42 U.S.C.
United States Code, 2017 Edition
Title 42 - THE PUBLIC HEALTH AND WELFARE
CHAPTER 21E - PRIVACY AND CIVIL LIBERTIES PROTECTION AND OVERSIGHT
From the U.S. Government Publishing Office, www.gpo.gov

CHAPTER 21E—PRIVACY AND CIVIL LIBERTIES PROTECTION AND OVERSIGHT

Sec.
2000ee.
Privacy and Civil Liberties Oversight Board.
2000ee–1.
Privacy and civil liberties officers.
2000ee–2.
Privacy and data protection policies and procedures.
2000ee–3.
Federal agency data mining reporting.

        

§2000ee. Privacy and Civil Liberties Oversight Board

(a) In general

There is established as an independent agency within the executive branch a Privacy and Civil Liberties Oversight Board (referred to in this section as the "Board").

(b) Findings

Consistent with the report of the National Commission on Terrorist Attacks Upon the United States, Congress makes the following findings:

(1) In conducting the war on terrorism, the Government may need additional powers and may need to enhance the use of its existing powers.

(2) This shift of power and authority to the Government calls for an enhanced system of checks and balances to protect the precious liberties that are vital to our way of life and to ensure that the Government uses its powers for the purposes for which the powers were given.

(3) The National Commission on Terrorist Attacks Upon the United States correctly concluded that "The choice between security and liberty is a false choice, as nothing is more likely to endanger America's liberties than the success of a terrorist attack at home. Our history has shown us that insecurity threatens liberty. Yet, if our liberties are curtailed, we lose the values that we are struggling to defend.".

(c) Purpose

The Board shall—

(1) analyze and review actions the executive branch takes to protect the Nation from terrorism, ensuring that the need for such actions is balanced with the need to protect privacy and civil liberties; and

(2) ensure that liberty concerns are appropriately considered in the development and implementation of laws, regulations, and policies related to efforts to protect the Nation against terrorism.

(d) Functions

(1) Advice and counsel on policy development and implementation

The Board shall—

(A) review proposed legislation, regulations, and policies related to efforts to protect the Nation from terrorism, including the development and adoption of information sharing guidelines under subsections (d) and (f) of section 485 of title 6;

(B) review the implementation of new and existing legislation, regulations, and policies related to efforts to protect the Nation from terrorism, including the implementation of information sharing guidelines under subsections (d) and (f) of section 485 of title 6;

(C) advise the President and the departments, agencies, and elements of the executive branch to ensure that privacy and civil liberties are appropriately considered in the development and implementation of such legislation, regulations, policies, and guidelines; and

(D) in providing advice on proposals to retain or enhance a particular governmental power, consider whether the department, agency, or element of the executive branch has established—

(i) that the need for the power is balanced with the need to protect privacy and civil liberties;

(ii) that there is adequate supervision of the use by the executive branch of the power to ensure protection of privacy and civil liberties; and

(iii) that there are adequate guidelines and oversight to properly confine its use.

(2) Oversight

The Board shall continually review—

(A) the regulations, policies, and procedures, and the implementation of the regulations, policies, and procedures, of the departments, agencies, and elements of the executive branch relating to efforts to protect the Nation from terrorism to ensure that privacy and civil liberties are protected;

(B) the information sharing practices of the departments, agencies, and elements of the executive branch relating to efforts to protect the Nation from terrorism to determine whether they appropriately protect privacy and civil liberties and adhere to the information sharing guidelines issued or developed under subsections (d) and (f) of section 485 of title 6 and to other governing laws, regulations, and policies regarding privacy and civil liberties; and

(C) other actions by the executive branch relating to efforts to protect the Nation from terrorism to determine whether such actions—

(i) appropriately protect privacy and civil liberties; and

(ii) are consistent with governing laws, regulations, and policies regarding privacy and civil liberties.

(3) Relationship with privacy and civil liberties officers

The Board shall—

(A) receive and review reports and other information from privacy officers and civil liberties officers under section 2000ee–1 of this title;

(B) when appropriate, make recommendations to such privacy officers and civil liberties officers regarding their activities; and

(C) when appropriate, coordinate the activities of such privacy officers and civil liberties officers on relevant interagency matters.

(4) Testimony

The members of the Board shall appear and testify before Congress upon request.

(e) Reports

(1) In general

The Board shall—

(A) receive and review reports from privacy officers and civil liberties officers under section 2000ee–1 of this title; and

(B) periodically submit, not less than semiannually, reports—

(i)(I) to the appropriate committees of Congress, including the Committee on the Judiciary of the Senate, the Committee on the Judiciary of the House of Representatives, the Committee on Homeland Security and Governmental Affairs of the Senate, the Committee on Homeland Security of the House of Representatives, the Committee on Oversight and Government Reform of the House of Representatives, the Select Committee on Intelligence of the Senate, and the Permanent Select Committee on Intelligence of the House of Representatives; and

(II) to the President; and

(ii) which shall be in unclassified form to the greatest extent possible, with a classified annex where necessary.

(2) Contents

Not less than 2 reports submitted each year under paragraph (1)(B) shall include—

(A) a description of the major activities of the Board during the preceding period;

(B) information on the findings, conclusions, and recommendations of the Board resulting from its advice and oversight functions under subsection (d);

(C) the minority views on any findings, conclusions, and recommendations of the Board resulting from its advice and oversight functions under subsection (d);

(D) each proposal reviewed by the Board under subsection (d)(1) that—

(i) the Board advised against implementation; and

(ii) notwithstanding such advice, actions were taken to implement; and


(E) for the preceding period, any requests submitted under subsection (g)(1)(D) for the issuance of subpoenas that were modified or denied by the Attorney General.

(f) Informing the public

The Board shall—

(1) make its reports, including its reports to Congress, available to the public to the greatest extent that is consistent with the protection of classified information and applicable law; and

(2) hold public hearings and otherwise inform the public of its activities, as appropriate and in a manner consistent with the protection of classified information and applicable law.

(g) Access to information

(1) Authorization

If determined by the Board to be necessary to carry out its responsibilities under this section, the Board is authorized to—

(A) have access from any department, agency, or element of the executive branch, or any Federal officer or employee of any such department, agency, or element, to all relevant records, reports, audits, reviews, documents, papers, recommendations, or other relevant material, including classified information consistent with applicable law;

(B) interview, take statements from, or take public testimony from personnel of any department, agency, or element of the executive branch, or any Federal officer or employee of any such department, agency, or element;

(C) request information or assistance from any State, tribal, or local government; and

(D) at the direction of a majority of the members of the Board, submit a written request to the Attorney General of the United States that the Attorney General require, by subpoena, persons (other than departments, agencies, and elements of the executive branch) to produce any relevant information, documents, reports, answers, records, accounts, papers, and other documentary or testimonial evidence.

(2) Review of subpoena request

(A) In general

Not later than 30 days after the date of receipt of a request by the Board under paragraph (1)(D), the Attorney General shall—

(i) issue the subpoena as requested; or

(ii) provide the Board, in writing, with an explanation of the grounds on which the subpoena request has been modified or denied.

(B) Notification

If a subpoena request is modified or denied under subparagraph (A)(ii), the Attorney General shall, not later than 30 days after the date of that modification or denial, notify the Committee on the Judiciary of the Senate and the Committee on the Judiciary of the House of Representatives.

(3) Enforcement of subpoena

In the case of contumacy or failure to obey a subpoena issued pursuant to paragraph (1)(D), the United States district court for the judicial district in which the subpoenaed person resides, is served, or may be found may issue an order requiring such person to produce the evidence required by such subpoena.

(4) Agency cooperation

Whenever information or assistance requested under subparagraph (A) or (B) of paragraph (1) is, in the judgment of the Board, unreasonably refused or not provided, the Board shall report the circumstances to the head of the department, agency, or element concerned without delay. The head of the department, agency, or element concerned shall ensure that the Board is given access to the information, assistance, material, or personnel the Board determines to be necessary to carry out its functions.

(5) Access

Nothing in this section shall be construed to authorize the Board, or any agent thereof, to gain access to information regarding an activity covered by section 3093(a) of title 50.

(h) Membership

(1) Members

The Board shall be composed of a full-time chairman and 4 additional members, who shall be appointed by the President, by and with the advice and consent of the Senate.

(2) Qualifications

Members of the Board shall be selected solely on the basis of their professional qualifications, achievements, public stature, expertise in civil liberties and privacy, and relevant experience, and without regard to political affiliation, but in no event shall more than 3 members of the Board be members of the same political party. The President shall, before appointing an individual who is not a member of the same political party as the President, consult with the leadership of that party, if any, in the Senate and House of Representatives.

(3) Incompatible office

An individual appointed to the Board may not, while serving on the Board, be an elected official, officer, or employee of the Federal Government, other than in the capacity as a member of the Board.

(4) Term

Each member of the Board shall serve a term of 6 years, except that—

(A) a member appointed to a term of office after the commencement of such term may serve under such appointment only for the remainder of such term; and

(B) upon the expiration of the term of office of a member, the member shall continue to serve until the member's successor has been appointed and qualified, except that no member may serve under this subparagraph—

(i) for more than 60 days when Congress is in session unless a nomination to fill the vacancy shall have been submitted to the Senate; or

(ii) after the adjournment sine die of the session of the Senate in which such nomination is submitted.

(5) Quorum and meetings

The Board shall meet upon the call of the chairman or a majority of its members. Three members of the Board shall constitute a quorum.

(i) Compensation and travel expenses

(1) Compensation

(A) Chairman

The chairman of the Board shall be compensated at the rate of pay payable for a position at level III of the Executive Schedule under section 5314 of title 5.

(B) Members

Each member of the Board shall be compensated at a rate of pay payable for a position at level IV of the Executive Schedule under section 5315 of title 5 for each day during which that member is engaged in the actual performance of the duties of the Board.

(2) Travel expenses

Members of the Board shall be allowed travel expenses, including per diem in lieu of subsistence, at rates authorized for persons employed intermittently by the Government under section 5703(b) 1 of title 5, while away from their homes or regular places of business in the performance of services for the Board.

(j) Staff

(1) Appointment and compensation

The chairman of the Board, in accordance with rules agreed upon by the Board, shall appoint and fix the compensation of a full-time executive director and such other personnel as may be necessary to enable the Board to carry out its functions, without regard to the provisions of title 5 governing appointments in the competitive service, and without regard to the provisions of chapter 51 and subchapter III of chapter 53 of such title relating to classification and General Schedule pay rates, except that no rate of pay fixed under this subsection may exceed the equivalent of that payable for a position at level V of the Executive Schedule under section 5316 of title 5.

(2) Detailees

Any Federal employee may be detailed to the Board without reimbursement from the Board, and such detailee shall retain the rights, status, and privileges of the detailee's regular employment without interruption.

(3) Consultant services

The Board may procure the temporary or intermittent services of experts and consultants in accordance with section 3109 of title 5, at rates that do not exceed the daily rate paid a person occupying a position at level IV of the Executive Schedule under section 5315 of such title.

(k) Security clearances

(1) In general

The appropriate departments, agencies, and elements of the executive branch shall cooperate with the Board to expeditiously provide the Board members and staff with appropriate security clearances to the extent possible under existing procedures and requirements.

(2) Rules and procedures

After consultation with the Secretary of Defense, the Attorney General, and the Director of National Intelligence, the Board shall adopt rules and procedures of the Board for physical, communications, computer, document, personnel, and other security relating to carrying out the functions of the Board.

(l) Treatment as agency, not as advisory committee

The Board—

(1) is an agency (as defined in section 551(1) of title 5); and

(2) is not an advisory committee (as defined in section 3(2) of the Federal Advisory Committee Act (5 U.S.C. App.)).

(m) Authorization of appropriations

There are authorized to be appropriated to carry out this section amounts as follows:

(1) For fiscal year 2008, $5,000,000.

(2) For fiscal year 2009, $6,650,000.

(3) For fiscal year 2010, $8,300,000.

(4) For fiscal year 2011, $10,000,000.

(5) For fiscal year 2012 and each subsequent fiscal year, such sums as may be necessary.

(Pub. L. 108–458, title I, §1061, Dec. 17, 2004, 118 Stat. 3684; Pub. L. 110–53, title VIII, §801(a), Aug. 3, 2007, 121 Stat. 352; Pub. L. 114–113, div. M, title III, §305, Dec. 18, 2015, 129 Stat. 2913.)

References in Text

Section 5703 of title 5, referred to in subsec. (i)(2), was amended generally by Pub. L. 94–22, §4, May 19, 1975, 89 Stat. 85, and, as so amended, does not contain a subsec. (b).

Section 3(2) of the Federal Advisory Committee Act, referred to in subsec. (l)(2), is section 3(2) of Pub. L. 92–463, which is set out in the Appendix to Title 5, Government Organization and Employees.

Codification

Section was formerly set out as a note under section 601 of Title 5, Government Organization and Employees.

Amendments

2015—Subsec. (g)(5). Pub. L. 114–113 added par. (5).

2007—Pub. L. 110–53 amended section generally, substituting provisions relating to Privacy and Civil Liberties Oversight Board, consisting of subsecs. (a) to (m), for provisions relating to Privacy and Civil Liberties Oversight Board, consisting of subsecs. (a) to (l).

Effective Date of 2007 Amendment

Pub. L. 110–53, title VIII, §801(d), Aug. 3, 2007, 121 Stat. 358, provided that:

"(1) In general.—The amendments made by subsection (a) and subsection (b) [amending this section] shall take effect 180 days after the date of enactment of this Act [Aug. 3, 2007].

"(2) Transition provisions.—Subsection (c) [enacting provisions set out as a note under this section] shall take effect on the date of enactment of this Act."

Security Rules and Procedures

Pub. L. 110–53, title VIII, §801(b), Aug. 3, 2007, 121 Stat. 357, provided that: "The Privacy and Civil Liberties Oversight Board shall promptly adopt the security rules and procedures required under section 1061(k)(2) of the National Security Intelligence Reform Act of 2004 [42 U.S.C. 2000ee(k)(2)] (as added by subsection (a) of this section)."

Transition Provisions

Pub. L. 110–53, title VIII, §801(c), Aug. 3, 2007, 121 Stat. 357, provided that:

"(1) Treatment of incumbent members of the privacy and civil liberties oversight board.—

"(A) Continuation of service.—Any individual who is a member of the Privacy and Civil Liberties Oversight Board on the date of enactment of this Act [Aug. 3, 2007] may continue to serve on the Board until 180 days after the date of enactment of this Act.

"(B) Termination of terms.—The term of any individual who is a member of the Privacy and Civil Liberties Oversight Board on the date of enactment of this Act shall terminate 180 days after the date of enactment of this Act.

"(2) Appointments.—

"(A) In general.—The President and the Senate shall take such actions as necessary for the President, by and with the advice and consent of the Senate, to appoint members to the Privacy and Civil Liberties Oversight Board as constituted under the amendments made by subsection (a) [amending this section] in a timely manner to provide for the continuing operation of the Board and orderly implementation of this section [amending this section and enacting provisions set out as notes under this section].

"(B) Designations.—In making the appointments described under subparagraph (A) of the first members of the Privacy and Civil Liberties Oversight Board as constituted under the amendments made by subsection (a), the President shall provide for the members to serve terms of 2, 3, 4, 5, and 6 years beginning on the effective date described under subsection (d)(1) [set out above], with the term of each such member to be designated by the President."

Ex. Ord. No. 13353. Establishing the President's Board on Safeguarding Americans' Civil Liberties

Ex. Ord. No. 13353, Aug. 27, 2004, 69 F.R. 53585, provided:

By the authority vested in me as President by the Constitution and the laws of the United States of America, and in order to further strengthen protections for the rights of Americans in the effective performance of national security and homeland security functions, it is hereby ordered as follows:

Section 1. Policy. The United States Government has a solemn obligation, and shall continue fully, to protect the legal rights of all Americans, including freedoms, civil liberties, and information privacy guaranteed by Federal law, in the effective performance of national security and homeland security functions.

Sec. 2. Establishment of Board. To advance the policy set forth in section 1 of this order (Policy), there is hereby established the President's Board on Safeguarding Americans' Civil Liberties (Board). The Board shall be part of the Department of Justice for administrative purposes.

Sec. 3. Functions. The Board shall:

(a)(i) advise the President on effective means to implement the Policy, and (ii) keep the President informed of the implementation of the Policy;

(b) periodically request reports from Federal departments and agencies relating to policies and procedures that ensure implementation of the Policy;

(c) recommend to the President policies, guidelines and other administrative actions, technologies, and legislation, as necessary to implement the Policy;

(d) at the request of the head of any Federal department or agency, unless the Chair, after consultation with the Vice Chair, declines the request, promptly review and provide advice on a policy or action of that department or agency that implicates the Policy;

(e) obtain information and advice relating to the Policy from representatives of entities or individuals outside the executive branch of the Federal Government in a manner that seeks their individual advice and does not involve collective judgment or consensus advice or deliberation;

(f) refer, consistent with section 535 of title 28, United States Code, credible information pertaining to possible violations of law relating to the Policy by any Federal employee or official to the appropriate office for prompt investigation;

(g) take steps to enhance cooperation and coordination among Federal departments and agencies in the implementation of the Policy, including but not limited to working with the Director of the Office of Management and Budget and other officers of the United States to review and assist in the coordination of guidelines and policies concerning national security and homeland security efforts, such as information collection and sharing; and

(h) undertake other efforts to protect the legal rights of all Americans, including freedoms, civil liberties, and information privacy guaranteed by Federal law, as the President may direct.

Upon the recommendation of the Board, the Attorney General or the Secretary of Homeland Security may establish one or more committees that include individuals from outside the executive branch of the Federal Government, in accordance with applicable law, to advise the Board on specific issues relating to the Policy. Any such committee shall carry out its functions separately from the Board.

Sec. 4. Membership and Operation. The Board shall consist exclusively of the following:

(a) the Deputy Attorney General, who shall serve as Chair;

(b) the Under Secretary for Border and Transportation Security, Department of Homeland Security, who shall serve as Vice Chair;

(c) the Assistant Attorney General (Civil Rights Division);

(d) the Assistant Attorney General (Office of Legal Policy);

(e) the Counsel for Intelligence Policy, Department of Justice;

(f) the Chair of the Privacy Council, Federal Bureau of Investigation;

(g) the Assistant Secretary for Information Analysis, Department of Homeland Security;

(h) the Assistant Secretary (Policy), Directorate of Border and Transportation Security, Department of Homeland Security;

(i) the Officer for Civil Rights and Civil Liberties, Department of Homeland Security;

(j) the Privacy Officer, Department of Homeland Security;

(k) the Under Secretary for Enforcement, Department of the Treasury;

(l) the Assistant Secretary (Terrorist Financing), Department of the Treasury;

(m) the General Counsel, Office of Management and Budget;

(n) the Deputy Director of Central Intelligence for Community Management;

(o) the General Counsel, Central Intelligence Agency;

(p) the General Counsel, National Security Agency;

(q) the Under Secretary of Defense for Intelligence;

(r) the General Counsel of the Department of Defense;

(s) the Legal Adviser, Department of State;

(t) the Director, Terrorist Threat Integration Center; and

(u) such other officers of the United States as the Deputy Attorney General may from time to time designate.

A member of the Board may designate, to perform the Board or Board subgroup functions of the member, any person who is part of such member's department or agency and who is either (i) an officer of the United States appointed by the President, or (ii) a member of the Senior Executive Service or the Senior Intelligence Service. The Chair, after consultation with the Vice Chair, shall convene and preside at meetings of the Board, determine its agenda, direct its work, and, as appropriate to deal with particular subject matters, establish and direct subgroups of the Board that shall consist exclusively of members of the Board. The Chair may invite, in his discretion, officers or employees of other departments or agencies to participate in the work of the Board. The Chair shall convene the first meeting of the Board within 20 days after the date of this order and shall thereafter convene meetings of the Board at such times as the Chair, after consultation with the Vice Chair, deems appropriate. The Deputy Attorney General shall designate an official of the Department of Justice to serve as the Executive Director of the Board.

Sec. 5. Cooperation. To the extent permitted by law, all Federal departments and agencies shall cooperate with the Board and provide the Board with such information, support, and assistance as the Board, through the Chair, may request.

Sec. 6. Administration. Consistent with applicable law and subject to the availability of appropriations, the Department of Justice shall provide the funding and administrative support for the Board necessary to implement this order.

Sec. 7. General Provisions. (a) This order shall not be construed to impair or otherwise affect the authorities of any department, agency, instrumentality, officer, or employee of the United States under applicable law, including the functions of the Director of the Office of Management and Budget relating to budget, administrative, or legislative proposals.

(b) This order shall be implemented in a manner consistent with applicable laws and Executive Orders concerning protection of information, including those for the protection of intelligence sources and methods, law enforcement information, and classified national security information, and the Privacy Act of 1974, as amended (5 U.S.C. 552a).

(c) This order is intended only to improve the internal management of the Federal Government and is not intended to, and does not, create any right or benefit, substantive or procedural, enforceable at law or in equity, by a party against the United States, or any of its departments, agencies, instrumentalities, entities, officers, employees, or agents, or any other person.

George W. Bush.      

1 See References in Text note below.

§2000ee–1. Privacy and civil liberties officers

(a) Designation and functions

The Attorney General, the Secretary of Defense, the Secretary of State, the Secretary of the Treasury, the Secretary of Health and Human Services, the Secretary of Homeland Security, the Director of National Intelligence, the Director of the Central Intelligence Agency, and the head of any other department, agency, or element of the executive branch designated by the Privacy and Civil Liberties Oversight Board under section 2000ee of this title to be appropriate for coverage under this section shall designate not less than 1 senior officer to serve as the principal advisor to—

(1) assist the head of such department, agency, or element and other officials of such department, agency, or element in appropriately considering privacy and civil liberties concerns when such officials are proposing, developing, or implementing laws, regulations, policies, procedures, or guidelines related to efforts to protect the Nation against terrorism;

(2) periodically investigate and review department, agency, or element actions, policies, procedures, guidelines, and related laws and their implementation to ensure that such department, agency, or element is adequately considering privacy and civil liberties in its actions;

(3) ensure that such department, agency, or element has adequate procedures to receive, investigate, respond to, and redress complaints from individuals who allege such department, agency, or element has violated their privacy or civil liberties; and

(4) in providing advice on proposals to retain or enhance a particular governmental power the officer shall consider whether such department, agency, or element has established—

(A) that the need for the power is balanced with the need to protect privacy and civil liberties;

(B) that there is adequate supervision of the use by such department, agency, or element of the power to ensure protection of privacy and civil liberties; and

(C) that there are adequate guidelines and oversight to properly confine its use.

(b) Exception to designation authority

(1) Privacy officers

In any department, agency, or element referred to in subsection (a) or designated by the Privacy and Civil Liberties Oversight Board, which has a statutorily created privacy officer, such officer shall perform the functions specified in subsection (a) with respect to privacy.

(2) Civil liberties officers

In any department, agency, or element referred to in subsection (a) or designated by the Board, which has a statutorily created civil liberties officer, such officer shall perform the functions specified in subsection (a) with respect to civil liberties.

(c) Supervision and coordination

Each privacy officer or civil liberties officer described in subsection (a) or (b) shall—

(1) report directly to the head of the department, agency, or element concerned; and

(2) coordinate their activities with the Inspector General of such department, agency, or element to avoid duplication of effort.

(d) Agency cooperation

The head of each department, agency, or element shall ensure that each privacy officer and civil liberties officer—

(1) has the information, material, and resources necessary to fulfill the functions of such officer;

(2) is advised of proposed policy changes;

(3) is consulted by decision makers; and

(4) is given access to material and personnel the officer determines to be necessary to carry out the functions of such officer.

(e) Reprisal for making complaint

No action constituting a reprisal, or threat of reprisal, for making a complaint or for disclosing information to a privacy officer or civil liberties officer described in subsection (a) or (b), or to the Privacy and Civil Liberties Oversight Board, that indicates a possible violation of privacy protections or civil liberties in the administration of the programs and operations of the Federal Government relating to efforts to protect the Nation from terrorism shall be taken by any Federal employee in a position to take such action, unless the complaint was made or the information was disclosed with the knowledge that it was false or with willful disregard for its truth or falsity.

(f) Periodic reports

(1) In general

The privacy officers and civil liberties officers of each department, agency, or element referred to or described in subsection (a) or (b) shall periodically, but not less than semiannually, submit a report on the activities of such officers—

(A)(i) to the appropriate committees of Congress, including the Committee on the Judiciary of the Senate, the Committee on the Judiciary of the House of Representatives, the Committee on Homeland Security and Governmental Affairs of the Senate, the Committee on Oversight and Government Reform of the House of Representatives, the Select Committee on Intelligence of the Senate, and the Permanent Select Committee on Intelligence of the House of Representatives;

(ii) to the head of such department, agency, or element; and

(iii) to the Privacy and Civil Liberties Oversight Board; and

(B) which shall be in unclassified form to the greatest extent possible, with a classified annex where necessary.

(2) Contents

Each report submitted under paragraph (1) shall include information on the discharge of each of the functions of the officer concerned, including—

(A) information on the number and types of reviews undertaken;

(B) the type of advice provided and the response given to such advice;

(C) the number and nature of the complaints received by the department, agency, or element concerned for alleged violations; and

(D) a summary of the disposition of such complaints, the reviews and inquiries conducted, and the impact of the activities of such officer.

(g) Informing the public

Each privacy officer and civil liberties officer shall—

(1) make the reports of such officer, including reports to Congress, available to the public to the greatest extent that is consistent with the protection of classified information and applicable law; and

(2) otherwise inform the public of the activities of such officer, as appropriate and in a manner consistent with the protection of classified information and applicable law.

(h) Savings clause

Nothing in this section shall be construed to limit or otherwise supplant any other authorities or responsibilities provided by law to privacy officers or civil liberties officers.

(Pub. L. 108–458, title I, §1062, Dec. 17, 2004, 118 Stat. 3688; Pub. L. 110–53, title VIII, §803(a), Aug. 3, 2007, 121 Stat. 360; Pub. L. 113–126, title III, §329(b)(4), July 7, 2014, 128 Stat. 1406.)

Amendments

2014—Subsec. (f)(1). Pub. L. 113–126 substituted "semiannually" for "quarterly" in introductory provisions.

2007—Pub. L. 110–53 amended section generally. Prior to amendment, text of section read as follows: "It is the sense of Congress that each executive department or agency with law enforcement or antiterrorism functions should designate a privacy and civil liberties officer."

§2000ee–2. Privacy and data protection policies and procedures

(a) Privacy Officer

Each agency shall have a Chief Privacy Officer to assume primary responsibility for privacy and data protection policy, including—

(1) assuring that the use of technologies sustain, and do not erode, privacy protections relating to the use, collection, and disclosure of information in an identifiable form;

(2) assuring that technologies used to collect, use, store, and disclose information in identifiable form allow for continuous auditing of compliance with stated privacy policies and practices governing the collection, use and distribution of information in the operation of the program;

(3) assuring that personal information contained in Privacy Act systems of records is handled in full compliance with fair information practices as defined in the Privacy Act of 1974 [5 U.S.C. 552a];

(4) evaluating legislative and regulatory proposals involving collection, use, and disclosure of personal information by the Federal Government;

(5) conducting a privacy impact assessment of proposed rules of the Department on the privacy of information in an identifiable form, including the type of personally identifiable information collected and the number of people affected;

(6) preparing a report to Congress on an annual basis on activities of the Department that affect privacy, including complaints of privacy violations, implementation of section 552a of title 5, 11 1 internal controls, and other relevant matters;

(7) ensuring that the Department protects information in an identifiable form and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction;

(8) training and educating employees on privacy and data protection policies to promote awareness of and compliance with established privacy and data protection policies; and

(9) ensuring compliance with the Departments 2 established privacy and data protection policies.

(b) Establishing privacy and data protection procedures and policies

(1) 3 In general

Within 12 months of December 8, 2004, each agency shall establish and implement comprehensive privacy and data protection procedures governing the agency's collection, use, sharing, disclosure, transfer, storage and security of information in an identifiable form relating to the agency employees and the public. Such procedures shall be consistent with legal and regulatory guidance, including OMB regulations, the Privacy Act of 1974 [5 U.S.C. 552a], and section 208 of the E-Government Act of 2002.

(c) Recording

Each agency shall prepare a written report of its use of information in an identifiable form, along with its privacy and data protection policies and procedures and record it with the Inspector General of the agency to serve as a benchmark for the agency. Each report shall be signed by the agency privacy officer to verify that the agency intends to comply with the procedures in the report. By signing the report the privacy officer also verifies that the agency is only using information in identifiable form as detailed in the report.

(d) Inspector General review

The Inspector General of each agency shall periodically conduct a review of the agency's implementation of this section and shall report the results of its review to the Committees on Appropriations of the House of Representatives and the Senate, the House Committee on Oversight and Government Reform, and the Senate Committee on Homeland Security and Governmental Affairs. The report required by this review may be incorporated into a related report to Congress otherwise required by law including, but not limited to, section 3545 4 of title 44, the Federal Information Security Management Act of 2002. The Inspector General may contract with an independent, third party organization to conduct the review.

(e) Report

(1) In general

Upon completion of a review, the Inspector General of an agency shall submit to the head of that agency a detailed report on the review, including recommendations for improvements or enhancements to management of information in identifiable form, and the privacy and data protection procedures of the agency.

(2) Internet availability

Each agency shall make each independent third party review, and each report of the Inspector General relating to that review available to the public.

(f) Definition

In this section, the definition of "identifiable form" is consistent with Public Law 107–347, the E-Government Act of 2002, and means any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means.

(Pub. L. 108–447, div. H, title V, §522, Dec. 8, 2004, 118 Stat. 3268; Pub. L. 110–161, div. D, title VII, §742(b), Dec. 26, 2007, 121 Stat. 2032.)

References in Text

The Privacy Act of 1974, referred to in subsecs. (a)(3) and (b)(1), is Pub. L. 93–579, Dec. 31, 1974, 88 Stat. 1896, which enacted section 552a of Title 5, Government Organization and Employees, and provisions set out as notes under section 552a of Title 5. For complete classification of this Act to the Code, see Short Title of 1974 Amendment note set out under section 552a of Title 5 and Tables.

Section 3545 of title 44, referred to in subsec. (d), was repealed by Pub. L. 113–283, §2(a), Dec. 18, 2014, 128 Stat. 3073. Provisions similar to section 3545 of title 44 are now contained in section 3555 of title 44, as enacted by Pub. L. 113–283.

The Federal Information Security Management Act of 2002, referred to in subsec. (d), is the statutory short title for title III of Pub. L. 107–347, Dec. 17, 2002, 116 Stat. 2946, and for title X of Pub. L. 107–296, Nov. 25, 116 Stat. 2259. For complete classification of these Acts to the Code, see Short Title of 2002 Amendments note set out under section 101 of Title 44, Public Printing and Documents, Short Title note set out under section 101 of Title 6, Domestic Security, and Tables.

The E-Government Act of 2002, referred to in subsec. (f), is Pub. L. 107–347, Dec. 17, 2002, 116 Stat. 2899. Section 208 of the Act is set out as a note under section 3501 of Title 44, Public Printing and Documents. For complete classification of this Act to the Code, see Short Title of 2002 Amendments note set out under section 101 of Title 44 and Tables.

Codification

Section was formerly set out as a note under section 552a of Title 5, Government Organization and Employees.

Amendments

2007—Subsec. (d). Pub. L. 110–161 added subsec. (d) and struck out former subsec. (d) which related to independent, third-party reviews.

Ex. Ord. No. 13719. Establishment of the Federal Privacy Council

Ex. Ord. No. 13719, Feb. 9, 2016, 81 F.R. 7961, provided:

By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby ordered as follows:

Section 1. Policy. The mission of the United States Government is to serve its people. In order to accomplish its mission, the Government lawfully collects, maintains, and uses large amounts of information about people in a wide range of contexts. Protecting privacy in the collection and handling of this information is fundamental to the successful accomplishment of the Government's mission. The proper functioning of Government requires the public's trust, and to maintain that trust the Government must strive to uphold the highest standards for collecting, maintaining, and using personal data. Privacy has been at the heart of our democracy from its inception, and we need it now more than ever.

Executive departments and agencies (agencies) already take seriously their mission to protect privacy and have been working diligently to advance that mission through existing interagency mechanisms. Today's challenges, however, require that we find even more effective and innovative ways to improve the Government's efforts. Our efforts to meet these new challenges and preserve our core value of privacy, while delivering better and more effective Government services for the American people, demand leadership and enhanced coordination and collaboration among a diverse group of stakeholders and experts.

Therefore, it shall be the policy of the United States Government that agencies shall establish an interagency support structure that: builds on existing interagency efforts to protect privacy and provides expertise and assistance to agencies; expands the skill and career development opportunities of agency privacy professionals; improves the management of agency privacy programs by identifying and sharing lessons learned and best practices; and promotes collaboration between and among agency privacy professionals to reduce unnecessary duplication of efforts and to ensure the effective, efficient, and consistent implementation of privacy policy Government-wide.

Sec. 2. Policy on Senior Agency Officials for Privacy. Within 120 days of the date of this order, the Director of the Office of Management and Budget (Director) shall issue a revised policy on the role and designation of the Senior Agency Officials for Privacy. The policy shall provide guidance on the Senior Agency Official for Privacy's responsibilities at their agencies, required level of expertise, adequate level of resources, and other matters as determined by the Director. Agencies shall implement the requirements of the policy within a reasonable time frame as prescribed by the Director and consistent with applicable law.

Sec. 3. Responsibilities of Agency Heads. The head of each agency, consistent with guidance to be issued by the Director as required in section 2 of this order, shall designate or re-designate a Senior Agency Official for Privacy with the experience and skills necessary to manage an agency-wide privacy program. In addition, the head of each agency, to the extent permitted by law and consistent with ongoing activities, shall work with the Federal Privacy Council, established in section 4 of this order.

Sec. 4. The Federal Privacy Council.

(a) Establishment. There is hereby established the Federal Privacy Council (Privacy Council) as the principal interagency forum to improve the Government privacy practices of agencies and entities acting on their behalf. The establishment of the Privacy Council will help Senior Agency Officials for Privacy at agencies better coordinate and collaborate, educate the Federal workforce, and exchange best practices. The activities of the Privacy Council will reinforce the essential work that agency privacy officials undertake every day to protect privacy.

(b) Membership. The Chair of the Privacy Council shall be the Deputy Director for Management of the Office of Management and Budget. The Chair may designate a Vice Chair, establish working groups, and assign responsibilities for operations of the Privacy Council as he or she deems necessary. In addition to the Chair, the Privacy Council shall be composed of the Senior Agency Officials for Privacy at the following agencies:

(i) Department of State;

(ii) Department of the Treasury;

(iii) Department of Defense;

(iv) Department of Justice;

(v) Department of the Interior;

(vi) Department of Agriculture;

(vii) Department of Commerce;

(viii) Department of Labor;

(ix) Department of Health and Human Services;

(x) Department of Homeland Security;

(xi) Department of Housing and Urban Development;

(xii) Department of Transportation;

(xiii) Department of Energy;

(xiv) Department of Education;

(xv) Department of Veterans Affairs;

(xvi) Environmental Protection Agency;

(xvii) Office of the Director of National Intelligence;

(xviii) Small Business Administration;

(xix) National Aeronautics and Space Administration;

(xx) Agency for International Development;

(xxi) General Services Administration;

(xxii) National Science Foundation;

(xxiii) Office of Personnel Management; and

(xxiv) National Archives and Records Administration.

The Privacy Council may also include other officials from agencies and offices, as the Chair may designate, and the Chair may invite the participation of officials from such independent agencies as he or she deems appropriate.

(c) Functions. The Privacy Council shall:

(i) develop recommendations for the Office of Management and Budget on Federal Government privacy policies and requirements;

(ii) coordinate and share ideas, best practices, and approaches for protecting privacy and implementing appropriate privacy safeguards;

(iii) assess and recommend how best to address the hiring, training, and professional development needs of the Federal Government with respect to privacy matters; and

(iv) perform other privacy-related functions, consistent with law, as designated by the Chair.

(d) Coordination.

(i) The Chair and the Privacy Council shall coordinate with the Federal Chief Information Officers Council (CIO Council) to promote consistency and efficiency across the executive branch when addressing privacy and information security issues. In addition, the Chairs of the Privacy Council and the CIO Council shall coordinate to ensure that the work of the two councils is complementary and not duplicative.

(ii) The Chair and the Privacy Council should coordinate, as appropriate, with such other interagency councils and councils and offices within the Executive Office of the President, as appropriate, including the President's Management Council, the Chief Financial Officers Council, the President's Council on Integrity and Efficiency, the National Science and Technology Council, the National Economic Council, the Domestic Policy Council, the National Security Council staff, the Office of Science and Technology Policy, the Interagency Council on Statistical Policy, the Federal Acquisition Regulatory Council, and the Small Agency Council.

Sec. 5. General Provisions. (a) Nothing in this order shall be construed to impair or otherwise affect:

(i) the authority granted by law to a department, agency, or the head thereof; or

(ii) the functions of the Director relating to budgetary, administrative, or legislative proposals.

(b) This order shall be implemented consistent with applicable law and subject to the availability of appropriations.

(c) Independent agencies are encouraged to comply with the requirements of this order.

(d) This order is not intended to, and does not, create any right or benefit, substantive or procedural, enforceable at law or in equity by any party against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person.

Barack Obama.      

[Ex. Ord. No. 13719 was originally published at 81 F.R. 7687 and was republished as set out above to correct an error appearing in the original publication.]

1 So in original.

2 So in original. Probably should be "Department's".

3 So in original. No par. (2) has been enacted.

4 See References in Text note below.

§2000ee–3. Federal agency data mining reporting

(a) Short title

This section may be cited as the "Federal Agency Data Mining Reporting Act of 2007".

(b) Definitions

In this section:

(1) Data mining

The term "data mining" means a program involving pattern-based queries, searches, or other analyses of 1 or more electronic databases, where—

(A) a department or agency of the Federal Government, or a non-Federal entity acting on behalf of the Federal Government, is conducting the queries, searches, or other analyses to discover or locate a predictive pattern or anomaly indicative of terrorist or criminal activity on the part of any individual or individuals;

(B) the queries, searches, or other analyses are not subject-based and do not use personal identifiers of a specific individual, or inputs associated with a specific individual or group of individuals, to retrieve information from the database or databases; and

(C) the purpose of the queries, searches, or other analyses is not solely—

(i) the detection of fraud, waste, or abuse in a Government agency or program; or

(ii) the security of a Government computer system.

(2) Database

The term "database" does not include telephone directories, news reporting, information publicly available to any member of the public without payment of a fee, or databases of judicial and administrative opinions or other legal research sources.

(c) Reports on data mining activities by Federal agencies

(1) Requirement for report

The head of each department or agency of the Federal Government that is engaged in any activity to use or develop data mining shall submit a report to Congress on all such activities of the department or agency under the jurisdiction of that official. The report shall be produced in coordination with the privacy officer of that department or agency, if applicable, and shall be made available to the public, except for an annex described in subparagraph (C).1

(2) Content of report

Each report submitted under subparagraph (A) 2 shall include, for each activity to use or develop data mining, the following information:

(A) A thorough description of the data mining activity, its goals, and, where appropriate, the target dates for the deployment of the data mining activity.

(B) A thorough description of the data mining technology that is being used or will be used, including the basis for determining whether a particular pattern or anomaly is indicative of terrorist or criminal activity.

(C) A thorough description of the data sources that are being or will be used.

(D) An assessment of the efficacy or likely efficacy of the data mining activity in providing accurate information consistent with and valuable to the stated goals and plans for the use or development of the data mining activity.

(E) An assessment of the impact or likely impact of the implementation of the data mining activity on the privacy and civil liberties of individuals, including a thorough description of the actions that are being taken or will be taken with regard to the property, privacy, or other rights or privileges of any individual or individuals as a result of the implementation of the data mining activity.

(F) A list and analysis of the laws and regulations that govern the information being or to be collected, reviewed, gathered, analyzed, or used in conjunction with the data mining activity, to the extent applicable in the context of the data mining activity.

(G) A thorough discussion of the policies, procedures, and guidelines that are in place or that are to be developed and applied in the use of such data mining activity in order to—

(i) protect the privacy and due process rights of individuals, such as redress procedures; and

(ii) ensure that only accurate and complete information is collected, reviewed, gathered, analyzed, or used, and guard against any harmful consequences of potential inaccuracies.

(3) Annex

(A) In general

A report under subparagraph (A) 2 shall include in an annex any necessary—

(i) classified information;

(ii) law enforcement sensitive information;

(iii) proprietary business information; or

(iv) trade secrets (as that term is defined in section 1839 of title 18).

(B) Availability

Any annex described in clause (i)— 3

(i) shall be available, as appropriate, and consistent with the National Security Act of 1947 [50 U.S.C. 3001 et seq.], to the Committee on Homeland Security and Governmental Affairs, the Committee on the Judiciary, the Select Committee on Intelligence, the Committee on Appropriations, and the Committee on Banking, Housing, and Urban Affairs of the Senate and the Committee on Homeland Security, the Committee on the Judiciary, the Permanent Select Committee on Intelligence, the Committee on Appropriations, and the Committee on Financial Services of the House of Representatives; and

(ii) shall not be made available to the public.

(4) Time for report

Each report required under subparagraph (A) 2 shall be—

(A) submitted not later than 180 days after August 3, 2007; and

(B) updated not less frequently than annually thereafter, to include any activity to use or develop data mining engaged in after the date of the prior report submitted under subparagraph (A).2

(Pub. L. 110–53, title VIII, §804, Aug. 3, 2007, 121 Stat. 362.)

References in Text

The National Security Act of 1947, referred to in subsec. (c)(3)(B)(i), is act July 26, 1947, ch. 343, 61 Stat. 495, which was formerly classified principally to chapter 15 (§401 et seq.) of Title 50, War and National Defense, prior to editorial reclassification in Title 50, and is now classified principally to chapter 44 (§3001 et seq.) of Title 50. For complete classification of this Act to the Code, see Tables.

1 So in original. Probably should be "paragraph (3)".

2 So in original. Probably should be "paragraph (1)".

3 So in original. Probably should be "subparagraph (A)—".