[Federal Register: September 24, 2004 (Volume 69, Number 185)]
[Notices]
[Page 57348-57352]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr24se04-117]
-----------------------------------------------------------------------
DEPARTMENT OF HOMELAND SECURITY
Transportation Security Administration
[Docket No. TSA-2004-19166]
Privacy Act of 1974: Systems of Records; Transportation Security
Threat Assessment System (T-STAS); Transportation Worker Identification
Credentialing (TWIC) System
AGENCY: Transportation Security Administration (TSA), DHS.
ACTION: Notice to alter two existing systems of records; request for
comments.
-----------------------------------------------------------------------
SUMMARY: TSA is altering two existing systems of records under the
Privacy Act of 1974.
DATES: Comments due on October 25, 2004.
ADDRESSES: Address your comments to the Docket Management System, U.S.
Department of Transportation (DOT), Room Plaza 401, 400 Seventh Street,
SW., Washington, DC 20590-0001. You must identify the docket number
TSA-2004-19166 at the beginning of your comments, and you should submit
two copies of your comments. If you wish to receive confirmation that
TSA received your comments, include a self-addressed, stamped postcard.
You may also submit comments through the Internet at http://dms.dot.gov.
Please be aware that anyone is able to search the
electronic form of all comments received into any of these dockets by
the name of the individual submitting the comment (or signing the
comment, if submitted on behalf of an association, business, labor
union, etc.). You may review DOT's complete Privacy Act Statement in
the Federal Register published on April 11, 2000 (Volume 65, Number 70;
Pages 19477-78) or you may visit http://dms.dot.gov. You may also
review the public docket containing comments in person at the Dockets
Office between 9 a.m. and 5 p.m., Monday through Friday, except Federal
holidays. The Dockets Office is on the plaza level of the NASSIF
Building at the Department of Transportation at the above address.
FOR FURTHER INFORMATION CONTACT: Conrad Huygen, Privacy Act Officer,
Office of Information Management Programs, TSA Headquarters, TSA-17,
601 S. 12th Street, Arlington, VA 22202-4220; telephone (571) 227-1954;
facsimile (571) 227-2906.
SUPPLEMENTARY INFORMATION: TSA is altering two existing systems of
records under the Privacy Act of 1974. The first system, the
Transportation Security
[[Page 57349]]
Threat Assessment System (DHS/TSA 002), facilitates the performance of
threat assessments and employment investigations on individuals who
require special access to the transportation system and was published
in the Federal Register on August 18, 2003, as the Transportation
Workers Employment Investigations System. See 68 FR 49496, 49498. The
system name has been changed and the categories of individuals,
categories of records, and purposes of the system expanded to cover
threat assessments performed on individuals seeking flight training,
temporary flight restriction waivers, and access to cargo-related
infrastructure and other transportation-related activities. The routine
uses have also been amended to allow for the disclosure of records
related to these new activities, to include state and local
transportation agencies, when compatible with the purposes for which
the information was collected. TSA may now also share information with
the appropriate agency when individuals pose or are suspected of posing
a risk to transportation or national security. Records may also be
retrieved using biometric identifiers.
The second system, the Transportation Worker Identification
Credentialing (TWIC) System (DHS/TSA 012), facilitates the testing and
evaluation of certain technologies and business processes associated
with access control for transportation workers requiring unescorted
access to secure areas of transportation facilities and was first
published in the Federal Register on August 18, 2003. See 68 FR 49496,
49507. The system notice is being changed to reflect the expanded
location of the records in the TWIC Prototype Phase and the routine
uses have been amended to allow for the disclosure of records to state
and local transportation agencies when compatible with the purposes for
which the information was collected. TSA may now also share information
with the appropriate agency when individuals pose or are suspected of
posing a risk to transportation or national security. The complete
revised notices of both systems of records follow.
TRANSPORTATION AND SECURITY ADMINISTRATION
DHS/TSA 002
System name:
Transportation Security Threat Assessment System (T-STAS).
Security classification:
Classified, Sensitive.
System location:
Records are maintained at the offices of the Transportation
Security Administration (TSA) Headquarters in Arlington, Virginia. Some
records may also be maintained at the offices of TSA contractors, or in
TSA field offices.
Categories of individuals covered by the system:
Individuals who are required to undergo a security threat
assessment or employment investigation in order to obtain access to the
following: Transportation infrastructure or assets, such as terminals,
facilities, pipelines, railways, mass transit, vessels, aircraft, or
vehicles; restricted airspace; passenger baggage; cargo; or
transportation-related instruction or training (such as flight
training). This includes but is not limited to the following
individuals:
(a) Individuals who require or seek access to airport secured,
sterile, or a Security Identification Display Area (SIDA); have or seek
unescorted access authority to these areas; have or seek authority to
grant others unescorted access to these areas; have or seek regular
escorted access to these areas; or are seeking identification that is
evidence of employment at the airport.
(b) Individuals who have or are seeking responsibility for
screening passengers or carry-on baggage, and those persons serving as
immediate supervisors and the next supervisory level to those
individuals, other than employees of the TSA who perform or seek to
perform these functions.
(c) Individuals who have or are seeking responsibility for
screening checked baggage or cargo, and their immediate supervisors,
and the next supervisory level to those individuals, other than
employees of the TSA who perform or seek to perform these functions.
(d) Individuals who have or are seeking the authority to accept
checked baggage for transport on behalf of an aircraft operator that is
required to screen passengers.
(e) Pilots, copilots, flight engineers, flight navigators, airline
personnel authorized to fly in the cockpit, relief or deadheading
crewmembers, cabin crew, and other flight crew for an aircraft operator
or foreign air carrier that is required to adopt and carry out a
security program.
(f) Flight crews and passengers who request waivers of temporary
flight restrictions (TFRs) or other restrictions pertaining to
airspace.
(g) Other individuals who are connected to the transportation
industry for whom TSA conducts security threat assessments to ensure
transportation security.
(h) Individuals who have or are seeking unescorted access to cargo
in the transportation system.
(i) Individuals who are owners, officers, or directors of an
indirect air carrier or a business seeking to become an indirect air
carrier.
(j) Aliens or other individuals designated by TSA who apply for
flight training or recurrent training.
(k) Individuals transported on all-cargo aircraft, including
aircraft operator or foreign air carrier employees and their family
members and persons transported for the flight.
Categories of records in the system:
TSA's system may contain any or all of the following information
regarding individuals covered by this system: (a) Full name (including
aliases or variations of spelling); (b) gender; (c) current and
historical contact information (including but not limited to address
information, telephone number, e-mail); (d) government issued licensing
or identification information (including but not limited to social
security number, pilot certificate information, including number and
country of issuance, and other licensing information for modes of
transportation); (e) date and place of birth; (f) name and information
including contact information and identifying number (if any) of the
airport, aircraft operator, indirect air carrier, maritime or land
transportation operator, or other employer or entity that is employing
the individual or submitting the individual's information or sponsoring
the individual's background check/threat assessment; (g) physical
description, fingerprint and/or other biometric identifier and
photograph; (h) date, place, and type of flight training or other
instruction; (i) control number or other unique identification number
assigned to an individual or credential; (j) information necessary to
assist in tracking submissions, payments, and transmission of records;
(k) results of any analysis performed for security threat assessments
and adjudications; (l) other data as required by Form FD 258
(fingerprint card) or other standard fingerprint cards used by the
Federal government; (m) information provided by individuals covered by
this system in support of their application for an appeal or waiver;
(n) flight information, including crew status on board; (o) travel
document information (including but not limited to passport
information, including number and country of issuance, and current and
past
[[Page 57350]]
citizenship information and immigration status, any alien registration
numbers, and any visa information); (p) identification records obtained
from the Federal Bureau of Investigation (FBI), which are compilations
of criminal history record information pertaining to individuals who
have criminal fingerprints maintained in the FBI's Fingerprint
Identification Records System (FIRS); (q) data gathered from foreign
governments or entities that is necessary to address security concerns
in the aviation, maritime, or land transportation systems; (r) other
information provided by Federal, State, and local government agencies
or private entities; (s) the individual's level of access at an
airport.
Authority for maintenance of the system:
49 U.S.C. 114, 5103a, 40103(b)(3), 40113(a), 44903(b), 44936,
44939, 46105.
Purpose(s):
(a) Performance of security threat assessments and employment
investigations that Federal statutes and/or TSA regulations authorize
for the individuals identified in ``Categories of individuals covered
by the system,'' above.
(b) To assist in the management and tracking of the status of
security threat assessments and employment investigations.
(c) To permit the retrieval of the results of security threat
assessments and employment investigations, including criminal history
records checks and searches in other governmental, commercial, and
private data systems, performed on the individuals covered by this
system.
(d) To permit the retrieval of information from other terrorist-
related, law enforcement and Intelligence databases on the individuals
covered by this system.
(e) To track the fees incurred and payment of those fees by the
airport operators, aircraft operators, maritime and land transportation
operators, flight students, and others where appropriate for services
related to security threat assessments and employment investigations.
(f) To facilitate the performance of security threat assessments
and other investigations that TSA may conduct to ensure transportation
security.
Routine uses of records maintained in the system, including categories
of users and the purposes of such uses:
(1) To the United States Department of Transportation, its
operating administrations, or the appropriate state or local agency
when relevant or necessary to: (a) Ensure safety and security in any
mode of transportation; (b) enforce safety- and security-related
regulations and requirements; (c) assess and distribute intelligence or
law enforcement information related to transportation security; (d)
assess and respond to threats to transportation; (e) oversee the
implementation and ensure the adequacy of security measures at airports
and other transportation facilities; (f) plan and coordinate any
actions or activities that may affect transportation safety and
security or the operations of transportation operators; or (g) the
issuance, maintenance, or renewal of a license, endorsement,
certificate, contract, grant, or other benefit.
(2) To the appropriate Federal, State, local, tribal, territorial,
foreign, or international agency responsible for investigating,
prosecuting, enforcing, or implementing a statute, rule, regulation, or
order, where TSA becomes aware of an indication of a violation or
potential violation of civil or criminal law or regulation.
(3) To the appropriate Federal, State, local, tribal, territorial,
foreign, or international agency regarding individuals who pose or are
suspected of posing a risk to transportation or national security.
(4) To contractors, grantees, experts, consultants, volunteers, or
other like persons when necessary to perform a function or service
related to this system of records for which they have been engaged.
Such recipients are required to comply with the Privacy Act, 5 U.S.C.
552a, as amended.
(5) To a Federal, State, local, tribal, territorial, foreign, or
international agency, where such agency has requested information
relevant or necessary for the hiring or retention of an individual, or
the issuance of a security clearance, license, endorsement, contract,
grant, waiver, credential, or other benefit.
(6) To a Federal, State, local, tribal, territorial, foreign, or
international agency, if necessary to obtain information relevant to a
TSA decision concerning the hiring or retention of an employee, the
issuance of a security clearance, license, endorsement, contract,
grant, waiver, credential, or other benefit.
(7) To international and foreign governmental authorities in
accordance with law and formal or informal international agreement.
(8) To third parties during the course of a security threat
assessment, employment investigation, or adjudication of a waiver or
appeal request, to the extent necessary to obtain information pertinent
to the assessment, investigation, or adjudication.
(9) To airport operators, indirect air carriers, aircraft
operators, flight school operators, and maritime and land
transportation operators or contractors about individuals who are their
employees, job applicants, or contractors, or persons to whom they
issue identification credentials or grant clearances to secured areas
in transportation facilities, or provide flight training, when relevant
to such employment, application, contract, or the issuance of such
credentials, clearances, or acceptance for flight training.
(10) To a Federal, State, local, tribal, territorial, foreign, or
international agency so that TSA may obtain information to conduct
security threat assessments or employment investigations and to
facilitate any associated payment and accounting.
(11) To the Department of Justice (DOJ) or other Federal agency in
the review, settlement, defense, and prosecution of claims, complaints,
and lawsuits involving matters over which TSA exercises jurisdiction or
when conducting litigation or in proceedings before any court,
adjudicative or administrative body, when: (a) TSA, or (b) any employee
of TSA in his/her official capacity, or (c) any employee of TSA in his/
her individual capacity where DOJ or TSA has agreed to represent the
employee, or (d) the United States or any agency thereof, is a party to
the litigation or has an interest in such litigation, and TSA
determines that the records are both relevant and necessary to the
litigation and the use of such records is compatible with the purpose
for which TSA collected the records.
(12) To a congressional office from the record of an individual in
response to an inquiry from that congressional office made at the
request of the individual.
(13) To the National Archives and Records Administration or other
appropriate Federal agency pursuant to records management inspections
being conducted under the authority of 44 U.S.C. 2904 and 2906.
Disclosure to consumer reporting agencies:
None.
Policies and practices for storing, retrieving, accessing, retaining,
and disposing of records in the system:
Storage:
In electronic storage media and hard copy.
[[Page 57351]]
Retrievability:
Information can be retrieved by name, social security number,
identifying number of the submitting or sponsoring entity, other case
number assigned by TSA or other entity/agency, biometric, or a unique
identification number or any other identifying particular assigned or
belonging to the individual.
Safeguards:
All records are protected from unauthorized access through
appropriate administrative, physical, and technical safeguards. These
safeguards include some or all of the following: restricting access to
those authorized with a need-to-know; using locks, alarm devices, and
passwords; compartmentalizing databases; auditing software; and
encrypting data communications.
Retention and disposal:
National Archives and Records Administration approval is pending
for the records in this system.
System manager(s) and address:
Assistant Director for Compliance, Credentialing Program Office,
TSA-19, 601 S. 12th Street, Arlington, VA 22202-4220.
Notification procedure:
To determine whether this system contains records relating to you,
write to the System Manager identified above.
Record access procedure:
Same as ``Notification Procedure'' above. Provide your full name
and a description of information that you seek, including the time
frame during which the record(s) may have been generated. Individuals
requesting access must comply with the Department of Homeland Security
Privacy Act regulations on verification of identity (6 CFR 5.21(d)).
Contesting record procedure:
Same as ``Notification Procedure'' and ``Record Access Procedure''
above.
Record source categories:
Information is collected from individuals subject to a security
threat assessment or employment investigation; from aviation, maritime,
and land transportation operators, flight schools, or other persons
sponsoring the individual; and any other persons, including commercial
entities, that may have information that is relevant or necessary to
the assessment or investigation. Information about individuals is also
used or collected from domestic and international intelligence sources
and other governmental, private, and public databases. The sources of
information in the criminal history records obtained from the FBI are
set forth in the Privacy Act system of records notice ``JUSTICE/FBI-
009.''
Exemptions claimed for the system:
Portions of this system are exempt under 5 U.S.C. 552a(k)(1) and
(k)(2).
DHS/TSA 012
System name:
Transportation Worker Identification Credentialing (TWIC) System.
Security classification:
Unclassified.
System locations:
Records will be maintained in a secure, centralized location for
selected transportation facilities within three geographic regions:
Delaware River and Bay, Los Angeles/Long Beach, California, and the
State of Florida. Locations within the Los Angeles/Long Beach region
include Carson, CA; Terminal Island, CA; Oakland, CA; San Pedro, CA;
Long Beach, CA; and Los Angeles, CA. Locations within the Delaware
River and Bay area include Philadelphia, PA; Islip, NY; Camden, NJ; and
Wilmington, DE. Locations within Florida include Pensacola, Panama
City, St. Joe, Amelia Island, Jacksonville, Tampa, St. Petersburg,
Palmetto, Cape Canaveral, Ft. Pierce, Riviera Beach, Fort Lauderdale,
Miami, and Key West.
Categories of individuals covered by the system:
Transportation workers and individuals, and/or authorized visitors,
participating in the Prototype Phase of the Transportation Worker
Identification Credential (TWIC) Program who are authorized unescorted
entry to secure transportation areas.
Categories of records in the system:
This system will contain a minimum amount of information during the
TWIC Prototype Phase and may include: (1) Individual's name; (2) other
demographic data to include: address, phone number, social security
number, date of birth, and place of birth; (3) administrative
identification codes and unique card serial number; (4) systems
identification codes; (5) company/organization or affiliation; (6)
issue date; (7) biometric data and digital photograph; (8) access level
information; (9) copies of documents that verify address and identity,
such as birth certificates, government photo identification, drivers
licenses and the like, and (10) expiration date.
Authority for maintenance of the system:
49 U.S.C. 114; 49 U.S.C. 44903(g); 46 U.S.C. 70105.
Purpose(s):
In cooperation with transportation facility operators, the records
are maintained to evaluate and test certain technologies and business
processes in the Prototype Phase of TSA's pilot project to develop a
TWIC to improve identity management and access control for
transportation workers requiring unescorted access to secure areas of
transportation facilities. Additionally, TSA will use certain data
elements to support the development and operation of site specific
security plans at local transportation facilities. This system is not
intended to cover security threat assessments that will be conducted on
individuals who seek to obtain a TWIC. Records pertaining to security
threat assessments conducted on volunteers of this pilot are maintained
in DHS/TSA 002, the Transportation Security Threat Assessment System
(T-STAS).
Routine uses of records maintained in the system, including categories
of users and the purposes of such uses:
(1) To the appropriate Federal, State, local, tribal, territorial,
foreign, or international agency responsible for investigating,
prosecuting, enforcing, or implementing a statute, rule, regulation, or
order, where TSA becomes aware of an indication of a violation or
potential violation of civil or criminal law or regulation.
(2) To a Federal, State, local, tribal, territorial, foreign, or
international agency, where such agency has requested information
relevant or necessary for the hiring or retention of an individual as
an employee or a contractor, or the issuance of a security clearance or
license.
(3) To a Federal, State, local, tribal, territorial, foreign, or
international agency, if necessary to obtain information relevant to a
TSA decision concerning the hiring or retention of an employee, the
issuance of a security clearance, license, contract, grant, or other
benefit.
(4) To a congressional office from the record of an individual in
response to an inquiry from that congressional office made at the
request of the individual.
(5) To international and foreign governmental authorities in
accordance with law and formal or informal international agreement.
(6) To the Department of Justice (DOJ) or other Federal agency in
the review, settlement, defense, and prosecution of claims, complaints,
and lawsuits involving matters over which TSA
[[Page 57352]]
exercises jurisdiction or when conducting litigation or in proceedings
before any court, adjudicative or administrative body, when: (a) TSA,
or (b) any employee of TSA in his/her official capacity, or (c) any
employee of TSA in his/her individual capacity where DOJ or TSA has
agreed to represent the employee, or (d) the United States or any
agency thereof, is a party to the litigation or has an interest in such
litigation, and TSA determines that the records are both relevant and
necessary to the litigation and the use of such records is compatible
with the purpose for which TSA collected the records.
(7) To the National Archives and Records Administration or other
appropriate Federal agency pursuant to records management inspections
being conducted under the authority of 44 U.S.C. 2904 and 2906.
(8) To the United States Department of Transportation, its
operating administrations, or the appropriate state or local agency
when relevant or necessary to: (a) Ensure safety and security in any
mode of transportation; (b) enforce safety- and security-related
regulations and requirements; (c) assess and distribute intelligence or
law enforcement information related to transportation security; (d)
assess and respond to threats to transportation; (e) oversee the
implementation and ensure the adequacy of security measures at airports
and other transportation facilities; (f) plan and coordinate any
actions or activities that may affect transportation safety and
security or the operations of transportation operators; or (g) the
issuance, maintenance, or renewal of a license, certificate, contract,
grant, or other benefit.
(9) To TSA contractors, agents, grantees, experts, consultants, or
other like persons when necessary to perform a function or service
related to this system of records for which they have been engaged.
Such recipients are required to comply with the Privacy Act, 5 U.S.C.
552a, as amended.
(10) To third parties during the course of an investigation into
violations or potential violations of transportation security laws to
the extent necessary to obtain information pertinent to the
investigation.
(11) To airport operators, aircraft operators, and maritime and
land transportation operators and contractors about individuals who are
their employees, job applicants, or contractors, or persons to whom
they issue identification credentials or grant clearances or access to
secured areas in transportation facilities when relevant to such
employment, application, contract, the issuance of such credentials or
clearances, or access to such secure areas.
(12) To the appropriate Federal, State, local, tribal, territorial,
foreign, or international agency regarding individuals who pose or are
suspected of posing a risk to transportation or national security.
Policies and practices for storing, retrieving, accessing, retaining,
and disposing of records in the system:
Storage:
Paper, bar code, magnetic stripe, optical memory, disk, integrated
circuit chip (ICC), and electronic media.
Retrievability:
Data records contained within bar codes, magnetic stripe, optical
memory stripe, disk, ICC, and/or electronic media may be retrieved by
the individuals' name, unique card number, or organization; paper
records, where applicable, are retrieved alphabetically by name.
Safeguards:
Unauthorized personnel are denied physical access to the location
where records are stored. For computerized records, safeguards
established in accordance with generally acceptable information
security guidelines via use of security codes, passwords, Personal
Identification Numbers (PINs), etc. Data security and integrity
safeguards will be observed during data transmission to the database
using strong encryption and digital signing methodologies.
Retention and disposal:
Record disposition authority for these records is pending at the
National Archives and Records Administration.
System manager(s) and address:
Assistant Director for Compliance, Credentialing Program Office,
TSA Headquarters, TSA-19, 601 S. 12th Street, Arlington, VA 22202-4220.
Notification procedure:
To determine if this system contains a record relating to you,
write to the system manager at the address indicated above and provide
your full name, current address, date of birth, place of birth, and a
description of information that you seek, including the time frame
during which the record(s) may have been generated. You may also
provide your Social Security Number or other unique identifier(s) but
you are not required to do so. Individuals requesting access must
comply with the Department of Homeland Security's Privacy Act
regulations on verification of identity (6 CFR 5.21(d)).
Record access procedure:
Same as ``notification procedure,'' above.
Contesting record procedure:
Same as ``notification procedure,'' above.
Record source categories:
TSA obtains information in this system from the individuals who are
covered by the system, their employers, or their transportation
facility.
Exemptions claimed for the system:
None.
Issued in Arlington, Virginia, on September 20, 2004.
Susan T. Tracey,
Chief Administrative Officer.
[FR Doc. 04-21481 Filed 9-23-04; 8:45 am]
BILLING CODE 4910-62-P