This is part of a continuing series of blog posts on the public comments submitted about the DHS 60-day ICR notice for the CFATS Personnel Surety Program (PSP). The other post in the series is:
We finally have some comments from the corporate sector, three from trade associations, one from a large chemical manufacturer and one from a background check provider.
The background check provider calls out ISCD on a couple of paperwork issues, including:
• Maintaining PII files of information submitted to ISCD;
• PRA Notice signature requirements; and
• PII collection and storage for non-employees.
The major chemical manufacturer raises the same issues in their submission.
The background check provider also wants to know some of the details about how the CSAT requirements for third-party submitters. They ask an interesting question, will lists of information (PII) submitted for the PSP have to be protected as Chemical-Terrorism Vulnerability Information (CVI) like the rest of the information submitted thru CSAT?
Lack of Authority to Require PSP Submissions
The chemical manufacturer and a trucking industry group question the authority of DHS to require data submissions to ISCD for local PSP. They cite the §550 stipulation that the Secretary may not require any specific security measure. They miss the loophole that was published in the 60-ICR Notice stating that facilities could propose alternative PSP measures in their Site Security Plan.
An explosives industry group agrees with the above comment and goes on to question the use of an information collection request as the vehicle for imposing essentially regulatory requirements on industry.
Alternative Visitor Process
The manufacturer notes that they had previously proposed an alternative method for submitting PII for visitors and contractors. They had proposed to NPPD that DHS could establish a secure web portal for individuals to submit the PII necessary for a Terrorist Screening Database (TSDB) search if they were going to be desiring to gain access to a covered facility. The manufacturer expresses concern that DHS has not followed up on the suggestion as promised.
TWIC, etc Procedures
The chemical manufacturer continues to complain about having to submit PII information on personnel who have a TSDB-based security identification. The explosives organization makes the same point, but further complains that ISCD is not accepting the ATF background check process that uses the same TSDB vetting.
The trucking group goes even further noting that requiring a HME holder to undergo additional security checks under federal programs is prohibited by 49 USC §5103a(g)(1)(B)(i)(I)-(II).
A training industry group supports the ISCD requirement for submitting PII for vetting personnel with other TSA supported identification, noting that a brief visual examination of the credential cannot determine if it is “expired, revoked or fraudulent”. They additionally point to the problems with the TWIC Reader identified by GAO.
The manufacturer and the explosives group re-iterates their concern about DHS not notifying the facility if an individual is identified as having terrorist ties during the TSDB vetting.
48-Hour Submission Requirement
The chemical manufacturer objects to the 48-hour PII submission requirement for the TSDB vetting. They argue that since DHS will not routinely be informing facilities of positive TSDB matches, what difference does submitting the information 48-hours in advance of providing unescorted access make?
The trucking group notes that the 48-hour notice requirement could unnecessarily limit the availability of commercial deliveries.