Published Privacy Impact Assessments on the Web
Notice Of Publication Of Privacy Impact Assessments (Pia).
The Privacy Office of the Department of Homeland Security (DHS or Department) is making available fifteen new or updated PIAs on various programs and systems in DHS. These assessments were approved and published on the Privacy Office's Web site between March 1, 2012 and May 31, 2012.
Table of Contents Back to Top
DATES: Back to Top
The PIAs will be available on the DHS Web site until October 1, 2012, after which they may be obtained by contacting the DHS Privacy Office (contact information below).
FOR FURTHER INFORMATION CONTACT: Back to Top
Mary Ellen Callahan, Chief Privacy Officer, Department of Homeland Security, Washington, DC 20528, or email: firstname.lastname@example.org.
SUPPLEMENTARY INFORMATION: Back to Top
Between March 1, 2012 and May 31, 2012, the Department's Chief Privacy Officer approved and published fifteen Privacy Impact Assessments (PIAs) on the DHS Privacy Office Web site, www.dhs.gov/privacy, under the link for “Privacy Impact Assessments.” These PIAs cover fifteen separate DHS programs and systems. Below is a short summary of those programs and systems, indicating the responsible DHS component and the date on which the PIA was approved. Additional information can be found on the Web site or by contacting the Privacy Office.
System: DHS/USSS/PIA-009 Field Investigative Reporting System (FIRS).
Component: United States Secret Service (USSS).
Date of approval: March 7, 2012.
The USSS has created the Field Investigative Reporting System (FIRS). The USSS's Criminal Investigative Division is the business owner of FIRS. FIRS consists of seven applications for the reporting of law enforcement activities that fall within the USSS's jurisdiction, such as investigating counterfeiting and electronic crimes. The USSS completed this PIA because FIRS is a new system that contains PII about the subjects of criminal investigations.
System: DHS/NPPD/PIA-010(a) Federal Protective Service (FPS) Dispatch Incident Records Management System Update.
Component: National Protection and Programs Directorate (NPPD).
Date of approval: March 13, 2012.
The PIA updates the NPPD's FPS Dispatch and Incident Record Management Systems to add the Field Interview Report (FIR) system to its suite of records management systems and to include administrative changes to the existing PIA. FPS uses the FIR system to collect and analyze information from field interviews, contacts, and stops at protected federal facilities around the country that have been identified as a significant vulnerability. NPPD updated this PIA because this new FIR system provides a new mechanism to collect additional/new PII about members of the public.
System: DHS/MGMT/PIA-006 Email Secure Gateway (EMSG).
Component: Directorate for Management.
Date of approval: March 22, 2012.
The Department manages and operates the EMSG, which is used by all DHS email users. This service was previously managed under the DHS Directory Services Electronic Mail System. EMSG handles email traffic in, out, and between DHS, its components, and the Internet, and provides a directory of users' official contact information. This PIA was conducted to assess the risk associated with the PII that is received and processed within the EMSG system. This PIA does not cover the PII that may be contained within the body of an email or attachment.
System: DHS/FEMA/PIA-021 Advanced Call Center Network (ACCN) Platform.
Component: Federal Emergency Management Agency (FEMA).
Date of approval: March 4, 2012.
FEMA, Office of Response and Recovery, Recovery Directorate, Individual Assistance Division, operates the ACCN Platform. ACCN provides intelligent call routing for FEMA's National Processing and Service Centers in support of disaster survivors who are applicants for FEMA individual assistance (“individual assistance disaster applicants”). The purpose of this system is to provide applicants requesting assistance under the Robert T. Stafford Disaster Relief and Emergency Assistance Act, the highest quality of technology and support services. FEMA conducted this PIA because ACCN uses individual assistance disaster applicants' PII to provide status updates regarding their individual assistance disaster application.
System: DHS/FEMA/PIA-022 Student Training/Exercise Application and Registration Records (STARRS).
Date of approval: March 29, 2011.
FEMA collects, uses, maintains, retrieves, and disseminates STARRS of training sponsors, hosts, and attendees and conducts numerous training and exercise programs/systems, including conferences and seminars hosted by FEMA, in support of its mission. These programs collect PII to register individuals for the respective training and exercise programs/systems; coordinate field exercises; and support the general administration of all registration, training, and exercise delivery and course evaluation for FEMA employees, contractors, members of the first responder community, and others. Where possible, FEMA's training and exercise programs/systems collect non-sensitive PII such as contact information, business card information, biographies, and phone lists; however some programs and systems collect Sensitive PII (SPII) such as Social Security Numbers, performance information, financial information, name plus date of birth, and medical information because of the nature of the training or exercise program. This PIA documents how FEMA collects, uses, maintains, retrieves, and disseminates both PII and SPII in support of its training and exercise missions.
System: DHS/USSS/PIA-010 Enterprise Investigative System (EIS).
Date of approval: March 30, 2012.
The USSS uses EIS to collect information about ongoing and resolved investigative cases and about individuals seeking access to USSS -protected events. EIS is a compilation of six applications that reside on the USSS mainframe computer system. These applications are used collectively to protect the integrity of the nation's financial systems and are managed by several entities within the Office of Investigations. This PIA was conducted because EIS collects PII.
System: DHS/ICE/PIA-006(b) Data Analysis and Research for Trade Transparency System (DARTTS) Update.
Component: Immigration and Customs Enforcement (ICE).
Date of approval: April 2, 2012.
The original PIA for DARTTS was published in October 2008, and re- published with changes in April 2010. With this update to the PIA, ICE is adding two new data sets to DARTTS and modifying its retention period. ICE is also expanding the use of DARTTS within DHS to permit select U.S. Customs and Border Protection customs officers and import specialists to access and use the system. Finally, ICE is establishing a separate instance of DARTTS for use by foreign government partners that operate trade transparency units and have customs information sharing agreements with the United States.
System: DHS/ICE/PIA-015(d) Enforcement Integrated Database (EID) ENFORCE Alien Removal Module Update.
Date of approval: April 6, 2012.
The EID is a DHS shared database repository for several DHS law enforcement and homeland security applications. EID, which is owned and operated by ICE, captures and maintains information related to the investigation, arrest, booking, detention, and removal of persons encountered during immigration and criminal law enforcement investigations and operations conducted by the ICE, U.S. Customs and Border Protection, and U.S. Citizenship and Immigration Services (USCIS) components within DHS. The PIA for EID was last updated in November 2011. ICE added additional functionality to ENFORCE, necessitating this current PIA update. This functionality includes: (1) Technology which helps ICE prioritize aliens for immigration enforcement action based on criminal history; and (2) a methodology which helps ICE conduct risk classification assessments of aliens arrested under the immigration laws during the intake process and while in ICE custody.
System: DHS/TSA/PIA-018(e) Secure Flight Program Update.
Component: Transportation Security Administration (TSA).
Date of approval: April 13, 2012.
The TSA Secure Flight program screens aviation passengers and certain non-travelers before they access airport sterile areas or board aircraft. This screening compares these individuals to the No Fly and Selectee portions of the consolidated and integrated terrorist watch list, against other watch lists maintained by the federal government when warranted by security considerations, and against a list of passengers with redress numbers, i.e., passengers who have been assigned a unique number by the DHS Traveler Redress Inquiry Program. In August 2011, TSA updated the Secure Flight PIA to reflect a number of changes, including:
1. The initiation of a Known Traveler proof of concept starting with individuals enrolled within CBP Trusted Traveler programs, and expected to expand to include other populations such as transportation sector workers receiving TSA security threat assessments and members of the military; and
2. The receipt by Secure Flight of aircraft operator frequent flyer status codes for use in conjunction with risk-based security rules using Secure Flight Passenger Data.
This PIA update reflects the transition from proof of concept to operational program of the Known Traveler and frequent flyer concepts within a program known as TSA Pre✓TM. In addition to the populations noted above, TSA intends to initiate new pilot programs designed to test the expansion of the Known Traveler program to other populations, such as eligible members of the U.S. Armed Forces and certain active security clearance holders. In addition, TSA will create, maintain, and screen against a watch list of individuals who, based upon their involvement in violations of security regulations of sufficient severity or frequency, are disqualified from receiving expedited screening for some period of time or permanently.
This PIA Update further provides updated information on TSA's use of CBP's Automated Targeting System. Unless otherwise noted, the information provided in previously published PIAs remain in effect. Individuals are encouraged to read all program PIAs to have an understanding of TSA's privacy assessment of the Secure Flight program.
System: DHS/OPS/PIA-002 Homeland Security Information Network-SBU Update.
Component: Office of Operations Coordination and Planning (OPS).
Date of Approval: April 16, 2012.
The OPS Homeland Security Information Network-SBU system has undergone a PIA 3-Year Review. The PIA requires no changes, other than to update the name from HSIN-COI to HSIN-SBU, and continues to accurately relate to its stated mission. The HSIN-SBU is designed to facilitate the secure integration and interoperability of information sharing resources amongst federal, state, local, tribal, private sector commercial, and other non-governmental stakeholders involved in identifying and preventing terrorism as well as in undertaking incident management activities. As part of the information sharing efforts HSIN-SBU supports, HSIN-SBU has established different communities of interest within the HSIN-SBU network. The above mentioned PIA has had no changes to privacy risks and mitigations identified in the published PIA. The information technology certification and accreditation approval has been extended to June 2015.
System: DHS/USCG/PIA-018 Coast Guard Business Intelligence (CGBI).
Component: United States Coast Guard (USCG).
Date of Approval: April 17, 2012.
The USCG owns and operates the CGBI System. CGBI is a Business Intelligence (BI) and mission support tool which provides USCG users with a web-based reporting and analysis capability. CGBI utilizes standardized enterprise data and metrics, consisting of the Enterprise Data Warehouse, and a front-end BI application providing standardized reports and data cubes. This system was created to provide an integrated reporting and analysis environment for organizational Knowledge and Performance Management by providing “one version of the truth.” This PIA is required as the system contains PII obtained from authoritative, transactional source systems; this data may be transferred or viewed by other personnel or systems upon data sponsor approval, with limited PII data available within the CGBI interface to authorized users.
System: DHS/USCIS/PIA-041 Electronic Immigration System (ELIS-1) Temporary Accounts and Draft Benefit Requests.
Date of Approval: May 16, 2012.
USCIS is the component of DHS that oversees lawful immigration to the United States. USCIS is transforming its operations by creating a new electronic environment known as the USCIS ELIS, which allows individuals requesting a USCIS benefit to register online and submit certain benefit requests through the online system. This system will improve customer service; increase efficiency for processing benefits; better identify potential national security concerns, criminality, and fraud; and create improved access controls and better auditing capabilities. This PIA was conducted because USCIS ELIS collects and uses PII. This new electronic environment is divided into three distinct processes: (1) Temporary Account and Draft Benefit Requests; (2) Account and Case Management; and (3) Automated Background Functions. This PIA addresses the Temporary Account and Draft Benefit Requests process by describing how Applicants or their Representatives can create a temporary account, draft a benefit request, and submit or abandon that request.
System: DHS/USCIS/PIA-042 Electronic Immigration System (ELIS-2) Account and Case Management.
Date of Approval: May 16, 2012.
USCIS is the component of DHS that oversees lawful immigration to the United States. USCIS is transforming its operations by creating a new electronic environment known as the USCIS ELIS, which allows individuals requesting a USCIS benefit to register online and submit certain benefit requests through the online system. This system will improve customer service; increase efficiency for processing benefits; better identify potential national security concerns, criminality, and fraud; and create improved access controls and better auditing capabilities. This PIA was conducted because USCIS ELIS collects and uses PII. This new electronic environment is divided into three distinct processes: (1) Temporary Account and Draft Benefit Requests; (2) Account and Case Management; and (3) Automated Background Functions. This PIA addresses the Account and Case Management process by describing how USCIS ELIS uses information provided on initial and subsequent benefit requests and subsequent collections to create or update USCIS ELIS accounts; gather any missing information; manage workflow; assist USCIS in making a benefit determination; and provide a repository of data to assist with future benefit requests.
System: DHS/USCIS/PIA-043 Electronic Immigration System (ELIS-3) Automated Background Functions.
Date of Approval: May 16, 2012.
USCIS is the component of DHS that oversees lawful immigration to the United States. USCIS is transforming its operations by creating a new electronic environment known as the USCIS ELIS, which allows individuals requesting a USCIS benefit to register online and submit certain benefit requests through the online system. This system will improve customer service; increase efficiency for processing benefits; better identify potential national security concerns, criminality, and fraud; and create improved access controls and better auditing capabilities. This PIA was conducted because USCIS ELIS collects and uses PII. This new electronic environment is divided into three distinct processes: (1) Temporary Account and Draft Benefit Requests; (2) Account and Case Management; and (3) Automated Background Functions. This PIA addresses the Automated Background Functions process, which includes the actions USCIS ELIS takes to ensure that serious or complex cases receive additional scrutiny by detecting duplicate and related accounts and identifying potential national security concerns, criminality, and fraud.
System: DHS/FEMA/PIA-023 Enterprise Coordination and Approval Processing System (eCAPS).
Date of Approval: May 21, 2012.
FEMA, Office of Response and Recovery (OR&R) operates the eCAPS application. Following a Presidentially-declared disaster, OR&R utilizes eCAPS, a FEMA intranet-based application, to collect, use, maintain, and disseminate PII from federal and state points of contact (POCs) who request disaster support from FEMA. eCAPS tracks action requests, electronic coordination and approval of internal requisitions for services and supplies, and mission assignments. This PIA was conducted because eCAPS collects, uses, maintains, and disseminates PII from federal and state POCs.
Dated: July 16, 2012.
Mary Ellen Callahan,
Chief Privacy Officer, Department of Homeland Security.
[FR Doc. 2012-18813 Filed 8-1-12; 8:45 am]
BILLING CODE 9110-9L-P