Privacy Office, DHS.
Notice of Publication of Privacy Impact Assessments (PIA).
The Privacy Office of DHS is making available twenty-six PIAs on various programs and systems in DHS. These assessments were approved and published on the Privacy Office's Web site between June 1, 2011 and August 31, 2011.
The PIAs will be available on the DHS Web site until November 21, 2011, after which they may be obtained by contacting the DHS Privacy Office (contact information below).Start Further Info
FOR FURTHER INFORMATION CONTACT:
Mary Ellen Callahan, Chief Privacy Officer, Department of Homeland Security, Washington, DC 20528, or e-mail: firstname.lastname@example.org.End Further Info End Preamble Start Supplemental Information
Between June 1, 2011 and August 31, 2011, the Chief Privacy Officer of the DHS approved and published twenty-six Privacy Impact Assessments (PIAs) on the DHS Privacy Office Web site, http://www.dhs.gov/privacy, under the link for “Privacy Impact Assessments.” These PIAs cover twenty-six separate DHS programs. Below is a short summary of those programs, indicating the DHS component responsible for the system, and the date on which the PIA was approved. Additional information can be found on the Web site or by contacting the Privacy Office.
System: DHS/USCIS/PIA-029(a) Eligibility Risk and Fraud Assessment Testing Environment (EFRA) Update.
Component: United States Citizenship and Immigration Services (USCIS).
Date of approval: June 1, 2011.
The Office of Transformation Coordination of USCIS is planning to update the EFRA Testing Environment. This update describes the next phase of this tool to develop, test, and refine the tool's risk and fraud business rules and to load biographic data from legacy systems before deploying to a full production environment.
System: DHS/USCIS/PIA-037 Standard Lightweight Operational Programming Environment—Rules-Based Tools Prototype (SLOPE-RBTP).
Date of approval: June 2, 2011.
DHS USCIS Office of Information Technology (IT) developed the SLOPE-RBTP to streamline the adjudication of Form I-90, Application to Replace Permanent Resident Card. SLOPE-RBTP electronically organizes and automates the adjudication of pending Form I-90 applications. USCIS is conducting this PIA because SLOPE-RBTP collects and uses personally identifiable information.
System: DHS/ICE/PIA-028 Automated Threat Prioritization (ATP) Web Service.
Component: Immigration and Customs Enforcement (ICE).
Date of approval: June 6, 2011.
The Office of the Chief Information Officer, in coordination with the Offices of Homeland Security Investigations and Enforcement and Removal Operations within ICE, is developing and implementing the Automated Threat Prioritization (ATP) Web service, which is an IT tool that uses configurable and scalable search and data sharing capabilities to improve and automate existing IT systems. ATP electronically receives processes and transmits criminal history information about individuals who are the subjects of a broad range of enforcement actions or whose criminal history is required to be evaluated by law to determine eligibility for a benefit or credential. For example, this service is intended to enhance and support ICE's investigative and enforcement operations by automating criminal history data processing and aid in its prioritization of enforcement actions. ICE is conducting this PIA because the ATP service will transmit and process PII. This PIA, however, only describes the general functionality of the ATP service and not its implementation.
System: DHS/USCIS/PIA-010(e)—USCIS Person Centric Query Service (PCQS) Supporting Immigration Status Verifiers of the USCIS Enterprise Service Directorate/Verification Division Update.
Date of approval: June 8, 2011.
This is an update to the existing PIA for the USCIS PCQS. This update describes the privacy impact of expanding the status verifier's person-search capability by adding the American Association of Motor Vehicle Administrators Network Service system to the existing PCQS query inventory.
System: DHS/ALL/PIA-033 Google Analytics.
Date of approval: June 9, 2011.
DHS is planning to utilize Google Analytics (http://www.google.com/analytics) for viewing and analyzing traffic to DHS's public-facing Web site(s), including components. Google Analytics is a free, external, third-party hosted, Web site analytics solution that generates robust information about the interactions of public-facing Web site visitors with DHS. Google Analytics must collect the full Internet Protocol (IP) address, which Google masks prior to use and storage, and provides DHS with non-identifiable aggregated information in the form of custom reports. DHS implemented the IP address masking feature within Google Analytics to avoid the use and storage of the full IP address. For example, when the last octet is truncated from the IP address, 192.168.0.1 becomes 192.168.0. This masking will affect the geographic location metric within Google Analytics. Google Analytics uses first-party cookies to track visitor interactions. DHS shall not collect, maintain, or retrieve PII including a visitor's IP address during this analytics process operated by Google. Google Analytics shall not provide to DHS, share with Google or any Google product for additional analysis, or use Start Printed Page 58815the full or masked IP address or information to draw any conclusions in the analytics product. DHS has expressly chosen to opt-out of sharing information with Google or any Google product for additional analysis. This PIA is being conducted to identify and mitigate privacy concerns associated with the use of Google Analytics.
System: DHS/USCIS/PIA-038 Freedom of Information Act/Privacy Act (FOIA/PIA) Information Processing System.
Date of approval: June 14, 2011.
USCIS uses the FOIA/PA Information Processing System (FIPS) to process FOIA and PA requests from any person requesting access to USCIS records. FIPS uses document imaging, workflow, and Web-server technologies to enable USCIS to efficiently and effectively manage the FOIA/PA case life cycle. USCIS is conducting this PIA because FIPS uses PII and to address major changes to the application.
System: DHS/FEMA/PIA-017 Federal/Emergency Response Official (F/ERO) Repository.
Component: Federal Emergency Management Agency (FEMA).
Date of approval: June 20, 2011.
FEMA Office of National Capital Region Coordination owns and operates the F/ERO Repository. FEMA uses the F/ERO Repository as the authoritative data source to identify and verify Federal employees/contractors, and participating non-Federal employees/contractors likely to respond during times of response and recovery for natural disasters, terrorism, or other emergencies. The F/ERO Repository allows for immediate electronic verification of an employee/contractor's personal identity and emergency management attribute at a given disaster zone. The purpose of this PIA is to document how FEMA collects, uses, maintains, and disseminates PII.
System: DHS/CISOMB/PIA-001 Virtual Ombudsman System.
Component: Citizenship and Immigration Services Ombudsman (CISOMB).
Date of approval: June 22, 2011.
The Virtual Ombudsman system has undergone a PIA 3-Year Review requiring no changes and continues to accurately relate to its originally stated mission. The Office of the CISOMB or Ombudsman at the DHS, as mandated by the Homeland Security Act of 2002 § 452, is an independent office that reports directly to the Deputy Secretary of Homeland Security. The CISOMB: (1) Assists individuals and employers with resolving problems with USCIS; (2) identifies areas in which individuals and employers have problems in dealing with USCIS; and (3) proposes changes to mitigate those problems. CISOMB has developed the Virtual Ombudsman System to ensure the efficient and secure processing of information to aid the Ombudsman in assisting individuals and employers and making systemic recommendations to USCIS. CISOMB is conducting this PIA because these transactions require collection of PII.
System: DHS/USCIS/PIA-027(a) Refugees, Asylum, and Parole System and the Asylum Pre-Screening System (APSS).
Date of approval: June 30, 2011.
The United States DHS, USCIS is updating the PIA for the Refugees, Asylum, and Parole System (RAPS) and the APSS in order to provide further notice of the expansion of routine sharing of RAPS with the intelligence community in support of the Department's mission to protect the United States from potential terrorist activities.
System: DHS/S&T/PIA-023—Biometrics Access Control System at the Transportation Security Lab.
Component: Science and Technology (S&T).
Date of approval: July 1, 2011.
Biometrics Access Control System is a building facilities access control system used at the DHS S&T Directorate's Transportation Security Lab. The system relies on biometrics (fingerprint and iris recognition) to enhance the physical security of the lab and provides a demonstration of advanced technologies. The S&T TSL is conducting a PIA because PII is collected during the testing and operational use of this system.
System: DHS/USCG/PIA-002(c)—United States Coast Guard (USCG) “Biometrics at Sea” (BASS) Update.
Date of approval: July 12, 2011.
BASS update allows merchant mariners to determine the status of their credential application using the Homeport Internet Portal. Homeport uses the identification information provided by the mariner to match records from the Merchant Mariner Licensing and Documentation system and provide mariners the current status of their credential application. Information provided by the mariner will be used solely for matching records and will not be retained in Homeport at the completion of the online session.
System: DHS/NPPD/PIA-006(a) Protected Critical Infrastructure Management System (PCIIMS).
Component: National Protection and Programs Directorate (NPPD).
Date of approval: July 13, 2011.
The Protected Critical Infrastructure Information Program, part of the DHS, NPPD, Office of Infrastructure Protection, Infrastructure Information Collection Division, facilitates the sharing of PCII between the government and the private sector. The PCIIM System Final Operating Capability is an IT system and the means by which PCII submissions from the private sector are received and cataloged, and PCII Authorized Users are registered and managed. The PCII Program conducted this PIA to analyze and evaluate the privacy impact resulting from the consolidation of the PCIIMS Initial Operating Capability functionalities into PCIIMS FOC, as well as the collection of limited PII from the submitting individuals and PCII Authorized Users for contact purposes.
System: DHS/ALL/PIA-027(b) Watchlist Service (WLS) Update.
Date of approval: July 19, 2011.
DHS currently uses the Terrorist Screening Database (TSDB), a consolidated database maintained by the Department of Justice Federal Bureau of Investigation Terrorist Screening Center (TSC) that contains identifying information about those known or reasonably suspected of being involved in terrorist activity, in order to facilitate DHS mission-related functions, such as counterterrorism, law enforcement, border security, and inspection activities. In July 2010, DHS launched an improved method of transmitting TSDB data from TSC to DHS through a new service called DHS WLS. At that time, DHS published a PIA to describe and analyze privacy risks associated with this new service. The WLS maintains a synchronized copy of the TSDB, which contains PII, and disseminates it to authorized DHS components. DHS is issuing this PIA update to add the U.S. CBP Automated Targeting System as an authorized recipient of TSDB data via the WLS.
System: DHS/CBP/PIA-007(a) Electronic System for Travel Authorization (ESTA) Fee and Information Sharing Update.
Component: Customs and Border Protection (CBP).
Date of approval: July 19, 2011.
U.S. CBP is publishing this update to the PIA for the ESTA Fee and Information Sharing Update dated June 3, 2008. ESTA is a Web-based application and screening system used to determine whether certain aliens are eligible to travel to the U.S. under the Visa Waiver Program. This update will evaluate the privacy impacts of updating the login procedures, Start Printed Page 58816collecting an application fee, and adding the Pay.gov tracking number and country of birth information to the ESTA system of records. Additionally, this update is to provide further notice of the expansion of routine sharing of ESTA with the intelligence community in support of DHS's mission to protect the U.S. from potential terrorist activities.
System: DHS/FEMA/PIA-014(a) National Emergency Family Registry and Locator System (NEFRLS) Update.
Date of approval: July 25, 2011.
DHS FEMA operates the NEFRLS system, a Web-based system that collects information from individuals to assist in reuniting family that have been displaced as a result of a Presidentially-declared disaster or emergency. An initial PIA was completed and approved for the NEFRLS system on August 27, 2009. This PIA update outlines and analyzes substantive enhancements made to the NEFRLS system including new information collected on law enforcement officers for identity verification and authentication purposes. When FEMA is conducting a search on behalf of a displaced individual the collection of cell phone numbers allows the FEMA Disaster Assistance Improvement Program system to use its text messaging functions to notify the individual when an official missing person report has been submitted.
System: DHS/ICE/PIA-029 Alien Medical Records System.
Date of approval: July 25, 2011.
U.S. ICE maintains medical records on aliens that ICE detains for violations of U.S. immigration law. Aliens held in ICE custody in a facility staffed by the ICE Health Services Corps, a division of ICE's Office of Enforcement and Removal Operations, receive physical exams and treatment, dental services, and pharmacy services, depending on the alien's medical conditions and length of stay. To properly record the medical assessments and services, ICE operates several IT systems that maintain electronic medical record information: CaseTrakker, MedEZ, Dental X-Ray System, the Criminal Institution Pharmacy System, the Medical Payment Authorization Request System (MedPAR), and the Medical Classification Database. This PIA describes the data maintained in these medical record systems, the purposes for which this information is collected and used, and the safeguards ICE has implemented to mitigate the privacy and security risks to PII stored in these systems.
System: DHS/NPPD/PIA-019 Secure Handling of Ammonium Nitrate Program.
Date of approval: July 25, 2011.
DHS, NPPD, published this PIA to provide a comprehensive analysis of the proposed Ammonium Nitrate Security Program. The proposed Ammonium Nitrate Security Program seeks to prevent the misappropriation or use of ammonium nitrate in an act of terrorism by regulating the sale and transfer of ammonium nitrate by ammonium nitrate facilities. This PIA provides transparency into how the proposed Ammonium Nitrate Security Program will support the homeland security and infrastructure protection missions of DHS/NPPD through the collection of PII, and describes reasonable mitigation solutions proposed to be implemented to address privacy and security risks. This PIA will be updated with any changes to the program concurrently with the rule making process.
System: DHS/USSS/PIA-004 Counter Surveillance Unit Reporting (CSUR) Database.
Component: United States Secret Service.
Date of approval: July 27, 2011.
The United States Secret Service (Secret Service or USSS) has created the CSUR Database. CSUR assists Secret Service employees in managing, analyzing, and distributing intelligence information regarding threats or potential threats to the safety of individuals, events, and facilities protected by the Secret Service. The Secret Service is conducting this PIA because CSUR contains PII regarding subjects of protective interest to the Secret Service.
System: DHS/ICE/PIA-030 Security Management Closed-Circuit Television (SM-CCTV) System.
Date of approval: August 4, 2011.
The SM-CCTV System is owned and operated by U.S. ICE, a component agency within the DHS. The SM-CCTV System is a video-only recording system installed to monitor the interior and exterior of ICE facilities. ICE conducted this PIA because the system has the ability to capture images of people, license plates, and any other visual information within range of its cameras.
System: DHS/CBP/PIA-009(a) TECS System: CBP Primary and Secondary Processing (TECS) National Suspicious Activity Report (SAR) Initiative.
Date of approval: August 5, 2011.
CBP is publishing this update to the PIA for DHS/CBP/PIA-009 the TECS System: Primary and Secondary Processing (TECS), dated December 22, 2010. TECS (not an acronym) is the updated and modified version of the former Treasury Enforcement Communications System. TECS is owned and managed by the DHS component CBP. TECS is the principal system used by officers at the border to assist with screening and determinations regarding admissibility of arriving persons. This update will evaluate the privacy impacts of identifying certain of the operational records maintained in TECS as SARs for inclusion in the National SAR Initiative, which is led by the Department of Justice on behalf of the entire Federal government.
System: DHS/TSA/PIA-016 Screening of Passengers by Observation Techniques (SPOT) Program.
Date of approval: August 5, 2011.
The SPOT program is a behavior observation and analysis program designed to provide Behavior Detection Officers with a means of identifying persons who pose or may pose potential transportation security risks by focusing on behaviors indicative of high levels of stress, fear, or deception. The SPOT program is a derivative of other behavioral analysis programs that have been successfully employed by law enforcement and security personnel both in the U.S. and around the world.
System: DHS/NPPD/PIA-017 National Infrastructure Coordinating Center Suspicious Activity Reporting Initiative Privacy Impact Assessment Update (NICC SARS).
Date of approval: August 12, 2011.
DHS NPPD Office of Infrastructure Protection NICC is publishing this PIA to reflect activities under its SAR Initiative. The NICC SAR Initiative serves as a mechanism by which a report involving suspicious behavior related to an observed encounter or reported activity is received and evaluated to determine its potential nexus to terrorism. NICC is conducting this PIA because SAR occasionally contains PII and NICC will be collecting and contributing SAR data for reporting and evaluation proceedings.
System: DHS/US-VISIT/PIA-005(a) Arrival and Departure Information System (ADIS).
Date of approval: August 12, 2011.
ADIS has undergone a PIA 3-Year Review requiring no changes and continues to accurately relate to its stated mission. This PIA for ADIS describes changes to ADIS corresponding to the publication of a new ADIS system of records notice. As Start Printed Page 58817now proposed, ADIS will be a DHS-wide system to serve certain programs, including those of the intelligence community, that require information, in support of the DHS mission, on individuals who seek to enter or who have arrived in or departed from the U.S. US-VISIT has conducted this PIA update based on these proposed changes.
System: DHS/TSA/PIA-0018(b) Secure Flight Program Update.
Date of approval: August 15, 2011.
The Secure Flight program will match identifying information of aviation passengers and certain non-travelers against the No Fly and Selectee portions of the consolidated and integrated terrorist watch list and, if warranted by security considerations, other watch lists maintained by the Federal government. The TSA published a Final Rule and PIA in October 2008, outlining TSA's expected implementation of the Secure Flight program. This update reflects changes in the Secure Flight operational environment. Unless otherwise noted, the information provided in previously published PIAs remain in effect. Individuals are encouraged to read all program PIAs to have an understanding of TSA's privacy assessment of the Secure Flight program.
System: DHS/ALL/PIA-040 Electronic Patient Care Reporting System (ePCR).
Date of approval: August 25, 2011.
The DHS Office of Health Affairs (OHA) is implementing a Web-based Commercial off the Shelf Internet software service called the ePCR. The ePCR system will establish a standardized approach to document care rendered by DHS Emergency Medical Services (EMS) medical care providers in pre-hospital environments. The system will also enhance OHA's capability to evaluate quality of care delivery, quality assurance, performance improvement, and risk management activities. OHA conducted this PIA because accurate documentation and quality assurance of EMS care provided necessarily includes gathering PII from patient encounters.
System: DHS/USCIS/PIA-0015(a) Computer Linked Application Information Management System (CLAIMS 4) Update.
Date of approval: August 31, 2011.
The USCIS is publishing this update to the PIA for the CLAIMS 4 dated September 5, 2008. CLAIMS 4 is an electronic case management system used to track and process applications for naturalization. The purpose of this update is to: (1) Discuss the disposition of the Change of Address subsystem; (2) discuss the disposition of the Complete File Review subsystem; (3) describe the new privacy impacts associated with the exchange of zip codes between the Site Profile System and CLAIMS 4; (4) describe the new privacy impacts associated with the capturing of certain digitized biometric images through the Benefits Biometric Support System; and (5) provide notice of a pilot program under which DHS is expanding the sharing of CLAIMS 4 data with the National Counterterrorism Center in support of DHS's mission to protect the U.S. from potential terrorist activities.Start Signature
Dated: September 7, 2011.
Mary Ellen Callahan,
Chief Privacy Officer, Department of Homeland Security.
[FR Doc. 2011-24220 Filed 9-21-11; 8:45 am]
BILLING CODE 9110-9L-P