AGENCY:

Privacy Office, DHS.

ACTION:

Notice to alter an existing Privacy Act system of records.

SUMMARY:

In accordance with the Privacy Act of 1974 the Department of Homeland Security is updating and reissuing the Department of Homeland Security Transportation Security Administration—006 Correspondence and Matters Tracking Records system of records, last published on August 18, 2003, to reflect necessary programmatic changes. As a result of the biennial review of this system, modifications are being made to the system of records' authorities, routine uses, data retention and disposal, notification procedures, and system location. The Department of Homeland Security Transportation Security Administration Correspondence and Matters Tracking Records system covers records associated with the management, tracking, retrieval, and response to incoming correspondence, all outgoing correspondence, memoranda, documentation, injuries, claims, and complaints associated with all subject matters over which the Transportation Security Administration exercises jurisdiction. For example, records pertaining to individuals who make a complaint to the agency's contact center are covered by this system.

Portions of this system are exempt under 5 U.S.C. 552a(k)(1) and (k)(2) as reflected in the final rule published in the Federal Register on June 25, 2004.

This updated system will continue to be included in the Department of Homeland Security's inventory of record systems.

DATES:

Submit comments on or before May 13, 2010. This new system will be effective May 13, 2010.

ADDRESSES:

You may submit comments, identified by docket number DHS-2010-0015 by one of the following methods:

• Federal e-Rulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments.
• Fax: 703-483-2999.
• Mail: Mary Ellen Callahan, Chief Privacy Officer, Privacy Office, Department of Homeland Security, Washington, DC 20528.
• Instructions: All submissions received must include the agency name and docket number for this rulemaking. All comments received will be posted without change to http://www.regulations.gov, including any personal information provided.
• Docket: For access to the docket to read background documents or comments received go to http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT:

For general questions please contact: Peter Pietra (TSAprivacy@dhs.gov), Privacy Officer, Transportation Security Administration, TSA-36, 601 South 12th Street, Arlington, VA, 20598-6036. For privacy issues please contact: Mary Ellen Callahan (703-235-0780), Chief Privacy Officer, Privacy Office, U.S. Department of Homeland Security, Washington, DC 20528.

SUPPLEMENTARY INFORMATION:

I. Background

In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the Department of Homeland Security (DHS) Transportation Security Administration (TSA) is updating and reissuing a DHS/TSA system of records notice titled, DHS/TSA-006 Correspondence Matters Tracking System Records (CMTR) (68 FR 49496, August 18, 2003).

TSA's mission is to protect the nation's transportation systems to ensure freedom of movement for people and commerce. To achieve this mission, TSA is required to develop and adapt its security programs to respond to evolving threats to transportation security. In accordance with the biennial review of this system, the following modifications are being made:

• TSA is updating the authorities for maintenance of the system.
• DHS/TSA is updating the system of records to incorporate four DHS standard routines uses. One routine use will allow release of information to appropriate agencies, entities, and persons when DHS/TSA suspects or has confirmed that the security or confidentiality of information in a system of records has been compromised The second routine use permits the release of information to the media when there exists a legitimate public interest in disclosing information. Release under this routine use will require the approval of the Chief Privacy Officer in consultation with the counsel. The third routine use allows the release of information to a court, magistrate, administrative tribunal or opposing counsel or parties where a federal agency is a party or has an interest in the litigation or administrative proceeding. The fourth routine use allows DHS/TSA to release information to a former employee when it is necessary to consult with the former employee regarding a matter that is within that person's former area of responsibility.
• Additionally, DHS/TSA is revising a routine use that currently allows DHS/TSA to release information only to third parties during the course of an investigation related to transportation security. The revised routine use will allow disclosure to third parties for the purposes of investigating any matter before DHS/TSA. These changes will allow DHS/TSA to thoroughly and efficiently investigate and adjudicate theft or damage claims before the agency, as well as complaints about employees. DHS/TSA is also revising a current routine use by adding indirect air carriers and other facility operators as potential recipients of information about individuals who are their employees, job applicants, or contractors, or persons to whom they issue identification credentials or grant clearances to secured areas in transportation facilities when relevant to such employment, application, contract, training or the issuance of such credentials or clearances.

DHS/TSA is removing the routine uses involving sharing with the Department of State and other Intelligence Community agencies, information relating to persons who may pose a risk to transportation or national security. Also removed as a routine use is the sharing of information with the Attorney General of the United States concerning violations of the Brady Handgun Violence Prevention Act. Both routine uses are duplicative.

• The retention and disposal section has been updated to reflect the records retention schedule approved by the National Archives and Records Administration (NARA).
• The notification section was changed to reflect that inquiries regarding whether the applicable system contains records about an individual should be directed to TSA's Freedom of Information Act (FOIA) Office.
• DHS/TSA updated the system location to reflect the current location of the system.

The CMTR system covers records associated with the management, tracking, retrieval, and response to incoming correspondence, all outgoing correspondence, memoranda, documentation, injuries, claims, and complaints associated with all subject matters over which DHS/TSA exercises jurisdiction. For example, records pertaining to individuals who make a complaint to the agency's contact center are covered by this system. DHS/TSA is revising its system of records to reflect necessary programmatic changes.

Portions of this system are exempt under 5 U.S.C. 552a(k)(1) and (k)(2) as reflected in the final rule published in the Federal Register on June 25, 2004 (69 FR 35536).

Consistent with the Privacy Act, information stored in the CMTR system may be shared with other DHS Start Printed Page 18865components, as well as appropriate federal, state, local, tribal, foreign, or international government agencies. This sharing will only take place after DHS determines that the receiving component or agency has a need to know the information to carry out national security, law enforcement, immigration, intelligence, or other functions consistent with the routine uses set forth in this system of records notice.

II. Privacy

The Privacy Act embodies fair information principles in a statutory framework governing the means by which the United States Government collects, maintains, uses, and disseminates individuals' records. The Privacy Act applies to information that is maintained in a “system of records.” A “system of records” is a group of any records under the control of an agency for which information is retrieved by the name of an individual or by some identifying number, symbol, or other identifying particular assigned to the individual. In the Privacy Act, an individual is defined to encompass United States citizens and lawful permanent residents. As a matter of policy, DHS extends administrative Privacy Act protections to all individuals where systems of records maintain information on U.S. citizens, lawful permanent residents, and visitors. Individuals may request access to their own records that are maintained in a system of records in the possession or under the control of DHS by complying with DHS Privacy Act regulations, 6 CFR part 5.

The Privacy Act requires each agency to publish in the Federal Register a description denoting the type and character of each system of records that the agency maintains, and the routine uses that are contained in each system in order to make agency record keeping practices transparent, to notify individuals regarding the uses to their records are put, and to assist individuals to more easily find such files within the agency. Below is the description of the DHS/TSA-006 CMTR system system of records.

In accordance with 5 U.S.C. 552a(r), DHS has provided a report of this system of records to the Office of Management and Budget and to Congress.

SYSTEM OF RECORDS:

DHS/TSA-006.

System Name:

Transportation Security Administration 006 Correspondence and Matters Tracking Records (CMTR).

Security classification:

Sensitive, Classified.

System location:

Records are maintained at the TSA Office of the Executive Secretariat, TSA Headquarters in Arlington, Virginia. Records may also be located at the Office of Legislative Affairs, Office of Civil Rights and Liberties, Redress Office, and the Office of the Ombudsman (which includes the Consumer Response Center (CRC)), to the extent those offices maintain matter tracking information. Records may also be maintained in other offices at TSA Headquarters and the various TSA field offices.

Categories of individuals covered by the system:

To the extent not covered by any other system, this system covers individuals who submit inquiries, comments, complaints, or claims to TSA in writing, in person, or by telephone, for response and resolution and those with any matter pending before TSA. This includes TSA employees, Members of Congress and their staff, officers and employees of other Executive branch agencies and the White House, tort and property claimants who have filed claims against the Government or TSA, stakeholders, passengers in transportation, and members of the public.

Categories of records in the system:

Correspondence and information related thereto, including name, address, and telephone number of individuals contacting TSA; records of contacts made by or on behalf of individuals, including inquiries, comments, complaints, resumes and letters of reference; staff reports; TSA's responses to correspondence and calls; and staff recommendations on actions requiring approval or action by a TSA official. The system also includes records, including those prepared by TSA employees, related to matters under consideration by TSA.

Authority for maintenance of the system:

5 U.S.C. 301, 28 U.S.C. 1346(b), 1402(b), 2401(b), 2412(c), 2671-80; 31 U.S.C. 3325, 3332, 3701, 3711, 3721; 49 U.S.C. 114.

Purposes:

(a) To facilitate and assist in the management, tracking, retrieval, and response to incoming correspondence, inquiries, claims, and complaints associated with all subject matters over which TSA exercises jurisdiction.

(b) To monitor assignment, disposition, status, and results of correspondence, inquiries, claims, and complaints sent to TSA and, generally, to review, analyze, investigate, and study trends identified by the concerns expressed.

(c) To facilitate and assist in the management, tracking, and retrieval of information associated with matters and issues under consideration by TSA.

Routine uses of records maintained in the system, including categories of users and the purposes of such uses:

A. To the Department of Justice (DOJ) (including United States Attorney offices) or other federal agency in anticipation of or conducting litigation or in proceedings before any court, adjudicative or administrative body, when it is necessary to the litigation and one of the following is a party to the litigation or has an interest in such litigation:

1. DHS or any component thereof;

2. Any current or former employee of DHS in his/her official capacity, or

3. Any current or former employee of DHS in his/her individual capacity where DOJ or DHS has agreed to represent the employee, or

4. The United States or any agency thereof, is a party to the litigation or has an interest in such litigation, and DHS determines that the records are both relevant and necessary to the litigation and the use of such records is compatible with the purpose for which DHS collected the records.

B. To a congressional office from the record of an individual in response to an inquiry from that congressional office made at the request of the individual to whom the record pertains.

C. To the National Archives and Records Administration or other federal government agencies pursuant to records management inspections being conducted under the authority of 44 U.S.C. 2904 and 2906.

D. To an agency, organization, or individual for the purpose of performing audit or oversight operations as authorized by law, but only such information as is necessary and relevant to such audit or oversight function.

E. To appropriate agencies, entities and persons when:

1. DHS suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised;

2. The Department has determined that as a result of the suspected or confirmed compromise there is a risk of Start Printed Page 18866harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by DHS or another agency or entity) or harm to the individual that rely upon the compromised information; and

3. The disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with DHS's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.

F. To contractors and their agents, grantees, experts, consultants, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for DHS when necessary to perform an agency function related to this system of records. Individuals provided information under this routine use are subject to the same Privacy Act requirements and limitations on disclosure as are applicable to DHS officers and employees.

G. To an appropriate federal, state, tribal, local, international, or foreign agency, including law enforcement, or other appropriate authority charged with investigating or prosecuting a violation or enforcing or implementing a law, rule, regulation, or order, where a record, either on its face or in conjunction with other information, indicates a violation or potential violation of law, which includes criminal, civil, or regulatory violations and such disclosure is proper and consistent with the official duties of the person making the disclosure.

H. To the United States Department of Transportation and its operating administrations when relevant or necessary to

1. Ensure safety and security in any mode of transportation;

2. Enforce safety- and security-related regulations and requirements;

3. Assess and distribute intelligence or law enforcement information related to transportation security;

4. Assess and respond to threats to transportation;

5. Oversee the implementation and ensure the adequacy of security measures at airports and other transportation facilities;

6. Plan and coordinate any actions or activities that may affect transportation safety and security or the operations of transportation operators; or

7. The issuance, maintenance, or renewal of a license, certificate, contract, grant, or other benefit.

I. To a federal, state, local, tribal, territorial, foreign, or international agency, in response to queries regarding persons who may pose a risk to transportation or national security; a risk of air piracy or terrorism or a threat to airline or passenger safety; or a threat to aviation safety, civil aviation, or national security.

J. To a federal, state, local, tribal, territorial, foreign, or international agency, where such agency has requested information relevant or necessary for the hiring or retention of an individual, or the issuance of a security clearance, license, contract, grant, or other benefit.

K. To a federal, state, local, tribal, territorial, foreign, or international agency, if necessary to obtain information relevant to a DHS/TSA decision concerning initial or recurrent security threat assessment, the hiring or retention of an employee; the issuance of a security clearance, license, endorsement, contract, grant, waiver, credential, or other benefit and to facilitate any associated payment and accounting.

L. To international and foreign governmental authorities in accordance with law and formal or informal international agreement.

M. To third parties during the course of an investigation into any matter before DHS/TSA to the extent necessary to obtain information pertinent to the investigation.

N. To airport operators, aircraft operators, and maritime and surface transportation operators, indirect air carriers, and other facility operators about individuals who are their employees, job applicants, or contractors, or persons to whom they issue identification credentials or grant clearances to secured areas in transportation facilities when relevant to such employment, application, contract, or the issuance of such credentials or clearances.

O. To a debt collection agency for the purpose of debt collection.

P. To a former employee of DHS, in accordance with applicable regulations, for purposes of responding to an official inquiry by a federal, state or local government entity or professional licensing authority; or facilitating communications with a former employee that may be necessary for personnel-related or other official purposes where the Department requires information or consultation assistance from the former employee regarding a matter within that person's former area of responsibility.

Q. To a court, magistrate, or administrative tribunal where a federal agency is a party to the litigation or administrative proceeding in the course of presenting evidence, including disclosures to opposing counsel or witnesses in the course of civil discovery, litigation or settlement negotiations or in connection with criminal law proceedings.

R. To the news media and the public, with the approval of the Chief Privacy Officer in consultation with counsel, where there exists a legitimate public interest in the disclosure of the information except to the extent it is determined that release of the specific information in the context of a particular case would constitute an unwarranted invasion of personal privacy or a risk to transportation or national security.

Disclosure to consumer reporting agencies:

Privacy Act information may be reported to consumer reporting agencies pursuant to 5 U.S.C. 552a(b)(12) for the purpose of collecting a debt on behalf of the United States Government.

Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:

Storage:

Records may be maintained on paper, audio, and video recordings, and in computer accessible storage media. Records may also be stored on microfiche and roll microfilm. Records that are sensitive or classified are safeguarded in accordance with agency procedures and applicable Executive Orders and statutes.

Retrievability:

Records are retrieved by name, Social security number or other assigned identifier of an individual covered by this system.

Safeguards:

Information in this system is safeguarded in accordance with applicable laws, rules and policies. All records are protected from unauthorized access through appropriate administrative, physical, and technical safeguards. These safeguards include restricting access to authorized personnel who have a need-to-know and password protection identification features. TSA file areas are locked after normal duty hours and the facilities are protected from the outside by security personnel.

Retention and disposal:

In accordance with NARA approved records schedule, N1-560-03-4, Contact Center and Ombudsman inquiries are destroyed after three years; correspondence files including Congressional correspondence are Start Printed Page 18867retained permanently; redress records are retained for seven years for individuals who were cleared as possible matches, and 99 years for individual who were actual matches.

System manager and address:

Director, Office of the Executive Secretariat, TSA Headquarters, 601 S. 12th Street, Arlington, VA 20598.

Notification procedure:

The Secretary of Homeland Security has exempted this system from the notification, access, and amendment procedures of the Privacy Act because it is a law enforcement system as reflected in the final rule published on June 25, 2004 (69 FR 35536). However, TSA will consider individual requests to determine whether or not information may be released. This, individuals seeking notification of and access to any record contained in this system of records, or seeking to contest its content, may submit a request in writing to the Headquarters or component's FOIA Officer, whose contact information can be found at http://www.dhs.gov/​foia under “contacts.” TSA's FOIA office may be reached by mail at Transportation Security Administration, TSA-20, FOIA Office, 601 S. 12th Street, Arlington, VA 20598. If an individual believes more than one component maintains Privacy Act records concerning him/her the individual may submit the request to the Chief Privacy Officer, Department of Homeland Security, 245 Murray Drive, SW., Building 410, STOP-0655, Washington, DC 20528.

When seeking records about yourself from this system of records or any other Departmental system or records you request must conform with the privacy Act regulations set forth in 6 CFR part 5. You must first verify your identity, meaning that you must provide your full name, current address and data and place of birth. You must sign your request, and your signature must be notarized or submitted under 28 U.S.C. 1746, a law that permits statements to be made under penalty of perjury as a substitute for notarization. While no specific form is required, you may obtain forms for this purpose from the Director, Disclosure and FOIA, http://www.dhs.gov or 1-866-431-0486. In addition you should provide the following:

• An explanation of why you believe the Department would have information on you,
• Identify which component(s) of the Department you believe may have the information about you,
• Specify when you believe the records would have been created,
• Provide any other information that will help the FOIA staff determine which DHS component agency may have responsive records,
• If your request is seeking records pertaining to other living individual, you must include a statement from the individual certifying his/her agreement for you to access his/her records.

Without this bulleted information the component(s) may not be able to conduct an effective search, and your request may be denied due to lack of specificity or lack of compliance with applicable regulations.

Record access procedure:

Same as “Notification Procedure” above.

Contesting record procedures:

Same as “Notification Procedure” above.

Record source categories:

Records are obtained from calls and correspondence from or on behalf of individuals who contact TSA with inquiries, comments, complaints, or claims, as well as from TSA employees or contractors and witnesses, and other third parties who provide pertinent information where applicable. Information may also be collected from documents such as records of the contact made with TSA, incident reports, and from other sources, such as employers, state and local agencies, other federal agencies, and related material for background as appropriate.

Exemptions claimed for the system:

Portions of this system are exempt under 5 §§ 552a(k)(1) and (k)(2) as reflected in the final rule published on June 25, 2004 (69 FR 35536).