igforum.bio / public-comments-august-2008-border-crossing-information-system-of-records-notice-dhs-2007-0040-world-privacy-forum - 144662
C
% Public Comments August 2008 &#8211 Border Crossing Information System of Records Notice DHS-2007-0040 World Privacy Forum Skip to Content Javascript must be enabled for the correct page display Home Connect With Us: twitter Vimeo email Main Navigation Hot Topics <h1>Public Comments August 2008 &#8211 Border Crossing Information System of Records Notice DHS-2007-0040</h1> &nbsp; <h3>Background </h3> The World Privacy Forum filed comments regarding DHS&#8217;s proposed Border Crossing Information system of records, finding that many of the Routine Uses proposed for the system were impermissible and illegal under the Privacy Act of 1974. The comments focus on the Routine Uses, rather than the system itself. <h4>Download the comments PDF </h4> <h4>or Read comments below</h4> &#8212;&#8211; <h3>Comments of the World Privacy Forum regarding docket number DHS- 2007-0040 Border Crossing Information</h3> <h3>to</h3> <h3>Department of Homeland Security Office of the Secretary</h3> Via fax and federal e-rulemaking portal www.regulations.gov Hugo Teufel III, Chief Privacy Officer,<br /> Privacy Office,<br /> Department of Homeland Security,<br /> Washington, DC 20528 August 21, 2008 &nbsp; The World Privacy Forum appreciates the opportunity to comment on the Department of Homeland Security’s notice of a new Privacy Act of 1974 system of records at 73 Federal Register 43457-43462 (July 25, 2008).
Christopher Lee Member
access_time 3 minutes ago
% Public Comments August 2008 – Border Crossing Information System of Records Notice DHS-2007-0040 World Privacy Forum Skip to Content Javascript must be enabled for the correct page display Home Connect With Us: twitter Vimeo email Main Navigation Hot Topics

Public Comments August 2008 – Border Crossing Information System of Records Notice DHS-2007-0040

 

Background

The World Privacy Forum filed comments regarding DHS’s proposed Border Crossing Information system of records, finding that many of the Routine Uses proposed for the system were impermissible and illegal under the Privacy Act of 1974. The comments focus on the Routine Uses, rather than the system itself.

Download the comments PDF

or Read comments below

—–

Comments of the World Privacy Forum regarding docket number DHS- 2007-0040 Border Crossing Information

to

Department of Homeland Security Office of the Secretary

Via fax and federal e-rulemaking portal www.regulations.gov Hugo Teufel III, Chief Privacy Officer,
Privacy Office,
Department of Homeland Security,
Washington, DC 20528 August 21, 2008   The World Privacy Forum appreciates the opportunity to comment on the Department of Homeland Security’s notice of a new Privacy Act of 1974 system of records at 73 Federal Register 43457-43462 (July 25, 2008).
thumb_up Like (27)
comment Reply (3)
share Share
visibility 153 views
thumb_up 27 likes
comment 3 replies
K
Kevin Wang 1 minutes ago
The new system would be called Border Crossing Information (BCI). The World Privacy Forum is a non-p...
Z
Zoe Mueller 2 minutes ago
More information about the activities of the World Privacy Forum is available at <http://www.worl...
Show 1 more replies
N
The new system would be called Border Crossing Information (BCI). The World Privacy Forum is a non-partisan, non-profit public interest research and consumer education organization. Our focus is on conducting in-depth research and analysis of privacy issues, in particular issues related to information privacy.
Natalie Lopez Member
access_time 8 minutes ago
The new system would be called Border Crossing Information (BCI). The World Privacy Forum is a non-partisan, non-profit public interest research and consumer education organization. Our focus is on conducting in-depth research and analysis of privacy issues, in particular issues related to information privacy.
thumb_up Like (36)
comment Reply (0)
thumb_up 36 likes
K
More information about the activities of the World Privacy Forum is available at &lt;http://www.worldprivacyforum.org&gt;. These comments focus mostly on the Routine Uses proposed for the new system of records and on other technical deficiencies of the proposal.
Kevin Wang Member
access_time 3 minutes ago
More information about the activities of the World Privacy Forum is available at <http://www.worldprivacyforum.org>. These comments focus mostly on the Routine Uses proposed for the new system of records and on other technical deficiencies of the proposal.
thumb_up Like (35)
comment Reply (2)
thumb_up 35 likes
comment 2 replies
S
Sophia Chen 2 minutes ago
The WPF has not evaluated and is not commenting in this letter on the legality of the underlying dat...
Z
Zoe Mueller 1 minutes ago
We have not searched exhaustively for a revised notice for the TECS system of records, but we would...
H
The WPF has not evaluated and is not commenting in this letter on the legality of the underlying data collection or the justification for maintenance of information in the proposed new system of records. &nbsp; <h1>I DHS needs to reissue all DHS systems of records that predate the establishment of the Department</h1> The publication of the proposed system of records only underscores existing confusion about the status of unrevised Department of Homeland Security (DHS) systems of records. DHS notes in its description of the proposed new system of records that the system was previously “covered by the Treasury Enforcement Communications System (TECS) ‘system of records notice.’ See 66 FR 52984, dated October 18, 2001.” If DHS adopts the new system of records notice, then the existing notice for the TECS system becomes immediately out of date.
Hannah Kim Member
access_time 4 minutes ago
The WPF has not evaluated and is not commenting in this letter on the legality of the underlying data collection or the justification for maintenance of information in the proposed new system of records.  

I DHS needs to reissue all DHS systems of records that predate the establishment of the Department

The publication of the proposed system of records only underscores existing confusion about the status of unrevised Department of Homeland Security (DHS) systems of records. DHS notes in its description of the proposed new system of records that the system was previously “covered by the Treasury Enforcement Communications System (TECS) ‘system of records notice.’ See 66 FR 52984, dated October 18, 2001.” If DHS adopts the new system of records notice, then the existing notice for the TECS system becomes immediately out of date.
thumb_up Like (37)
comment Reply (3)
thumb_up 37 likes
comment 3 replies
N
Natalie Lopez 3 minutes ago
We have not searched exhaustively for a revised notice for the TECS system of records, but we would...
I
Isaac Schmidt 4 minutes ago
Of course, since the TECS system has not been republished since 2001, it is already substantially ou...
Show 1 more replies
C
We have not searched exhaustively for a revised notice for the TECS system of records, but we would have expected that DHS (or perhaps the Treasury Department) would have proposed a revised TECS system of records notice concurrently with the proposal for the new system of records. The adoption of the new system of records notice puts some agency that we cannot precisely identify out of compliance with the Privacy Act of 1974 for the TECS system of records.
Charlotte Lee Member
access_time 15 minutes ago
We have not searched exhaustively for a revised notice for the TECS system of records, but we would have expected that DHS (or perhaps the Treasury Department) would have proposed a revised TECS system of records notice concurrently with the proposal for the new system of records. The adoption of the new system of records notice puts some agency that we cannot precisely identify out of compliance with the Privacy Act of 1974 for the TECS system of records.
thumb_up Like (40)
comment Reply (2)
thumb_up 40 likes
comment 2 replies
L
Lucas Martinez 13 minutes ago
Of course, since the TECS system has not been republished since 2001, it is already substantially ou...
G
Grace Liu 12 minutes ago
 

II Routine Use A does not meet OMB standards and is inconsistent with Privacy Act requ...

E
Of course, since the TECS system has not been republished since 2001, it is already substantially out of date because of changes in the structure of the Customs Service. DHS’s continuing lack of compliance with basic Privacy Act of 1974 publication requirements is troubling. Our confusion about who “owns” the TECS system of records only underscores the immediate need for reissuance of all DHS systems of records that predate the establishment of the Department.
Emma Wilson Admin
access_time 6 minutes ago
Of course, since the TECS system has not been republished since 2001, it is already substantially out of date because of changes in the structure of the Customs Service. DHS’s continuing lack of compliance with basic Privacy Act of 1974 publication requirements is troubling. Our confusion about who “owns” the TECS system of records only underscores the immediate need for reissuance of all DHS systems of records that predate the establishment of the Department.
thumb_up Like (7)
comment Reply (0)
thumb_up 7 likes
L
&nbsp; <h1>II Routine Use A does not meet OMB standards and is inconsistent with Privacy Act requirements</h1> Routine Use A would allow disclosure: “To appropriate Federal, state, local, tribal, or foreign governmental agencies or multilateral governmental organizations responsible for investigating or prosecuting the violations of, or for enforcing or implementing, a statute, rule, regulation, order, or license, where CBP believes the information would assist enforcement of civil or criminal laws or regulations.” The comparable Routine Use from the TECS system is narrower in a significant way. It would only allow disclosure where the disclosing agency becomes aware of an indication of a violation or potential violation of civil or criminal law or regulation. The proposed new Routine Use is both broader and more vague in that it would allow disclosures to merely assist enforcement of any law, civil or criminal.
Liam Wilson Member
access_time 28 minutes ago
 

II Routine Use A does not meet OMB standards and is inconsistent with Privacy Act requirements

Routine Use A would allow disclosure: “To appropriate Federal, state, local, tribal, or foreign governmental agencies or multilateral governmental organizations responsible for investigating or prosecuting the violations of, or for enforcing or implementing, a statute, rule, regulation, order, or license, where CBP believes the information would assist enforcement of civil or criminal laws or regulations.” The comparable Routine Use from the TECS system is narrower in a significant way. It would only allow disclosure where the disclosing agency becomes aware of an indication of a violation or potential violation of civil or criminal law or regulation. The proposed new Routine Use is both broader and more vague in that it would allow disclosures to merely assist enforcement of any law, civil or criminal.
thumb_up Like (30)
comment Reply (2)
thumb_up 30 likes
comment 2 replies
O
Oliver Taylor 21 minutes ago
Nothing in the published notice explains or justifies the change in the scope of this routine use. T...
J
James Smith 14 minutes ago
The proposed Routine Use A allows disclosures that bear no relationship with the purpose of collecti...
A
Nothing in the published notice explains or justifies the change in the scope of this routine use. The Act requires that a Routine Use be “compatible with the purpose” for which the record was collected. It is impossible to determine that a disclosure that would assist virtually any law enforcement agency anywhere in the world to enforce any civil or criminal law meets this standard.
Andrew Wilson Member
access_time 16 minutes ago
Nothing in the published notice explains or justifies the change in the scope of this routine use. The Act requires that a Routine Use be “compatible with the purpose” for which the record was collected. It is impossible to determine that a disclosure that would assist virtually any law enforcement agency anywhere in the world to enforce any civil or criminal law meets this standard.
thumb_up Like (40)
comment Reply (2)
thumb_up 40 likes
comment 2 replies
M
Madison Singh 5 minutes ago
The proposed Routine Use A allows disclosures that bear no relationship with the purpose of collecti...
E
Elijah Patel 10 minutes ago
Adopting this routine use as it is currently proposed will result in embarrassing litigation that th...
S
The proposed Routine Use A allows disclosures that bear no relationship with the purpose of collection and is therefore overbroad and illegal. We recommend that the proposed Routine Use A be amended to return to the standard in the TECS system.
Sophie Martin Member
access_time 45 minutes ago
The proposed Routine Use A allows disclosures that bear no relationship with the purpose of collection and is therefore overbroad and illegal. We recommend that the proposed Routine Use A be amended to return to the standard in the TECS system.
thumb_up Like (24)
comment Reply (1)
thumb_up 24 likes
comment 1 replies
W
William Brown 14 minutes ago
Adopting this routine use as it is currently proposed will result in embarrassing litigation that th...
R
Adopting this routine use as it is currently proposed will result in embarrassing litigation that the Department will lose, perhaps at significant expense to the government. We suggest that someone at the Department review the existing OMB guidance that contains specific instructions on how to handle these disclosures.
Ryan Garcia Member
access_time 50 minutes ago
Adopting this routine use as it is currently proposed will result in embarrassing litigation that the Department will lose, perhaps at significant expense to the government. We suggest that someone at the Department review the existing OMB guidance that contains specific instructions on how to handle these disclosures.
thumb_up Like (50)
comment Reply (3)
thumb_up 50 likes
comment 3 replies
W
William Brown 50 minutes ago
The original OMB Privacy Act Guidelines – still in force and still valid – state expressly that ...
M
Mason Rodriguez 13 minutes ago
 

III Routine Use B does not comply with OMB guidance or current DOJ policy or practice<...

Show 1 more replies
L
The original OMB Privacy Act Guidelines – still in force and still valid – state expressly that an agency can disclose information to a law enforcement agency on its own motion only “when a violation of law is suspected.” 40 Federal Register, 28955 (July 9, 1975). The proposed Routine Use A does not meet the OMB standard and is not consistent with the Act’s requirements. There is also case law that clearly restrains an agency’s ability to disclose records for law enforcement, and the proposed Routine Use is not consistent with that case law.
Luna Park Member
access_time 44 minutes ago
The original OMB Privacy Act Guidelines – still in force and still valid – state expressly that an agency can disclose information to a law enforcement agency on its own motion only “when a violation of law is suspected.” 40 Federal Register, 28955 (July 9, 1975). The proposed Routine Use A does not meet the OMB standard and is not consistent with the Act’s requirements. There is also case law that clearly restrains an agency’s ability to disclose records for law enforcement, and the proposed Routine Use is not consistent with that case law.
thumb_up Like (2)
comment Reply (3)
thumb_up 2 likes
comment 3 replies
E
Ella Rodriguez 7 minutes ago
 

III Routine Use B does not comply with OMB guidance or current DOJ policy or practice<...

I
Isabella Johnson 11 minutes ago
 

IV Routine Use D is overbroad and unnecessary

Routine Use D would allow disclosur...
Show 1 more replies
H
&nbsp; <h1>III Routine Use B does not comply with OMB guidance or current DOJ policy or practice</h1> Routine Use B would allow disclosure: “To a court, magistrate, or administrative tribunal in the course of presenting evidence, including disclosures to opposing counsel or witnesses in the course of civil discovery, litigation, or settlement negotiations, or in response to a subpoena, or in connection with criminal proceedings.” Existing OMB guidance contains specific instructions on how to handle these disclosures. In particular, the May 24, 1985 guidance – available at &lt;http://www.defenselink.mil/privacy/pdfdocs/PrivActGuidncUpdate_05241985.pdf&gt; &#8212; describes the proper way to deal with court and discovery disclosures. The currently proposed Routine Use B does not comply with OMB guidance or current Department of Justice policy and practice.
Henry Schmidt Member
access_time 24 minutes ago
 

III Routine Use B does not comply with OMB guidance or current DOJ policy or practice

Routine Use B would allow disclosure: “To a court, magistrate, or administrative tribunal in the course of presenting evidence, including disclosures to opposing counsel or witnesses in the course of civil discovery, litigation, or settlement negotiations, or in response to a subpoena, or in connection with criminal proceedings.” Existing OMB guidance contains specific instructions on how to handle these disclosures. In particular, the May 24, 1985 guidance – available at <http://www.defenselink.mil/privacy/pdfdocs/PrivActGuidncUpdate_05241985.pdf> — describes the proper way to deal with court and discovery disclosures. The currently proposed Routine Use B does not comply with OMB guidance or current Department of Justice policy and practice.
thumb_up Like (27)
comment Reply (3)
thumb_up 27 likes
comment 3 replies
Z
Zoe Mueller 10 minutes ago
 

IV Routine Use D is overbroad and unnecessary

Routine Use D would allow disclosur...
S
Sophie Martin 23 minutes ago
The audit need only be authorized by law rather than required by law. The disclosure need only be as...
Show 1 more replies
N
&nbsp; <h1>IV Routine Use D is overbroad and unnecessary</h1> Routine Use D would allow disclosure: “To an agency, organization, or individual for the purposes of performing audit or oversight operations as authorized by law; but only such information as is necessary and relevant to such audit or oversight function.” This Routine Use is so broad as to be meaningless. It would allow, for example, disclosure to any auditor of any agency, corporation, or institution anywhere in the world. The audit need bear no relationship to any activity or function of DHS.
Natalie Lopez Member
access_time 26 minutes ago
 

IV Routine Use D is overbroad and unnecessary

Routine Use D would allow disclosure: “To an agency, organization, or individual for the purposes of performing audit or oversight operations as authorized by law; but only such information as is necessary and relevant to such audit or oversight function.” This Routine Use is so broad as to be meaningless. It would allow, for example, disclosure to any auditor of any agency, corporation, or institution anywhere in the world. The audit need bear no relationship to any activity or function of DHS.
thumb_up Like (10)
comment Reply (0)
thumb_up 10 likes
Z
The audit need only be authorized by law rather than required by law. The disclosure need only be assessed in relation to the information’s relevancy to the audit or oversight and not to the purpose for which the information was originally collected by DHS. If this Routine Use were limited to audit and oversight operations relevant to DHS or even other federal agencies, it would still be too broad to meet the compatibility requirement of the Act.
Zoe Mueller Member
access_time 14 minutes ago
The audit need only be authorized by law rather than required by law. The disclosure need only be assessed in relation to the information’s relevancy to the audit or oversight and not to the purpose for which the information was originally collected by DHS. If this Routine Use were limited to audit and oversight operations relevant to DHS or even other federal agencies, it would still be too broad to meet the compatibility requirement of the Act.
thumb_up Like (20)
comment Reply (2)
thumb_up 20 likes
comment 2 replies
A
Aria Nguyen 10 minutes ago
As written, Routine Use D authorizes disclosures that bear no relationship to the purpose of the sys...
R
Ryan Garcia 14 minutes ago
DHS can write a narrower Routine Use that addresses its core interest in auditing and oversight, if ...
R
As written, Routine Use D authorizes disclosures that bear no relationship to the purpose of the system of records or any function of the federal government. If challenged, there is no chance that this Routine Use would be upheld by a judge.
Ryan Garcia Member
access_time 75 minutes ago
As written, Routine Use D authorizes disclosures that bear no relationship to the purpose of the system of records or any function of the federal government. If challenged, there is no chance that this Routine Use would be upheld by a judge.
thumb_up Like (46)
comment Reply (2)
thumb_up 46 likes
comment 2 replies
W
William Brown 43 minutes ago
DHS can write a narrower Routine Use that addresses its core interest in auditing and oversight, if ...
D
Daniel Kumar 28 minutes ago
 

VI Routine Use G directly contravenes the Privacy Act and is illegal

Routine Use ...
S
DHS can write a narrower Routine Use that addresses its core interest in auditing and oversight, if it needs one at all, since disclosures to the Department’s Inspector General, to the Government Accountability Office, and to the Congress are authorized by the Act without a Routine Use. &nbsp; <h1>V Routine Use E contravenes the Privacy Act and is illegal</h1> Routine Use E would allow disclosure: “To a Congressional office, for the record of an individual in response to an inquiry from that Congressional office made at the request of the individual to whom the record pertains.” The proposed Routine Use E would be greatly improved if it required that the request from the data subject to the congressional office be in writing. This change would protect the individual, the congressional office, and DHS.
Sebastian Silva Member
access_time 32 minutes ago
DHS can write a narrower Routine Use that addresses its core interest in auditing and oversight, if it needs one at all, since disclosures to the Department’s Inspector General, to the Government Accountability Office, and to the Congress are authorized by the Act without a Routine Use.  

V Routine Use E contravenes the Privacy Act and is illegal

Routine Use E would allow disclosure: “To a Congressional office, for the record of an individual in response to an inquiry from that Congressional office made at the request of the individual to whom the record pertains.” The proposed Routine Use E would be greatly improved if it required that the request from the data subject to the congressional office be in writing. This change would protect the individual, the congressional office, and DHS.
thumb_up Like (19)
comment Reply (1)
thumb_up 19 likes
comment 1 replies
E
Evelyn Zhang 3 minutes ago
 

VI Routine Use G directly contravenes the Privacy Act and is illegal

Routine Use ...
K
&nbsp; <h1>VI Routine Use G directly contravenes the Privacy Act and is illegal</h1> Routine Use G would allow disclosure: “To an organization or individual in either the public or private sector, either foreign or domestic, where there is a reason to believe that the recipient is or could become the target of a particular terrorist activity or conspiracy, to the extent the information is relevant to the protection of life or property and disclosure is appropriate to the proper performance of the official duties of the person making the disclosure.” Section (b)(8) of the Privacy Act of 1974 authorizes disclosure in compelling circumstances affecting the health or safety of an individual, and it requires notice to be sent to the last known address of the subject of the record. The proposed Routine Use G impermissibly duplicates and weakens the statutory condition of disclosure and omits the requirement for notice.
Kevin Wang Member
access_time 34 minutes ago
 

VI Routine Use G directly contravenes the Privacy Act and is illegal

Routine Use G would allow disclosure: “To an organization or individual in either the public or private sector, either foreign or domestic, where there is a reason to believe that the recipient is or could become the target of a particular terrorist activity or conspiracy, to the extent the information is relevant to the protection of life or property and disclosure is appropriate to the proper performance of the official duties of the person making the disclosure.” Section (b)(8) of the Privacy Act of 1974 authorizes disclosure in compelling circumstances affecting the health or safety of an individual, and it requires notice to be sent to the last known address of the subject of the record. The proposed Routine Use G impermissibly duplicates and weakens the statutory condition of disclosure and omits the requirement for notice.
thumb_up Like (1)
comment Reply (2)
thumb_up 1 likes
comment 2 replies
O
Oliver Taylor 3 minutes ago
On those grounds, the routine use directly contravenes the Act and is illegal. We recommend that the...
D
Daniel Kumar 4 minutes ago
 

VII Routine Use J is unnecessary and overbroad

Routine Use J would allow disclosu...
L
On those grounds, the routine use directly contravenes the Act and is illegal. We recommend that the routine use be dropped entirely.
Luna Park Member
access_time 72 minutes ago
On those grounds, the routine use directly contravenes the Act and is illegal. We recommend that the routine use be dropped entirely.
thumb_up Like (4)
comment Reply (0)
thumb_up 4 likes
J
&nbsp; <h1>VII Routine Use J is unnecessary and overbroad</h1> Routine Use J would allow disclosure: “To an appropriate Federal, state, local, tribal, foreign, or international agency, if the information is relevant and necessary to a requesting agency&#8217;s decision concerning the hiring or retention of an individual, or issuance of a security clearance, license, contract, grant, or other benefit, or if the information is relevant and necessary to a DHS decision concerning the hiring or retention of an employee, the issuance of a security clearance, the reporting of an investigation of an employee, the letting of a contract, or the issuance of a license, grant or other benefit and when disclosure is appropriate to the proper performance of the official duties of the person making the request.” There is no reason for this proposed Routine Use to cover hiring decisions, contract awards, or security clearance determinations. Disclosures for these purposes should be accomplished with the consent of the data subject. There may be some disclosures allowed by the Routine Use for which consent is not likely to be appropriate.
Joseph Kim Member
access_time 76 minutes ago
 

VII Routine Use J is unnecessary and overbroad

Routine Use J would allow disclosure: “To an appropriate Federal, state, local, tribal, foreign, or international agency, if the information is relevant and necessary to a requesting agency’s decision concerning the hiring or retention of an individual, or issuance of a security clearance, license, contract, grant, or other benefit, or if the information is relevant and necessary to a DHS decision concerning the hiring or retention of an employee, the issuance of a security clearance, the reporting of an investigation of an employee, the letting of a contract, or the issuance of a license, grant or other benefit and when disclosure is appropriate to the proper performance of the official duties of the person making the request.” There is no reason for this proposed Routine Use to cover hiring decisions, contract awards, or security clearance determinations. Disclosures for these purposes should be accomplished with the consent of the data subject. There may be some disclosures allowed by the Routine Use for which consent is not likely to be appropriate.
thumb_up Like (37)
comment Reply (3)
thumb_up 37 likes
comment 3 replies
E
Emma Wilson 52 minutes ago
The Routine Use should be narrowed to cover only those disclosures that are not beneficial to the da...
O
Oliver Taylor 55 minutes ago
 

VIII Routine Use K is either unnecessary and or may even be too narrow

Routine Us...
Show 1 more replies
L
The Routine Use should be narrowed to cover only those disclosures that are not beneficial to the data subject and for which the data subject might not give consent. Further, we are at a loss to determine how DHS can possibly assess whether information is necessary for a decision by a requesting agency.
Lily Watson Moderator
access_time 100 minutes ago
The Routine Use should be narrowed to cover only those disclosures that are not beneficial to the data subject and for which the data subject might not give consent. Further, we are at a loss to determine how DHS can possibly assess whether information is necessary for a decision by a requesting agency.
thumb_up Like (45)
comment Reply (2)
thumb_up 45 likes
comment 2 replies
T
Thomas Anderson 75 minutes ago
 

VIII Routine Use K is either unnecessary and or may even be too narrow

Routine Us...
E
Elijah Patel 25 minutes ago
Further, the standard is so vague as to be meaningless. CPB need only be aware of a need for the dat...
S
&nbsp; <h1>VIII Routine Use K is either unnecessary and or may even be too narrow</h1> Routine Use K would allow disclosure: “To appropriate Federal, state, local, tribal, or foreign governmental agencies or multilateral governmental organizations, for purposes of assisting such agencies or organizations in preventing exposure to or transmission of a communicable or quarantinable disease or for combating other significant public health threats.” These disclosures are appropriate, but only in accordance with the standards and procedures in subsection (b)(8) of the Act covering compelling circumstance affecting health or safety. We also note that (b)(8) allows for disclosures to persons other than government agencies, and this broader range of possible disclosure may be entirely appropriate in the case of communicable diseases.We suggest that the Routine Use be dropped. &nbsp; <h1>IX Routine Use M is standardless and meaningless</h1> Routine Use M would allow disclosure: “To appropriate Federal, state, local, tribal, or foreign governmental agencies or multilateral governmental organizations, under the terms of a memorandum of understanding or agreement, where CBP is aware of a need to utilize relevant data for purposes of testing new technology and systems designed to enhance border security or identify other violations of law.” This proposed Routine Use is objectionable because there is no reason for the use of identifiable data about real persons in testing.
Sophia Chen Member
access_time 105 minutes ago
 

VIII Routine Use K is either unnecessary and or may even be too narrow

Routine Use K would allow disclosure: “To appropriate Federal, state, local, tribal, or foreign governmental agencies or multilateral governmental organizations, for purposes of assisting such agencies or organizations in preventing exposure to or transmission of a communicable or quarantinable disease or for combating other significant public health threats.” These disclosures are appropriate, but only in accordance with the standards and procedures in subsection (b)(8) of the Act covering compelling circumstance affecting health or safety. We also note that (b)(8) allows for disclosures to persons other than government agencies, and this broader range of possible disclosure may be entirely appropriate in the case of communicable diseases.We suggest that the Routine Use be dropped.  

IX Routine Use M is standardless and meaningless

Routine Use M would allow disclosure: “To appropriate Federal, state, local, tribal, or foreign governmental agencies or multilateral governmental organizations, under the terms of a memorandum of understanding or agreement, where CBP is aware of a need to utilize relevant data for purposes of testing new technology and systems designed to enhance border security or identify other violations of law.” This proposed Routine Use is objectionable because there is no reason for the use of identifiable data about real persons in testing.
thumb_up Like (2)
comment Reply (2)
thumb_up 2 likes
comment 2 replies
D
Daniel Kumar 32 minutes ago
Further, the standard is so vague as to be meaningless. CPB need only be aware of a need for the dat...
A
Aria Nguyen 38 minutes ago
The standard does not even call for any finding or determination by any accountable official at CPB....
H
Further, the standard is so vague as to be meaningless. CPB need only be aware of a need for the data.
Harper Kim Member
access_time 44 minutes ago
Further, the standard is so vague as to be meaningless. CPB need only be aware of a need for the data.
thumb_up Like (4)
comment Reply (3)
thumb_up 4 likes
comment 3 replies
E
Emma Wilson 2 minutes ago
The standard does not even call for any finding or determination by any accountable official at CPB....
I
Isabella Johnson 22 minutes ago
We would prefer to see the Routine Use dropped altogether, but at a minimum a stronger standard woul...
Show 1 more replies
E
The standard does not even call for any finding or determination by any accountable official at CPB. If a GS-2 employee reads a statement by an anonymous person on a blog on the Internet, that might be enough to meet the standard and allow a disclosure.
Ethan Thomas Member
access_time 46 minutes ago
The standard does not even call for any finding or determination by any accountable official at CPB. If a GS-2 employee reads a statement by an anonymous person on a blog on the Internet, that might be enough to meet the standard and allow a disclosure.
thumb_up Like (14)
comment Reply (3)
thumb_up 14 likes
comment 3 replies
V
Victoria Lopez 46 minutes ago
We would prefer to see the Routine Use dropped altogether, but at a minimum a stronger standard woul...
I
Isabella Johnson 39 minutes ago
 

X Routine Use N needs to be significantly narrowed

Routine Use N would allow disc...
Show 1 more replies
A
We would prefer to see the Routine Use dropped altogether, but at a minimum a stronger standard would help considerably. For example, we suggest a standard like this: “Where an Assistant Secretary at CPB determines that there is a reasonable need to utilize&#8230;.” It would also be appropriate for all disclosures under this Routine Use be contingent on guarantees for security of the data and on a complete prohibition on further use and disclosure.
Amelia Singh Moderator
access_time 120 minutes ago
We would prefer to see the Routine Use dropped altogether, but at a minimum a stronger standard would help considerably. For example, we suggest a standard like this: “Where an Assistant Secretary at CPB determines that there is a reasonable need to utilize….” It would also be appropriate for all disclosures under this Routine Use be contingent on guarantees for security of the data and on a complete prohibition on further use and disclosure.
thumb_up Like (12)
comment Reply (2)
thumb_up 12 likes
comment 2 replies
N
Natalie Lopez 52 minutes ago
 

X Routine Use N needs to be significantly narrowed

Routine Use N would allow disc...
S
Sebastian Silva 93 minutes ago
We filed extensive comments on a similar routine use proposed by the Department of Justice. Our comm...
S
&nbsp; <h1>X Routine Use N needs to be significantly narrowed</h1> Routine Use N would allow disclosure: “To appropriate agencies, entities, and persons when (1) It is suspected or confirmed that the security or confidentiality of information in the system of records has been compromised; (2) the Department has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, harm to the security or integrity of this system or other systems or programs (whether maintained by CBP or another agency or entity), or harm to the individual that rely upon the compromised information; and (3) the disclosure is made to such agencies, entities, and persons who are reasonably necessary to assist in connection with the CBP&#8217;s efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.” We are at a loss to understand why information in this system is so sensitive that it requires an exemption from the Privacy Act of 1974, yet the Department proposes to authorize the disclosure of all of the information in the system to virtually anyone in the world in the event of a security breach. We would much prefer a narrower routine use for this purpose.
Sophia Chen Member
access_time 75 minutes ago
 

X Routine Use N needs to be significantly narrowed

Routine Use N would allow disclosure: “To appropriate agencies, entities, and persons when (1) It is suspected or confirmed that the security or confidentiality of information in the system of records has been compromised; (2) the Department has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, harm to the security or integrity of this system or other systems or programs (whether maintained by CBP or another agency or entity), or harm to the individual that rely upon the compromised information; and (3) the disclosure is made to such agencies, entities, and persons who are reasonably necessary to assist in connection with the CBP’s efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.” We are at a loss to understand why information in this system is so sensitive that it requires an exemption from the Privacy Act of 1974, yet the Department proposes to authorize the disclosure of all of the information in the system to virtually anyone in the world in the event of a security breach. We would much prefer a narrower routine use for this purpose.
thumb_up Like (2)
comment Reply (3)
thumb_up 2 likes
comment 3 replies
J
James Smith 36 minutes ago
We filed extensive comments on a similar routine use proposed by the Department of Justice. Our comm...
H
Harper Kim 56 minutes ago
 

XI Routine Use O is vague and entirely inappropriate

Routine Use O would allow di...
Show 1 more replies
A
We filed extensive comments on a similar routine use proposed by the Department of Justice. Our comments can be found at &lt;http://www.worldprivacyforum.org/wp-content/uploads/2008/08/DOJ_RU_11172006fs.pdf&gt;, and we incorporate those comments here by reference.
Andrew Wilson Member
access_time 52 minutes ago
We filed extensive comments on a similar routine use proposed by the Department of Justice. Our comments can be found at <http://www.worldprivacyforum.org/wp-content/uploads/2008/08/DOJ_RU_11172006fs.pdf>, and we incorporate those comments here by reference.
thumb_up Like (1)
comment Reply (1)
thumb_up 1 likes
comment 1 replies
S
Sebastian Silva 31 minutes ago
 

XI Routine Use O is vague and entirely inappropriate

Routine Use O would allow di...
M
&nbsp; <h1>XI Routine Use O is vague and entirely inappropriate</h1> Routine Use O would allow disclosure: “To the news media and the public and as appropriate, when there exists a legitimate public interest in the disclosure of the information or when disclosure is necessary to preserve confidence in the integrity of or is necessary to demonstrate the accountability of officers, employees, or individuals covered by the system, except to the extent it is determined that release of the specific information in the context of a particular case would constitute an unwarranted invasion of personal privacy.” We repeat the previous comment. Why is this system exempt if it includes a Routine Use that allows the Department to release the entire database in a press release? The standards in the Routine Use are a mess.
Mason Rodriguez Member
access_time 135 minutes ago
 

XI Routine Use O is vague and entirely inappropriate

Routine Use O would allow disclosure: “To the news media and the public and as appropriate, when there exists a legitimate public interest in the disclosure of the information or when disclosure is necessary to preserve confidence in the integrity of or is necessary to demonstrate the accountability of officers, employees, or individuals covered by the system, except to the extent it is determined that release of the specific information in the context of a particular case would constitute an unwarranted invasion of personal privacy.” We repeat the previous comment. Why is this system exempt if it includes a Routine Use that allows the Department to release the entire database in a press release? The standards in the Routine Use are a mess.
thumb_up Like (9)
comment Reply (1)
thumb_up 9 likes
comment 1 replies
C
Charlotte Lee 120 minutes ago
The standard of legitimate public interest is too vague to meet the standard of the Act. The standar...
E
The standard of legitimate public interest is too vague to meet the standard of the Act. The standards of necessary to preserve confidence and necessary to demonstrate the accountability are virtually impossible to meet. We would actually be happy if DHS kept those standards because they would provide useful grounds for any data subject who decided to litigate over a disclosure made under this proposed Routine Use.
Ella Rodriguez Member
access_time 84 minutes ago
The standard of legitimate public interest is too vague to meet the standard of the Act. The standards of necessary to preserve confidence and necessary to demonstrate the accountability are virtually impossible to meet. We would actually be happy if DHS kept those standards because they would provide useful grounds for any data subject who decided to litigate over a disclosure made under this proposed Routine Use.
thumb_up Like (18)
comment Reply (3)
thumb_up 18 likes
comment 3 replies
I
Isaac Schmidt 1 minutes ago
We would object further, but the final clause swallows the entire Routine Use. The Department would ...
C
Chloe Santos 30 minutes ago
Nothing that the Department would care to say in its own defense would overcome the privacy standard...
Show 1 more replies
C
We would object further, but the final clause swallows the entire Routine Use. The Department would surely refuse to disclose any identifiable element in the system if requested under the Freedom of Information Act on grounds of unwarranted invasion of personal privacy.
Chloe Santos Moderator
access_time 87 minutes ago
We would object further, but the final clause swallows the entire Routine Use. The Department would surely refuse to disclose any identifiable element in the system if requested under the Freedom of Information Act on grounds of unwarranted invasion of personal privacy.
thumb_up Like (37)
comment Reply (1)
thumb_up 37 likes
comment 1 replies
S
Sophia Chen 56 minutes ago
Nothing that the Department would care to say in its own defense would overcome the privacy standard...
H
Nothing that the Department would care to say in its own defense would overcome the privacy standard in the FOIA. However, if it disclosed personal information under the standard in the Routine Use, the Department would expose all the records to disclosure under the FOIA.
Henry Schmidt Member
access_time 60 minutes ago
Nothing that the Department would care to say in its own defense would overcome the privacy standard in the FOIA. However, if it disclosed personal information under the standard in the Routine Use, the Department would expose all the records to disclosure under the FOIA.
thumb_up Like (17)
comment Reply (1)
thumb_up 17 likes
comment 1 replies
G
Grace Liu 50 minutes ago
The transparent purpose of the Routine Use is to let the Department use any information in the syste...
C
The transparent purpose of the Routine Use is to let the Department use any information in the system to defend itself if criticized. This is totally inappropriate.
Christopher Lee Member
access_time 62 minutes ago
The transparent purpose of the Routine Use is to let the Department use any information in the system to defend itself if criticized. This is totally inappropriate.
thumb_up Like (4)
comment Reply (1)
thumb_up 4 likes
comment 1 replies
O
Oliver Taylor 9 minutes ago
The presence of the Routine Use only serves to show the disingenuousness of the Department in seekin...
O
The presence of the Routine Use only serves to show the disingenuousness of the Department in seeking to reserve the right to override privacy interests to protect itself from criticism. If criticism could justify disclosure of Privacy Act records, then many of DHS’s records would already be in the public domain. The Department can and does defend itself without disclosing the identifiable information of individual travelers.
Oliver Taylor Member
access_time 128 minutes ago
The presence of the Routine Use only serves to show the disingenuousness of the Department in seeking to reserve the right to override privacy interests to protect itself from criticism. If criticism could justify disclosure of Privacy Act records, then many of DHS’s records would already be in the public domain. The Department can and does defend itself without disclosing the identifiable information of individual travelers.
thumb_up Like (17)
comment Reply (3)
thumb_up 17 likes
comment 3 replies
L
Luna Park 89 minutes ago
We suggest that the Department drop this Routine Use altogether.  

XII Conclusion

T...
D
Daniel Kumar 13 minutes ago
We offer these comments respectfully, but we underscore our conclusion that some of the Routine Uses...
Show 1 more replies
S
We suggest that the Department drop this Routine Use altogether. &nbsp; <h1>XII Conclusion</h1> The overbroad, vague, and in some cases illegal Routine Uses included in this SORN are troubling, as is the lack of compliance with existing OMB guidance.
Sophia Chen Member
access_time 99 minutes ago
We suggest that the Department drop this Routine Use altogether.  

XII Conclusion

The overbroad, vague, and in some cases illegal Routine Uses included in this SORN are troubling, as is the lack of compliance with existing OMB guidance.
thumb_up Like (6)
comment Reply (0)
thumb_up 6 likes
E
We offer these comments respectfully, but we underscore our conclusion that some of the Routine Uses are legally unacceptable and seemingly drafted without regard to applicable standards and judicial findings. We urge the Department to thoroughly reassess the Routine Uses discussed in these comments.
Emma Wilson Admin
access_time 170 minutes ago
We offer these comments respectfully, but we underscore our conclusion that some of the Routine Uses are legally unacceptable and seemingly drafted without regard to applicable standards and judicial findings. We urge the Department to thoroughly reassess the Routine Uses discussed in these comments.
thumb_up Like (22)
comment Reply (3)
thumb_up 22 likes
comment 3 replies
G
Grace Liu 43 minutes ago
Thank you for the opportunity to offer comments.   Respectfully submitted, Pam Dixon
Exec...
L
Lucas Martinez 155 minutes ago
Report: From the Filing Cabinet to the Cloud: Updating the Privacy Act of 1974 This comprehensive re...
Show 1 more replies
D
Thank you for the opportunity to offer comments. &nbsp; Respectfully submitted, Pam Dixon<br /> Executive Director,<br /> World Privacy Forum Posted August 21, 2008 in Border Crossing Information, Government privacy, Privacy Act of 1974, Public Comments, Public Policy, Surveillance, System of Records Notices (SORNs), US Department of Homeland Security, US Department of Justice Next &raquo;Perceptions of privacy by the class of 2012 &laquo; PreviousPress Announcement: World Privacy Forum files comments to DHS regarding the Border Crossing Information System; Some proposed routine uses of the system directly contravene the Privacy Act of 1974 WPF updates and news CALENDAR EVENTS <h2>WHO Constituency Meeting WPF co-chair</h2> 6 October 2022, Virtual <h2>OECD Roundtable WPF expert member and participant Cross-Border Cooperation in the Enforcement of Laws Protecting Privacy</h2> 4 October 2022, Paris, France and virtual <h2>OECD Committee on Digital and Economic Policy fall meeting WPF participant</h2> 27-28 September 2022, Paris, France and virtual more Recent TweetsWorld Privacy Forum@privacyforum&middot;7 OctExecutive Order On Enhancing Safeguards For United States Signals Intelligence Activities The White House https://www.whitehouse.gov/briefing-room/presidential-actions/2022/10/07/executive-order-on-enhancing-safeguards-for-united-states-signals-intelligence-activities/Reply on Twitter 1578431679592427526Retweet on Twitter 1578431679592427526Like on Twitter 1578431679592427526TOP REPORTS National IDs Around the World — Interactive map About this Data Visualization: This interactive map displays the presence...
Dylan Patel Member
access_time 105 minutes ago
Thank you for the opportunity to offer comments.   Respectfully submitted, Pam Dixon
Executive Director,
World Privacy Forum Posted August 21, 2008 in Border Crossing Information, Government privacy, Privacy Act of 1974, Public Comments, Public Policy, Surveillance, System of Records Notices (SORNs), US Department of Homeland Security, US Department of Justice Next »Perceptions of privacy by the class of 2012 « PreviousPress Announcement: World Privacy Forum files comments to DHS regarding the Border Crossing Information System; Some proposed routine uses of the system directly contravene the Privacy Act of 1974 WPF updates and news CALENDAR EVENTS

WHO Constituency Meeting WPF co-chair

6 October 2022, Virtual

OECD Roundtable WPF expert member and participant Cross-Border Cooperation in the Enforcement of Laws Protecting Privacy

4 October 2022, Paris, France and virtual

OECD Committee on Digital and Economic Policy fall meeting WPF participant

27-28 September 2022, Paris, France and virtual more Recent TweetsWorld Privacy Forum@privacyforum·7 OctExecutive Order On Enhancing Safeguards For United States Signals Intelligence Activities The White House https://www.whitehouse.gov/briefing-room/presidential-actions/2022/10/07/executive-order-on-enhancing-safeguards-for-united-states-signals-intelligence-activities/Reply on Twitter 1578431679592427526Retweet on Twitter 1578431679592427526Like on Twitter 1578431679592427526TOP REPORTS National IDs Around the World — Interactive map About this Data Visualization: This interactive map displays the presence...
thumb_up Like (20)
comment Reply (2)
thumb_up 20 likes
comment 2 replies
A
Ava White 38 minutes ago
Report: From the Filing Cabinet to the Cloud: Updating the Privacy Act of 1974 This comprehensive re...
K
Kevin Wang 97 minutes ago
Today's digital information era looks much different than the '70s: smart phones are smarter than th...
S
Report: From the Filing Cabinet to the Cloud: Updating the Privacy Act of 1974 This comprehensive report and proposed bill text is focused on the Privacy Act of 1974, an important and early Federal privacy law that applies to the government sector and some contractors. The Privacy Act was written for the 1970s information era -- an era that was characterized by the use of mainframe computers and filing cabinets.
Sofia Garcia Member
access_time 180 minutes ago
Report: From the Filing Cabinet to the Cloud: Updating the Privacy Act of 1974 This comprehensive report and proposed bill text is focused on the Privacy Act of 1974, an important and early Federal privacy law that applies to the government sector and some contractors. The Privacy Act was written for the 1970s information era -- an era that was characterized by the use of mainframe computers and filing cabinets.
thumb_up Like (24)
comment Reply (1)
thumb_up 24 likes
comment 1 replies
N
Noah Davis 107 minutes ago
Today's digital information era looks much different than the '70s: smart phones are smarter than th...
H
Today's digital information era looks much different than the '70s: smart phones are smarter than the old mainframes, and documents are now routinely digitized and stored and perhaps even analyzed in the cloud, among many other changes. The report focuses on why the Privacy Act needs an update that will bring it into this century, and how that could look and work. This work was written by Robert Gellman, and informed by a two-year multi-stakeholder process.
Harper Kim Member
access_time 74 minutes ago
Today's digital information era looks much different than the '70s: smart phones are smarter than the old mainframes, and documents are now routinely digitized and stored and perhaps even analyzed in the cloud, among many other changes. The report focuses on why the Privacy Act needs an update that will bring it into this century, and how that could look and work. This work was written by Robert Gellman, and informed by a two-year multi-stakeholder process.
thumb_up Like (0)
comment Reply (1)
thumb_up 0 likes
comment 1 replies
K
Kevin Wang 11 minutes ago
COVID-19 and HIPAA: HHS’s Troubled Approach to Waiving Privacy and Security Rules for the Pandemic...
N
COVID-19 and HIPAA: HHS’s Troubled Approach to Waiving Privacy and Security Rules for the Pandemic The COVID-19 pandemic strained the U.S. health ecosystem in numerous ways, including putting pressure on the HIPAA privacy and security rules. The Department of Health and Human Services adjusted the privacy and security rules for the pandemic through the use of statutory and administrative HIPAA waivers.
Nathan Chen Member
access_time 152 minutes ago
COVID-19 and HIPAA: HHS’s Troubled Approach to Waiving Privacy and Security Rules for the Pandemic The COVID-19 pandemic strained the U.S. health ecosystem in numerous ways, including putting pressure on the HIPAA privacy and security rules. The Department of Health and Human Services adjusted the privacy and security rules for the pandemic through the use of statutory and administrative HIPAA waivers.
thumb_up Like (45)
comment Reply (1)
thumb_up 45 likes
comment 1 replies
A
Ava White 45 minutes ago
While some of the adjustments are appropriate for the emergency circumstances, there are also some m...
C
While some of the adjustments are appropriate for the emergency circumstances, there are also some meaningful and potentially unwelcome privacy and security consequences. At an appropriate time, the use of HIPAA waivers as a response to health care emergencies needs a thorough review. This report sets out the facts, identifies the issues, and proposes a roadmap for change.
Christopher Lee Member
access_time 78 minutes ago
While some of the adjustments are appropriate for the emergency circumstances, there are also some meaningful and potentially unwelcome privacy and security consequences. At an appropriate time, the use of HIPAA waivers as a response to health care emergencies needs a thorough review. This report sets out the facts, identifies the issues, and proposes a roadmap for change.
thumb_up Like (12)
comment Reply (1)
thumb_up 12 likes
comment 1 replies
D
Daniel Kumar 45 minutes ago
Public Comments August 2008 – Border Crossing Information System of Records Notice DHS-2007...

Write a Reply

Similar Discussions