E8-19033. Privacy Act of 1974: Implementation of Exemptions; Immigration and Customs Enforcement (ICE) Pattern Analysis and Information Collection (ICEPIC) System  

  • Start Preamble Start Printed Page 48117

    AGENCY:

    Privacy Office, DHS.

    ACTION:

    Final rule.

    SUMMARY:

    The Department of Homeland Security is issuing a final rule to amend its regulations to exempt portions of a new system of records entitled the “Immigration and Customs Enforcement (ICE) Pattern Analysis and Information Collection (ICEPIC) System” from certain provisions of the Privacy Act. Specifically, the Department exempts portions of the ICEPIC system from one or more provisions of the Privacy Act because of criminal, civil, and administrative enforcement requirements.

    DATES:

    Effective Date: This final rule is effective August 18, 2008.

    Start Further Info

    FOR FURTHER INFORMATION CONTACT:

    Lyn Rahilly, Privacy Officer, U.S. Immigration and Customs Enforcement, 425 I Street, NW., Washington, DC 20536, e-mail: ICEPrivacy@dhs.gov, or Hugo Teufel III (703-235-0780), Chief Privacy Officer, Privacy Office, U.S. Department of Homeland Security, Washington, DC 20528.

    End Further Info End Preamble Start Supplemental Information

    SUPPLEMENTARY INFORMATION:

    Background

    The Department of Homeland Security (DHS) published a notice of proposed rulemaking in the Federal Register, 73 FR 5460 (Jan. 30, 2008), proposing to exempt portions of the system of records from one or more provisions of the Privacy Act because of criminal, civil, and administrative enforcement requirements. The system of records is the ICE Pattern Analysis and Information Collection (ICEPIC). The ICEPIC system of records notice (SORN) was published concurrently in the Federal Register, 73 FR 5577 (Jan. 30, 2008), and comments were invited on both the proposed rule and SORN. Six comments were received. All commenters were generally in favor of implementation of the rule as proposed. Accordingly, the Department is adopting the proposed rule as final. Concurrently in this issue of the Federal Register, ICE is re-publishing the SORN for ICEPIC to address comments received through the Federal Register comment procedure. Given no changes were made to the rule or the SORN, Privacy Impact Assessment for ICEPIC dated January 30, 2008, remains accurate and is posted on the Department's privacy Web site. (See http://www.dhs.gov/​privacy and follow the link to “Privacy Impact Assessments”).

    Pursuant to the requirements of the Regulatory Flexibility Act, 5 U.S.C. 601-612, DHS certifies that these regulations will not significantly affect a substantial number of small entities. The final rule imposes no duties or obligations on small entities. Further, in accordance with the provisions of the Paperwork Reduction Act of 1995, 44 U.S.C. 3501, DHS has determined that this final rule would not impose new record keeping, application, reporting, or other types of information collection requirements.

    Public Comments

    ICE received and considered the public comments, which are discussed further below, and concluded that no substantive changes to the rule are warranted at this time. While all comments were in favor of the proposed rule, two commenters also raised specific concerns related to this system of records, which are addressed below.

    One commenter expressed concern that individuals would be unable to ensure their personal information in ICEPIC is accurate unless they are permitted access to their records. Other means exist to verify the accuracy of ICEPIC data and ensure that incorrect data is not used to prejudice that individual. ICEPIC users are trained to verify information obtained from ICEPIC before including it in analytical reports that will be used during investigations or shared with government personnel outside of ICE. Verification procedures include direct queries to the source databases from which ICEPIC originally obtained the information, queries of commercial or other government databases, and ICE agent interviews with individuals or others who are in a position to confirm the ICEPIC data. These procedures mitigate the risk posed by inaccurate data in the system and raise the probability that such data will be identified and corrected before any action is taken that would prejudice an individual. In addition, the source systems from which ICEPIC obtains information may, themselves, have mechanisms in place to ensure the accuracy of the data prior to the information being accessed through ICEPIC.

    Another commenter, while in favor of the system, expressed these concerns as follows:

    “By limiting access to a small number of people, power and responsibility may be monopolized in the hands of some who are never given a system of checks and balances over their power. The only other concern that I have is that, as domestic and international security policies and concerns shift over time, this proposed rule change will be stagnant. I would propose then that this rule be revisited in the coming years as security threats continue to fluctuate.”

    To ensure the system contains appropriate checks and balances to oversee those who have access to ICEPIC information, ICE has established appropriate controls and safeguards that provide oversight of authorized ICEPIC users. All user activity is audited and subject to periodic review to identify unauthorized use or activity. ICE investigates instances of unauthorized or inappropriate access or use of the system and takes appropriate disciplinary actions where violations have occurred. The commenter also recommended a review of this system in the future because “security threats continue to fluctuate.” ICE and DHS continue to exercise diligence in the response to the evolving threat environment. Should there be a need to substantially alter this system in the future, similar public notice and an Start Printed Page 48118opportunity to comment will be provided.

    Regulatory Requirements

    A. Regulatory Impact Analyses

    Changes to Federal regulations must undergo several analyses. In conducting these analyses, DHS has determined:

    1. Executive Order 12866 Assessment

    This rule is not a significant regulatory action under Executive Order 12866, “Regulatory Planning and Review” (as amended). Accordingly, this rule has not been reviewed by the Office of Management and Budget (OMB). Nevertheless, DHS has reviewed this rulemaking, and concluded that there will not be any significant economic impact.

    2. Regulatory Flexibility Act Assessment

    Pursuant to section 605 of the Regulatory Flexibility Act (RFA), 5 U.S.C. 605(b), as amended by the Small Business Regulatory Enforcement and Fairness Act of 1996 (SBREFA), DHS certifies that this rule will not have a significant impact on a substantial number of small entities. The rule would impose no duties or obligations on small entities. Further, the exemptions to the Privacy Act apply to individuals, and individuals are not covered entities under the RFA.

    3. International Trade Impact Assessment

    This rulemaking will not constitute a barrier to international trade. The exemptions relate to criminal investigations and agency documentation and, therefore, do not create any new costs or barriers to trade.

    4. Unfunded Mandates Assessment

    Title II of the Unfunded Mandates Reform Act of 1995 (UMRA), (Pub. L. 104-4, 109 Stat. 48), requires Federal agencies to assess the effects of certain regulatory actions on State, local, and tribal governments, and the private sector. This rulemaking will not impose an unfunded mandate on State, local, or tribal governments, or on the private sector.

    B. Paperwork Reduction Act

    The Paperwork Reduction Act of 1995 (PRA) (44 U.S.C. 3501 et seq.) requires that DHS consider the impact of paperwork and other information collection burdens imposed on the public and, under the provisions of PRA section 3507(d), obtain approval from the Office of Management and Budget (OMB) for each collection of information it conducts, sponsors, or requires through regulations. DHS has determined that there are no current or new information collection requirements associated with this rule.

    C. Executive Order 13132, Federalism

    This action will not have a substantial direct effect on the States, on the relationship between the national Government and the States, or on the distribution of power and responsibilities among the various levels of government, and therefore will not have federalism implications.

    D. Environmental Analysis

    DHS has reviewed this action for purposes of the National Environmental Policy Act of 1969 (NEPA) (42 U.S.C. 4321-4347) and has determined that this action will not have a significant effect on the human environment.

    E. Energy Impact

    The energy impact of this action has been assessed in accordance with the Energy Policy and Conservation Act (EPCA) Public Law 94-163, as amended (42 U.S.C. 6362). This rulemaking is not a major regulatory action under the provisions of the EPCA.

    Start List of Subjects

    List of Subjects in 6 CFR Part 5

    • Freedom of information; Privacy
    End List of Subjects Start Amendment Part

    For the reasons stated in the preamble, DHS amends Chapter I of Title 6, Code of Federal Regulations, as follows:

    End Amendment Part Start Part

    PART 5—DISCLOSURE OF RECORDS AND INFORMATION

    End Part Start Amendment Part

    1. The authority citation for part 5 continues to read as follows:

    End Amendment Part Start Authority

    Authority: Pub. L. 107-296, 116 Stat. 2135, 6 U.S.C. 101 et seq.; 5 U.S.C. 301. Subpart A also issued under 5 U.S.C. 552.

    End Authority Start Amendment Part

    2. At the end of appendix C to part 5, add the following new paragraph 6 to read as follows:

    End Amendment Part Start Appendix

    Appendix C to Part 5—DHS Systems of Records Exempt From the Privacy Act

    * * * * *

    6. The Immigration and Customs Enforcement (ICE) Pattern Analysis and Information Collection (ICEPIC) System consists of electronic and paper records and will be used by DHS and its components. ICEPIC is a repository of information held by DHS in connection with its several and varied missions and functions, including, but not limited to: The enforcement of civil and criminal laws (including the immigration law); investigations, inquiries, and proceedings there under; and national security and intelligence activities. ICEPIC contains information that is collected by, on behalf of, in support of, or in cooperation with DHS and its components and may contain personally identifiable information collected by other Federal, State, local, tribal, foreign, or international government agencies.

    Pursuant to exemption 5 U.S.C. 552a(j)(2) of the Privacy Act, portions of this system are exempt from 5 U.S.C. 552a(c)(3) and (4); (d); (e)(1), (e)(2), (e)(3), (e)(4)(G), (e)(4)(H), (e)(5) and (e)(8); (f), and (g). Pursuant to 5 U.S.C. 552a(k)(2), this system is exempt from the following provisions of the Privacy Act, subject to the limitations set forth in those subsections: 5 U.S.C. 552a(c)(3), (d), (e)(1), (e)(4)(G), (e)(4)(H), and (f). Exemptions from these particular subsections are justified, on a case-by-case basis to be determined at the time a request is made, for the following reasons:

    (a) From subsection (c)(3) and (4) (Accounting for Disclosures) because release of the accounting of disclosures could alert the subject of an investigation of an actual or potential criminal, civil, or regulatory violation to the existence of the investigation, and reveal investigative interest on the part of DHS as well as the recipient agency. Disclosure of the accounting would therefore present a serious impediment to law enforcement efforts and/or efforts to preserve national security. Disclosure of the accounting would also permit the individual who is the subject of a record to impede the investigation, to tamper with witnesses or evidence, and to avoid detection or apprehension, which would undermine the entire investigative process.

    (b) From subsection (d) (Access to Records) because access to the records contained in this system of records could inform the subject of an investigation of an actual or potential criminal, civil, or regulatory violation, to the existence of the investigation, and reveal investigative interest on the part of DHS or another agency. Access to the records could permit the individual who is the subject of a record to impede the investigation, to tamper with witnesses or evidence, and to avoid detection or apprehension. Amendment of the records could interfere with ongoing investigations and law enforcement activities and would impose an impossible administrative burden by requiring investigations to be continuously reinvestigated. In addition, permitting access and amendment to such information could disclose security-sensitive information that could be detrimental to homeland security.

    (c) From subsection (e)(1) (Relevancy and Necessity of Information) because in the course of investigations into potential violations of Federal law, the accuracy of information obtained or introduced occasionally may be unclear or the information may not be strictly relevant or necessary to a specific investigation. In the interests of effective law enforcement, it is appropriate to retain all information that may aid in establishing patterns of unlawful activity.

    (d) From subsection (e)(2) (Collection of Information from Individuals) because requiring that information be collected from the subject of an investigation would alert the subject to the nature or existence of an investigation, thereby interfering with the related investigation and law enforcement activities. Start Printed Page 48119

    (e) From subsection (e)(3) (Notice to Subjects) because providing such detailed information would impede law enforcement in that it could compromise investigations by: revealing the existence of an otherwise confidential investigation and thereby provide an opportunity for the subject of an investigation to conceal evidence, alter patterns of behavior, or take other actions that could thwart investigative efforts; reveal the identity of witnesses in investigations, thereby providing an opportunity for the subjects of the investigations or others to harass, intimidate, or otherwise interfere with the collection of evidence or other information from such witnesses; or reveal the identity of confidential informants, which would negatively affect the informant's usefulness in any ongoing or future investigations and discourage members of the public from cooperating as confidential informants in any future investigations.

    (f) From subsections (e)(4)(G) and (H) (Agency Requirements), and (f) (Agency Rules) because portions of this system are exempt from the individual access provisions of subsection (d) for the reasons noted above, and therefore DHS is not required to establish requirements, rules, or procedures with respect to such access. Providing notice to individuals with respect to existence of records pertaining to them in the system of records or otherwise setting up procedures pursuant to which individuals may access and view records pertaining to themselves in the system would undermine investigative efforts and reveal the identities of witnesses, and potential witnesses, and confidential informants.

    (g) From subsection (e)(5) (Collection of Information) because in the collection of information for law enforcement purposes it is impossible to determine in advance what information is accurate, relevant, timely, and complete. Compliance with (e)(5) would preclude DHS agents from using their investigative training and exercise of good judgment to both conduct and report on investigations.

    (h) From subsection (e)(8) (Notice on Individuals) because compliance would interfere with DHS' ability to obtain, serve, and issue subpoenas, warrants, and other law enforcement mechanisms that may be filed under seal, and could result in disclosure of investigative techniques, procedures, and evidence.

    (i) From subsection (g) to the extent that the system is exempt from other specific subsections of the Privacy Act relating to individuals' rights to access and amend their records contained in the system. Therefore DHS is not required to establish rules or procedures pursuant to which individuals may seek a civil remedy for the agency's: Refusal to amend a record; Refusal to comply with a request for access to records; failure to maintain accurate, relevant timely and complete records; or failure to otherwise comply with an individual's right to access or amend records.

    End Appendix Start Signature

    Hugo Teufel III,

    Chief Privacy Officer, Department of Homeland Security.

    End Signature End Supplemental Information

    [FR Doc. E8-19033 Filed 8-15-08; 8:45 am]

    BILLING CODE 4410-10-P

Document Information

Comments Received:
0 Comments
Published:
08/18/2008
Department:
Homeland Security Department
Entry Type:
Rule
Action:
Final rule.
Document Number:
E8-19033
Pages:
48117-48119 (3 pages)
Docket Numbers:
Docket No. DHS-2008-0071
Topics:
Freedom of information, Privacy
PDF File:
e8-19033.pdf
CFR: (1)
6 CFR 5