serious impediment to ICE's Visa Security Program, immigration enforcement efforts and/or efforts to preserve national security. Disclosure of the accounting would also permit the individual who is the subject of a record to impede the investigation, thereby undermining the entire investigative process.

(b) From subsection (d) (Access to Records) because access to the records contained in this system of records could alert the individual to the existence of an investigation in the form of a visa security review predicated on classified, national security, law enforcement, foreign government, or other sensitive information. Revealing the existence of an otherwise confidential investigation could also provide the visa applicant an opportunity to conceal adverse information or take other actions that could thwart investigative efforts; and reveal the identity of other individuals with information pertinent to the visa security review, thereby providing an opportunity for the applicant to interfere with the collection of adverse or other relevant information from such individuals. Access to the records would therefore present a serious impediment to the enforcement of Federal immigration laws, law enforcement efforts and/or efforts to preserve national security. Amendment of the records could interfere with ICE's ongoing investigations and law enforcement activities and would impose an impossible administrative burden by requiring investigations to be continuously reinvestigated. In addition, permitting access and amendment to such information could disclose classified and other security-sensitive information that could be detrimental to national or homeland security.

(c) From subsection (e)(1) (Relevancy and Necessity of Information) because in the course of investigations of visa applications, the accuracy of information obtained or introduced occasionally may be unclear or the information may not be strictly relevant or necessary to a specific investigation. In the interest of effective enforcement of Federal immigration laws, it is appropriate to retain all information that may be relevant to the determination whether an individual is eligible for a U.S. visa.

(d) From subsection (e)(2) (Collection of Information From Individuals) because requiring that information be collected from the visa applicant would alert the subject to the fact of an investigation in the form of a visa security review, and to the existence of adverse information about the individual, thereby interfering with the related investigation and law enforcement activities.

(e) From subsection (e)(3) (Notice to Subjects) because providing such detailed information would impede immigration enforcement activities in that it could compromise investigations by: Revealing the existence of an otherwise confidential investigation and thereby provide an opportunity for the visa applicant to conceal adverse information, or take other actions that could thwart investigative efforts; Reveal the identity of other individuals with information pertinent to the visa security review, thereby providing an opportunity for the applicant to interfere with the collection of adverse or other relevant information from such individuals; or reveal the identity of confidential informants, which would negatively affect the informant's usefulness in any ongoing or future investigations and discourage members of the public from cooperating as confidential informants in any future investigations.

(f) From subsections (e)(4)(G) and (H) (Agency Requirements), and (f) (Agency Rules) because portions of this system are exempt from the individual access provisions of subsection (d) for the reasons noted above, and therefore DHS is not required to establish requirements, rules, or procedures with respect to such access. Providing notice to individuals with respect to existence of records pertaining to them in the system of records or otherwise setting up procedures pursuant to which individuals may access and view records pertaining to themselves in the system would undermine investigative and immigration enforcement efforts as described above.

(g) From subsection (e)(5) (Collection of Information) because in the collection of information for law enforcement purposes it is impossible to determine in advance what information is accurate, relevant, timely, and complete. Compliance with (e)(5) would preclude DHS agents from using their investigative training and exercise of good judgment to both conduct and report on investigations.

(h) From subsection (e)(8) because to require individual notice of disclosure of information due to compulsory legal process would pose an impossible administrative burden on DHS and other agencies and could alert the subjects of counterterrorism, law enforcement, or intelligence investigations to the fact of those investigations when not previously known.

(i) From subsection (g) to the extent that the system is exempt from other specific subsections of the Privacy Act relating to individuals' rights to access and amend their records contained in the system. Therefore DHS is not required to establish rules or procedures pursuant to which individuals may seek a civil remedy for the agency's: Refusal to amend a record; refusal to comply with a request for access to records; failure to maintain accurate, relevant, timely and complete records; or failure to otherwise comply with an individual's right to access or amend records.