Privacy Act of 1974; System of Records

AGENCY:

United States Coast Guard, Department of Homeland Security.

ACTION:

Notice of Privacy Act system of records.

SUMMARY:

The United States Coast Guard in the Department of Homeland Security is creating a new system of records for the secure collection of information from and about individuals and entities subject to the requirements of the Maritime Transportation Security Act of 2002.

DATES:

The new system of records will be effective May 30, 2006, unless comments are received that result in a contrary determination.

ADDRESSES:

You may submit comments identified by docket number USCG-2006-24540 to the Docket Management Facility at the U.S. Department of Transportation. To avoid duplication, please use only one of the following methods:

(1) Web site: http://dms.dot.gov .

(2) Mail: Docket Management Facility, U.S. Department of Transportation, Room Plaza 401, 400 Seventh Street, SW., Washington, DC 20590-0001.

(3) Fax: 202-493-2251 (not toll-free).

(4) Delivery: Room PL-401 on the Plaza level of the Nassif Building, 400 Seventh Street, SW., Washington, DC, between 9 a.m. and 5 p.m., Monday through Friday, except Federal holidays. The telephone number is 202-366-9329.

(5) Federal eRulemaking Portal: http://www.regulations.gov .

FOR FURTHER INFORMATION CONTACT:

Mr. Donald Taylor, U.S. Coast Guard Privacy Officer. Address: Commandant (CG-611), U.S. Coast Guard, 2100 2nd Street, SW., Washington, DC 20593-0001. Telephone number is 202-475-3519.

SUPPLEMENTARY INFORMATION:

The Maritime Transportation Security Act (MTSA) of 2002 establishes a comprehensive national system of transportation security enhancements to protect America's maritime community against the threat of terrorism without adversely affecting the flow of commerce through United States ports. The United States Coast Guard (USCG) is the lead Federal agency for maritime homeland security and has significant enforcement responsibilities under the MTSA. Among other responsibilities under the MTSA, the Coast Guard requires that maritime security plans be developed for ports, vessels and facilities, and that those with access to maritime facilities have credentials demonstrating their eligibility for such access.

Homeport, a new system of records under the Privacy Act of 1974, will facilitate implementation of these requirements. Representatives of the maritime industry, members of Area Maritime Security Committees, which are required under the MTSA, other entities regulated by the MTSA, and USCG and other officials will be able to register and use Homeport for secure information dissemination and collaboration. In this aspect regulated entities will be able to use Homeport for electronic submission and approval of required security plans and the Coast Guard will be able to verify compliance with security requirements. Homeport will also be used to collect information from and about individuals for whom background screening will be conducted for purposes of establishing USCG-approved identification credentials for access to maritime facilities, and to inform owners and operators of those maritime facilities of the names of persons who have passed the background screening. Homeport also has the capability to be used as a communications tool in the event of a natural disaster or other emergency to facilitate secure communications.

The Privacy Act embodies fair information principles in a statutory framework governing the means by which the United States Government collects, maintains, uses, and disseminates personally identifiable information. The Privacy Act applies to information that is maintained in a “system of records.” A “system of records” is a group of any records under the control of an agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual. Information in Homeport about registered users and those subject to screening for purposes of credentialing will be maintained in a system of records.

The Privacy Act requires each agency to published in the Federal Register a description denoting the type and character of each system of records that the agency maintains, and the routine uses that are contained in each system to make agency recordkeeping practices transparent, to notify individuals regarding the uses to which personally identifiable information is put, and to assist the individual to more easily find such files within the agency. Individuals may request their own records that are maintained in a system of records in the possession or under the control of DHS by complying with DHS Privacy Act regulations (6 CFR 5.21).

USCG is hereby publishing the description of the Homeport system of records. In accordance with 5 U.S.C. 552a(r), a report of this new system of records has been provided to the Office of Management and Budget (OMB) and to the Congress.

DHS/CG 060

System name:

Homeport

Security classification:

Unclassified, Sensitive.

System location:

The system is located at the United States Coast Guard Operations Systems Center, 600 Coast Guard Drive, Kearneysville, WV 25430-3000.

Categories of individuals covered by the system of records:

This system of records covers individuals including, but not limited to, representatives of the maritime industry, members of Area Maritime Security Committees, entities regulated under the maritime Transportation Security Act, and government officials. These persons may complete on-line forms and/or request an account to provide the information requested or required by the Coast Guard, access/view sensitive but unclassified information, and participate in collaboration communities. This system will also cover individuals for whom background screening will be conducted for the purpose of establishing Coast Guard-approved identification credentials for access to certain regulated facilities. These individuals include, but are not limited to, facility operators, their employees, and non-employees who require regular access privileges to such regulated facilities.

Categories of records in the system:

To participate in the Homeport portal for information dissemination and collection, the following personal information may be included in this record system: Full Name, Company or Organization name, Address, City, State, Zip, Country, Work Phone, Mobile Phone, 24 Hour Contact Phone, Fax, Pager, E-mail Address, Alternate E-mail Address, Referral Name/Phone/E-mail Address, Date of Birth, height, weight, and other personal characteristics, if applicable.

For Coast Guard members (active duty and civilian personnel), these fields are pre-populated using data from Direct Access, the Coast Guard's enterprise human resource system. The following information is being captured from Direct Access: Employee ID, Billet Control Number (BCN), Grade Level, and Position Number.

For purposes of issuing identification credentials for facilities access, the following personal information will be included: Full Name, Date of Birth, Social Security (optional) Number, and Alien identification number (if applicable).

Authority for maintenance of the system:

50 U.S.C. 191; 46 U.S.C. 3717; 46 U.S.C. 12501; 44 U.S.C. 35 (1) 3507; 33 U.S.C. 1223; 14 U.S.C. 2; 33 CFR part 125

Purpose(s):

Homeport is an enterprise tool that will facilitate compliance with the requirements set forth in the Maritime Transportation Security Act (MTSA) of 2002, by providing secure information dissemination, advanced collaboration, electronic submission and approval for vessel/facility security plans, and complex electronic and telecommunication notification capabilities. The collection of personally identifiable information concerning those with access to Homeport will allow the Coast Guard to validate the suitablility, identity and eligibility of those who request permission and/or have access to the system. In addition, the system helps ensure national security by collecting information required to verify maritime workers' identities and facilitating the validation of maritime workers' background information. The system will also assist transportation facilities in managing their security risks and accounting for access of authorized personnel to transportation facilities and activities.

The system can also be used to facilitate communications and therefore aid the Coast Guard's response to major incidents, such as maritime casualties and natural disasters.

Routine uses of records maintained in the system, including categories of users and the purposes of such uses:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed outside DHS as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

(A) Where a record, either on its face or in conjunction with other information, indicates a violation or potential violation of law—criminal, civil or regulatory—the relevant recoreds may be referred to an appropriate Federal, state, territorial, tribal, local, international, or foreign agency law enforcement authority or other appropriate agency charged with investigating or prosecuting such a violation or enforcing or implementing such law.

(B) To Federal intelligence community agencies and other agencies to further the mission of those agencies relating to persons who may pose a risk to homeland security.

(C) To a Federal, state, local, tribal, territorial, foreign, or international agency, in connection with the hiring or retention of an employee, the issuance of a security clearance, the reporting of an investigation of an employee, the letting of a contract, or the issuance of a license, grant, or other benefit by the requesting agency, to the extent that the information is relevant and necessary to either to the agency's or the Coast Guard's decision on the matter.

(D) To an organization or individual in either the public or private sector where there is a reason to believe that the recipient is or could become the target of a particular terrorist activity or conspriacy, to the extent the information is relevant to the protection of life or property.

(E) To an agency, organization, or individual for the purposes of performing authorized audit or oversight operations.

(F) To international and foreign governmental authorities, in accordance with law and formal or informal international agreement.

(G) To maritime facility personnel or other appropriate individuals when relevant to the individual's employment, application, contract, issuance of credentials or clearances, or access to maritime facilities.

(H) To the Department of Justice (DOJ) or other Federal agency in the review, settlement, defense, and prosecution of claims, complaints, and lawsuits involving matters over which the Coast Guard exercises jurisdiction; or when conducting litigation, or in proceedings, before any court, adjudicative or administrative body, when: (a) The Coast Guard; or (b) any employee of the Coast Guard in his/her official capacity; or (c) any employee of the Coast Guard in his/her individual capacity, where DOJ or the Coast Guard has agreed to represent the employee; or (d) the United States or any agency thereof, is a party to the litigation, or has an interest in such litigation, and the Coast Guard determines that the records are both relevant and necessary to the litigation and the use of such records is compatible with the purpose for which the Coast Guard collected the records.

(I) To contractors, grantees, experts, consultants, volunteers, or other like persons, when necessary to perform a function or service related to this system of records for which they have been engaged.

(J) To a congressional office from the record of an individual, in response to an inquiry from that congressional office made at the individual.

(K) To the National Archives and Records Administration, or other appropriate Federal agency, pursuant to records management inspections being conducted under the authority of 44 U.S.C. 2904 and 2906.

Disclosure to consumer reporting agencies:

None.

Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system.

Storage:

Records in this system are stored in electronic form in an automated data processing (ADP) database operated and maintained by the USCG. Backups are performed daily. Copies of backups are stored at an off-site location.

RETRIEVABILITY:

Information is retrieved from this system by First Name, Last Name, City, State, Captain of the Port Zone, Vessel Role, Facility Role, Committee Membership, Vessel Association, Case Identification Number, and Facility Association.

SAFEGUARDS:

Homeport falls under the guidelines of the USCG Operations System Center (OSC) in Kearneysville, WV. This computer facility has its own approved System Security Plan, which provides that the system will be maintained in a secure computer room with access restricted to authorized personnel only. Access to the building must be authorized and is limited. The U.S. Coast Guard will operate Homeport in consonance with Federal security regulations, policy, procedures, standards and guidance for implementing the Automated Information Systems Security Program. Only authorized Department of Homeland Security personnel, and authorized U.S. Government contractors conducting system maintenance, may access Homeport records.

Access to records is protected by the use of two-password security and the scope of access for each password is limited to the official need of each individual authorized access. USCG will ensure that users take precautions in accordance with OMB Circular A-130, Appendix III (regarding the Computer Security Act of 1987).

Retention and disposal:

USCG has a proposed record schedule pending with the National Archives and Records Administration (NARA). If approved, registration information collected by Homeport will be expunged from the system once an account is terminated. Data related to maritime personnel screening will be retained for two years. Response-associated information, such as personal data needed for search and rescue purposes, will be retained for 120 days following completion of response operations.

System Manager and address:

Department of Homeland Security, United States Coast Guard Headquarters, Chief, Office of Information Resources (G-PRI), 2100 2nd Street, SW., Washington, DC 20593-0001.

Notification procedures:

To determine if this system contains information on you, you may submit a written request that includes your name, mailing address, and, if applicable, your merchant mariner license or document number, to the System Manager. For ease of identification, you should also include the name and identifying number (documentation number, state registration number, International Maritime Organization (IMO) number, etc.) of any vessel with which you have been associated and the name and address of any facility (including platforms, bridges, deep water ports, marinas, terminals, and factories) with which you have been associated. You or your legal representative must sign the request. Send the request to the System Manager.

RECORDS ACCESS PROCEDURES:

Same as “Notification procedures” above.

Contesting record procedures:

Same as “Notification procedures” and “Records Access Procedures,” above.

Record source categories:

Information entered into Homeport is gathered from registering users, the general public if completing an on-line form during marine casualty incidents or natural disasters, individuals who are proposed to have access to maritime facilities, government agencies, and U.S. Coast Guard personnel.

Exemptions claimed for the system:

None.