Last week, the U.S. Department of Justice (DOJ) issued a notice of proposed rulemaking in the Federal Register moving to exempt the FBI’s biometrics database from the notice and consent provisions of the Privacy Act of 1974 (Privacy Act). The Privacy Act governs the collection, maintenance, use and dissemination of personally identifiable information (PII) that is held by federal agencies. The Next Generation Identification (NGI) System (i.e. the FBI’s biometrics database) is supposed to build upon the fingerprint database currently held by the agency by linking multiple forms of biometric data (such as iris scans, palm print and facial recognition data, and personal and biographic data). The proposed rule suggests that the NGI System should not be subject to the restriction from sharing information without the individual’s consent because it would undermine the agency’s ability to carry out its work.
The DOJ said, “Providing access [to individuals whose information is disclosed] could compromise sensitive law enforcement information; disclose information which would constitute an unwarranted invasion of another’s persona privacy; reveal a sensitive investigative technique; could provide information that would allow a subject to avoid detention or apprehension; or constitute a potential danger to the health or safety of law enforcement personnel, confidential sources, and witnesses. The DOJ additionally requests that the “necessary and appropriate” data collection limitation set forth by the Privacy Act be waived because “it is not always possible to know in advance” what types of information may be relevant to law enforcement.
The DOJ also contends that it takes “seriously” the obligation to maintain accurate records and it will share information with individuals or waive the exemptions “in appropriate cases.” To read the proposed rule click here. The DOJ’s Privacy and Civil Liberties Office will be accepting public comment through June 6, 2016.