TSA exempts systems from Privacy Act

Transportation Security Administration officials are changing the Code of Federal Regulations so that eight information systems could be exempt from one or more provisions of the Privacy Act.

The move allows the agency to withhold records in response to questions about active investigations.

"As a government agency, TSA has the responsibility to make available public information," said Andrea Fuentes, spokeswoman for the Homeland Security Department, which contains TSA. The agency "also has a responsibility to protect sensitive security information that, if released, would put the public in jeopardy or compromise investigations."

Although the Electronic Privacy Information Center (EPIC) doesn't view the rule change as a clear violation of the Privacy Act, privacy advocates consider it part of a trend by DHS officials to claim more latitude in classifying information. The agency did not receive any comments on the proposal when it was announced last fall.

The eight systems cited by TSA include ones that detail inspection systems for all transportation modes within TSA. They also include systems that handle background checks of TSA applicants, employees and contractors. But other systems -- such as the General Legal Records System, which has data on many matters filed in the Office of the Chief Counsel -- seem to imply a broader exemption.

System accuracy may also be at stake, according to EPIC general counsel David Sobel, who argued that people with information contained by the system "won't have the ability to even know that basic fact or to correct any inaccuracies," because the agency exempts itself from correction requirements.

"This ultimately means it becomes a question of agency efficiency," Sobel said. "If there are no mechanics to ensure that there is good information in a system, then there are obvious questions about the effectiveness of that system."

EPIC filed comments about the Computer Assisted Passenger Prescreening System (CAPPS) II contract and plans to do the same for the Trusted Traveler program.

Sobel also questioned the necessity and relevancy of withholding certain information. "There are certainly reasons to ask why the maintenance of inaccurate records without a public right of access is deemed necessary for the operation of these systems," he said.

Featured

  • Cybersecurity
    cybersecurity (Rawpixel/Shutterstock.com)

    CMMC clears key regulatory hurdle

    The White House approved an interim rule to mandate defense contractors prove they adhere to existing cybersecurity standards from the National Institute of Standards and Technology.

  • Comment
    cloud (Phaigraphic/Shutterstock.com)

    A call for visionary investment

    Investing in IT modernization is not an either-or proposition, Rep. Connolly writes. This pandemic has presented Congress a choice: We can put our head in the sand and pretend these failures didn't happen, or we can take action to be prepared for the future.

Stay Connected