TITLE 42 - US CODE - CHAPTER 21E - PRIVACY AND CIVIL LIBERTIES PROTECTION AND OVERSIGHT

42 USC 2000ee - Privacy and Civil Liberties Oversight Board

(a) In general
There is established as an independent agency within the executive branch a Privacy and Civil Liberties Oversight Board (referred to in this section as the Board).

(b) Findings
Consistent with the report of the National Commission on Terrorist Attacks Upon the United States, Congress makes the following findings:

(1) In conducting the war on terrorism, the Government may need additional powers and may need to enhance the use of its existing powers.

(2) This shift of power and authority to the Government calls for an enhanced system of checks and balances to protect the precious liberties that are vital to our way of life and to ensure that the Government uses its powers for the purposes for which the powers were given.

(3) The National Commission on Terrorist Attacks Upon the United States correctly concluded that The choice between security and liberty is a false choice, as nothing is more likely to endanger Americas liberties than the success of a terrorist attack at home. Our history has shown us that insecurity threatens liberty. Yet, if our liberties are curtailed, we lose the values that we are struggling to defend..

(1) analyze and review actions the executive branch takes to protect the Nation from terrorism, ensuring that the need for such actions is balanced with the need to protect privacy and civil liberties; and

(2) ensure that liberty concerns are appropriately considered in the development and implementation of laws, regulations, and policies related to efforts to protect the Nation against terrorism.

(d) Functions

(1) Advice and counsel on policy development and implementation
The Board shall

(A) review proposed legislation, regulations, and policies related to efforts to protect the Nation from terrorism, including the development and adoption of information sharing guidelines under subsections (d) and (f) of section 485 of title 6;

(B) review the implementation of new and existing legislation, regulations, and policies related to efforts to protect the Nation from terrorism, including the implementation of information sharing guidelines under subsections (d) and (f) of section 485 of title 6;

(C) advise the President and the departments, agencies, and elements of the executive branch to ensure that privacy and civil liberties are appropriately considered in the development and implementation of such legislation, regulations, policies, and guidelines; and

(D) in providing advice on proposals to retain or enhance a particular governmental power, consider whether the department, agency, or element of the executive branch has established

(i) that the need for the power is balanced with the need to protect privacy and civil liberties;

(ii) that there is adequate supervision of the use by the executive branch of the power to ensure protection of privacy and civil liberties; and

(iii) that there are adequate guidelines and oversight to properly confine its use.

(2) Oversight
The Board shall continually review

(A) the regulations, policies, and procedures, and the implementation of the regulations, policies, and procedures, of the departments, agencies, and elements of the executive branch relating to efforts to protect the Nation from terrorism to ensure that privacy and civil liberties are protected;

(B) the information sharing practices of the departments, agencies, and elements of the executive branch relating to efforts to protect the Nation from terrorism to determine whether they appropriately protect privacy and civil liberties and adhere to the information sharing guidelines issued or developed under subsections (d) and (f) of section 485 of title 6 and to other governing laws, regulations, and policies regarding privacy and civil liberties; and

(C) other actions by the executive branch relating to efforts to protect the Nation from terrorism to determine whether such actions

(i) appropriately protect privacy and civil liberties; and

(ii) are consistent with governing laws, regulations, and policies regarding privacy and civil liberties.

(3) Relationship with privacy and civil liberties officers
The Board shall

(A) receive and review reports and other information from privacy officers and civil liberties officers under section 2000ee–1 of this title;

(B) when appropriate, make recommendations to such privacy officers and civil liberties officers regarding their activities; and

(C) when appropriate, coordinate the activities of such privacy officers and civil liberties officers on relevant interagency matters.

(4) Testimony
The members of the Board shall appear and testify before Congress upon request.

(e) Reports

(1) In general
The Board shall

(A) receive and review reports from privacy officers and civil liberties officers under section 2000ee–1 of this title; and

(B) periodically submit, not less than semiannually, reports

(i)

(I) to the appropriate committees of Congress, including the Committee on the Judiciary of the Senate, the Committee on the Judiciary of the House of Representatives, the Committee on Homeland Security and Governmental Affairs of the Senate, the Committee on Homeland Security of the House of Representatives, the Committee on Oversight and Government Reform of the House of Representatives, the Select Committee on Intelligence of the Senate, and the Permanent Select Committee on Intelligence of the House of Representatives; and

(II) to the President; and

(ii) which shall be in unclassified form to the greatest extent possible, with a classified annex where necessary.

(2) Contents
Not less than 2 reports submitted each year under paragraph (1)(B) shall include

(A) a description of the major activities of the Board during the preceding period;

(B) information on the findings, conclusions, and recommendations of the Board resulting from its advice and oversight functions under subsection (d);

(C) the minority views on any findings, conclusions, and recommendations of the Board resulting from its advice and oversight functions under subsection (d);

(D) each proposal reviewed by the Board under subsection (d)(1) that

(i) the Board advised against implementation; and

(ii) notwithstanding such advice, actions were taken to implement; and

(E) for the preceding period, any requests submitted under subsection (g)(1)(D) for the issuance of subpoenas that were modified or denied by the Attorney General.

(f) Informing the public
The Board shall

(1) make its reports, including its reports to Congress, available to the public to the greatest extent that is consistent with the protection of classified information and applicable law; and

(2) hold public hearings and otherwise inform the public of its activities, as appropriate and in a manner consistent with the protection of classified information and applicable law.

(g) Access to information

(1) Authorization
If determined by the Board to be necessary to carry out its responsibilities under this section, the Board is authorized to

(A) have access from any department, agency, or element of the executive branch, or any Federal officer or employee of any such department, agency, or element, to all relevant records, reports, audits, reviews, documents, papers, recommendations, or other relevant material, including classified information consistent with applicable law;

(B) interview, take statements from, or take public testimony from personnel of any department, agency, or element of the executive branch, or any Federal officer or employee of any such department, agency, or element;

(D) at the direction of a majority of the members of the Board, submit a written request to the Attorney General of the United States that the Attorney General require, by subpoena, persons (other than departments, agencies, and elements of the executive branch) to produce any relevant information, documents, reports, answers, records, accounts, papers, and other documentary or testimonial evidence.

(2) Review of subpoena request

(A) In general
Not later than 30 days after the date of receipt of a request by the Board under paragraph (1)(D), the Attorney General shall

(i) issue the subpoena as requested; or

(ii) provide the Board, in writing, with an explanation of the grounds on which the subpoena request has been modified or denied.

(B) Notification
If a subpoena request is modified or denied under subparagraph (A)(ii), the Attorney General shall, not later than 30 days after the date of that modification or denial, notify the Committee on the Judiciary of the Senate and the Committee on the Judiciary of the House of Representatives.

(3) Enforcement of subpoena
In the case of contumacy or failure to obey a subpoena issued pursuant to paragraph (1)(D), the United States district court for the judicial district in which the subpoenaed person resides, is served, or may be found may issue an order requiring such person to produce the evidence required by such subpoena.

(4) Agency cooperation
Whenever information or assistance requested under subparagraph (A) or (B) of paragraph (1) is, in the judgment of the Board, unreasonably refused or not provided, the Board shall report the circumstances to the head of the department, agency, or element concerned without delay. The head of the department, agency, or element concerned shall ensure that the Board is given access to the information, assistance, material, or personnel the Board determines to be necessary to carry out its functions.

(h) Membership

(1) Members
The Board shall be composed of a full-time chairman and 4 additional members, who shall be appointed by the President, by and with the advice and consent of the Senate.

(2) Qualifications
Members of the Board shall be selected solely on the basis of their professional qualifications, achievements, public stature, expertise in civil liberties and privacy, and relevant experience, and without regard to political affiliation, but in no event shall more than 3 members of the Board be members of the same political party. The President shall, before appointing an individual who is not a member of the same political party as the President, consult with the leadership of that party, if any, in the Senate and House of Representatives.

(3) Incompatible office
An individual appointed to the Board may not, while serving on the Board, be an elected official, officer, or employee of the Federal Government, other than in the capacity as a member of the Board.

(4) Term
Each member of the Board shall serve a term of 6 years, except that

(A) a member appointed to a term of office after the commencement of such term may serve under such appointment only for the remainder of such term; and

(B) upon the expiration of the term of office of a member, the member shall continue to serve until the members successor has been appointed and qualified, except that no member may serve under this subparagraph

(i) for more than 60 days when Congress is in session unless a nomination to fill the vacancy shall have been submitted to the Senate; or

(ii) after the adjournment sine die of the session of the Senate in which such nomination is submitted.

(5) Quorum and meetings
The Board shall meet upon the call of the chairman or a majority of its members. Three members of the Board shall constitute a quorum.

(i) Compensation and travel expenses

(1) Compensation

(A) Chairman
The chairman of the Board shall be compensated at the rate of pay payable for a position at level III of the Executive Schedule under section 5314 of title 5.

(B) Members
Each member of the Board shall be compensated at a rate of pay payable for a position at level IV of the Executive Schedule under section 5315 of title 5 for each day during which that member is engaged in the actual performance of the duties of the Board.

(2) Travel expenses
Members of the Board shall be allowed travel expenses, including per diem in lieu of subsistence, at rates authorized for persons employed intermittently by the Government under section 5703 (b)1 of title 5, while away from their homes or regular places of business in the performance of services for the Board.

(j) Staff

(1) Appointment and compensation
The chairman of the Board, in accordance with rules agreed upon by the Board, shall appoint and fix the compensation of a full-time executive director and such other personnel as may be necessary to enable the Board to carry out its functions, without regard to the provisions of title 5 governing appointments in the competitive service, and without regard to the provisions of chapter 51 and subchapter III of chapter 53 of such title relating to classification and General Schedule pay rates, except that no rate of pay fixed under this subsection may exceed the equivalent of that payable for a position at level V of the Executive Schedule under section 5316 of title 5.

(2) Detailees
Any Federal employee may be detailed to the Board without reimbursement from the Board, and such detailee shall retain the rights, status, and privileges of the detailees regular employment without interruption.

(3) Consultant services
The Board may procure the temporary or intermittent services of experts and consultants in accordance with section 3109 of title 5, at rates that do not exceed the daily rate paid a person occupying a position at level IV of the Executive Schedule under section 5315 of such title.

(k) Security clearances

(1) In general
The appropriate departments, agencies, and elements of the executive branch shall cooperate with the Board to expeditiously provide the Board members and staff with appropriate security clearances to the extent possible under existing procedures and requirements.

(2) Rules and procedures
After consultation with the Secretary of Defense, the Attorney General, and the Director of National Intelligence, the Board shall adopt rules and procedures of the Board for physical, communications, computer, document, personnel, and other security relating to carrying out the functions of the Board.

(l) Treatment as agency, not as advisory committee
The Board

(1) is an agency (as defined in section 551 (1) of title 5); and

(2) is not an advisory committee (as defined in section 3(2) of the Federal Advisory Committee Act (5 U.S.C. App.)).

(m) Authorization of appropriations
There are authorized to be appropriated to carry out this section amounts as follows:

(1) For fiscal year 2008, $5,000,000.

(2) For fiscal year 2009, $6,650,000.

(3) For fiscal year 2010, $8,300,000.

(4) For fiscal year 2011, $10,000,000.

(5) For fiscal year 2012 and each subsequent fiscal year, such sums as may be necessary.

[1] See References in Text note below.

42 USC 2000ee1 - Privacy and civil liberties officers

(a) Designation and functions
The Attorney General, the Secretary of Defense, the Secretary of State, the Secretary of the Treasury, the Secretary of Health and Human Services, the Secretary of Homeland Security, the Director of National Intelligence, the Director of the Central Intelligence Agency, and the head of any other department, agency, or element of the executive branch designated by the Privacy and Civil Liberties Oversight Board under section 2000ee of this title to be appropriate for coverage under this section shall designate not less than 1 senior officer to serve as the principal advisor to

(1) assist the head of such department, agency, or element and other officials of such department, agency, or element in appropriately considering privacy and civil liberties concerns when such officials are proposing, developing, or implementing laws, regulations, policies, procedures, or guidelines related to efforts to protect the Nation against terrorism;

(2) periodically investigate and review department, agency, or element actions, policies, procedures, guidelines, and related laws and their implementation to ensure that such department, agency, or element is adequately considering privacy and civil liberties in its actions;

(3) ensure that such department, agency, or element has adequate procedures to receive, investigate, respond to, and redress complaints from individuals who allege such department, agency, or element has violated their privacy or civil liberties; and

(4) in providing advice on proposals to retain or enhance a particular governmental power the officer shall consider whether such department, agency, or element has established

(A) that the need for the power is balanced with the need to protect privacy and civil liberties;

(B) that there is adequate supervision of the use by such department, agency, or element of the power to ensure protection of privacy and civil liberties; and

(b) Exception to designation authority

(1) Privacy officers
In any department, agency, or element referred to in subsection (a) or designated by the Privacy and Civil Liberties Oversight Board, which has a statutorily created privacy officer, such officer shall perform the functions specified in subsection (a) with respect to privacy.

(2) Civil liberties officers
In any department, agency, or element referred to in subsection (a) or designated by the Board, which has a statutorily created civil liberties officer, such officer shall perform the functions specified in subsection (a) with respect to civil liberties.

(c) Supervision and coordination
Each privacy officer or civil liberties officer described in subsection (a) or (b) shall

(1) report directly to the head of the department, agency, or element concerned; and

(2) coordinate their activities with the Inspector General of such department, agency, or element to avoid duplication of effort.

(d) Agency cooperation
The head of each department, agency, or element shall ensure that each privacy officer and civil liberties officer

(1) has the information, material, and resources necessary to fulfill the functions of such officer;

(2) is advised of proposed policy changes;

(3) is consulted by decision makers; and

(4) is given access to material and personnel the officer determines to be necessary to carry out the functions of such officer.

(e) Reprisal for making complaint
No action constituting a reprisal, or threat of reprisal, for making a complaint or for disclosing information to a privacy officer or civil liberties officer described in subsection (a) or (b), or to the Privacy and Civil Liberties Oversight Board, that indicates a possible violation of privacy protections or civil liberties in the administration of the programs and operations of the Federal Government relating to efforts to protect the Nation from terrorism shall be taken by any Federal employee in a position to take such action, unless the complaint was made or the information was disclosed with the knowledge that it was false or with willful disregard for its truth or falsity.

(f) Periodic reports

(1) In general
The privacy officers and civil liberties officers of each department, agency, or element referred to or described in subsection (a) or (b) shall periodically, but not less than quarterly, submit a report on the activities of such officers

(A)

(i) to the appropriate committees of Congress, including the Committee on the Judiciary of the Senate, the Committee on the Judiciary of the House of Representatives, the Committee on Homeland Security and Governmental Affairs of the Senate, the Committee on Oversight and Government Reform of the House of Representatives, the Select Committee on Intelligence of the Senate, and the Permanent Select Committee on Intelligence of the House of Representatives;

(ii) to the head of such department, agency, or element; and

(iii) to the Privacy and Civil Liberties Oversight Board; and

(B) which shall be in unclassified form to the greatest extent possible, with a classified annex where necessary.

(2) Contents
Each report submitted under paragraph (1) shall include information on the discharge of each of the functions of the officer concerned, including

(A) information on the number and types of reviews undertaken;

(B) the type of advice provided and the response given to such advice;

(C) the number and nature of the complaints received by the department, agency, or element concerned for alleged violations; and

(D) a summary of the disposition of such complaints, the reviews and inquiries conducted, and the impact of the activities of such officer.

(g) Informing the public
Each privacy officer and civil liberties officer shall

(1) make the reports of such officer, including reports to Congress, available to the public to the greatest extent that is consistent with the protection of classified information and applicable law; and

(2) otherwise inform the public of the activities of such officer, as appropriate and in a manner consistent with the protection of classified information and applicable law.

(h) Savings clause
Nothing in this section shall be construed to limit or otherwise supplant any other authorities or responsibilities provided by law to privacy officers or civil liberties officers.

42 USC 2000ee2 - Privacy and data protection policies and procedures

(a) Privacy Officer
Each agency shall have a Chief Privacy Officer to assume primary responsibility for privacy and data protection policy, including

(1) assuring that the use of technologies sustain, and do not erode, privacy protections relating to the use, collection, and disclosure of information in an identifiable form;

(2) assuring that technologies used to collect, use, store, and disclose information in identifiable form allow for continuous auditing of compliance with stated privacy policies and practices governing the collection, use and distribution of information in the operation of the program;

(3) assuring that personal information contained in Privacy Act systems of records is handled in full compliance with fair information practices as defined in the Privacy Act of 1974 [5 U.S.C. 552a];

(4) evaluating legislative and regulatory proposals involving collection, use, and disclosure of personal information by the Federal Government;

(5) conducting a privacy impact assessment of proposed rules of the Department on the privacy of information in an identifiable form, including the type of personally identifiable information collected and the number of people affected;

(6) preparing a report to Congress on an annual basis on activities of the Department that affect privacy, including complaints of privacy violations, implementation of section 552a of title 5, 11^[1] internal controls, and other relevant matters;

(7) ensuring that the Department protects information in an identifiable form and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction;

(8) training and educating employees on privacy and data protection policies to promote awareness of and compliance with established privacy and data protection policies; and

(9) ensuring compliance with the Departments^[2] established privacy and data protection policies.

(b) Establishing privacy and data protection procedures and policies

(1) 3 In general
Within 12 months of December 8, 2004, each agency shall establish and implement comprehensive privacy and data protection procedures governing the agencys collection, use, sharing, disclosure, transfer, storage and security of information in an identifiable form relating to the agency employees and the public. Such procedures shall be consistent with legal and regulatory guidance, including OMB regulations, the Privacy Act of 1974 [5 U.S.C. 552a], and section 208 of the E-Government Act of 2002.

(c) Recording
Each agency shall prepare a written report of its use of information in an identifiable form, along with its privacy and data protection policies and procedures and record it with the Inspector General of the agency to serve as a benchmark for the agency. Each report shall be signed by the agency privacy officer to verify that the agency intends to comply with the procedures in the report. By signing the report the privacy officer also verifies that the agency is only using information in identifiable form as detailed in the report.

(d) Inspector General review
The Inspector General of each agency shall periodically conduct a review of the agencys implementation of this section and shall report the results of its review to the Committees on Appropriations of the House of Representatives and the Senate, the House Committee on Oversight and Government Reform, and the Senate Committee on Homeland Security and Governmental Affairs. The report required by this review may be incorporated into a related report to Congress otherwise required by law including, but not limited to, section 3545 of title 44, the Federal Information Security Management Act of 2002. The Inspector General may contract with an independent, third party organization to conduct the review.

(e) Report

(1) In general
Upon completion of a review, the Inspector General of an agency shall submit to the head of that agency a detailed report on the review, including recommendations for improvements or enhancements to management of information in identifiable form, and the privacy and data protection procedures of the agency.

(2) Internet availability
Each agency shall make each independent third party review, and each report of the Inspector General relating to that review available to the public.

(f) Definition
In this section, the definition of identifiable form is consistent with Public Law 107347, the E-Government Act of 2002, and means any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means.

[1] So in original.
[2] So in original. Probably should be “Department’s”.
[3] So in original. No par. (2) has been enacted.

42 USC 2000ee3 - Federal agency data mining reporting

(a) Short title
This section may be cited as the Federal Agency Data Mining Reporting Act of 2007.

(b) Definitions
In this section:

(1) Data mining
The term data mining means a program involving pattern-based queries, searches, or other analyses of 1 or more electronic databases, where

(A) a department or agency of the Federal Government, or a non-Federal entity acting on behalf of the Federal Government, is conducting the queries, searches, or other analyses to discover or locate a predictive pattern or anomaly indicative of terrorist or criminal activity on the part of any individual or individuals;

(B) the queries, searches, or other analyses are not subject-based and do not use personal identifiers of a specific individual, or inputs associated with a specific individual or group of individuals, to retrieve information from the database or databases; and

(i) the detection of fraud, waste, or abuse in a Government agency or program; or

(ii) the security of a Government computer system.

(2) Database
The term database does not include telephone directories, news reporting, information publicly available to any member of the public without payment of a fee, or databases of judicial and administrative opinions or other legal research sources.

(1) Requirement for report
The head of each department or agency of the Federal Government that is engaged in any activity to use or develop data mining shall submit a report to Congress on all such activities of the department or agency under the jurisdiction of that official. The report shall be produced in coordination with the privacy officer of that department or agency, if applicable, and shall be made available to the public, except for an annex described in subparagraph (C).^[1]

(2) Content of report
Each report submitted under subparagraph (A)^[2] shall include, for each activity to use or develop data mining, the following information:

(A) A thorough description of the data mining activity, its goals, and, where appropriate, the target dates for the deployment of the data mining activity.

(B) A thorough description of the data mining technology that is being used or will be used, including the basis for determining whether a particular pattern or anomaly is indicative of terrorist or criminal activity.

(D) An assessment of the efficacy or likely efficacy of the data mining activity in providing accurate information consistent with and valuable to the stated goals and plans for the use or development of the data mining activity.

(E) An assessment of the impact or likely impact of the implementation of the data mining activity on the privacy and civil liberties of individuals, including a thorough description of the actions that are being taken or will be taken with regard to the property, privacy, or other rights or privileges of any individual or individuals as a result of the implementation of the data mining activity.

(F) A list and analysis of the laws and regulations that govern the information being or to be collected, reviewed, gathered, analyzed, or used in conjunction with the data mining activity, to the extent applicable in the context of the data mining activity.

(G) A thorough discussion of the policies, procedures, and guidelines that are in place or that are to be developed and applied in the use of such data mining activity in order to

(i) protect the privacy and due process rights of individuals, such as redress procedures; and

(ii) ensure that only accurate and complete information is collected, reviewed, gathered, analyzed, or used, and guard against any harmful consequences of potential inaccuracies.

(3) Annex

(A) In general
A report under subparagraph (A)^[2] shall include in an annex any necessary

(i) classified information;

(ii) law enforcement sensitive information;

(iii) proprietary business information; or

(iv) trade secrets (as that term is defined in section 1839 of title 18).

(B) Availability
Any annex described in clause (i)

(i) shall be available, as appropriate, and consistent with the National Security Act of 1947 (50 U.S.C. 401 et seq.), to the Committee on Homeland Security and Governmental Affairs, the Committee on the Judiciary, the Select Committee on Intelligence, the Committee on Appropriations, and the Committee on Banking, Housing, and Urban Affairs of the Senate and the Committee on Homeland Security, the Committee on the Judiciary, the Permanent Select Committee on Intelligence, the Committee on Appropriations, and the Committee on Financial Services of the House of Representatives; and

(ii) shall not be made available to the public.

(4) Time for report
Each report required under subparagraph (A)^[2] shall be

(A) submitted not later than 180 days after August 3, 2007; and

(B) updated not less frequently than annually thereafter, to include any activity to use or develop data mining engaged in after the date of the prior report submitted under subparagraph (A).^[2]

[1] So in original. Probably should be “paragraph (3)”.
[2] So in original. Probably should be “paragraph (1)”.