The World Privacy Forum filed a pair of comments about a US Department of Justice proposal regarding treatment of insider threat records at the FBI. Our first comments respond to a Systems of Records notice, our second comments respond to a Notice of Proposed Rulemaking on the same issue. In our first set of comments
This request is for a copy of every annual report made by the Department of Justice under this provision of Executive Order 13181. We prefer to have the copies in a widely available electronic format, such as a PDF file or a Word document. Having an electronic format will facilitate the posting of the reports on the World Privacy Forum’s website at www.worldprivacyforum.org. We note this is our second request for this report. Our first request was made November 29, 2007. The DOJ responded to our 2007 FOIA by saying the annual report could not be located.
This report evaluates the US Department of Commerce’s international privacy programs, their efficacy, and their value to business and to consumers. The role of the Commerce Department has become more important in light of the Obama Administration’s establishment of a Subcommittee on Privacy and Internet Policy in October 2010. The Subcommittee is chaired jointly by the Department of Commerce and the Department of Justice, and it is intended to promote “individual privacy,” among other things. 
This report reviews, analyzes, and summarizes major international privacy activities of the Department of Commerce, with a focus on the Safe Harbor Framework established in 2000 with the European Union in response to the requirements of the EU Data Protection Directive. The report also considers briefly the Department’s work on the Asia Pacific Economic Cooperation (APEC) Privacy Framework.
The World Privacy Forum filed comments regarding DHS’s proposed Border Crossing Information system of records, finding that many of the Routine Uses proposed for the system were impermissible and illegal under the Privacy Act of 1974. The comments focus on the Routine Uses, rather than the system itself.
Privacy Act of 1974 — The Department of Justice published a notice proposing to update the Routine Uses of its systems and databases under the Privacy Act of 1974. The proposal was not precise enough, and was written in such a way as to allow sensitive Privacy Act systems such as the Criminal Division Witness Security File (CRM-002), the Witness Immunity Records (CRM-022), and the National Instant Criminal Background Check System (NICS, FBI-018) to be disclosed to almost anyone in certain circumstances, including to individuals working outside of law enforcement. The World Privacy Forum is requesting that the DOJ significantly tighten its language in the proposal, and to specify what individuals or entities may have access to these sensitive records, under what specific conditions. The World Privacy Forum is also requesting the DOJ republish all of its up-to-date system of records notices in their entirety immediately and at least every two years thereafter.