[Federal Register Volume 71, Number 12 (Thursday, January 19, 2006)]
[Notices]
[Pages 3109-3112]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E6-511]
-----------------------------------------------------------------------
DEPARTMENT OF HOMELAND SECURITY
Office of the Secretary
[DHS-2005-0054]
Privacy Act of 1974; Systems of Records
AGENCY: Privacy Office; Department of Homeland Security.
ACTION: Notice of Privacy Act system of records.
-----------------------------------------------------------------------
SUMMARY: The Bureau of Customs and Border Protection proposes to revise
its system of records for collecting carrier, broker and importer/
exporter account information to both update the system and to add as a
category of records the customs declarations that postal mailers are
required to complete for international mail transactions.
DATES: The new system of records will be effective February 21, 2006
unless comments are received that result in a contrary determination.
ADDRESSES: You may submit comments, identified by DHS-2005-0054, by one
of the following methods:
Federal eRulemaking Portal: http://www.regulations.gov.
Follow the instructions for submitting comments via docket number DHS-
2005-0054.
Fax: 202-572-8727.
Mail: Comments by mail are to be addressed to the
Regulations Branch, Office of Regulations and Rulings, Bureau of
Customs and Border Protection, 1300 Pennsylvania Avenue, NW. (Mint
Annex), Washington, DC 20229. Comments by mail may also be submitted to
Maureen Cooney, Acting Chief Privacy Officer, Department of Homeland
Security, 601 S. 12th Street, Arlington, VA 22202-4220.
Instructions: All submissions received must include the agency name
and docket number for this rulemaking. All comments received will be
posted without change to http://www.regulations.gov, including any
personal information provided. For detailed instructions on submitting
comments and additional information on the rulemaking process, see the
``Public Participation'' heading of the SUPPLEMENTARY INFORMATION
section of this document.
Docket: For access to the docket to read background documents or
comments received, go to http://www.regulations.gov. Submitted comments
may also be inspected during regular business days between the hours of
9 a.m. and 4:30 p.m. at the Regulations Branch, Office of Regulations
and Rulings, Bureau of
[[Page 3110]]
Customs and Border Protection, 799 9th Street, NW., 5th Floor,
Washington, DC. Arrangements to inspect submitted comments should be
made in advance by calling Mr. Joseph Clark at (202) 572-8768.
FOR FURTHER INFORMATION CONTACT: Laurence E. Castelli (202-572-8712),
Chief, Privacy Act Policy and Procedures Branch, Bureau of Customs and
Border Protection, Office of Regulations & Rulings, Mint Annex, 1300
Pennsylvania Ave., NW., Washington, DC 20229.
SUPPLEMENTARY INFORMATION: The Bureau of Customs and Border Protection
(CBP) is engaged in a multi-year modernization effort to update its
information systems. As part of this modernization effort, CBP has
developed the Automated Commercial Environment (ACE) to streamline
business processes, to facilitate growth in trade, to ensure cargo
security, to provide means to combat terrorism through monitoring what
materials and which persons enter and leave the country, and to foster
participation in global commerce, while ensuring compliance with U.S.
laws and regulations. ACE replaces CBP's current Automated Commercial
System, a twenty-plus-year-old trade information database.
The operation of ACE will require that CBP collect personally
identifiable information from importers, brokers, truck carriers, and
U.S. Postal Service customs declarations. The system will also include
personally identifiable information about CBP employees and employees
of other agencies. The information that is collected will be used to
operate the automated commercial environment in order to assist in
protecting the country's borders by monitoring and regulating incoming
cargo and people.
The Privacy Act embodies fair information principles in a statutory
framework governing the means by which the United States Government
collects, maintains, uses and disseminates personally identifiable
information. The Privacy Act applies to information that is maintained
in a ``system of records.'' A ``system of records'' is a group of any
records under the control of an agency from which information is
retrieved by the name of the individual or by some identifying number,
symbol, or other identifying particular assigned to the individual. In
the Privacy Act, individual is defined to encompass United States
citizens and legal permanent residents. ACE involves the collection of
information that will be maintained in a system of records.
The Privacy Act requires each agency to publish in the Federal
Register a description denoting the type and character of each system
of records that the agency maintains, and the routine uses that are
contained in each system in order to make agency recordkeeping
practices transparent, to notify individuals regarding the uses to
which personally identifiable information is put, and to assist the
individual to more easily find such files within the agency.
DHS is here publishing a description of the Automated Commercial
Environment system of records. In accordance with 5 U.S,C. 552a(r), a
report concerning this record system has been sent to the Office of
Management and Budget and to the Congress.
Interested persons are invited to participate in this rulemaking by
submitting written data, views, or arguments on all aspects of the
proposed rule. CBP also invites comments that relate to the economic,
environmental, or federalism affects that might result from this
proposed rule. Comments that will provide the most assistance to CBP in
developing these procedures will reference a specific portion of the
proposed rule, explain the reason for any recommended change, and
include data, information, or authority that support such recommended
change.
DHS/CBP-001
System Name:
Automated Commercial Environment/International Trade Data System
(ACE/ITDS).
System Location:
This computer database is located at the Bureau of Customs and
Border Protection (CBP) National Data Center in Washington, DC.
Computer terminals are located at Customhouses and ports throughout the
United States and at CBP Headquarters, Washington, DC, as well as
appropriate facilities for other participating government agencies.
Categories of Individuals Covered by the System:
Individuals involved in the importation of merchandise, members of
the trade community, including but not limited to truck carriers,
vessel, vehicle, and aircraft operators or crew, Customhouse brokers,
importers and their authorized agents (i.e., trade users), persons
required to file Customs Declarations for international mail
transactions (including sender and recipient), DHS/CBP employees, and
employees of other Federal Government agencies.
Categories of Records in the System:
The database is comprised of carrier, broker, and importer/exporter
account information (this includes personally identifying information
(name and address, phone and/or fax), as well as the Significant
Activity Log (a message log between the ACE Portal Account Owner and
CBP that tracks their communications sent through ACE) and the Action
Plans referenced in the Significant Activity Log), entry information,
and manifest information. The database also includes information
obtained from Customs declarations filed with the United States Postal
Service in connection with the import or export of goods through the
mail. System files may contain information about DHS/CBP employees,
other Federal employees, companies, and individuals involved in
commercial land, sea, and/or air border transactions.
The following information may be stored in the database for the
establishment of an ACE Secure Data Portal truck carrier account:
Carrier name, Carrier address, Carrier identification (i.e., the truck
carrier identification SCAC code (the unique Standard Carrier Alpha
Code) assigned for each carrier by the National Motor Freight Traffic
Association), Department of Transportation number, Taxpayer ID number,
DUNS (Dun and Bradstreet Number), Organizational structure, Name of
Insurer, Policy number, Date of Issuance and Amount. The carrier can
create users and points of contact, and may also choose to store
details associated with driver/crew, conveyance, and equipment for
purposes of expediting the creation of manifests.
The ACE database is also comprised of manifest information that
includes specific details regarding the crew or drivers as well as
passengers involved in a commercial land border crossing. For crew or
drivers, the system will include:
(1) Person on arriving conveyance who is in charge; (2) Names of
all crew members; (3) Date of birth of each crew member; (4) Commercial
driver's license (CDL)/drivers license number for each crew member; (5)
CDL/driver's license State/province of issuance for each crew member;
(6) CDL country of issuance for each crew member; (7) Travel document
number for each crew member; (8) Travel document country of issuance
for each crew member; (9) Travel document State/province of issuance
for each crew member; (10) Travel document type for each crew member;
(11) Address for each crew member; (12) Gender of each crew member;
(13) Nationality/citizenship of each crew member; (14)
[[Page 3111]]
Hazmat endorsement for each crew member.
For passengers, the information consists of: (1) Names of all
passengers; (2) Date of birth of each passenger; (3) Travel document
number for each passenger; (4) Travel document country of issuance for
each passenger; (5) Travel document State/province of issuance for each
passenger; (6) Travel document type for each passenger; (7) Gender of
each passenger; (8) Nationality of each passenger.
Further, the ACE database includes specific details regarding
trips, equipment, conveyances, and shipments, but this information does
not primarily identify individuals, except those who might be shippers
or consignees.
Authority for Maintenance of the System:
19 U.S.C. 66, 1448, 1481, 1483, 1484, 1505, 1624, and 2071.
Routine Uses of Records Maintained in the System, Including Categories
of Users and the Purposes of Such Uses:
In addition to those disclosures generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, all or a portion of the records or
information contained in this system may be disclosed outside DHS as a
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
(1) To the Bureau of the Census by providing magnetic tapes or
other form of electronic data transmission containing foreign trade
data;
(2) To appropriate Federal, State, local, foreign, or tribal
agencies responsible for investigating or prosecuting the violations
of, or for enforcing or implementing, a statute, rule, regulation,
order, or license, where CBP becomes aware of an indication of a
violation or potential violation of civil or criminal law or
regulation;
(3) To a Federal, State, local, tribal, territorial, foreign, or
international agency, maintaining civil, criminal or other relevant
enforcement information or other pertinent information, which has
requested information relevant to or necessary to the requesting
agency's or the bureau's hiring or retention of an individual, or
issuance of a security clearance, license, contract, grant, or other
benefit;
(4) To a court, magistrate, or administrative tribunal in the
course of presenting evidence, including disclosures to opposing
counsel or witnesses in the course of civil discovery, litigation, or
settlement negotiations, in response to a subpoena, or in connection
with criminal law proceedings;
(5) To third parties during the course of an investigation to the
extent necessary to obtain information pertinent to the investigation;
(6) To an agency, organization, or individual for the purposes of
performing authorized audit or oversight operations;
(7) To a congressional office from the record of an individual in
response to an inquiry from that congressional office made at the
request of the individual to whom the record pertains;
(8) To contractors, grantees, experts, consultants, students, and
others performing or working on a contract, service, grant, cooperative
agreement, or other assignment for the Federal Government, when
necessary to accomplish an agency function related to this system of
records;
(9) To the Department of Justice, the United States Attorney's
Office, or a consumer reporting agency for further collection action on
any delinquent debt when circumstances warrant;
(10) To a former employee of the Department for purposes of:
responding to an official inquiry by a Federal, State, or local
government entity or professional licensing authority, in accordance
with applicable Department regulations; or facilitating communications
with a former employee that may be necessary for personnel-related or
other official purposes where the Department requires information and/
or consultation assistance from the former employee regarding a matter
within that person's former area of responsibility;
(11) To an organization or individual in either the public or
private sector, either foreign or domestic, where there is a reason to
believe that the recipient is or could become the target of a
particular terrorist activity or conspiracy, to the extent the
information is relevant to the protection of life or property;
(12) To the Department of Justice or other Federal agency
conducting litigation or in proceedings before any court, adjudicative
or administrative body, when: (a) DHS, or (b) any employee of DHS in
his/her official capacity, or (c) any employee of DHS in his/her
individual capacity where DOJ or DHS has agreed to represent the
employee, or (d) the United States or any agency thereof, is a party to
the litigation or has an interest in such litigation;
(13) To the National Archives and Records Administration or other
federal government agencies pursuant to records management inspections
being conducted under the authority of 44 U.S.C. Sections 2904 and
2906;
(14) To a Federal, State, local, tribal, territorial, foreign, or
international agency, if necessary to obtain information relevant to a
Department of Homeland Security decision concerning the hiring or
retention of an employee, the issuance of a security clearance, the
reporting of an investigation of an employee, the letting of a
contract, or the issuance of a license, grant or other benefit;
(15) To a Federal agency, pursuant to the International Trade Data
System Memorandum of Understanding, consistent with the receiving
agency's legal authority to collect information pertaining to and/or
regulate transactions in international trade.
Policies and Practices for Storing, Retrieving, Accessing, Retaining,
Disposing of Records in the System:
Storage:
The data is stored electronically at the CBP Data Center for
current data and offsite at an alternative data storage facility for
historical logs and system backups.
Retrievability:
The data is retrievable by name or personal identifier from an
electronic database. Only individuals with a need to know can access
the data. The system manager, in addition, has the capability to
maintain system back-ups for the purpose of supporting continuity of
operations and the discrete need to isolate and copy specific data
access transactions for the purpose of conducting security incident
investigations.
Safeguards:
Access to the computer area is controlled by a security pass
arrangement and personnel not connected with the operation of the
computer are prohibited from entering. The building security is
protected by a uniformed guard. Access at the ports is in the booths
and from any PC connected to the LAN. At the ports of processing,
terminal rooms are under close supervision during working hours and
locked after close of business. The system security officer issues a
unique private five digit identification code to each authorized user.
Access to the computer from other than system terminals is controlled
through a security software package. Users must input a unique
identification code and password during the terminal log-in procedure
to gain access to the system. The password is not printed or displayed
at the port of processing. The system validates the user ID by
transaction type, thereby limiting a
[[Page 3112]]
system user's access to information on a ``need-to-know'' basis. A
listing of identification codes of authorized users can be printed only
by request of the security officer. The passwords are changed
periodically to enhance security.
Retention and Disposal:
Files are retained on-line in a system database. Personal
information collected in ACE as part of the regulation of incoming
cargo and people will be retained in accordance with the U.S. Customs
Records Schedules approved by the National Archive and Records
Administration for the forms on which the data is submitted. This means
that cargo, crew, driver, and passenger information collected from a
manifest presented in connection with the arrival of a vessel, vehicle
or aircraft will be retained for six years. Information collected in
connection with the submission of a Postal Declaration for a mail
importation will be retained for a maximum of six years and three
months (as set forth pursuant to NARA Authority N1-36-86-1, U.S.
Customs Records Schedule, Schedule 9 Entry Processing, Items 4 and 5).
Personal information collected in connection with the creation of a
carrier, broker, or importer/exporter account will be retained for up
to three years following the closing of the account either through
withdrawal by the individual or denial of access by CBP. Lastly,
information pertaining to CBP and PGA employees will be retained for as
long as the individual maintains her or his portal access to ACE and
authorization to access the information.
System Manager(s) and Address:
Director, Office of Automated Systems, U.S. Customs and Border
Protection Headquarters, 1300 Pennsylvania Avenue, NW., Washington, DC
20229.
Notification Procedures:
To determine whether this system contains records relating to you,
write to Customer Satisfaction Unit, Office of Field Operations, U.S.
Customs and Border Protection, Room 5.5-C, 1300 Pennsylvania Avenue,
NW., Washington, DC 20229 (phone: (202) 344-1850 and fax: (202) 344-
2791).
Record Access Procedures:
Requests for notification or access must be in writing and should
be addressed to the Customer Satisfaction Unit, Office of Field
Operations, U.S. Customs and Border Protection, Room 5.5-C, 1300
Pennsylvania Avenue, NW., Washington, DC 20229. Requests should conform
to the requirements of 6 CFR part 5, subpart B, which provides the
rules for requesting access to Privacy Act records maintained by DHS.
The envelope and letter should be clearly marked ``Privacy Act Access
Request.'' The request should include a general description of the
records sound and must include the requester's full name, current
address, and data and place of birth. The request must be signed and
either notarized or submitted under penalty of perjury.
Additionally, operational record access may be obtained through the
ACE Secure Data Portal for those individuals and entities who have been
approved access in accordance with the procedures published in the
Federal Register at 67 FR 21800 dated May 1, 2002.
Contesting Record Procedures:
Same as ``Record Access Procedures.''
Record Source Categories:
The system contains data received on authorized CBP forms or
electronic formats from individuals and/or companies incidental to the
conduct of foreign trade and required by CBP in administering the
tariff laws and regulations of the United States. The system also
contains information pertaining to International Mail Transactions,
which is obtained from the United States Postal Service by electronic
data transmission.
Exemptions Claimed for the System:
None.
Dated: December 22, 2005.
Maureen Cooney,
Acting Chief Privacy Officer, Department of Homeland Security.
[FR Doc. E6-511 Filed 1-18-06; 8:45 am]
BILLING CODE 4410-10-P