74 FR 37 pgs. 8804-8807 - Published Privacy Impact Assessments on the Web
Type: NOTICEVolume: 74Number: 37Pages: 8804 - 8807
FR document: [FR Doc. E9-4151 Filed 2-25-09; 8:45 am]
Agency: Homeland Security Department
Sub Agency: Office of the Secretary
Official PDF Version: PDF Version
DEPARTMENT OF HOMELAND SECURITY
Office of the Secretary
Published Privacy Impact Assessments on the Web
AGENCY:
Privacy Office, DHS.
ACTION:
Notice of publication of Privacy Impact Assessments.
SUMMARY:
The Privacy Office of the Department of Homeland Security (DHS) is making available twenty-nine Privacy Impact Assessments on various programs and systems in the Department. These assessments were approved and published on the Privacy Office's Web site between October 1 and December 31, 2008.
DATES:
The Privacy Impact Assessments will be available on the DHS Web site until April 27, 2009, after which they may be obtained by contacting the DHS Privacy Office (contact information below).
FOR FURTHER INFORMATION CONTACT:
John W. Kropf, Acting Chief Privacy Officer, Department of Homeland Security, Mail Stop 0550, Washington, DC 20528, or e-mail: pia@dhs.gov .
SUPPLEMENTARY INFORMATION:
Between October 1 and December 31, 2008, the Chief Privacy Officer of the Department of Homeland Security (DHS) approved and published twenty-nine Privacy Impact Assessments (PIAs) on the DHS Privacy Office Web site, http://www.dhs.gov/privacy , under the link for "Privacy Impact Assessments." These PIAs cover twenty-nine separate DHS programs. Below is a short summary of those programs, indicating the DHS component responsible for the system, and the date on which the PIA was approved. Additional information can be found on the Web site or by contacting the Privacy Office.
System: Financial Disclosure Management.
Component: Office of General Counsel.
Date of approval: October 1, 2008.
The Ethics Division of the Office of General Counsel of DHS published this PIA for the Financial Disclosure Management System (FDMS). FDMS is a Web-based initiative developed to provide a mechanism for individuals to complete, sign, review, and file financial disclosure reports, first required by Title I of the Ethics in Government Act of 1978. This PIA was conducted because FDMS collects personally identifiable information (PII).
System: Keeping Schools Safe.
Component: Science and Technology.
Date of approval: October 1, 2008.
Keeping Schools Safe is a research and development effort funded by the DHS Science Technology Directorate (ST) in support of the Alabama State Department of Homeland Security. The purpose of this pilot is to test the functionality and clarity of live streaming video technology for first responders and law enforcement applications in a school environment. A PIA was conducted because images of individuals (volunteer Alabama law enforcement officials) will be captured during the field test. This PIA will only cover the research activities being conducted on behalf of ST during this operational field test.
System: United States Homeport Update.
Component: U.S. Coast Guard.
Date of approval: October 17, 2008.
This is an update to the previous Homeport PIA, dated May 9, 2006, in order to describe the new functionality that allows merchant mariners to determine the status of their credential application using the Homeport Internet Portal. Homeport uses the identification information provided by the mariner to match records from the Merchant Mariner Licensing and Documentation system and provide mariners the current status of their credential application. Information provided by the mariner will be used solely for matching records and will not be retained in Homeport at the completion of the online session.
System: Data Analysis and Research for Trade Transparency System.
Component: Immigration and Customs Enforcement.
Date of approval: October 20, 2008.
Immigration and Customs Enforcement (ICE) operates the Data Analysis and Research for Trade Transparency System (DARTTS), which supports ICE investigations of trade-based money laundering, contraband smuggling, and trade fraud. DARTTS analyzes trade and financial data to identify statistically anomalous transactions that may warrant investigation for money laundering or other import-export crimes. These anomalies are then independently confirmed and further investigated by experienced ICE investigators. ICE conducted this PIA because DARTTS collects and uses PII associated with money laundering, contraband smuggling, and trade fraud.
System: Secure Flight Program.
Component: Transportation Security Administration.
Date of approval: October 21, 2008.
The Secure Flight program matches identifying information of aviation passengers and certain non-travelers against the consolidated and integrated terrorist watch list maintained by the Federal Government in a consistent and accurate manner, while minimizing false matches and protecting PII. TSA published a Final Rule outlining TSA's implementation of the Secure Flight program. In conjunction with this Final Rule, TSA published this updated PIA. This updated PIA reflects the Secure Flight program as described in the Final Rule.
System: Alien Change of Address Card.
Component: U.S. Citizenship and Immigration Service.
Date of approval: October 21, 2008.
United States Citizenship and Immigration Service (USCIS) published this PIA for the Alien Change of Address Card (AR-11) System. The AR-11 tracks the address changes submitted to the Department of Homeland Security (DHS) in paper and electronic form as required by Section 265 of the Immigration and Nationality Act (INA), 8 U.S.C. 1305. USCIS has conducted this PIA because AR-11 contains PII.
System: First Phase of the Initial Operating Capability of Interoperability Between the U.S. Department of Homeland Security and the U.S. Department of Justice.
Component: US VISIT.
Date of approval: October 23, 2008.
The DHS United States Visitor and Immigrant Status Indicator Technology (US-VISIT) Program, in cooperation with the Department of Justice Federal Bureau of Investigation (FBI) Criminal Justice Information Services (CJIS) Division, implemented the first phase of initial operating capability (IOC) of system interoperability (Interoperability) between US-VISIT's Automated Biometric Identification System (IDENT) and CJIS' Integrated Automated Fingerprint Identification System (IAFIS). This capability, which expands upon and improves the method of exchange and sharing of certain biometric and biographic data between IDENT and IAFIS, is intended to increase data sharing between DHS and Federal, State, and local agencies for law enforcement activity relating to the DHS mission. This PIA describes these uses and sharing of data under the first phase of the Interoperability IOC, as well as the associated privacy risks and measures taken by US-VISIT to mitigate those risks.
System: Reality Mobile Kentucky: Operational Field Test.
Component: Science and Technology.
Date of approval: October 24, 2008.
The Reality Mobile Kentucky project is a research and development effort by DHS ST that seeks to test the operational effectiveness and efficiency of streaming video for law enforcement applications. Reality Mobile software is a commercially available software-driven system that would allow first responders and law enforcement officials to send and receive live video and geospatial coordinates. ST conducted this PIA because the Kentucky State Police will capture images of individuals during the field test in accordance with their law enforcement authorities, standard operating procedures, and applicable state and local laws. This PIA covers only the research activities conducted by ST during this operational field test. Should ST acquire the technology and transition it to a DHS Component, that DHS Component will be responsible for completing the subsequent privacy assessments of the Reality Mobile technology and its use.
System: Chemical Security Assessment Tool Update.
Component: National Protection and Programs.
Date of approval: October 27, 2008.
This is an update to the previous Chemical Security Assessment Tool (CSAT) PIA. CSAT collects PII from CSAT users and Chemical-Terrorism Vulnerability Information Web site users. This update improves a CSAT user's ability to know who else in their company also has access to CSAT. Further, the CSAT Helpdesk collects contact information both from CSAT users requesting basic CSAT IT support and from the general public inquiring about the CSAT program. Provision of basic CSAT user information to the Helpdesk will allow quicker services and support.
System: Homeland Security Virtual Assistance Center.
Component: Federal Emergency Management Agency.
Date of approval: November 3, 2008.
The DHS Federal Emergency Management Agency (FEMA) National Preparedness Directorate operates the Homeland Security Virtual Assistance Center (HSVAC). HSVAC is an advanced Web-based, technical assistance management solution that supports FEMA in the scheduling, coordination, and management of training provided to First Responders, including state and local government entities and organizations. FEMA conducted this PIA because HSVAC will use and maintain PII to authenticate user identities of those individuals requesting access to the application.
System: USCIS Person Centric Query Service Supporting Visa Benefit Adjudicators, Visa Fraud Officers, and Consular Officers of the Department of State, Bureau of Consular Affairs.
Component: U.S. Citizenship and Immigration Services.
Date of approval: November 5, 2008.
This is an update to the existing PIA for the Department of State, Bureau of Consular Affairs, Visa Benefit Adjudicators, Visa Fraud Officers, and Consular Officers (Adjudicators and Officers) use of the Person Centric Query Service (PCQS), operating through the USCIS Enterprise Service Bus to expand the PCQS person-search capability and describe the privacy impact of expanding the PCQS to include the following additional systems to the PCQS query for the Bureau of Consular Affairs, Adjudicators and Officers Client: (1) USCIS Marriage Fraud Amendment System and (2) USCIS Reengineered Naturalization Applications Casework System.
System: Air Cargo Security Requirements.
Component: Transportation Security Administration.
Date of approval: November 12, 2008.
TSA made several changes to its air cargo program that involve the collection of PII and the addition of new populations for which information will be collected. First, for TSA conducted security threat assessments (STAs) on individuals participating in its air cargo programs, TSA requires the submittal of contact and employer information for all participants so TSA can contact the individual in the adjudication process. Second, TSA allows non-citizens who do not have an Alien Registration Number to provide a Form I-94 Arrival/Departure number. Third, TSA created a new Certified Cargo Screening Program (CCSP), expanding the population of individuals who will need to provide PII for TSA-conducted STAs. A new automated collection STA Tool deployed to support the collection of PII from the CCSP population. Fourth, TSA updated the records retention schedule and redress processes applicable to all populations submitting PII for STAs under its air cargo programs. In accordance with Section 222 of the Homeland Security Act of 2002, TSA issued this update (PIA Update) to the Air Cargo Security Requirements PIA published on April 14, 2006, to incorporate these changes. The April 14, 2006 PIA remains in effect to the extent that it is consistent with this update. This update should be read together with the 2006 PIA.
System: Advance Passenger Information System Final Rule.
Component: Customs and Border Protection.
Date of approval: November 18, 2008.
CBP issued a Final Rule to amend regulations governing the submission of Advanced Passenger Information System (APIS) data to include private aircraft. CBP published a revised PIA and a revised associated System of Records Notice to include these final changes with its existing APIS privacy notices. The previous System of Records Notice for the APIS system was last published at 72 FR 48349, August 23, 2007. On September 18, 2007, CBP published a Notice of Proposed Rulemaking in the Federal Register (72 FR 53393) proposing amendments to CBP regulations concerning the advance electronic transmission of passenger and crew manifests for private aircraft arriving in and departing from the United States, commonly referred to as APIS. A PIA update was published on the DHS Web site at the same time discussing the impact of the notice of proposed rule.
System: Law Enforcement Intelligence Fusion Systems.
Component: Immigration and Customs Enforcement.
Date of approval: November 17, 2008.
The ICE Law Enforcement Intelligence Fusion System (IFS) enables ICE and other DHS law enforcement and homeland security personnel to analyze volumes of information from multiple data sources through a single Web-based access point. All IFS activity is predicated on ongoing and valid homeland security operations, law enforcement activities, and intelligence production requirements. IFS was formerly known as the ICE Network Law Enforcement Analysis Data System. ICE has completed this PIA to provide additional notice of the existence of IFS and publicly document the privacy protections that are in place for IFS.
System: Vessel Requirements for Notices of Arrival and Departure and Automatic Identification System Notice of Proposed Rulemaking.
Component: U.S. Coast Guard.
Date of approval: November 19, 2008.
The USCG published a proposed rule entitled "Vessel Requirements for Notices of Arrival and Departure and Automatic Identification System." The rule proposes to expand the applicability of notice of arrival (NOA) requirements to additional vessels, establish a separate requirement for certain vessels to submit notices of departure (NOD), set forth a mandatory method for electronic submission of NOA and NOD, and modify related reporting content, timeframes, and procedures. This proposed rule would also expand the applicability of Automatic Identification System (AIS) requirements beyond Vessel Traffic Service areas to all U.S. navigable waters and require AIS carriage for additional commercial vessels. USCG conducted this PIA because portions of the rule require an expansion of an existing collection of PII and because the system, Ship Arrival Notification System, which maintains the NOA and NOD information, will maintain the collection of PII.
System: Verification Information System Update.
Component: U.S. Citizenship and Immigration Services.
Date of approval: November 20, 2008.
The Verification Division of USCIS operates the Verification Information System (VIS). VIS is a composite information system that provides immigration status verification for government agencies and verification of employment authorization for employers participating in the E-Verify program. USCIS conducted this PIA to: (1) Cover the expansion of VIS to collect and verify information from United States Passports and Passport Cards from E-Verify users, (2) describe the expansion of the scope of SAVE to include verification of citizenship and immigration status for any DHS lawful purpose, not just for government benefit granting purposes as described in previous PIAs, and (3) describe the expansion of the scope of E-Verify to indicate that it is no longer solely voluntary in some cases and no longer solely for new employees in certain cases.
System: Suspicious Activity Reports Project.
Component: Operations.
Date of approval: November 21, 2008.
The Office of Operations Coordination and Planning (OPS), in cooperation with the ST published this PIA to reflect a planned research project regarding Suspicious Activity Reports (SARs). The Operations Coordination and Planning Directorate will host a stand-alone system designed to analyze Suspicious Activity Report data taken from several DHS components. OPS conducted this PIA because SARs occasionally contain PII and because it is physically hosting the project in addition to contributing SARS data.
System: National Flood Insurance Program (NFIP) Modernization/Business Process Improvement/Systems Engineering Management Support.
Component: Federal Emergency Management Agency.
Date of approval: November 26, 2008.
The DHS FEMA National Flood Insurance Program (NFIP) Modernization, Business Process Improvement, and Systems Engineering Management Support project has transitioned into NFIP IT NextGen. The NFIP IT NextGen service oriented and integrated systems will support daily reporting by NFIP insurance companies and improve services to stakeholders, especially policy holders. The purpose of this PIA is to describe the collection of information in conducting NFIP processes and how NFIP information is used by FEMA and the NFIP community.
System: Automated Targeting System Update.
Component: Customs and Border Protection.
Date of approval: December 2, 2008.
This is an update to the previous Automated Targeting System PIA, dated August 3, 2007, in order to expand the scope of the data accessed for screening and targeting purposes to include additional importer and carrier requirements. In conjunction with this update, CBP published an Interim Final Rule that amends the CBP regulations contained in 19 CFR parts 4, 12, 18, 101, 103, 113, 122, 123, 141, 143, 149, 178, and 192 addressing the advanced electronic submission of information by importers and vessel carriers.
System: Automated Commercial System/Automated Commercial Environment-Importer Security Filing Data.
Component: Customs and Border Protection.
Date of approval: December 2, 2008.
CBP expanded and revised the collection of data from carriers and importers to the Automated Commercial System (ACS) in an effort to prevent terrorist weapons from being transported to the United States. Using ACS, CBP collects cargo, carrier, importer, and other data to achieve improved high-risk cargo targeting as required by Section 203 of the Security and Accountability for Every Port Act of 2006 (Pub. L. 109-347, 120 Stat. 1884 (SAFE Port Act)). This PIA was conducted to explore the use of PII contained in the Importer Security Filing submitted by the importer to CBP.
System: Customer Relationship Interface System.
Component: U.S. Citizenship and Immigration Services.
Date of approval: December 4, 2008.
USCIS developed the Customer Relationship Interface System (CRIS) to provide USCIS customers with the status of pending applications and petitions for benefits and processing time information. This PIA is required because the CRIS database contains PII such as Alien Registration Number (A-Number), full name, date of birth, and address.
System: State, Local, and Regional Fusion Center Initiative.
Component: Department of Homeland Security.
Date of approval: December 11, 2008.
Pursuant to Section 511 of the Implementing Recommendations of the 9/11 Commission Act of 2007 (the "9/11 Commission Act" or "the Act"), Public Law No. 110-53, the DHS Privacy Office conducted a PIA on the Homeland Security State, Local, and Regional Fusion Center Initiative (the Initiative). Under the Initiative, DHS will facilitate appropriate, bi-directional information sharing between the Department and State, Local, and Regional Fusion Centers. In addition, the Department will assign trained intelligence analysts to fusion centers, provided those centers meet a number of criteria set forth in the text. The Act requires the Department to complete a concept of operations (CONOPS) for the Initiative, including a PIA. The CONOPS also includes a Civil Liberties Impact Assessment, conducted by the DHS Office for Civil Rights and Civil Liberties.
System: Future Attribute Screening Technology Project.
Component: Science and Technology.
Date of approval: December 15, 2008.
DHS identified a need for new technical capabilities that can rapidly identify suspicious behavior indicators to provide real-time decision support to security and law enforcement personnel. The Future Attribute Screening Technology Mobile Module (FAST) project, sponsored by ST Homeland Security Advanced Research Projects Agency and executed under the oversight of DHS ST's Human Factors Behavior Sciences Division, seeks to develop people screening technologies that will enable security officials to test the effectiveness of current screening methods at evaluating suspicious behaviors and judging the implications of those behaviors. The ultimate goal of the FAST project is to equip security officials with the tools to assess potential threats rapidly. This first phase of the FAST project is limited to identifying various screening sensors and conducting testing of various sensors with volunteer participants.
System: Scheduling and Notification of Applicants for Processing.
Component: U.S. Citizenship and Immigration Services.
Date of approval: December 15, 2008.
USCIS developed the Scheduling and Notification of Applicants for Processing (SNAP) system. SNAP automatically schedules appointments for immigration benefits for applicants/petitioners to submit biometric information to USCIS. USCIS conducted this PIA because SNAP uses PII to perform its scheduling functions.
System: Customer Proprietary Network Information.
Component: United States Secret Service.
Date of approval: December 17, 2008.
The U.S. Secret Service (USSS) and the FBI co-sponsor and manage the Customer Proprietary Network Information (CPNI) Reporting Web site. The Web site is a tool for telecommunications carriers to report a breach of its customer proprietary network information to law enforcement. The USSS and the FBI conducted this PIA because the CPNI Reporting Web site contains PII.
System: Changes to Requirements Affecting H-2A Nonimmigrants and Changes to Requirements Affecting H-2B Nonimmigrants and Employers Final Rules.
Component: U.S. Citizenship and Immigration Services.
Date of approval: December 18, 2008.
USCIS published this PIA in conjunction with two Final Rules titled Changes to Requirements Affecting H-2A Nonimmigrants and Changes to Requirements Affecting H-2B Nonimmigrants and Employers. The Final Rules announce employers' requirements to notify USCIS when an H-2A or H-2B worker absconds, fails to report for work, or is terminated early and/or when any prohibited fees are collected from aliens as a condition of H-2A or H-2B employment. USCIS conducted this PIA because the nonimmigrant visa programs associated with these Final Rules involve the collection of PII.
System: Stand-Off Detection.
Component: Transportation Security Administration.
Date of approval: December 23, 2008.
TSA deploys advanced explosives detection technology using passive millimeter wave screening technologies as part of the agency's efforts to ensure the safety of travelers. The objective is to identify individuals who may seek to detonate explosives in transportation facilities. This PIA was conducted to provide transparency into TSA operations affecting the public.
System: Disaster Assistance Improvement Plan.
Component: Federal Emergency Management Agency.
Date of approval: December 31, 2008.
DHS FEMA developed the Disaster Assistance Improvement Program (Disaster Assistance Center) in accordance with the August 29, 2006, Executive Order 13411, "Improving Assistance for Disaster Victims." The Disaster Assistance Center is an enhancement and upgrade of the current system known as the National Emergency Management Information System, which contains, stores, and manages information contained in the Disaster Recovery Assistance Files System of Records (DHS/FEMA-REG 2), as announced in the Disaster Recovery Assistance Files System of Record Notice (71 FR 38408, July 6, 2006) (DRA SORN). The data elements include those that are contained and captured on the FEMA form 90-69. The objective of this PIA is to identify and address the safeguarding of PII that may result from FEMA's proposed implementation of Executive Order 13411 and its modification of the Individual Assistance Center application.
System: Department of Homeland Security General Contact List.
Component: DHS Wide.
Date of approval: December 19, 2008.
Many DHS operations and projects collect a minimal amount of contact information in order to distribute information and perform various other administrative tasks. Department Headquarters conducted this PIA because contact lists contain PII. The Department added the following systems to this PIA:
• U.S. Coast Guard Citizen's Action Network.
• Transportation Security Administration Rail Security.
• Transportation Security Administration Enterprise Performance Management Platform.
• National Protection and Programs Directorate Vehicle-Bourne Explosive Device Training.
• U.S. Coast Guard 2009 World Maritime Day Parallel Event.
• Transportation Security Administration Inquiry Management System.
John W. Kropf,
Acting Chief Privacy Officer, Department of Homeland Security.
[FR Doc. E9-4151 Filed 2-25-09; 8:45 am]
BILLING CODE 4410-10-P