42 USC § 2000ee–3. Federal agency data mining reporting
(a) Short title
This section may be cited as the “Federal Agency Data Mining Reporting Act of 2007”.
In this section:
(1) Data mining
The term “data mining” means a program involving pattern-based queries, searches, or other analyses of 1 or more electronic databases, where—
(A) a department or agency of the Federal Government, or a non-Federal entity acting on behalf of the Federal Government, is conducting the queries, searches, or other analyses to discover or locate a predictive pattern or anomaly indicative of terrorist or criminal activity on the part of any individual or individuals;
(B) the queries, searches, or other analyses are not subject-based and do not use personal identifiers of a specific individual, or inputs associated with a specific individual or group of individuals, to retrieve information from the database or databases; and
(C) the purpose of the queries, searches, or other analyses is not solely—
(i) the detection of fraud, waste, or abuse in a Government agency or program; or
(ii) the security of a Government computer system.
The term “database” does not include telephone directories, news reporting, information publicly available to any member of the public without payment of a fee, or databases of judicial and administrative opinions or other legal research sources.
(c) Reports on data mining activities by Federal agencies
(1) Requirement for report
The head of each department or agency of the Federal Government that is engaged in any activity to use or develop data mining shall submit a report to Congress on all such activities of the department or agency under the jurisdiction of that official. The report shall be produced in coordination with the privacy officer of that department or agency, if applicable, and shall be made available to the public, except for an annex described in subparagraph (C).
(2) Content of report
Each report submitted under subparagraph (A) shall include, for each activity to use or develop data mining, the following information:
(A) A thorough description of the data mining activity, its goals, and, where appropriate, the target dates for the deployment of the data mining activity.
(B) A thorough description of the data mining technology that is being used or will be used, including the basis for determining whether a particular pattern or anomaly is indicative of terrorist or criminal activity.
(C) A thorough description of the data sources that are being or will be used.
(D) An assessment of the efficacy or likely efficacy of the data mining activity in providing accurate information consistent with and valuable to the stated goals and plans for the use or development of the data mining activity.
(E) An assessment of the impact or likely impact of the implementation of the data mining activity on the privacy and civil liberties of individuals, including a thorough description of the actions that are being taken or will be taken with regard to the property, privacy, or other rights or privileges of any individual or individuals as a result of the implementation of the data mining activity.
(F) A list and analysis of the laws and regulations that govern the information being or to be collected, reviewed, gathered, analyzed, or used in conjunction with the data mining activity, to the extent applicable in the context of the data mining activity.
(G) A thorough discussion of the policies, procedures, and guidelines that are in place or that are to be developed and applied in the use of such data mining activity in order to—
(i) protect the privacy and due process rights of individuals, such as redress procedures; and
(ii) ensure that only accurate and complete information is collected, reviewed, gathered, analyzed, or used, and guard against any harmful consequences of potential inaccuracies.
(A) In general
A report under subparagraph (A) shall include in an annex any necessary—
(i) classified information;
(ii) law enforcement sensitive information;
(iii) proprietary business information; or
(iv) trade secrets (as that term is defined in section 1839 of title 18).
Any annex described in clause (i)—
(i) shall be available, as appropriate, and consistent with the National Security Act of 1947 (50 U.S.C. 401 et seq.), to the Committee on Homeland Security and Governmental Affairs, the Committee on the Judiciary, the Select Committee on Intelligence, the Committee on Appropriations, and the Committee on Banking, Housing, and Urban Affairs of the Senate and the Committee on Homeland Security, the Committee on the Judiciary, the Permanent Select Committee on Intelligence, the Committee on Appropriations, and the Committee on Financial Services of the House of Representatives; and
(ii) shall not be made available to the public.
(4) Time for report
Each report required under subparagraph (A) shall be—
(A) submitted not later than 180 days after August 3, 2007; and
(B) updated not less frequently than annually thereafter, to include any activity to use or develop data mining engaged in after the date of the prior report submitted under subparagraph (A).
(Pub. L. 110–53, title VIII, §804, Aug. 3, 2007, 121 Stat. 362.)
References in Text
The National Security Act of 1947, referred to in subsec. (c)(3)(B)(i), is act July 26, 1947, ch. 343, 61 Stat. 495. For complete classification of this Act to the Code, see Short Title note set out under section 401 of Title 50, War and National Defense, and Tables.