Home Page


Immigration Daily

Archives

Processing times

Immigration forms

Discussion board

Resources

Blogs

Twitter feed

Immigrant Nation

Attorney2Attorney

CLE Workshops

Immigration books

Advertise on ILW

VIP Network

EB-5

移民日报

About ILW.COM

Connect to us

Make us Homepage

Questions/Comments


SUBSCRIBE





The leading
immigration law
publisher - over
50000 pages of
free information!
Copyright
1995-
ILW.COM,
American
Immigration LLC.

  • News: DHS Proposal of New System of Records for E-Authentication

    Federal Register, Volume 79 Issue 154 (Monday, August 11, 2014)
    [Federal Register Volume 79, Number 154 (Monday, August 11, 2014)]
    [Notices]
    [Pages 46857-46862]
    From the Federal Register Online via the Government Printing Office [www.gpo.gov]
    [FR Doc No: 2014-18703]
    
    
    -----------------------------------------------------------------------
    
    DEPARTMENT OF HOMELAND SECURITY
    
    Office of the Secretary
    
    [Docket No. DHS-2014-0039]
    
    
    Privacy Act of 1974; Department of Homeland Security/ALL-037 E-
    Authentication Records System of Records
    
    AGENCY: Privacy Office, Department of Homeland Security.
    
    ACTION: Notice of Privacy Act System of Records.
    
    -----------------------------------------------------------------------
    
    SUMMARY: In accordance with the Privacy Act of 1974, the Department of 
    Homeland Security proposes to establish a new system of records titled, 
    Department of Homeland Security/ALL-037 E-Authentication Records System 
    of Records. This system of records allows the Department of Homeland 
    Security to collect, maintain, and retrieve records about individuals, 
    including members of the public, who electronically authenticate their 
    identities. The information in this system of records includes data 
    collected by programs and applications for use when the Department of 
    Homeland Security or a
    
    [[Page 46858]]
    
    trusted third-party performs some or all of the functions required to 
    enroll, issue, and maintain a credential on DHS's behalf that can be 
    used by an individual to electronically authenticate his or her 
    identity to DHS systems.
        These programs and applications include: The Department of Homeland 
    Security's Homeland Security Information Network, which is a trusted 
    network for homeland security mission operations to share sensitive but 
    unclassified information used by federal, state, local, tribal, 
    territorial, international, and private sector homeland security 
    partners to manage operations, analyze data, and send alerts and 
    notices; the U.S. Citizenship and Immigration Services E-Verify Self 
    Check, which is a free service that allows individuals to learn about 
    their work authorization status information; and the U.S. Citizenship 
    and Immigration Services myE-Verify, which is a free service that 
    allows individuals to create an account and access additional features 
    beyond Self Check concerning the use of their personally identifiable 
    information in E-Verify and Self Check such as the ability to lock a 
    Social Security number to prevent its use in E-Verify and Self Check. 
    Additional Department programs or applications may also use third-party 
    authentication.
        In addition, the Department of Homeland Security also proposes to 
    consolidate the E-Verify Self Check System of Records (DHS/USCIS-013), 
    last published in the Federal Register on February 16, 2011 (76 FR 
    9604), into this newly established E-Authentication Records System of 
    Records. As a result of this consolidation, by this notice, DHS intends 
    to remove DHS/USCIS-013 from its inventory of systems of records. The 
    newly established system will be included in the Department of Homeland 
    Security's inventory of record systems.
    
    DATES: Written comments must be submitted on or before September 10, 
    2014.
    
    ADDRESSES: You may submit comments, identified by Docket Number DHS-
    2014-0039 by one of the following methods:
         Federal e-Rulemaking Portal: http://www.regulations.gov. 
    Follow the instructions for submitting comments.
         Fax: (202) 343-4010.
         Mail: Karen L. Neuman, Chief Privacy Officer, Privacy 
    Office, U.S. Department of Homeland Security, 245 Murray Drive SW., 
    Building 410, STOP-0655, Washington, DC 20528.
        Instructions: All submissions received must include the agency name 
    and docket number for this rulemaking. All comments received will be 
    posted without change to http://www.regulations.gov, including any 
    personal information provided.
        Docket: For access to the docket to read background documents or 
    comments received go to http://www.regulations.gov.
    
    FOR FURTHER INFORMATION CONTACT: For general and privacy related 
    questions please contact: Karen L. Neuman (202-343-1717), Chief Privacy 
    Officer, Privacy Office, U.S. Department of Homeland Security, 245 
    Murray Drive SW., Building 410, STOP-0655, Washington, DC 20528.
    
    SUPPLEMENTARY INFORMATION:
    
    I. Background
    
        In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the 
    Department of Homeland Security (DHS) proposes to establish a new DHS 
    system of records titled, ``DHS/ALL-037 E-Authentication Records System 
    of Records.'' The collection and maintenance of information within this 
    system of records assists DHS in enrolling, issuing, and maintaining 
    credentials (e.g., online accounts) for individuals seeking electronic 
    access to DHS programs, services, and applications, including when DHS 
    uses a trusted third-party identity service provider for these 
    activities. DHS may perform some or all credential management functions 
    (e.g., identity proofing, manage authentication tokens, authenticate 
    users) on its own, choose a single third-party to perform all 
    functions, or use multiple providers for each discrete function. This 
    system of records notice is agnostic as to how DHS applications or 
    systems using electronic authentication wish to engage with third-
    parties.
        DHS has many public-facing programs that provide online access to 
    its services at various levels of assurance, as described in the Office 
    of Management and Budget (OMB) E-Authentication Guidance for Federal 
    Agencies (M-04-04). OMB defines four levels of assurance (LOA), Levels 
    1 to 4, in terms of the consequences resultant from authentication 
    errors or misuse of credentials. Level 1 is the lowest assurance level, 
    and Level 4 is the highest. For example, an authentication error may 
    occur if an individual gains access to sensitive information he or she 
    is not entitled to access. Depending on the context and the sensitivity 
    of the information accessed, the consequences of such an authentication 
    error could pose significant harm to other individuals and/or to the 
    affected agency. As the consequences of an authentication error become 
    more serious, the required LOA increases.
        In order to facilitate access, information must be collected to 
    authenticate an individual's identity at the requisite level of 
    assurance for the purpose of obtaining a credential or electronically 
    authorizing access to a DHS program or application. These programs and 
    applications include: DHS's Homeland Security Information Network 
    (HSIN), which is a trusted network for homeland security mission 
    operations to share sensitive but unclassified information used by 
    federal, state, local, tribal, territorial, international, and private 
    sector homeland security partners to manage operations, analyze data, 
    and send alerts and notices; the U.S. Citizenship and Immigration 
    Services (USCIS) E-Verify Self Check, which is a free service that 
    allows individuals to learn about their work authorization status 
    information; and USCIS myE-Verify, which is a free service that allows 
    individuals to create an account and exercise limited control about the 
    use of their information in E-Verify Self Check. HSIN, E-Verify Self 
    Check, and myE-Verify use trusted third-party identity service 
    providers to perform credential management functions.
        Identity proofing is the process by which an identity service 
    provider collects and verifies information (e.g., name, date of birth, 
    Social Security number (SSN), address of residence) about a person for 
    the purpose of issuing credentials to that person. Third-party identity 
    service providers use a variety of verification techniques, including 
    knowledge-based authentication, to generate a quiz containing questions 
    that only the individual should be able to answer. When using the 
    knowledge-based authentication process the third-party identity 
    provider generates a quiz based on commercial identity verification 
    information collected by the third-parties from financial institutions, 
    public records, and other service providers. The information accessed 
    by the third-parties includes information such as the individual's 
    commercial transaction history, mortgage payments, addresses, or past 
    addresses. DHS does not have access to the commercial identity 
    verification information, the quiz questions asked of the individual, 
    or the responses provided thereto; therefore this commercial 
    information is not included in this system of records. Rather, DHS 
    receives assertions (e.g., pass/fail) and assertion references (e.g., 
    transaction ID, date/time of the transaction, and error codes) from the
    
    [[Page 46859]]
    
    identity service provider to facilitate troubleshooting and system 
    management. DHS maintains attributes (e.g., clearances, location, 
    biometrics, and group memberships) collected for identity proofing only 
    when necessary for the DHS program to manage the credential.
        DHS may request verified attributes about an individual from the 
    third-party depending on the program or application's requirements. For 
    any attribute DHS requests from the third-party, DHS will ask the user 
    if he or she wishes to share the requested information with DHS prior 
    to gaining access to the DHS online system or application. The user can 
    select to opt-in, meaning he or she will allow DHS access to his or her 
    attribute information from the third-party in order for him or her to 
    gain access to the DHS system. If the third-party cannot generate a 
    quiz, or if the individual cannot answer the questions provided, the 
    individual may not be able to access program or application.
        DHS may share attribute information with trusted third-party 
    identity service providers under contract with DHS or certified by the 
    Federal Identity Management Credential and Access Management (FICAM) 
    initiative for the purpose of authenticating an individual seeking a 
    credential with DHS. More information about FICAM is available at 
    www.idmanagment.gov. Attributes provided to the relying party are 
    limited to: (1) Making authorization decisions; (2) dynamically 
    provisioning accounts; and (3) performing audit logging. The 
    transaction may be included in the individual's credit record as a 
    ``soft inquiry'' that does not impact the individual's credit score 
    when the identity service provider is a credit bureau or uses a credit 
    bureau to conduct identity proofing. The ``soft inquiry'' is not 
    viewable by third parties. DHS may also share attribute information 
    with ``relying parties'' approved by the National Information Exchange 
    Federation (NIEF) Trust Framework Provider who provide federated access 
    to systems. More information about NIEF is available at https://nief.gfipm.net/.
        In accordance with the Privacy Act of 1974, DHS is giving notice 
    that it proposes to issue a new DHS system of records notice titled, 
    DHS/ALL-037 E-Authentication Records System of Records. In addition DHS 
    proposes to consolidate the E-Verify Self Check System of Records (DHS/
    USCIS-013) into this newly-established system of records. As a result 
    of this consolidation, by this notice, DHS intends to remove DHS/USCIS-
    013 from its inventory of systems of records. This newly established 
    system will be included in DHS's inventory of record systems.
    
    II. Privacy Act
    
        The Privacy Act embodies fair information principles in a statutory 
    framework governing the means by which the federal government agencies 
    collect, maintain, use, and disseminate individuals' records. The 
    Privacy Act applies to information that is maintained in a ``system of 
    records.'' A ``system of records'' is a group of any records under the 
    control of an agency from which information is retrieved by the name of 
    an individual or by some identifying number, symbol, or other 
    identifying particular assigned to the individual. In the Privacy Act, 
    an individual is defined to encompass United States citizens and lawful 
    permanent residents. As a matter of policy, DHS extends administrative 
    Privacy Act protections to all individuals when systems of records 
    maintain information on U.S. citizens, lawful permanent residents, and 
    visitors. Individuals may request access to their own records that are 
    maintained in a system of records in the possession or under the 
    control of DHS by complying with DHS Privacy Act regulations, 6 CFR 
    part 5.
        The Privacy Act requires each agency to publish in the Federal 
    Register a description denoting the type and character of each system 
    of records that the agency maintains, and the routine uses that are 
    contained in each system in order to make agency record keeping 
    practices transparent, to notify individuals regarding the uses to 
    which their records are put, and to assist individuals to more easily 
    find such files within the agency. Below is the description of DHS/ALL-
    037 E-Authentication Records System of Records.
        In accordance with 5 U.S.C. 552a(r), DHS has provided a report of 
    this system of records to the Office of Management and Budget and to 
    Congress.
    System of Records:
        Department of Homeland Security (DHS)/ALL-037.
    
    System name:
        DHS/ALL-037 E-Authentication Records System of Records.
    
    Security classification:
        Sensitive but unclassified.
    
    System location:
        Records are maintained at several Headquarters locations and in 
    component offices of DHS, in both Washington, DC, and field locations 
    or by a third-party identity service provider. Records related to 
    identity proofing required for levels of assurance (LOA) 2 and above 
    are also maintained by the third-party identity service provider in 
    accordance with retention requirements identified in the National 
    Institute of Standards and Technology (NIST) Special Publication 800-63 
    Electronic Authentication Guideline for the applicable LOA.
    
    Categories of individuals covered by the system:
        Categories of individuals in this system of records include members 
    of the public, external stakeholders, and federal employees or 
    contractors seeking electronic access to DHS programs and applications. 
    This includes anyone attempting to authenticate his or her identity for 
    the purpose of obtaining a credential to access a DHS program or 
    application electronically, including when the program or application 
    uses a third-party identity service provider to perform some or all 
    credential management functions (e.g., prove identity, manage 
    authentication tokens, authenticate users).
    
    Categories of records in the system:
         Attributes DHS or a third-party identity service provider 
    collects necessary to perform identity proofing at the required level 
    of assurance. Attributes are only retained in this system of records if 
    it is necessary for the program to manage the credential. Examples of 
    attributes collected for identity proofing information include:
        [cir] Name (last, first, middle, and maiden);
        [cir] Date of birth;
        [cir] Place of birth;
        [cir] Financial or utility account number;
        [cir] Address of residence;
        [cir] Social Security number (SSN)--full or partial (may be 
    optional depending on the application);
        [cir] Telephone number--(may be optional depending on the 
    application); and
        [cir] Country of Citizenship.
         Assertions and assertion references from a third-party 
    identity service provider such as:
        [cir] Transaction ID;
        [cir] Pass/fail indicator;
        [cir] Date/time of the transaction;
        [cir] Codes associated with the transaction;
         Information DHS or third-parties collect necessary to 
    register, issue, and maintain the credential (e.g., to administer 
    multi-factor authentication)
    
    [[Page 46860]]
    
    including verified attributes the identity service provider maintains 
    or passes to DHS after a user successfully passes identity proofing 
    such as:
        [cir] Name;
        [cir] Email addresses;
        [cir] User ID;
        [cir] Passwords;
        [cir] Phone numbers (primary, alternate, mobile, home, work, 
    landline);
        [cir] Two-factor authentication preference (SMS text message, 
    email, phone number for interactive voice response);
        [cir] Self-generated security questions and answers;
        [cir] Level of access;
         Credential registration information DHS collects manually 
    that is necessary to perform manual identity verification in cases in 
    which an individual cannot electronically prove his or her identity. 
    Note that some identity proofing information (e.g., copies of 
    government-issued photo identification) is retained in this system of 
    records only if it is necessary for DHS to manage the credential.
         Other program-specific attribute information DHS or the 
    identity service provider collects directly on behalf of DHS may 
    include:
        [cir] Citizenship;
        [cir] Accepted Terms of Service (Y/N);
        [cir] Employment information such as job title, job role, 
    organization;
        [cir] Business and affiliations;
        [cir] Faculty positions held;
        [cir] Home addresses;
        [cir] Business addresses;
        [cir] Justification/nomination for access to DHS computers, 
    networks, or systems;
        [cir] Supervisor/nominator's name, job title, organization, phone 
    numbers, email address;
        [cir] Verification of training requirements or other prerequisite 
    requirements for access to DHS computers, networks, or systems;
        [cir] Government-issued identity document type and expiration date;
         Records on access to DHS computers, networks, online 
    programs, and applications including user ID and passwords;
        [cir] Registration numbers or IDs associated with DHS Information 
    Technology (IT) resources;
        [cir] Date and time of access;
        [cir] Logs of activity interacting with DHS IT resources;
        [cir] Internet Protocol (IP) address of access;
        [cir] Logs of internet activity; and
        [cir] Records on the authentication of the access request, names, 
    phone numbers of other contacts, and positions or business/
    organizational affiliations and titles of individuals who can verify 
    that the individual seeking access has a need to access the system, as 
    well as other contact information provided to the Department or that is 
    derived from other sources to facilitate authorized access to DHS IT 
    resources.
    
    Authority for maintenance of the system:
        44 U.S.C. 3101; EO 9397 (SSN), as amended by EO 13487; 44 U.S.C. 
    3534; Illegal Immigration Reform and Immigrant Responsibility Act of 
    1996 (IIRIRA), Public Law (Pub. L.) 104-208, September 30, 1996, Note 
    Section 404. Additional programmatic authorities may apply to 
    maintenance of the credential.
    
    Purpose(s):
        This system collects information in order to authenticate an 
    individual's identity for the purpose of obtaining a credential to 
    electronically access a DHS program or application. This system 
    includes DHS programs or applications that use a third-party identity 
    service provider to provide any of the following credential services: 
    Registration, including identity proofing, issuance, authentication, 
    authorization, and maintenance. This system collects information that 
    allows DHS to track the use of programs and applications for system 
    maintenance and troubleshooting. The system also enables DHS to allow 
    an individual to reuse a credential received when applicable and 
    available.
    
    Routine uses of records maintained in the system, including categories 
    of users and the purposes of such uses:
        In addition to those disclosures generally permitted under 5 U.S.C. 
    Sec.  552a(b) of the Privacy Act, all or a portion of the records or 
    information contained in this system may be disclosed outside DHS as a 
    routine use pursuant to 5 U.S.C. Sec.  552a(b)(3), as follows:
        A. To the Department of Justice (DOJ), including Offices of the 
    U.S. Attorneys, or other federal agency conducting litigation or in 
    proceedings before any court, adjudicative, or administrative body, 
    when it is relevant or necessary to the litigation and one of the 
    following is a party to the litigation or has an interest in such 
    litigation:
        1. DHS or any component thereof;
        2. Any employee or former employee of DHS in his/her official 
    capacity;
        3. Any employee or former employee of DHS in his/her individual 
    capacity when DOJ or DHS has agreed to represent the employee; or
        4. The U.S. or any agency thereof.
        B. To a congressional office from the record of an individual in 
    response to an inquiry from that congressional office made at the 
    request of the individual to whom the record pertains.
        C. To the National Archives and Records Administration (NARA) or 
    General Services Administration pursuant to records management 
    inspections being conducted under the authority of 44 U.S.C. 2904 and 
    2906.
        D. To an agency or organization for the purpose of performing audit 
    or oversight operations as authorized by law, but only such information 
    as is necessary and relevant to such audit or oversight function.
        E. To appropriate agencies, entities, and persons when:
        1. DHS suspects or has confirmed that the security or 
    confidentiality of information in the system of records has been 
    compromised;
        2. DHS has determined that as a result of the suspected or 
    confirmed compromise, there is a risk of identity theft or fraud, harm 
    to economic or property interests, harm to an individual, or harm to 
    the security or integrity of this system or other systems or programs 
    (whether maintained by DHS or another agency or entity) that rely upon 
    the compromised information; and
        3. The disclosure made to such agencies, entities, and persons is 
    reasonably necessary to assist in connection with DHS's efforts to 
    respond to the suspected or confirmed compromise and prevent, minimize, 
    or remedy such harm.
        F. To contractors and their agents, grantees, experts, consultants, 
    and others performing or working on a contract, service, grant, 
    cooperative agreement, or other assignment for DHS, when necessary to 
    accomplish an agency function related to this system of records. 
    Individuals provided information under this routine use, are subject to 
    the same Privacy Act requirements and limitations on disclosure as are 
    applicable to DHS officers and employees.
        G. To an appropriate federal, state, tribal, local, international, 
    or foreign law enforcement agency or other appropriate authority 
    charged with investigating or prosecuting a violation or enforcing or 
    implementing a law, rule, regulation, or order, when a record, either 
    on its face or in conjunction with other information, indicates a 
    violation or potential violation of law, which includes criminal, 
    civil, or regulatory violations and such disclosure is proper and 
    consistent with the official duties of the person making the 
    disclosure.
        H. To sponsors, employers, contractors, facility operators, 
    grantees, experts, and consultants in connection
    
    [[Page 46861]]
    
    with establishing, maintaining, or managing an access account for an 
    individual or maintaining appropriate points of contact.
        I. To relying parties approved by the National Information Exchange 
    Federation (NIEF) Trust Framework Provider for the purpose of providing 
    federated access to systems when the user has been provided with 
    appropriate notice and the opportunity to consent. Attributes provided 
    to the relying party are limited to: (1) making authorization 
    decisions; (2) dynamically provisioning accounts; and (3) performing 
    audit logging.
        J. To international, federal, state and local, tribal, private and/
    or corporate entities for the purpose of the regular exchange of 
    business contact information in order to facilitate collaboration for 
    official business.
        K. To a trusted third-party identity service provider under 
    contract with DHS or certified by the Federal Identity Management 
    Credential and Access Management initiative for the purpose of 
    authenticating an individual seeking a credential with DHS. The 
    information may be included in the individual's credit record as a 
    ``soft inquiry'' that does not impact the individual's credit score 
    when the identity service provider is a credit bureau or uses a credit 
    bureau to conduct identity proofing. The ``soft inquiry'' is not 
    viewable by third parties.
        L. To the news media and the public, with the approval of the Chief 
    Privacy Officer in consultation with counsel, when there exists a 
    legitimate public interest in the disclosure of the information, when 
    disclosure is necessary to preserve confidence in the integrity of DHS, 
    or when disclosure is necessary to demonstrate the accountability of 
    DHS's officers, employees, or individuals covered by the system, except 
    to the extent the Chief Privacy Officer determines that release of the 
    specific information in the context of a particular case would 
    constitute an unwarranted invasion of personal privacy.
    
    Disclosure to consumer reporting agencies:
        None.
    
    Policies and practices for storing, retrieving, accessing, retaining, 
    and disposing of records in the system:
    Storage:
        Records in this system are on paper or in digital or other 
    electronic form. Digital and other electronic images are stored on a 
    storage area network in a secured environment. Records, whether paper 
    or electronic, are stored at the DHS Headquarters, at the component 
    level, or at the third-party identity service provider's physical or 
    cloud location.
    
    Retrievability:
        Information is retrieved, sorted, or searched by an identification 
    number assigned by computer, by SSN (if maintained by the program), by 
    facility, by business affiliation, by email address, or by the name of 
    the individual, or other data fields previously identified in this 
    SORN. Note that when DHS uses a third-party identity service provider 
    for identity proofing, data elements collected by the third party on 
    DHS's behalf are not retained by DHS unless specifically required by 
    the program or application.
    
    Safeguards:
        Information in this system is safeguarded in accordance with 
    applicable laws, rules and policies, including the DHS IT Security 
    Program Handbook and DHS Information Security Program Policy and 
    Handbook. DHS uses trusted identity service providers including those 
    certified through the Trust Framework Adoption Process by Federal 
    Identity Credential and Access Management (FICAM). The DHS/ALL-037 E-
    Authentication Records system of records security protocols also meet 
    multiple NIST Security Standards from Authentication to Certification 
    and Accreditation.
        Records in the DHS/ALL-037 E-Authentication Records system of 
    records will be maintained in a secure, password-protected, electronic 
    system that uses security hardware and software including: Multiple 
    firewalls, active intruder detection, and role-based access controls. 
    Additional safeguards vary by component and program. All records are 
    protected from unauthorized access through appropriate administrative, 
    physical, and technical safeguards. These safeguards include 
    restricting access to authorized personnel who have a ``need to know,'' 
    using locks and password protection identification features. Classified 
    information is appropriately stored in accordance with applicable 
    requirements. DHS file areas are locked after normal duty hours and the 
    facilities are protected from the outside by security personnel.
    
    Retention and disposal:
        Records are securely retained and disposed of in accordance with 
    the NARA's General Records Schedule (GRS) 24, section 6, ``User 
    Identification, Profiles, Authorizations, and Password Files.'' 
    Inactive records are destroyed or deleted six years after the user 
    account is terminated or password is altered, or when no longer needed 
    for investigative or security purposes, whichever is later.
        In addition, in accordance with NIST SP-800-63-2, a record of the 
    registration, history, and status of each token and credential 
    (including revocation) is maintained by the credential service provider 
    (CSP) or its representative. The record retention period of data for 
    Level 2 and 3 credentials is seven years and six months beyond the 
    expiration or revocation (whichever is later). The minimum record 
    retention period for Level 4 credential data is ten years and six 
    months beyond the expiration or revocations of the credential.
    
    System Manager and address:
        The System Manager is the Chief Information Officer (CIO), 
    Department of Homeland Security, Washington, DC 20528.
    
    Notification procedure:
        Individuals seeking notification of and access to any record 
    contained in this system of records, or seeking to contest its content, 
    may submit a request in writing to the Headquarters or component's FOIA 
    Officer, whose contact information can be found at http://www.dhs.gov/foia under ``contacts.'' If an individual believes more than one 
    component maintains Privacy Act records concerning him or her, the 
    individual may submit the request to the Chief Privacy Officer and 
    Chief Freedom of Information Act Officer, Privacy Office, Department of 
    Homeland Security, 245 Murray Drive SW., Building 410, STOP-0655, 
    Washington, DC 20528.
        When seeking records about yourself from this system of records or 
    any other Departmental system of records, your request must conform 
    with the Privacy Act regulations set forth in 6 CFR Part 5. You must 
    first verify your identity, meaning that you must provide your full 
    name, current address and date and place of birth. You must sign your 
    request, and your signature must either be notarized or submitted under 
    28 U.S.C. 1746, a law that permits statements to be made under penalty 
    of perjury as a substitute for notarization. While no specific form is 
    required, you may obtain forms for this purpose from the Chief Privacy 
    Officer and Chief Freedom of Information Act Officer, http://www.dhs.gov or 1-866-431-0486. In addition you should:
         Explain why you believe the Department would have 
    information on you;
    
    [[Page 46862]]
    
         Identify which component(s) of the Department you believe 
    may have the information about you;
         Specify when you believe the records would have been 
    created; and
         Provide any other information that will help the FOIA 
    staff determine which DHS component agency may have responsive records.
        If your request is seeking records pertaining to another living 
    individual, you must include a statement from that individual 
    certifying his/her agreement for you to access his/her records.
        Without the above information the component(s) may not be able to 
    conduct an effective search, and your request may be denied due to lack 
    of specificity or lack of compliance with applicable regulations.
    
    Record access procedures:
        See ``Notification procedure'' above.
    
    Contesting record procedures:
        See ``Notification procedure'' above.
    
    Record source categories:
        Information contained in this system is obtained from affected 
    individuals, organizations, facilities, trusted third-party identity 
    service providers (which may use commercial identity verification 
    information not accessed or maintained by DHS to perform knowledge-
    based authentication), public source data, other government agencies, 
    or information already in other DHS records systems.
    
    Exemptions claimed for the system:
        None.
    
        Dated: July 31, 2014.
    Karen L. Neuman,
    Chief Privacy Officer, Department of Homeland Security.
    [FR Doc. 2014-18703 Filed 8-8-14; 8:45 am]
    BILLING CODE 9110-9B-P
    
    
    
Put Free Immigration Law Headlines On Your Website

Immigration Daily: the news source for legal professionals. Free! Join 35000+ readers Enter your email address here: