TREASURY DIRECTIVE 25-10

DATE: June 21, 2013

ADMINISTRATIVE EDIT: August 16, 2023

SUBJECT: Information Sharing Environment Privacy and Civil Liberties Policy

PURPOSE. This Directive establishes a privacy and civil liberties policy to guide the Department of the Treasury (“Treasury” or the “Department”) in its participation in the Information Sharing Environment (ISE). The Intelligence Reform and Terrorism Prevention Act of 2004 (IRTPA) (P.L. 108- 458), as amended by the Implementing Recommendations of the 9/11 Commission Act of 2007 ("the 9/11 Commission Act") (P.L. 110-53), and implemented by Executive Order 13388, provides for the creation of the ISE, a framework to facilitate the maximum sharing of terrorism information, as defined in 6 USC 485(a)(5). Section 485(d)(2) and Executive Order 13388 also established the need to protect privacy, civil liberties, and other legal rights of certain individuals with respect to information shared in the ISE. As an ISE participant, Treasury is required to comply with the Guidelines to Ensure that the Information Privacy and Other Legal Rights of Americans are Protected in the Development and Use of the Information Sharing Environment (the ISE Privacy Guidelines). The ISE Privacy Guidelines require that each participating agency "develop and implement a written ISE privacy [and civil liberties] protection policy that sets forth the mechanisms, policies, and procedures its personnel will follow in implementing [the ISE Privacy] Guidelines." This Directive also authorizes the issuance of Treasury Directive Publication 25-10, “Information Sharing Environment (ISE) and Civil Liberties Policy: Implementation Plan” (TD P 25-10).
SCOPE. This Directive applies to all covered Treasury entities and covered Treasury personnel with respect to protected information shared with other agencies in the ISE. The provisions of this Directive shall not be construed to interfere with or impede the authorities or independence of the Department's Inspectors General.
POLICY. All covered Treasury entities and covered Treasury personnel shall share terrorism information with other agencies in the ISE to the maximum extent allowed under applicable law, while complying with the ISE Privacy Guidelines and all other applicable policies, procedures, and standards. The Department is committed to sharing terrorism, information while protecting information privacy and other related legal rights. This Directive also incorporates by reference TD P 25-10, which contains the procedures, standards, and other information necessary to implement this Directive.
DEFINITIONS.
1. Collection, for Covered Treasury entities outside the Intelligence Community, refers to the acquisition of or access to protected information by a Covered Treasury entity or Covered Treasury personnel in the course of their duties. For the Intelligence Community, collection is defined according to the authorities of the element involved.
2. Covered Treasury Entities are bureaus, offices, and other components in the Department of the Treasury, including the Offices of the Inspectors General, whose mission (e.g., law enforcement, intelligence, or foreign affairs) regularly requires them to maintain or have access to information (internally or externally) that meets the definition of protected information and shares that information in the ISE.
3. Covered Treasury Personnel are Treasury employees, detailees, interns, assignees, and contractors whose job functions (e.g., law enforcement, intelligence, or foreign affairs) authorize or regularly require them to have access to Treasury information (or external information) that meets the definition of protected information and share that information in the ISE.
4. Protected Information is certain information about U.S. citizens and lawful permanent residents that constitutes terrorism information, homeland security information, law enforcement information, or weapons of mass destruction information (all as defined below), which is subject to information privacy or other legal protections under the U.S. Constitution and federal laws of the United States, and is shared in the ISE. Protected information may also include other information that the U.S. government expressly determines (by Executive Order, international agreement, or other similar instrument) should be covered by these guidelines.
  For elements of the Intelligence Community, "information about U.S. citizens and lawful permanent residents" means information about United States persons as defined in Executive Order 12333, as amended, and its implementing guidance, which provides that a U.S. person is "a United States citizen, an alien known by the intelligence agency concerned to be a permanent resident alien, an unincorporated association substantially composed of United States citizens or permanent resident aliens, or a corporation incorporated in the United States, except for a corporation directed and controlled by a foreign government or governments."
  Information about U.S. citizens and lawful permanent residents (and U.S. persons as defined for elements of the Intelligence Community) is "protected information" as used in these guidelines only if it is made available within the ISE and is Homeland Security information, law enforcement information, or terrorism information, including weapons of mass destruction information, which are defined by the ISE Privacy Guidelines as follows:
  1. 1) Homeland Security Information, for purposes of the ISE, as derived from the Homeland Security Act of 2002, Public Law 107-296, Section 892(t)(1) (codified at 6 USC 482(t)(1)), is defined as any information possessed by a state, local, tribal, or federal agency that:
    1. a) Relates to a threat of terrorist activity;
    2. b) Relates to the ability to prevent, interdict, or disrupt terrorist activity;
    3. c) Relates to the identification or investigation of a suspected terrorist or terrorist organization; or
    4. d) Relates to the response to a terrorist act.
  2. 2) Law Enforcement Information, for purposes of the ISE, is defined as any information obtained by or of interest to a law enforcement agency or official that is:
    1. a) Related to terrorism or the security of our homeland, and
    2. b) Relevant to a law enforcement mission, including but not limited to:
      1. (1) Information pertaining to an actual or potential criminal, civil, or administrative investigation or a foreign intelligence, counterintelligence, or counterterrorism investigation;
      2. (2) Assessment of or response to criminal threats and vulnerabilities;
      3. (3) The existence, organization, capabilities, plans, intention, vulnerabilities, means, method, or activities of individuals or groups involved or suspected of involvement in criminal or unlawful conduct or assisting or associated with criminal or unlawful conduct;
      4. (4) The existence, identification, detection, prevention, interdiction, or disruption of, or response to, criminal acts and violations of the law;
      5. (5) Identification, apprehension, prosecution, release, detention, adjudication, supervision, or rehabilitation of accused persons or criminal offenders; and;
      6. (6) victim/witness assistance.
  3. 3) Terrorism Information, for purposes of the ISE, is defined in IRTPA Section 1016 (codified at 6 USC 485) as all information, whether collected, produced, or distributed by intelligence, law enforcement, military, homeland security, or other activities relating to:
    1. a) The existence, organization, capabilities, plans, intentions, vulnerabilities, means of financial or material support, or activities of foreign or international terrorist groups or individuals, or of domestic groups or individuals involved in transnational terrorism;
    2. b) Threats posed by such groups or individuals to the United States, United States persons, or United States interests, or to those of other nations;
    3. c) Communications of or by such groups or individuals; or
    4. d) Groups of individuals reasonably believed to be assisting or associated with such groups or individuals.
    5. e) The definition of terrorism information includes weapons of mass destruction information.
  4. 4) Weapons of Mass Destruction Information, for purposes of the ISE, is defined in IRTPA Section 1016 (codified at 6 USC 485) as information that could reasonably be expected to assist in the development, proliferation, or use of a weapon of mass destruction (including a chemical, biological, radiological, or nuclear weapon) that could be used by a terrorist or terrorist organization against the United States, including information about the location of a stockpile of nuclear materials that could be exploited for use in such a weapon that could be used by a terrorist or terrorist organization against the United States.
RESPONSIBILITIES.
1. Covered Treasury personnel are responsible for ensuring compliance with this Directive and any subsequent Treasury policies, procedures, and standards established and developed by the bureaus and offices in consultation with the ISE Privacy Official for the purpose of complying with the ISE Privacy guidelines, including the implementation plan contained in TD P 25-10. These responsibilities include, to the extent applicable:
  1. 1) complying fully with the Privacy Act of 1974 and other generally applicable laws referenced in this policy;
  2. 2) completing training required by Treasury's ISE Privacy Official, working in consultation with the applicable bureau or office; and
  3. 3) providing adequate security protection and confidentiality for protected information (as defined TD P 25-10) in hard copy and electronic formats.
2. The Assistant Secretary for Management (ASM) serves as the Chief Privacy and Civil Liberties Officer for the Department, as well as the Senior Agency Official for Privacy (SAOP). In this role, the ASM shall oversee all privacy and civil liberties activities related to protected information shared in the ISE and shall approve (after consultation with covered Treasury entities) Department-wide policy for the protection of privacy and civil liberties with respect to all protected information (as that term is defined in TD P 25- 10). The ASM shall:
  1. 1) serve as Treasury's ISE Privacy Official
  2. 2) ensure the development (after consultation with covered Treasury entities) of uniform policies, procedures, and standards to be used by covered Treasury entities to carry out their respective responsibilities to maximize the sharing of terrorism information in the ISE while protecting privacy and civil liberties with respect to all protected information (as defined in TD P 25-10);
  3. 3) identify and assess the laws, Executive Orders, policies, and procedures that apply to protected information;
  4. 4) confirm the existence of processes to ensure compliance with ISE privacy requirements;
  5. 5) ensure the covered Treasury personnel receive training on the requirements of this Directive and any additional guidance provided to ensure its proper implementation; and
  6. 6) receive and address reports regarding alleged errors in protected information in the ISE that originates from the Department of the Treasury.
3. The Deputy Assistant Secretary for Privacy, Transparency, and Records (DASPTR), who serves as the principal advisor to the ASM when the ASM is acting as the Chief Privacy and Civil Liberties Officer for the Department, shall:
  1. 1) consult with appropriate covered Treasury entities to develop policies, procedures, and standards necessary to comply with the ISE Privacy guidelines (see, e.g., TD P 25-10);
  2. 2) assist covered Treasury entities to ensure they comply with the guidelines, policies, procedures, and standards;
  3. 3) coordinate and disseminate additional policies, procedures, and standards to covered Treasury entities as deemed appropriate and necessary after consultation with the affected covered Treasury entities;
  4. 4) administer the policy and provide guidance and direction on privacy and civil liberty protection matters applicable to the sharing of information in the ISE; and
  5. 5) in coordination with covered Treasury entities, develop training for covered Treasury personnel on the requirements of this Directive and any additional guidance provided to ensure its proper implementation.
4. The Heads of covered Treasury entities shall:
  1. 1) establish, implement, and ensure compliance with policies, procedures, and standards necessary to comply with the ISE Privacy guidelines;
  2. 2) identify paper record collections and electronic information systems that contain protected information and ensure that the names of these collections and systems are provided to the DASPTR;
  3. 3) identify covered Treasury personnel to ensure they receive training on this policy;
  4. 4) provide guidance and direction to covered Treasury personnel on privacy and civil liberties matters applicable to the sharing of information in the ISE; and
  5. 5) ensure development and completion of training by covered Treasury personnel on the requirements of this Directive and any additional guidance provided to ensure its proper implementation.
GOVERNANCE. The ASM/ISE Privacy Official will set policy with respect to ISE privacy and civil liberties policy development and implementation after consultation with covered Treasury entities.
AUTHORITIES.
1. Intelligence Reform and Terrorism Prevention Act of 2004 (P.L. 108-458), as amended.
2. Implementing Recommendations of the 9/11 Commission Act of2007 (P.L. 110-53).
3. Executive Order 13388, Further Strengthening the Sharing of Terrorism Information to Protect Americans.
OFFICES OF PRIMARY INTEREST. Office of Privacy and Civil Liberties, Office of the Deputy Assistant Secretary for Privacy, Transparency, and Records, Office of the Assistant Secretary for Management, and the Office of the Undersecretary for Terrorism and Financial Intelligence.

/S/
Nani A. Coloretti
Assistant Secretary for Management

Federal Financial Data

TREASURY DIRECTIVE 25-10