Privacy Impact Assessment Philadelphia/Camden High Intensity Drug Trafficking Area (P/C HIDTA) Computerized Search Request System
June 18, 2004


This PIA is conducted pursuant to the E-Government Act of 2002, P.L. 107-347, the accompanying guidelines issued by the Office of Management and Budget (OMB) on September 26, 2003, and the FBI's PIA guidelines.

The FBI's Philadelphia Field Office is developing a computerized system for receiving routine search requests from law enforcement agencies for FBI criminal justice information and for reporting the results back to the inquiring agency. The database will be housed on the Philadelphia/Camden High Intensity Drug Trafficking Area (P/C HIDTA) computer network and will be available to all agencies participating in the P/C HIDTA.

In order to make a search request, an agency will complete and submit a search request form. The request will include information about the requesting officer such as name, telephone number, unit/squad, and employing agency. The officer will then include certain search criteria, such as the name of the subject, organization, address, phone numbers, e-mail, date of birth, social security account number, and other personal identifiers that will facilitate a search of FBI records. The request form also includes a "justification" field in which the officer describes exactly what information is being requested and why. The users and purpose of the database are limited to State, local, and Federal agencies engaged in criminal justice for law enforcement purposes.

FBI employees (Information Research Coordinators or IRCs) will have automated access to the search requests and will be responsible for searching FBI records for responsive records. Responses will be forwarded to the requesting agency in paper format. In addition, certain information duplicative of the information in the paper response may also be posted in the database and accessible by the requesting agency.

Each participating agency will be provided with a password, with which it can access its own information in the database regarding requests and responses. An agency other than the FBI cannot view the information submitted by or provided to another agency.

Philadelphia anticipates that the incoming search requests and responses will be maintained in the database for at least one year so that they may be continually compared against other FBI systems, allowing continual ready reference to the data.


A. What information is being collected? This database consists of two major sections: "Search Request" and "Search Results." The Search Request section is used to make the original search request and is completed by the requesting investigator using the best information available. The Search Results section is used by the FBI IRC who performs the search and reports the findings. The data appearing in this section are not a new collection but merely derivative from information already found in existing FBI files by the IRC.

Occasionally an IRC's findings will produce results that are different from the original search criteria; for example, a name may be spelled differently in FBI files from that requested by an investigator. Although the original request is preserved as it was received, the data reported by the IRC in the search results may be different from the original request. These differences are explained in the response by the IRC.

The process begins as the investigator completes the Search Request form. This form is in two parts: the first part records some required preliminary information, which identifies the investigator and the authorized law enforcement agency. The second part contains the fields which make up the criteria for the search. These fields must be sufficiently detailed to identify the subject of the search, and justify the release of confidential information.

Preliminary Information
Time and date of request.
Requesting agency: The drop-down menu provides a list of authorized requesting agencies.
Unit/Squad: This is the unit or squad to which the investigator is assigned (i.e., Homicide, Narcotics Bureau, etc.)
Requester's name.
Telephone number of the investigator.
Requesters's file number.

HIDTA file number assigned by the HIDTA for requests made through the Watch Center. Requests made from agency terminals will leave this field blank.

Search Criteria (Every search benefits from having as many known values entered as possible.)

Name: For an individual, this is first name, middle name or initial, and last name; additional nicknames and aliases may be entered into the free text section called "Specific Information Requested/Justification" described below.

Gang/Organization name.
Phone numbers.
E-mail address.
License tag number.
SSAN-Social Security Account Number.
Date of birth.
FBI number.
SID-State Identification Number.
PPD/ID: This is the Philadelphia Police individual identification number also known as the photo number.
Other ID number: This is any other number not described above (with a short description).

Specific information requested/justification: This is a free text field used by the requester to describe exactly what information is being sought and why. The FBI may by law disseminate information from its files for legitimate purposes to qualified law enforcement agencies. This field serves to satisfy the "legitimacy" requirement imposed on the FBI by Federal law.

Multiple requests may be entered for the same investigative file without repeating the Preliminary Information above.

IRCs assigned to search incoming requests will query FBI systems based upon the search criteria provided to them. The IRC's will be responsible for searching FBI systems, determining whether references are identical or not identifiable, securing the permission of the substantive FBI desk for dissemination, and preparing a document for dissemination and a disclosure-accounting form.

Search results are reported in the same fields as appear in the request. Additional data resulting from the search, which logically can be placed into structured fields, is done by the analyst. These are the same structured fields that appear in the "Search Request" This enables a particular search to be located, or to be electronically compared with other databases. The IRC uses a free text field to summarize findings and report conclusions. (In some case this field may contain reference to an FBI document that is disseminated by separate communication.)

Copies of relevant file documents will be provided by IRC's to substantive squad supervisors for review with all references highlighted. If necessary, supervisors will redact sensitive information from these copies, which will be retained to substantiate both supervisory review and the information authorized for dissemination. Redacted copies of documents may be disseminated to the requesting agency, or in the case of lengthy documents, may be summarized in the Search Results section of the database. In either case a letter will be prepared by the IRC to the requesting agency. This letter will reference the request and an enclosed redacted document, or a report from the Search Request database summarizing the information.

In the case of references contained in documents classified higher than Law Enforcement Sensitive, information can still be disseminated to the requesting agency under separate cover at the discretion of the FBI in accordance with established procedures for such disseminations.

B. Why is the information being collected? Information sharing works best when it is supported by a system that is both simple to use and provides timely disseminations to those who need them. The "FBI Search Request"database is an important component of this system. It provides a continuous connection between Information Research Coordinators (IRCs) who perform FBI file searches, and investigators who make requests. It relies on data fields frequently used by all law enforcement to uniquely identify the subject of the search. These same fields are also used to track both the request and the information disseminated as required by Federal law.

C. What is the intended use of the information? The names of requesting individuals and their agencies will be retained in order to maintain a trail of who asked for information, what they received, and by what authority. To the extent not otherwise present in FBI case files, the information on subjects queried will augment information available to the FBI on persons already under FBI investigation and provide leads regarding subjects not already under FBI investigation.

D. With whom will the information be shared? This database will be lodged on the Philadelphia/Camden High Intensity Drug Trafficking Area (P/C HIDTA) computer network and be available only to Federal, State, and local law enforcement agencies participating in the P/C HIDTA. Initially, search requests will be facilitated by the P/C HIDTA Watch Center. After an initial assessment, those agencies or police units most frequently using the system will be provided direct access to the database. These expanded connections will not change the way FBI IRCs view or receive the data. Sole control of dissemination will remain with the FBI. Only the requester, through the use of a confidential code, will be able to view his/her own original request and the search results provided.

E. What opportunities will individuals have to decline to provide information or to consent to particular uses of the information? There are no opportunities for subjects to decline or consent to particular uses of information. Requesters have the opportunity to decide whether or not to query the database,

F. How will the information be secured? Sole control of dissemination will remain with the FBI. The requester will be provided a confidential code for use in viewing the original request and the search results.

G. Is this a system of records? Yes, but to the extent that it may be considered to be an FBI system, it is covered under an existing FBI system of records notice.

The data collected in the system includes identifiable personal information about individuals and, therefore, are Privacy Act records. The data will be retrieved by personal identifier, such as name; therefore, the information collected in the system qualifies as a Privacy Act system of records. However, the database will reside on the P/C HIDTA computer network. This raises issues of ownership of the system/data. Philadelphia should coordinate with the P/C HIDTA to resolve ownership of the system/data with regard to Privacy Act system of records responsibilities.

To the extent this database is to be treated as an FBI Privacy Act system of records, the FBI's established Central Records System (CRS, Justice/FBI-002) already provides the requisite public notice for such case-support databases. Philadelphia can readily bring the proposed system under CRS coverage by either serializing/indexing all requests and responses, or by providing written notice to the Field Privacy Control Officer so that any incoming Freedom of Information Act (FOIA) or Privacy Act requests can be appropriately addressed.

The Privacy Act requires that agencies keep an accounting of each external disclosure from a system of records for five years or the life of the record whichever is longer. Program management responsible for the system must thus ensure that a viable means exists to provide the requisite accounting for any covered disseminations made from the database. The Privacy Act accords the FBI considerable flexibility on how to structure such accountings. The necessary information need not all be collated within any particular file, so long as the FBI can construct a document with the requisite accounting information if called upon to do so. Use and retention of FBI/DOJ Form FD‑159 (Record of Information Furnished Other Agencies) would provide such an accounting.


Generally speaking, the database is automating a function that is currently done manually, either by phone call or letter. While the retention of search requests for automated querying against other FBI systems may be a new function, it is something that is already being done in the manual environment, albeit not as efficiently. The added efficiency is not such as to raise any significant privacy issues. In addition, the system does not appear to involve any new collection techniques or processes that may be controversial or invasive of personal privacy. The dissemination of the information is limited to legitimate law enforcement purposes in compliance with allowable disclosures for information contained in FBI systems of records.

Based on the foregoing, the FBI Senior Privacy Official has determined that the proposed database presents no noteworthy privacy concerns and approves the system. The database involves limited use and access; as such, OMB guidance does not require the more extensive PIA analysis that must accompany the development of major information systems. A new Privacy Act system notice is not required. Completion of a full PIA and referral to the FBI Privacy Council also are not required.

5 U.S.C. § 552a(a)(4) defines a "record" as any item, collection, or grouping of information about an individual that is maintained by an agency, including, but not limited to, his education, financial transactions, medical history, and criminal or employment history and that contains his name, or the identifying number, symbol, or other identifying particular assigned to the individual, such as a finger or voice print or a photograph.

A "system of records" means a group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual. 5 U.S.C. § 552a(a)(5).

5 U.S.C. § 552a(c). The accounting must include the date, nature, and purpose of each disclosure of a record to any person or to another agency, and the name and address of the person or agency to whom the disclosure is made.

See 5 U.S.C. § 552a(c); OMB Circular A-1-8, 40 Fed. Reg. 28948, 28956 (7/9/75).

This position is currently held by Deputy General Counsel Patrick W. Kelley.

OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002, M-03-22, 9/26/2003.