6 CFR § 5.20 - General provisions.

(a) Purpose and scope.

(1) This subpart contains the rules that the Department of Homeland Security (Department or DHS) follows in processing records under the Privacy Act of 1974 (Privacy Act) (5 U.S.C. 552a) and under the Judicial Redress Act of 2015 (JRA) (5 U.S.C. 552a note).

(2) The rules in this subpart should be read in conjunction with the text of the Privacy Act and the JRA, 5 U.S.C. 552a and 5 U.S.C. 552a note, respectively (which provide additional information abo ut records maintained on individuals and covered persons), and JRA designations issued in the Federal Register. The rules in this subpart apply to all records in systems of records maintained by the Department. These rules also apply to all records containing Social Security Numbers regardless of whether such records are covered by an applicable system of records maintained by the Department. They describe the procedures by which individuals may request access to records about themselves, request amendment or correction of those records, and request an accounting of disclosures by Department personnel and contractors. In addition, the Department processes all Privacy Act and JRA requests for access to records under the Freedom of Information Act (FOIA) (5 U.S.C. 552), following the rules contained in subpart A of this part, which gives requesters the benefit of both statutes.

(3) The provisions established by this subpart apply to all Department Components, as defined in paragraph (b)(1) of this section.

(4) DHS has a decentralized system for processing requests, with each component handling requests for its records.

(b) Definitions. As used in this subpart:

(1) Component means the office that processes Privacy Act and JRA requests for each separate organizational entity within DHS that reports directly to the Office of the Secretary.

(2) Request for access to a record means a request made under Privacy Act subsection (d)(1).

(3) Request for amendment or correction of a record means a request made under Privacy Act subsection (d)(2).

(4) Request for an accounting means a request made under Privacy Act subsection (c)(3).

(5) Requester means an individual who makes a request for access, a request for amendment or correction, or a request for an accounting under the Privacy Act.

(6) Individual means, as defined by the Privacy Act, 5 U.S.C. 552a(a)(2), a citizen of the United States or an alien lawfully admitted for permanent residence. Also, an individual, for purposes of this subpart, but limited to the exclusive rights and civil remedies provided in the JRA, includes covered persons, as defined by the JRA, as a natural person (other than an individual) who is a citizen of a covered country, as designated by the Attorney General, with the concurrence of the Secretary of State, the Secretary of the Treasury, and the Secretary of Homeland Security.

(7) Record has the same meaning as contained in the Privacy Act, 5 U.S.C. 552a(a)(4), except that in cases covered by the JRA, the term “record” has the same meaning as “covered record” in the JRA, 5 U.S.C. 552a note.

(c) Authority to request records for a law enforcement purpose. The head of a component or designee thereof is authorized to make written requests under subsection 552a(b)(7) of the Privacy Act for records maintained by other agencies that are necessary to carry out an authorized law enforcement activity.

(d) Notice on Departmental use of (b)(1) exception. As a general matter, when applying the Privacy Act (b)(1) exception for authorized disclosures within an agency on a need to know basis, the Department will consider itself a single entity, meaning that information may be disclosed between components of the Department under the (b)(1) exception.