Home Information Sharing & Analysis Prevention & Protection Preparedness & Response Research Commerce & Trade Travel Security Immigration
About the Department Open for Business Press Room
Current National Threat Level is elevated

The threat level in the airline sector is High or Orange. Read more.

Homeland Security 5 Year Anniversary 2003 - 2008, One Team, One Mission Securing the Homeland

Homeland Security Components

Privacy Office - Privacy Impact Assessments (PIA)

get e-mail updates Get e-mail updates when this information changes

The availability of information, from personal information to public information, is made all the easier today due to technological changes in computers, digitized networks, internet access, and the creation of new information products. The E-Government Act of 2002 recognized that these advances also have important ramifications for the protection of personal information contained in government records and systems. The Act mandates an assessment of the privacy impact of any substantially revised or new Information Technology System. The document that results from these mandated assessments is called a Privacy Impact Assessment (PIA).

Read more about official guidance regarding drafting Privacy Impact Assessments and templates for the Privacy Threshold Analysis and the Privacy Impact Assessment.

Privacy Impact Assessments

The following are official Privacy Impact Assessments of significant initiatives within the U.S. Department of Homeland Security, organized by component agency and then chronologically with the most recent PIA presented first:

Back To Top

Department-wide Programs

Financial Disclosure Management (FDM), September 30, 2008, (PDF, 13 pages – 210 KB ) The Ethics Division of the Office of General Counsel (OGC) of the Department of Homeland Security (DHS) is publishing this Privacy Impact Assessment (PIA) for the Financial Disclosure Management System (FDMS). FDMS is a web-based initiative developed to provide a mechanism for individuals to complete, sign, review, and file financial disclosure reports, first required by Title I of the Ethics in Government Act of 1978.  This PIA is being conducted because FDMS collects personally identifiable information.

The Department of Homeland Security HR Solutions, August 12, 2008, (PDF, 16 Pages - 246 KB) The Department of Homeland Security, Office of the Chief Human Capital Officer (OCHCO) operates the HR Solutions System. HR Solutions is a newly developed system designed to aid in the administration of the Human Capital Processing of human resources operations and services. OCHCO conducted this PIA because HR Solutions collects and maintains personally identifiable information (PII).

The Department of Homeland Security Web Time and Attendance System, May 1, 2008, (PDF, 14 pages - 268 KB ) The Department of Homeland Security (DHS) Office of the Chief Human Capital Officer (OCHO) has procured a COTS application and customized it to meet DHS standard requirements. This system is designed to implement an enterprise system that can efficiently automate the timesheet collection process and provide robust reporting features and a labor distribution capability. This privacy impact assessment was conducted because WebTA utilizes personally identifiable information.

DHS Enterprise e-Recruitment System, March 4, 2008, (PDF, 24 Pages – 408 KB) The Department of Homeland Security (DHS), Office of the Chief Human Capital Officer (OCHCO) is implementing an enterprise e-Recruitment system for DHS. The use of an automated recruitment solution is necessary to meet mission critical needs of DHS and comply with the 45-day hiring model under the President’s Management Agenda. OCHCO has conducted this privacy impact assessment (PIA) because e-Recruitment will use and maintain personally identifiable information.

The Department of Homeland Security REAL-ID Final Rule, January 11, 2008, (PDF, 27 Pages – 228 KB) This Privacy Impact Assessment (PIA) updates the PIA issued on March 1, 2007, in conjunction with the Notice of Proposed Rulemaking (NPRM).

The Department of Homeland Security REAL-ID, March 1, 2007, (PDF, 24 pages - 296KB) The Department of Homeland Security (DHS) Privacy Office is conducting a Privacy Impact Assessment (PIA) on the rule proposed by DHS to implement the REAL ID Act. The authority for this PIA is Subsection 4 of Section 222 of the Homeland Security Act of 2002, as amended, which calls for the Chief Privacy Officer of the Department of Homeland Security (DHS) to conduct a “privacy impact assessment of proposed rules of the Department.”  This analysis reflects the framework of the Privacy Office’s Fair Information Principles, which are: Transparency, Individual Participation, Purpose Specification, Minimization, Use Limitation, Data Quality and Integrity, Security, and Accountability and Auditing.  The Privacy Office conducts PIAs, whether under Subsection 4 of Section 222 or under Section 208 of the E-Government Act, to ensure that DHS is fully transparent about how its proposed rules, final rules, and intended information technology systems may affect privacy and to review alternative approaches and technologies that may minimize the privacy impact on individuals.  This PIA examines the manner and method by which the personal information of American drivers and identification (ID) holders will be collected, used, disseminated, and maintained pursuant to the proposed rule issued under the REAL ID Act.  This PIA will be updated, as necessary, when the rule is final.

Enterprise Correspondence Tracking System (ECT), December 3, 2007 (PDF, 18 Pages – 329 KB) The Executive Secretariat of the Department of Homeland Security (DHS) operates the Enterprise Correspondence Tracking (ECT) system. The ECT is a correspondence workflow management system that assists DHS in responding to inquiries from the public, other government agencies, and the private sector. Tens of thousands of pieces of correspondence ranging from official rulings, policy statements, testimony, or even thank you letters are processed annually by DHS. The Executive Secretariat conducted this privacy impact assessment because the ECT collects and uses personally identifiable information (PII).

Department of Homeland Security General Contact Lists (PDF, 14 Pages – 201.2 KB) Many Department of Homeland Security operations and projects collect a minimal amount of contact information in order to distribute information and perform various other administrative tasks. Department Headquarters has conducted this privacy impact assessment because contact lists contain personally identifiable information. Programs that follow the policies and procedures outlined in this PIA are noted in the appendix.

The Department of Homeland Security Traveler Redress Inquiry Program, January 18, 2007 (PDF, 22 pages – 1 MB) The Department of Homeland Security Traveler Redress Inquiry Program (DHS TRIP) is a customer service web-based initiative developed as a voluntary program to provide a one-stop mechanism for individuals to request redress who believe they have been (1) denied or delayed boarding transportation due to DHS screening programs, (2) denied or delayed entry into or departure from the United States at a port of entry, or (3) identified for additional (secondary) screening at our Nation’s transportation facilities, including airports, and seaports.  DHS TRIP will provide traveler redress intake and processing support while working with relevant DHS components to review and respond to requests for redress.

Back To Top

Customs and Border Protection (CBP)

Advance Passenger Information System (APIS) Final Rule, November 18, 2008 (PDF, 24 Pages – 328 KB) CBP is issuing a Final Rule to amend regulations governing the submission of Advanced Passenger Information System (APIS) data to include private aircraft. CBP is publishing a revised PIA and a revised associated System of Records Notice to include these final changes with its existing APIS privacy notices. The previous System of Records Notice for the APIS system was last published at 72 FR 48349, August 23, 2007. On September 18, 2007, CBP published a Notice of Proposed Rulemaking in the Federal Register (72 FR 53393) proposing amendments to CBP regulations concerning the advance electronic transmission of passenger and crew manifests for private aircraft arriving in and departing from the United States, commonly referred to as APIS. A PIA update was published on the DHS web site at the same time discussing the impact of the notice of proposed rule.

Procedures for Processing Travel Documents at the Border, July 2, 2008 (PDF, 27 pages - 284 KB). U.S. Customs and Border Protection (CBP), Department of Homeland Security (DHS), is publishing this Privacy Impact Assessment to give notice of its procedures for recording certain border crossing information and validating the travel documents provided by individuals at air, land, and sea ports of entry who are admitted or paroled into the United States. CBP maintains information regarding persons who are admitted or paroled into the United States, and where applicable exit the United States in accordance with the Privacy Act system of records notices (SORNs) for the Border Crossing Information (BCI) and for the Treasury Enforcement Communications System (TECS), which is being revised and will be republished in the future as TECS (no longer an acronym).

As part of processing travelers at the border, CBP accepts different types of documents for purposes of establishing the identity, citizenship, and admissibility of travelers seeking to enter the United States. CBP populates BCI with certain information provided by or on behalf of persons who are admitted, paroled into, or depart the U.S. In addition the information maintained by BCI regarding such persons may be derived from different DHS systems of records, Department of State systems of records, and the systems of other governmental or tribal authorities (including foreign governments). CBP uses this information to validate the travel documentation provided by or on behalf of the individual, make determinations regarding an individual’s admissibility, and ensure compliance with all other U.S. laws enforced by CBP at the border.

This PIA explains the information technology and the information flow between BCI, TECS, and other Privacy Act system of records, including the Non-Federal Entity Data System (NEDS).

Electronic System for Travel Authorization, June 3, 2008 (PDF, 26 pages - 301 KB ). CBP is issuing an Interim Final Rule to create regulations governing the submission of Electronic System for Travel Authorization (ESTA) data, a new system of records notice, and an associated Privacy Impact Assessment (PIA). The ESTA regulations will govern the collection and use of personally identifiable information in determining the eligibility to travel of persons seeking to enter the United States under the Visa Waiver Program (VWP) by air or sea. The regulations will require nationals of VWP countries seeking to enter the United States by air or sea carriers to submit personally identifiable information to an electronic system, ESTA, prior to travel. ESTA will run the applicant’s information against various databases to determine whether there is a law enforcement or security reason to deem that a prospective traveler is ineligible to travel to the United States under the VWP. The ESTA system will serve to modernize and strengthen the security of the VWP as mandated by the “Implementing Recommendations of the 9/11 Commission Act of 2007” (9/11 Act), by providing automated vetting of travelers from VWP countries.

Western Hemisphere Travel Initiative Land and Sea Final Rule, March 24, 2008 (PDF, 5 pages – 142 KB) The Department of Homeland Security (DHS) and U.S. Customs and Border Protection (CBP), in conjunction with the Bureau of Consular Affairs at the Department of State (DOS), published in the Federal Register a final rule to notify the public of how they will implement the Western Hemisphere Travel Initiative (WHTI) for sea and land ports-of entry. The final rule removes the current regulatory exceptions to the passport requirement provided under sections 212(d)(4)(B) and 215(b) of the Immigration and Nationality Act (INA).  On August 9, 2007, the DHS Privacy Office issued a Privacy Impact Assessment (PIA) for the proposed rule, which was published in the Federal Register on June 26, 2007, at 72 FR 35088.  This PIA updates the earlier PIA for the proposed rule to reflect changes in the WHTI final rule for land and sea ports-of-entry.

Customs and Border Protection Western Hemisphere Travel Initiative (WHTI) Land and Sea Rule, August 10, 2007 (PDF, 10 pages – 154 KB)  The Department of Homeland Security and U.S. Customs and Border Protection, in conjunction with the Bureau of Consular Affairs at the Department of State, have published a notice of proposed rulemaking to notify the public of how they intend to implement the WHTI for sea and land ports-of entry. The proposed rule, would remove the current regulatory exceptions to the passport requirement provided under sections 212(d)(4)(B) and 215(b) of the Immigration and Nationality Act (INA).

Use of Radio Frequency Identification (RFID) Technology for Border Crossings, January 22, 2008 (PDF, 25 Pages – 222 KB) U.S. Customs and Border Protection (CBP) employs Radio Frequency Identification (RFID) Technology that is to be used in cross border travel documents to facilitate the land border primary inspection process. A unique number is embedded in an RFID tag which, in turn, is embedded in each cross border travel document. At the border, the unique number is read wirelessly by CBP and then forwarded through a secured data circuit to back-end computer systems. The back-end systems use the unique number to retrieve personally identifiable information about the traveler. This information is sent to the CBP Officer to assist in the authentication of the identity of the traveler and to facilitate the land border primary inspection process. Multiple border crossing programs use or plan to take advantage of CBP's vicinity RFID-reader enabled border crossing functionality including CBP's own trusted traveler programs, the pending Department of State's (DoS) Passport Card, the Mexican Border Crossing Card, the proposed Enhanced Driver's License (EDL) offered by various states, tribal enrollment cards that could be developed by various Native American Tribes, and the proposed Enhanced Driver's Licenses being developed within the various provincial authorities in Canada.

Advance Passenger Information System (APIS) Update For Customs and Border Protection’s General Aviation Notice of Proposed Rulemaking, September 11, 2007 (PDF, 8 Pages – 220 KB) This is an update to the previous Advanced Passenger Information System (APIS) privacy impact assessment (August 8, 2007) to discuss an expansion of the scope of the APIS data collection to include non-commercial aviation.  In conjunction with this update, CBP is publishing a Notice of Proposed Rulemaking that amends the CBP regulations contained in 19 CFR Part 122 addressing the advance electronic submission of information for private aircraft arriving in, departing from, continuing and overflying the United States. 

Customs and Border Protection Advanced Passenger Information System (APIS) Update for Final Rule, August 9, 2007, (PDF, 23 pages - 212 KB) The Department of Homeland Security, U.S. Customs and Border Protection is issuing a Final Rule to amend regulations governing the submission of Advanced Passenger Information System (APIS) data.  CBP is publishing a PIA and an associated System of Records Notice and Notice of Proposed Rulemaking for Privacy Act exemptions for APIS. 

Customs and Border Protection Automated Targeting System (ATS), August 3, 2007, (PDF, 34 pages - 335 KB) The Department of Homeland Security (DHS), U.S. Customs and Border Protection (CBP) has developed the Automated Targeting System (ATS).  ATS is one of the most advanced targeting systems in the world.  Using a common approach for data management, analysis, rules-based risk management, and user interfaces, ATS supports all CBP mission areas and the data and rules specific to those areas.  CBP is updating and republishing this PIA in conjunction with the System of Records Notice (SORN) and the Notice of Proposed Rulemaking (NPRM) for Privacy Act exemptions that are being published on August 6, 2007 in the Federal Register.

Secure Border Initiative-net (SBInet), July 20, 2007, (PDF, 17 pages – 309 KB) The Secure Border Initiative-net (SBInet) is a Department of Homeland Security (DHS) Customs and Border Protection (CBP) system designed to detect, identify, apprehend, and remove illegal entrants to the U.S. on and between the Ports of Entry (POE). This PIA addresses Project 28, which is a concept demonstration prototype for the SBInet program. Project 28 focuses on a 28 mile border segment surrounding the Sasabe, Arizona Port of Entry (POE). This privacy impact assessment (PIA) has been conducted because SBInet collects and processes personally identifiable information (PII).

Custom and Border Protection's Western Hemisphere Travel Initiative (WHTI), January 23, 2007, (PDF, 6 pages - 173 KB) CBP, in conjunction with the Bureau of Consular Affairs of the Department of State, published in the Federal Register a Final Rule to implement the WHTI requirements for air travel on November 24, 2006, at 71 FR 68411.  Under the WHTI final rule, effective January 23, 2007, affected travelers entering the United States from a Western Hemisphere country by air must present a passport, Air NEXUS card, or Merchant Mariner Document to CBP officials. This PIA reflects the WHTI requirements as set out in the final rule and follows the initial PIA for WHTI posted on August 11, 2006, in conjunction with the notice of proposed rulemaking (NPRM). This updated PIA reflects changes made to WHTI based upon changes in policy and amendments to statutory authority as well as in response to comments on the WHTI NPRM.

CBP Automatic Targeting System, November 22, 2006 (PDF, 30 pages - 286 KB) Department of Homeland Security, Customs and Border Protection (CBP) has developed the Automated Targeting System (ATS). ATS is one of the most advanced targeting systems in the world. Using a common approach for data management, analysis, rules-based risk management, and user interfaces, ATS supports all CBP mission areas and the data and rules specific to those areas. This PIA was prepared in conjunction with the System of Records Notice that was published on November 2, 2006 in the Federal Register.

Global Enrollment System, November 1, 2006 (PDF, 5 pages - 190 KB) This is an update to the previous Global Enrollment System PIA, dated April 20, 2006. It was prepared in order to include a description and analysis of the Global On-Line Enrollment System, which is the new online application process for enrollment in Customs and Border Protection trusted traveler programs. With the new system, CBP will be able to offer an on-line enrollment process to prospective and existing members of GES programs.

Western Hemisphere Travel Initiative, August 10, 2006 (PDF, 16 pages - 202 KB) U.S. Customs and Border Protection, Department of Homeland Security, in conjunction with the Bureau of Consular Affairs, Department of State, is publishing a notice of proposed rule making to implement the Western Hemisphere Travel Initiative (WHTI). The air/sea requirements of WHTI are the first phase in the implementation of new passport requirements for certain travelers to, and from, the United States as defined in the Intelligence Reform and Terrorism Prevention Act of 2004. WHTI will expand the group from which passport and travel information will be collected from affected travelers.

Custom and Border Protection’s ACE and ITDS, July 14, 2006 (PDF, 16 pages – 220 KB) U.S. Customs and Border Protection (CBP) is engaged in a multi-year modernization effort to update its information systems. The purposes of ACE are to streamline business processes, to facilitate growth in trade, to ensure cargo security, to provide means to combat terrorism through monitoring what materials and which persons enter and leave the country, and to foster participation in global commerce, while ensuring compliance with U.S. laws and regulations. To build on existing infrastructure, ACE will use the International Trade Data System (ITDS) to share electronic international trade and transportation data with Participating Government Agencies (PGAs) of the Federal government.

CBP Global Enrollment System (GES), April 20, 2006 (PDF, 20 pages - 203 KB). The Global Enrollment System is an information technology system that consolidates the enrollment and vetting processes for individuals who voluntarily exchange personally identifiable information in return for expedited transit at U.S. border entry points.

Advance Passenger Information System (APIS), March 21, 2005 (PDF, 18 pages - 281 KB) This Privacy Impact Assessment (PIA) applies to the systems and procedures implemented by the Customs and Border Protection (CBP) through the Advance Passenger Information System (APIS) for the collection of certain information on all passenger and crew members who arrive in or depart from the United States on a commercial air or sea carrier. The APIS information is collected in advance of a passenger’s or crew member’s arrival or departure from the United States in order to perform law enforcement queries to identify security risks to the aircraft or vessel, to its occupants, or to the United States and in order to expedite CBP processing.

Back To Top

U.S. Citizenship and Immigration Services (USCIS)

USCIS Person Centric Query Service Supporting Visa Benefit Adjudicators, Visa Fraud Officers, and Consular Officers of the Department of State, Bureau of Consular Affairs, November 5, 2008 (PDF, 6 pages – 189 KB) This is an update to the existing Privacy Impact Assessment (PIA) for the Department of State, Bureau of Consular Affairs (CA), Visa Benefit Adjudicators, Visa Fraud Officers, and Consular Officers (Adjudicators and Officers) use of the Person Centric Query Service (PCQS), operating through the U.S. Citizenship and Immigration Services (USCIS) Enterprise Service Bus (ESB) to: expand the PCQS person-search capability and describe the privacy impact of expanding the PCQ Service to include the following additional systems to the PCQS query for the Bureau of Consular Affairs, Adjudicators and Officers Client: 1) USCIS Marriage Fraud Amendment System (MFAS) and 2) USCIS Reengineered Naturalization Applications Casework System (RNACS).

Alien Change of Address Card (AR-11) October 21, 2008 (PDF, 13 Pages – 194 KB) United States Citizenship and Immigration Service (USCIS) is publishing this Privacy Impact Assessment (PIA) for the Alien Change of Address Card (AR-11) System. The AR-11 tracks the address changes submitted to the Department of Homeland Security (DHS) in paper and electronic form as required by Section 265 of the Immigration and Nationality Act (INA), 8 U.S.C. 1305. USCIS has conducted this PIA because AR-11 contains personally identifiable information (PII).

USCIS Microfilm Digitization Application System (MiDAS) September 15, 2008 (PDF, 21 Pages – 289 KB) The Department of Homeland Security U.S. Citizenship and Immigration Services (USCIS) Records Division maintains the Microfilm Digitization Application System (MiDAS), which houses 85 million electronic immigration-related records previously stored on microfilm.  USCIS is conducting this Privacy Impact Assessment (PIA) to analyze the privacy impacts associated with the new release of MiDAS that will enable USCIS to 1) electronically search and retrieve historical immigration-related records, 2) process web-based requests for these records submitted by Federal, state, and local Government and Public Genealogy Customers, 3) provide case tracking capabilities for USCIS Records Division staff, and 4) provide these records to the law enforcement and intelligence communities.

USCIS Benefits Processing of Applicants other than Petitions for Naturalization, Refugee Status, and Asylum (CLAIMS 3), September 5, 2008 (PDF, 33 Pages – 414 KB) The United States Citizenship and Immigration Services (USCIS) receives and adjudicates applications for all United States immigration benefits.  This PIA covers the USCIS systems associated with processing all immigration benefits except naturalization, asylum, and refugee status.  These systems include the Computer Linked Adjudication Information Management System (CLAIMS 3), the Citizenship and Immigration Services Centralized Oracle Repository (CISCOR), the Interim Case Management System (ICMS), Integrated Voice Response System (IVRS), and the Integrated Card Production System (ICPS).  Other USCIS systems involved in the processing of benefits are covered by other Privacy Impact Assessments.

USCIS Computer Linked Application Information Management System (CLAIMS 4), September 5, 2008 (PDF, 27 Pages – 321 KB) This Privacy Impact Assessment (PIA) analyzes the Computer Linked Application Information Management System (CLAIMS) 4. CLAIMS 4 is the Department of Homeland Security (DHS) United States Citizenship and Immigration Service’s (USCIS) system for processing Applications for Naturalization. USCIS is conducting this PIA to document, analyze, and assess its current practices with respect to the personally identifiable information it collects, uses, and shares; and to improve its ability to provide appropriate citizenship and immigration status information to users.

USCIS Fraud Detection and National Security Data System (FDNS-DS), July 29, 2008 (PDF, 19 Pages - 258 KB) The United States Citizenship and Immigration Services (USCIS) has developed the Fraud Detection and National Security Data System (FDNS-DS), a case management system used to record, track, and manage immigration inquiries, investigative referrals, law enforcement requests, and case determinations involving benefit fraud, criminal activity, public safety and national security concerns. The FDNS-DS system is an upgrade of the Fraud Tracking System (FTS). The FTS PIA was published on June 24, 2005.

USCIS Customer Identity Verification (CIV) Pilot, August 15, 2008 (PDF, 18 Pages - 262 KB) United States Citizenship and Immigration Services (USCIS) prepared a Privacy Impact Assessment (PIA) for the Customer Identity Verification (CIV) Pilot. The purpose of this pilot is to assess the viability of using fingerprint-based identity verification along with information from previous biometric encounters in the USCIS benefit adjudication process. USCIS will test this capability for a period of approximately four months in an operational environment consisting of four field offices. USCIS will use fingerprint scanners connected to the United States Visitor and Immigrant Status Indicator Technology (US-VISIT) Program's Automated Biometric Identification System (IDENT) to implement the CIV Pilot.

USCIS Secure Information Management Service (SIMS) Pilot with Inter-Country Adoptions Update, August 13, 2008 (PDF, 6 Pages - 248 KB) United States Citizenship and Immigration Services (USCIS) is publishing this update to the Privacy Impact Assessment (PIA) for the Secure Information Management Service (SIMS). This update describes the electronic sharing of case management data with the Department of State (DoS) necessary to expedite and improve the processing of inter-country adoption cases. Specifically, the Personally Identifiable Information (PII) will be shared electronically with the DoS to maintain statistics related to inter-country adoption cases.

USCIS Secure Information Management Service (SIMS) Pilot with Inter-country Adoptions, May 24, 2007, (PDF, 27 pages – 392 KB) United States Citizenship and Immigration Services (USCIS) prepared a Privacy Impact Assessment (PIA) for the Secure Information Management Service (SIMS) Pilot. Using the inter-country adoption caseload as a “proof-of-concept” for SIMS, this pilot will: (a) demonstrate the case processing capability of the case management system, (b) verify that an enumerator (unique identifier based on biometrics) supports the USCIS person-centric business process, and (c) verify that the case management system can be used to view digitized files. This PIA covers the initial deployment of the SIMS and will be supplemented accordingly as additional USCIS applications and system functionalities are added to the SIMS.

USCIS Person Centric Query Service Supporting Immigration Status Verifiers of the USCIS National Security and Records Verification Directorate/Verification Division Update, August 13, 2008 (PDF, 7 Pages - 187 KB) This is an update to the existing Privacy Impact Assessment (PIA) for the United States Citizenship and Immigration Services (USCIS), Verification Division, Immigration Status Verifiers' (ISV) use of the Person Centric Query Service (PCQS), operating through the USCIS Enterprise Service Bus (ESB) to: 1) expand the PCQS person-search capability, and 2) describe the privacy impact of updating the PCQS by adding access to five additional systems to the PCQS query; ENFORCE Integrated Database (EID), the Executive Office Immigration Review System (EOIR), the Refugees, Asylum, and Parole System (RAPS), the Treasury Enforcement Communications System (TECS) Arrival/Departure Data Query (TECS SQ94), and the TECS Subject Lookout Search (SQ11).

USCIS Person Centric Query Service Supporting The Verification Information System (VIS), January 18, 2008, (PDF, 8 Pages -234 KB) This is an update to the existing Privacy Impact Assessment (PIA) for the United States Citizenship and Immigration Services (USCIS) Person Centric Query (PCQ) Service, operating through the USCIS Enterprise Service Bus (ESB) to describe the privacy impact of expanding the PCQ Service to include the following additional PCQ Client: The National Security and Records Verification Directorate/Verification Division's Verification Information System (VIS).

USCIS Verification Information System Supporting Verification Programs, February 28, 2008, (PDF, 6 Pages - 258 KB) The Verification Division of the U.S. Citizenship and Immigration Services (USCIS) operates the Verification Information System (VIS). VIS is a composite information system incorporating data from various Department of Homeland Security (DHS) databases. It is the underlying information technology that provides immigration status verification for 1) benefits determinations through the Systematic Alien Verification for Entitlements (SAVE) program for government benefits and 2) verification of employment authorization for newly hired employees through the E-Verify program. USCIS is conducting this Privacy Impact Assessment (PIA) to clarify previous VIS PIAs and to describe updates to VIS that will improve the ability of USCIS to verify citizenship and immigration status information to users of SAVE and E-Verify.

USCIS Person Centric Query Service Supporting Immigration Status Verifiers of the USCIS National Security and Records Verification Directorate/Verification Division, January 18, 2008, (PDF, 14 Pages - 378 KB) This is an update to the existing Privacy Impact Assessment (PIA) for the United States Citizenship and Immigration Services (USCIS) Person Centric Query (PCQ) Service, operating through the USCIS Enterprise Service Bus (ESB) to describe the privacy impact of expanding the PCQ Service to include the following additional PCQ Client: the Immigrant Status Verifiers (ISVs) of the USCIS National Security and Records Verification Directorate/Verification Division (NSRV/VD).

USCIS Verification Information System (VIS) Update, September 5, 2007, (PDF, 10 Pages - 270 KB) United States Citizenship and Immigration Services (USCIS) provides immigration status verification services for benefit determinations and employment authorization through its Verification Division. Presently, two programs exist to implement this mandate: the Systematic Alien Verification for Entitlements (SAVE) program for government benefits and the Employment Eligibility Verification/Basic Pilot Program, recently renamed "E-Verify," for employment authorization for all newly hired employees. The Verification Information System (VIS) is a composite information system incorporating data from various Department of Homeland Security databases and functions as the underlying information technology that supports these programs. USCIS is amending the Privacy Impact Assessment (PIA) dated April 1, 2007 to describe updates to VIS that will improve the ability of USCIS to provide limited citizenship and immigration information to users of SAVE and E-Verify.

USCIS Verification Information System, April 2, 2007, (PDF, 33 pages - 360 KB) U.S. Citizenship and Immigration Services (USCIS) provides immigration status verification for benefits determinations and employment authorization through the Verification Division of USCIS. Presently, two programs exist to implement this mandate: the Systematic Alien Verification for Entitlements (SAVE) program for government benefits and the Employment Eligibility Verification/Basic Pilot Program for private employer verification of employment authorization for all newly hired employees. The Verification Information System (VIS), a composite information system incorporating data from various Department of Homeland Security databases, is the underlying information technology that supports these programs. USCIS is conducting this Privacy Impact Assessment (PIA) to describe updates to VIS that will improve the ability of USCIS to provide citizenship and immigration status information to users of SAVE and Basic Pilot.

USCIS Person Centric Query (PCQ) Service, June 28, 2007, (PDF, 20 pages - 230 KB) The Rice/Chertoff Initiative is an information sharing initiative between the Department of Homeland Security, U.S. Citizenship and Immigration Services (USCIS) and Department of State (DOS), Bureau of Counselor Affairs to share immigration and visa data between agencies. To support this information sharing initiative, the USCIS Office of Information Technology (OIT) is developing a new service called the Person Centric Query (PCQ) Service that will improve the existing business information sharing capabilities between DHS and DOS. The PCQ Service will provide authorized DHS/DOS users with a consolidated view of all information about an individual in selected USCIS and DOS data bases. This new service will improve efficiency of user searches, facilitate information sharing, increase the quality and accuracy of the underlying data, and increase the security of the information being shared among systems.

DHS / UKvisas Project, November 14, 2007, (PDF, 12 Pages - 250 KB) Recently the United Kingdom (UK) enacted legislation requiring the submission of biometric data by almost all individuals filing applications for UK visas. Officials from the UK and Department of Homeland Security (DHS) have agreed that individuals who are physically located in the United States (US) may provide the requisite biometrics and limited biographical information at U.S. Citizenship and Immigration Services (USCIS) Application Support Centers (ASCs) for forward transfer to the UK in support of the adjudication of applications for visas. USCIS will temporarily retain the submitted biometric and biographical records until the UK provides confirmation that the transfer of data was successful. USCIS will delete the biometric and biographical records immediately after it receives that confirmation.

USCIS Central Index System, June 22, 2007, (PDF,23 Pages – 240 KB) The Department of Homeland Security United States Citizenship and Immigration Services maintains the Central Index System (CIS), a database system originally developed by the legacy Immigration and Naturalization Service.  CIS contains information on the status of 57 million applicants/petitioners seeking immigration benefits to include: lawful permanent residents, naturalized citizens, U.S. border crossers, aliens who illegally entered the U.S., aliens who have been issued employment authorization documents, individuals who petitioned for benefits on behalf of family members, and other individuals subject to the provisions of the Immigration and Nationality Act (INA).  This PIA addresses the current status of CIS, and will be updated accordingly as additional USCIS applications and system functionalities are added to CIS.

USCIS Enterprise Service Bus (ESB) June 22, 2007, (PDF, 27 Pages – 205 KB) The US Citizenship and Immigration Services (USCIS) Enterprise Service Bus (ESB) is being developed by the USCIS Office of Information Technology (OIT) to facilitate information sharing and integration between USCIS systems, and across DHS components and other Agencies, such as the Department of State. The ESB is a set of commercial off-the-shelf software (COTS) that will provide a standardized infrastructure to connect to multiple systems and services.  This is a new infrastructure component within USCIS that will be incrementally enhanced to provide support for multiple service interfaces. This Privacy Impact Assessment (PIA) will be updated to reflect those material changes.

USCIS Biometric Storage System, March 28, 2007, (PDF, 25 pages - 622 KB) The United States Citizenship and Immigration Services (USCIS) is developing the Biometric Storage System (BSS) to help streamline the established USCIS biometric and card production processes and become the centralized repository for all USCIS customer biometrics. BSS will route, store, and process 10-print fingerprint biometrics and associated biographic information for biometric-based background checks on those individuals applying/petitioning for immigration benefits. BSS is a new system being developed incrementally and will replace the Image Storage and Retrieval System (ISRS). BSS will also replace aspects of the Benefit Biometric Support System (BBSS), while adding new functionalities that did not previously exist in either ISRS or BBSS.

USCIS Naturalization Redesign Test Pilot, January 12, 2007, (PDF, 13 pages- 191 KB). The US Citizenship and Immigration Service Office of Citizenship developed the Naturalization Redesign Test Pilot and redesigned the civics and language proficiency test that a lawful permanent resident must take in order to gain citizenship. This Privacy Impact Assessment (PIA) is for this new test, which USCIS will soon run.

Integrated Digitization Document Management Program, January 5, 2007, (PDF, 20 pages - 276 KB). The United States Citizenship and Immigration Services (USCIS) has prepared a Privacy Impact Assessment (PIA) for a series of systems comprising the Integrated Digitization Document Management Program (IDDMP). Through the IDDMP, USCIS will digitize its paper-based Alien Files (A-Files) so that they may be shared more efficiently within the Department of Homeland Security (DHS) and information contained within the A-Files may be shared with outside agencies. This PIA covers the IDDMP, a new IT system that digitizes the paper-based A-Files into a new electronic format.

Background Check Service (BCS), October 31, 2006 (PDF, 18 pages - 370 KB) The United States Citizenship and Immigration Services (USCIS) is developing the Background Check Service (BCS) to help streamline the established USCIS background check process. As part of the adjudication process, USCIS conducts three different background checks on applicants / petitioners applying for USCIS benefits. These include (1) a Federal Bureau of Investigation (FBI) Fingerprint Check, (2) a FBI Name Check and (3) a Customs and Border Protection (CBP) Treasury Enforcement Communication System / Interagency Border Inspection System (TECS/IBIS) Name Check. Prior to BCS, information relating to the FBI Fingerprint Checks and the FBI Name Checks was stored in two different systems. Information relating to the TECS / IBIS Name Checks was not stored in any system. BCS will be the central repository for all activity related to these background checks.

Fraud Tracking System (FTS), June 24, 2005 (PDF, 9 pages - 211 KB) This Privacy Impact Assessment (PIA) applies to the systems and procedures implemented by the Fraud Detection and National Security (FDNS) within United State Citizenship and Immigration Service (USCIS) to support the important role of decreasing fraud in the immigration system through the Fraud Tracking System (FTS). FTS is a case management system used to track and control immigration fraud inquiries and investigative referrals, which includes tracking interaction with Immigration and Customs Enforcement (ICE) in cases that may involve law enforcement activities. FTS allows users to conduct queries of Computer-Linked Application Information Management System (CLAIMS 3) immigrant benefit data to identify potentially fraudulent applications for immigration benefits. This new program is an automated implementation of an existing manual paper-based process. FTS is a multi-phased project and is currently in its first phase. As future phases are developed, this PIA and applicable System of Records Notice (SORN) will be updated.

Back To Top

Federal Emergency Management Agency (FEMA)

Homeland Security Virtual Assistance Center (HSVAC), November 3, 2008 (PDF, 14 pages – 246 KB) The Department of Homeland Security (DHS) Federal Emergency Management Agency (FEMA) National Preparedness Directorate (NPD) operates the Homeland Security Virtual Assistance Center (HSVAC).  HSVAC is an advanced web-based, technical assistance management solution that supports FEMA in the scheduling, coordination, and management of training provided to First Responders, including state and local government entities and organizations.  FEMA has conducted this privacy impact assessment (PIA) because HSVAC will use and maintain personally identifiable information (PII) to authenticate user identities of those individuals requesting access to the application.

Document Management and Records Tracking System (DMARTS), September 8, 2008 (PDF, 20 Pages – 408 KB) The Federal Emergency Management Agency (FEMA), a component of the Department of Homeland Security (DHS), has developed the Document Management and Records Tracking System (DMARTS). DMARTS is an Enterprise Content Management (ECM) system that collects personally identifiable information (PII) from claimants to carry out its mission of assisting individuals who apply for disaster assistance benefits. DMARTS will move paper files to an electronic repository. This PIA examines the privacy implications to ensure that adequate privacy considerations and protections have been applied to this electronic framework.

First Responder Training System (FRTS), July 16, 2008 (PDF, 15 Pages – 277 KB) The Department of Homeland Security (DHS) Federal Emergency Management Agency (FEMA) has developed the First Responder Training System (FRTS), FirstResponderTraining.gov. FRTS serves as a central access point to validate, FEMA-approved Weapons of Mass Destruction (WMDs) training and information. FRTS is an internet-based tool used to guarantee the provision of critical training for First Responders. The purpose of this PIA is to ensure the privacy risks associated with the collection of personally identifiable information (PII) are addressed for this new system.

FEMA National Flood Insurance Program Map Service Center, February 12, 2007 (PDF, 21 Pages – 440 KB) The National Flood Insurance Program (NFIP) Map Service Center or MSC (formerly known as the NFIP Information Exchange) exists to provide immediate access to flood map information for any area in the United States to anyone needing map information. The NFIP Map Service Center is the Federal Emergency Management Agency’s (FEMA) distribution center for the NFIP’s 100,000 Flood Insurance Rate Maps, 12,000 flood studies, and other related material. A user may freely view the entire map online or purchase a paper map, purchase a digital version of the map on compact disc, or download the map from the website. It is the collection of personally identifiable information associated with the collection of customer information that is the reason for and subject of this privacy impact assessment (PIA).

FEMA National Emergency Management Information System Mitigation Electronic Grants Management system, January 16, 2007 (PDF, 26 pages - 390 KB) The Federal Emergency Management Agency (FEMA) operates the National Emergency Management Information System (NEMIS) Mitigation (MT) Electronic Grants Management (eGrants) system. The eGrants system is an online grant application and grant management system. This privacy impact assessment (PIA) is being conducted because personally identifiable information may be included in grant applications made by States or local communities.

FEMA National Disaster Medical System Professional Credentials, October 13, 2006 (PDF, 19 pages – 279 KB) The National Disaster Medical System Medical Professional Credentials (NDMS) provides health services, health-related social services, other appropriate human services, and appropriate auxiliary services including mortuary and veterinary medical services in times of national emergency, and providers respond to the needs of victims of a public health emergency or other public emergency, as defined in 42 USC §§ 300hh-11(b)(3)(A). The NDMS program collects and maintains personally identifiable information in order to hire and retain qualified medical professionals and other professionals that can be activated and deployed in times of emergency.

FEMA National Flood Insurance Program Appeals Procedure, February 9, 2006 (PDF, 13 pages – 183 KB). The intent of the National Flood Insurance Program (NFIP) is to reduce future flood damage through effective community floodplain management, and insurance protection for property owners. Congress designated FEMA to be the administrator of the NFIP and the FEMA Mitigation Division has responsibility for program management and oversight. The NFIP Appeal Procedure will provide the individual policyholder a voluntary option for resolving problems by requesting an appeal of their NFIP insurance claim without proceeding to a lawsuit.

Mapping Information Platform (MIP), January 20, 2006 (PDF, 17 pages – 244 KB).

As part of FEMA’s effort to update the nation’s flood maps, FEMA is developing this web-based system that will enable the management, extraction, sharing, and production of map modernization data. The MIP will serve several purposes relevant to this PIA. The MIP will provide an online MT-EZ (short for Mitigation Easy) application for individuals or certifiers to request amendments to NFIP maps. MIP will also support eLOMA, (“electronic letter of map amendment”), an online tool that allows certifiers who have professional credentials to enter data and receive determinations to whether or not properties are in National Flood Information Project maps. These new online options will improve the speed and accuracy of the flood mapping process.

9/11 Heroes Stamp Act of 2001 File System, July 26, 2005 (PDF, 13 pages – 229 KB) This Privacy Impact Assessment (PIA) applies to the systems and procedures implemented by FEMA to distribute the funds raised from the sale of the Heroes semipostal stamp to benefit eligible emergency relief personnel killed or permanently disabled in the line of duty and to their families. The Heroes Stamp Act, Public Law 107-67, directed the United States Postal Service (USPS) to issue a semipostal stamp and distribute the proceeds through the Federal Emergency Management Agency (FEMA) to the families of emergency relief personnel killed or permanently disabled while serving in the line of duty in connection with the terrorist attacks against the United States on September 11, 2001. In order to distribute the funds, it is necessary for FEMA to collect and maintain in a database, which is used to track agency activities, personal information from either the victims or their personal representatives. Associated with the above PIA and published concurrently is a Privacy Act of 1974, System of Records Notice for the Department of Homeland Security (DHS), Emergency Preparedness and Response Directorate (ERP), Federal Emergency Management Agency (FEMA), 9/11 Heroes Stamp Act of 2001 File System, July 26, 2005 (PDF, 13 pages – 169 KB) and Notice of Availability of Privacy Impact Assessment, July 26, 2005 (PDF, 2 pages – 72 KB)

EP&R Individual Assistance Privacy Impact Assessment, September 21, 2004 (PDF, 12 pages – 449 KB) The purpose of this Privacy Impact Assessment (PIA) is to provide details about this collection of information and how privacy may be impacted by permitting victims of a disaster to submit personal information via an Internet-based version of the Federal Emergency Management Agency (FEMA) Form 90-69. The data is the same as the existing paper-based version of the same form, which is covered by an existing approved system of records.

Back To Top

Immigration and Customs Enforcement (ICE)

Data Analysis and Research for Trade Transparency System (DARTTS), October 20, 2008 (PDF, 22 pages - 556 KB). Immigration and Customs Enforcement (ICE) operates the Data Analysis and Research for Trade Transparency System (DARTTS), which supports ICE investigations of trade-based money laundering, contraband smuggling, and trade fraud. DARTTS analyzes trade and financial data to identify statistically anomalous transactions that may warrant investigation for money laundering or other import-export crimes. These anomalies are then independently confirmed and further investigated by experienced ICE investigators. ICE has conducted this Privacy Impact Assessment (PIA) because DARTTS collects and uses personally identifiable information associated with money laundering, contraband smuggling, and trade fraud.

Bond Management Information System Web Version (BMIS Web), August 25, 2008 (PDF, 16 pages - 243 KB). The Bond Management Information System/Web Version (BMIS Web) is an immigration bond management database used primarily by the Office of Financial Management (OFM) at U.S. Immigration and Customs Enforcement (ICE). The basic function of BMIS Web is to record and maintain for financial management purposes the immigration bonds that are posted for aliens involved in removal proceedings. ICE has conducted this PIA because the system collects personally identifiable information (PII).

ICE Pattern Analysis and Information Collection (ICEPIC), January 30, 2008 (PDF, 15 pages - 210 KB). U.S. Immigration and Customs Enforcement (ICE) has established a system called the ICE Pattern Analysis and Information Collection (ICEPIC) system. ICEPIC is a toolset that assists ICE law enforcement agents and analysts in identifying suspect identities and discovering possible non-obvious relationships among individuals and organizations that are indicative of violations of the customs and immigration laws as well as possible terrorist threats and plots. All ICEPIC activity is predicated on ongoing law enforcement investigations. This privacy impact assessment is being completed to provide additional notice of the existence of the ICEPIC system and publicly document the privacy protections that are in place for the ICEPIC system.

ICE Electronic Travel Document System (eTD), October 17, 2006 (PDF, 15 pages - 200 KB). The Electronic Travel Document System (eTD) will maintain personal information regarding aliens who have been ordered removed or have been removed from the United States.  The eTD will also maintain information on U.S. government employees and foreign consular officials required to access the system.  The eTD system will present and share alien information with the foreign consular officials and associated governments for their use in the expedited issuance of travel documents.

ICE General Counsel Electronic Management System, (GEMS), April 25, 2006 (PDF, 10 pages - 173 KB).  Increases in Immigration and Customs Enforcement (ICE) activities have greatly expanded the need for Office of the Principal Legal Advisor (OPLA) legal services and, concomitantly, increased the need for an electronic management system to support the information needs of OPLA attorneys who have a need for access to ICE records for the performance of their law enforcement duties. The General Counsel Electronic Management System is an automated knowledge management tool used by OPLA and other federal litigation components as needed.

Student and Exchange Visitor Information System, February 5, 2005 (PDF, 23 pages - 203 KB ) To comply with Congressional mandates, the U.S. Immigration and Customs Enforcement (ICE) within DHS, have cre-ated the Student and Exchange Visitor Information System (SEVIS). SEVIS maintains information on nonimmigrant students and exchange visitors (F, M and J Visas) and their dependents, and also on their associated schools and sponsors.

Back To Top

Management

Personnel Security Activities Management System (PSAMS)/Integrated Security Management System (ISMS) Update, January 15, 2008 (PDF, 7 Pages - 230 KB). The Department of Homeland Security (DHS) Office of Security (OS) uses the Integrated Security Management System (ISMS) to automate the tracking of Personnel Security related activities at DHS headquarters and component sites. ISMS is an update system to the Personnel Security Activities Management System (PSAMS). ISMS will help manage DHS personnel and security case records by adding to the existing functionality of PSAMS.

Personnel Security Activities Management System (PSAMS), September 12, 2007 (PDF, 18 Pages – 300 KB) The Department of Homeland Security Office of Security uses the Personnel Security Activities Management System (PSAMS) to automate the tracking of the status of Personnel Security related activities at DHS headquarters.

DHSAccessGate System, December 3, 2007 (PDF, 32 Pages – 352 KB) The Department of Homeland Security (DHS) is adding a new layer of security to its vendor employee access control procedures at certain facilities by offering a new and voluntary vendor program called the DHSAccessGate Program. Part of this program will involve the collection of personally identifiable information from individuals who are not DHS employees or contractors. The DHS Office of Security has conducted this privacy impact assessment because of the collection of new personally identifiable information.

Automated Continuing Evaluation System (ACES) Pilot, April 9, 2007 (PDF, 29 pages - 289 KB) The Department of Homeland Security (DHS) is working with the Department of Defense to pilot the Automated Continuing Evaluation System (ACES). ACES conducts automated records checks to identify new issues of security concern for DHS personnel and contractors requiring a security clearance. During the ACES pilot, DHS will assess the feasibility of using ACES for initial and continuing evaluation of DHS security clearance holders. This Privacy Impact Assessment (PIA) is for the DHS implementation of the ACES Pilot.

DHS Headquarters DHScovery, January 19, 2007 (PDF, 33 Pages – 483 KB) DHScovery is owned by the Office of the Chief Information Officer (OCIO) in partnership with the Office of the Chief Human Capital Officer (OCHCO). DHScovery will create an e-training environment that supports development of the Department of Homeland Security workforce through simplified one-stop access to high quality e-training products and services. This privacy impact assessment (PIA) is being conducted because DHScovery collects personally identifiable information about department employees and contractors.

Personal Identity Verification (PIV), October 13, 2006 (PDF, 26 Pages - 423 KB) Homeland Security Presidential Directive 12 (HSPD-12), issued on August 27, 2004, required the establishment of a standard for identification of Federal Government employees and contractors.  HSPD-12 directs the use of a common identification credential for both logical and physical access to federally controlled facilities and information systems.  This initiative is intended to enhance security, increase efficiency, reduce identity fraud, and protect personal privacy.

HRMS Solution Component ePerformance System Update, October 13, 2006 (PDF, 10 pages - 234 KB) The update is to acknowledge a new version due to a new DHS specific System of Records Notice, HRMS ePerformance Management System DHS/OCHCO-001 that is being published in the Federal Register in order to provide additional transparency to DHS employees regarding the program.

Office of Human Capital Corporate Leadership Council Metrics Analytical Tool (“HRMS”), October 7, 2005 (PDF, 11 pages – 238 KB) The Department of Homeland Security established the HRMS Program to implement the human capital provisions of the Homeland Security Act of 2002.  HRMS is a collection of functions and systems centered on a core enterprise Human Resource Management System.  In order to evaluate the implementation of HRMS, DHS is using the Corporate Leadership Council's (CLC) web-accessible analytical tool made.  CLC's software provides multiple analytical tools capable of enabling DHS managers to explore data for more precise explanations of performance without requiring the use of personal information. 

HRMS Solution Component ePerformance System, June 21, 2005 (PDF, 9 pages – 198 KB) This Privacy Impact Assessment (PIA) applies to the systems and procedures implemented by the Office of the Chief Human Capital Officer (OCHCO) to implement the human capital provisions of the Homeland Security Act of 2002, specifically the ePerformance module designed to handle the Performance Management and Pay for Performance parts.  The e-Performance system will collect employee information, competencies, performance goals, progress attained toward those goals, and will compile feedback and ratings regarding how effectively employees met those goals.

HRMS Solution Component Reward(TM) System, February 11, 2005 (PDF, 12 pages – 143 KB ) This Privacy Impact Assessment (PIA) applies to the systems and procedures implemented by the Office of Chief Human Capitol Officer (OCHCO) to determine what modifications and/or additions will be required to implement the new compensation plan. Reward(TM) is a comprehensive compensation analysis and administration system.

Back To Top

National Protection and Programs (NPP)

Chemical Security Assessment Tool (CSAT) Update, October 27, 2008 (PDF, 5 pages - 210 KB). This is an update to the previous Chemical Security Assessment Tool (CSAT) Privacy Impact Assessment (PIA). CSAT collects personally identifiable information from CSAT users and CVI web site users. This update improves a CSAT user's ability to know who else in their company also has access to CSAT. Further, the CSAT Helpdesk collects contact information both from CSAT users requesting basic CSAT IT support and from the general public inquiring about the CSAT program. Provision of basic CSAT user information to the Helpdesk will allow quicker services and support.

EINSTEIN 2, May 19, 2008 (PDF, 23 pages - 423 KB). This is the Privacy Impact Assessment (PIA) for an updated version of the EINSTEIN System. EINSTEIN is a computer network intrusion detection system (IDS) used to help protect federal executive agency information technology (IT) enterprises. EINSTEIN 2 will incorporate network intrusion detection technology capable of alerting the United States Computer Emergency Readiness Team (US-CERT) to the presence of malicious or potentially harmful computer network activity in federal executive agencies' network traffic. This network intrusion detection technology uses a set of pre-defined signatures based upon known malicious network traffic. The signatures are based upon malicious computer code and are not based upon personally identifiable information (PII). Nor is the IDS programmed to specifically collect or locate PII. While the IDS will collect some PII that is directly related to malicious code being transmitted to the federal networks, its main focus is to identify the malicious code and protect federal networks, not to collect PII.

National Infrastructure Coordinating Center INSight Application, November 23, 2007 (PDF, 20 Pages – 253 KB) The National Infrastructure Coordinating Center (here after refer to as the NICC), part of the National Operations Center (NOC) in the Operations Directorate, operates the INSight Information Management System (INSight), designed to support the identification of potentially significant changes in the operational status of the nation’s Critical Infrastructures and Key Resources (CI/KR) so that trained analysts can provide timely coordination with the NOC, respective Information Sharing and Analysis Centers (ISAC), and other involved agencies in the public sector and federal sectors. INSight may collect personally identifiable information (PII) associated with infrastructure information; accordingly NICC has conducted this privacy impact assessment (PIA).

Protected Critical Infrastructure Information Management System , June 20, 2007 (PDF, 23 pages – 253 KB). The Protected Critical Infrastructure Information (PCII) Program, part of the Department of Homeland Security's (DHS) Infrastructure Partnerships Division (IPD), is an information-protection tool that facilitates the sharing of PCII between the government and the private sector. The Protected Critical Infrastructure Information Management System (PCIIMS) is an Information Technology (IT) system and the means by which PCII submissions from the private sector will be cataloged. The PCII Program conducted this privacy impact assessment (PIA) because personally identifiable information (PII) from the submitting individuals is collected for contact purposes.

Chemical Security Assessment Tool Update, May 25, 2007 (PDF, 10 pages – 217 KB) This is an update to the previous Chemical Security Assessment Tool Privacy Impact Assessment (PIA) in order to describe the additional web site functionality, the new eligibility requirements for CSAT users, and the deployment of the CSAT Help Desk. CSAT collects personally identifiable information from CSAT users and/or CVI web site users. Further, the CSAT Help Desk may collect contact information from both CSAT users requesting basic CSAT IT support or from the general public inquiring about the CSAT program.

24x7 Incident Handling and Response Center, April 2, 2007 (PDF, 17 pages -265 KB). The 24x7 Incident Handling and Response Center (“24x7”) focuses on ways to gather cyber information prior to attacks and to use that information to prevent attacks, protect computing infrastructure, and respond/restore where attacks are successful.  24x7 serves as a communication hub for the United States Computer Readiness Team (US-CERT) program, issuing regular security and warning bulletins, serving as a gateway for public contribution and outreach, and also serving as a ticketing center through which tasks may be delegated out to the various US-CERT programs.

Chemical Security Assessment Tool, March 27, 2007 (PDF, 15 pages – 211 KB).  The Department of Homeland Security/Preparedness Directorate/Infrastructure Protection Division will deploy and maintain the Chemical Security Assessment Tool (CSAT). The CSAT is designed to be a web-based self-assessment tool for use by chemical facilities. The CSAT will collect and maintain information for a Point of Contact (POC) for each participating facility.  This PIA covers the new CSAT system.

Web Portal for the Center for Faith-based and Community Initiatives, January 10, 2007 (PDF, 12 pages - 183 KB). This project will create a web-based portal to enable individuals to register their names and email addresses in order to receive information about the activities of the Center for Faith-based and Community Initiatives (CFBCI) at Department of Homeland Security (DHS). The collection of contact information will enable the CFBCI to disseminate information to interested parties.  Because the contact information qualifies as personally identifiable information under the E-Government Act of 2002, this privacy impact assessment has been conducted.

National Asset Database, January 7, 2006 (PDF, 12 pages - 163 KB). The Office of Infrastructure Protection’s Protective Security Division (PSD) is responsible for reducing the nation’s vulnerability to terrorism by developing and implementing plans to identify and protect critical infrastructure and key assets, and to deny the use of these infrastructures as weapons. To facilitate this responsibility, PSD has built the NADB as a repository of the nation’s facilities and assets spanning the 17 Critical Infrastructure and Key Resources.

Critical Infrastructure Warning Information Network (CWIN), January 7, 2006, (PDF, 12 pages - 250 KB). The Department of Homeland Security (DHS) is responsible for protecting the national infrastructures. DHS is also responsible for ensuring that in the event cyber or physical infrastructures are compromised, there is a means to collaborate and coordinate the necessary resources to restore impacted infrastructures. The mission of CWIN is to facilitate immediate alert, notification, sharing and collaboration of critical infrastructure and cyber information within and between Government and industry partners. CWIN provides a technologically advanced, secure network for communication and collaboration, and alert and notification.

The EINSTEIN Program, September 2004 (PDF, 12 pages - 153 KB) This Privacy Impact Assessment (PIA) examines the privacy implications of the United States Computer Emergency Readiness Team’s (US-CERT’s) EINSTEIN Program. The EINSTEIN Program is an automated process for collecting, correlating, analyzing, and sharing computer security information across the Federal civilian government. By collecting information from participating Federal government agencies, the US-CERT builds and enhances our nation’s cyber-related situational awareness. Awareness will facilitate identifying and responding to cyber threats and attacks, improve network security, increase the resiliency of critical, electronically delivered government services, and enhance the survivability of the Internet.

Back To Top

Office of Inspector General

Office of Inspector General Investigative Records, January 30, 2008 (PDF, 17 Pages – 250 KB). The Department of Homeland Security (DHS) Office of Inspector General (OIG) Investigative Records System includes both paper investigative files and the "Investigations Data Management System" (IDMS) -- an electronic case management and tracking information system, which also generates reports. OIG uses IDMS to manage information relating to DHS OIG investigations of alleged criminal, civil, or administrative violations relating to DHS employees, contractors and other individuals and entities associated with the DHS. This PIA is being conducted to assess the privacy impact of the OIG Investigative Records system that includes both paper investigative files and the IDMS.

Back To Top

Operations

Suspicious Activity Reports (SAR) Project, November 21, 2008 (PDF, 16 pages – 231 KB) The Office of Operations Coordination and Planning (OPS), in cooperation with the Science and Technology Directorate (S&T) is publishing this PIA to reflect a planned research project regarding Suspicious Activity Reports (SARs). The Operations Coordination and Planning Directorate will host a stand-alone system designed to analyze Suspicious Activity Report data taken from several Department of Homeland Security (DHS) components. OPS has conducted this PIA because SARs occasionally contain personally identifiable information (PII) and because it is physically hosting the project in addition to contributing SARS data.

Homeland Security Information Network Communities of Interest, June 22, 2007 (PDF, 29 pages – 420 KB) The Homeland Security Information Network (HSIN) is designed to facilitate the secure integration and interoperability of information sharing resources amongst federal, state, local, tribal, private sector commercial, and other non-governmental stakeholders involved in identifying and preventing terrorism as well as in undertaking incident management activities.  As part of the information sharing efforts HSIN supports, HSIN has established different communities of interest (COIs) within the HSIN network.

Operations Directorate Homeland Security Information Network Database, April 5, 2006 (PDF, 17 pages - 254 KB). The Homeland Security Information Network (HSIN) Database supports the HSIN user community by enabling approved users to research and analyze information with a nexus to terrorism. The HSIN is a secure internet-based system of integrated communication networks designed to facilitate information sharing between DHS and other Federal, state, county, local, Tribal, private sector commercial, and other non-governmental organizations involved in identifying and preventing terrorism as well as in undertaking incident management activities.

Back To Top

Science & Technology (S&T)

Reality Mobile Kentucky: Operational Field Test, October 24, 2008 (PDF, 20 Pages – 334 KB ). The Reality Mobile Kentucky project is a research and development effort in the DHS Science & Technology Directorate (S&T) that seeks to test the operational effectiveness and efficiency of streaming video for law enforcement applications. Reality Mobile software is a commercially available software-driven system that would allow first responders and law enforcement officials to send and receive live video and geospatial coordinates. S&T is conducting this PIA because the Kentucky State Police will capture images of individuals during the field test in accordance with their law enforcement authorities, standard operating procedures, and applicable state and local laws. This PIA covers only the research activities conducted by S&T during this operational field test. Should S&T acquire the technology and transition it to a DHS Component, that DHS Component will be responsible for completing the subsequent privacy assessments of the Reality Mobile technology and its use.

Keeping Schools Safe, October 1, 2008 (PDF, 21 pages – 289 KB ). Keeping Schools Safe is a research and development effort funded by the DHS Science & Technology Directorate (S&T) in support of the Alabama State Department of Homeland Security. The purpose of this pilot is to test the functionality and clarity of live streaming video technology for first responders and law enforcement applications in a school environment. A PIA is being conducted because images of individuals (volunteer Alabama law enforcement officials) will be captured during the field test. This PIA will only cover the research activities being conducted on behalf of S&T during this operational field test.

RealEyes Project, July 21, 2008 (PDF, 21 Pages – 355 KB) RealEyes is a research and development project in the DHS Science & Technology Directorate (S&T) that seeks to test the operational effectiveness and efficiency of streaming video for first responders and law enforcement applications. RealEyes is a prototype software system that would allow first responders and law enforcement officials equipped with Personal Digital Assistants (PDAs) to send and receive live video and geospatial coordinates, view video from fixed or mobile cameras, and receive data (video, photos and text) from a field command post using basic cellular technology. S&T is conducting a PIA because a planned phase of technology testing may involve incidentally capturing images of individuals who are not volunteer participants in the research effort. This PIA covers only the activities conducted during the testing phase of the RealEyes project. If the RealEyes technology is deployed into operational use, the DHS Component implementing the technology will be responsible for completing any subsequent privacy assessments of the RealEyes technology and its use.

Standoff Explosives Detective Technology Demonstration Program (SODTP), July 21, 2008 (PDF, 20 Pages – 370) The DHS Science and Technology Directorate (S&T) initiated the Standoff Explosives Detection Technology Demonstration Program (SOTDP) in March 2007. This is a multi-year research and development program (through 2013) designed to accelerate the development of explosive countermeasures—standoff technologies, concept of operations (conops), and training to prevent explosive attacks at large public events such as conventions, concerts, sporting events, public celebrations, etc. The purpose of this program is to develop an integrated system of devices to improve security and public safety, while not impacting pedestrian traffic flow or violating personal freedoms and individual privacy. DHS S&T is sponsoring the SOTDP and associated demonstrations in a multi-year R&D initiative. S&T has a program management and oversight role in the project, which includes providing policy direction and input on program requirements. This PIA is being conducted because personally identifiable information will be collected during the R&D process.

Critical Infrastructure Change Detection (CICD), June 19, 2008 (PDF, 29 pages - 379 KB ) The Critical Infrastructure Change Detection (CICD) program is a DHS Science and Technology (S&T) research program that is examining novel technical approaches to provide wide area surveillance and change detection capabilities to protect the Nation's critical infrastructure. S&T proposes to test a high resolution, 360 degree field-of-view video system that will accommodate multiple simultaneous users and also have change detection and tracking capabilities. A PIA is being conducted because the system demonstration will be performed in a public area of New York City and will involve capturing images of persons and textual information in the public space.

Group Violent Intent Modeling (GVIM) Program, April 25, 2008 (PDF, 15 pages - 202 KB ) This Privacy Impact Assessment describes the research and development objectives of the Department of Homeland Security (DHS) Science and Technology (S&T) Directorate's Human Factors Division Group Violent Intent Modeling (GVIM) project. The goal of GVIM is to determine whether including social and behavioral theories and concepts (from established research) in a software tool that is used to analyze group behaviors and motivations will improve the ability of analysts to identify indicators that could predict group violence. The project will develop a social and behaviorally based framework of theories and concepts that includes modeling and simulation tools to improve the efficiency and accuracy of intelligence analysts examining the likelihood of a group choosing violence to achieve its goals. This PIA is necessary because personally identifiable information will be collected as part of the research and development effort.

Protected Repository for the Defense of Infrastructure Against Cyber Threats (PREDICT), February 25, 2008 (PDF, 33 Pages – 352 KB) The Science & Technology Directorate’s Protected Repository for the Defense of Infrastructure Against Cyber Threats (PREDICT) system is a repository of test datasets of Internet traffic data that is made available to approved researchers and managed by an outside contractor serving as the PREDICT Coordination Center (PCC). The goal of PREDICT is to create a national research and development (R&D) resource to bridge the gap between (a) the producers of security-relevant network operations data and (b) technology developers and evaluators who can use this data to accelerate the design, production, and evaluation of next-generation cyber security solutions, including commercial products. A key motivation of PREDICT is to make these data sources more widely available to technology developers and evaluators, who are currently forced to base the efficacy of their technical solutions on old, irrelevant traffic data, anecdotal evidence, or small-scale test experiments, rather than on more comprehensive, real-world data analysis.

Science and Technology's Experimental Testing of Project Hostile Intent Technology, February 25, 2008, (PDF, 12 Pages - 211 KB). Project Hostile Intent (PHI) is a research effort by the Science and Technology Directorate to ascertain whether screening technology can aid DHS screeners in making better decisions by supplementing the current screening process (wherein a human screener evaluates an individual's behavior) with training and computers. This Privacy Impact Assessment (PIA) addresses privacy impacts of this program, and specifically, the temporary storage of video images during field tests of PHI's performance with real behavioral data to ensure that it is effective in a "real world" environment.

Science and Technology’s DisasterHelp.gov, December 19, 2006, (PDF, 24 pages – 297 KB). The DisasterHelp.Gov (DHelp) website or web portal is operated by the Science and Technology Directorate of the Department of Homeland Security.   It is intended to assist political and civil service leadership, emergency managers, homeland security advisors, and first responders in the execution of their disaster management responsibilities. The information on this website will be used to enhance disaster management on an interagency and intergovernmental basis by helping users find information and services.  The types of personally identifiable information used will include contact information for these individuals.  The collection of this personally identifiable information is the reason for this privacy impact assessment.

Science and Technology’s Rail Security Pilot Study Phase II, July 12, 2006 (PDF, 32 pages - 346 KB) The RSP objective is to develop a credible “response package” that could be quickly and efficiently implemented in response to an event or as the result of intelligence indicating a possible threat exists where explosives would be used in a commuter rail or mass transit venue.  The RSP is divided into two phases.  Phase I, conducted in February 2006, did not require the collection of personally identifiable information and evaluated existing countermeasures using aviation security methods that could be implemented immediately.  Phase II is evaluating emerging technologies with varying technological maturity. 

S & T Staff Management System, February 22, 2006 (PDF, 14 pages - 220KB). The purpose of S&T Staff Management System is to, maintain information regarding DHS S&T staffing positions, the details regarding DHS S&T Staff, and resources used by S&T Staff such as offices and government issued equipment. The system will assist in developing workforce plans, facilities plans, equipment acquisition plans, and future-year budgets.

The Border and Transportation Security Network (BTSNet), January 18, 2006, (PDF, 13 pages – 150 KB) is a project of the Department of Homeland Security, Science and Technology Directorate, Homeland Security Advanced Research Projects Agency. The initial phase of BTSNet is focused on U.S. Border Patrol field operations with an emphasis on the Southwest border area. This development essentially extends the law enforcement data base query capability that is currently a field station function and moves it to the field agent via wireless communications using a handheld personal digital assistant (PDA) and/or a vehicle-mounted mobile data computer.

Back To Top

Transportation Security Administration (TSA)

Air Cargo Security Requirements, November 12, 2008, (PDF, 8 pages – 294 KB) The Transportation Security Administration (TSA) is making several changes to its air cargo program that involve the collection of personally identifiable information (PII) and the addition of new populations for which information will be collected. First, for TSA conducted security threat assessments (STAs) on individuals participating in its air cargo programs, TSA is requiring the submittal of contact and employer information for all participants so TSA can contact the individual in the adjudication process. Second, TSA will allow non-citizens who do not have an Alien Registration Number to provide a Form I-94 Arrival/Departure number.  Third, TSA is creating a new Certified Cargo Screening Program (CCSP), expanding the population of individuals who will need to provide PII for TSA-conducted STAs. A new automated collection STA Tool will be deployed to support the collection of PII from the CCSP population. Fourth, TSA is updating the records retention schedule and redress processes applicable to all populations submitting PII for STAs under its air cargo programs. In accordance with Section 222 of the Homeland Security Act of 2002, TSA is issuing this update (PIA Update) to the Air Cargo Security Requirements PIA published on April 14, 2006, to incorporate these changes.  The April 14, 2006 PIA remains in effect to the extent that it is consistent with this update.  This update should be read together with the 2006 PIA.

Transportation Security Administration's Whole Body Imaging, October 17, 2008, (PDF, 10 Pages - 213 KB) The Transportation Security Administration (TSA) will conduct pilot operations to evaluate the use of various Whole Body Imaging (WBI) technologies, including backscatter x-ray and millimeter wave devices, to detect threat objects carried on persons entering airport sterile areas. WBI creates an image of the full body, showing the surface of the skin and revealing objects that are on the body, not in the body. To mitigate the privacy risk associated with creating an image of the individual's body, TSA isolated the Transportation Security Officer (TSO) viewing the image from the TSO interacting with the individual. During the initial phase of the pilot, individuals who must undergo secondary screening will be given the option of undergoing the normal secondary screening technique involving a physical pat down by a TSO or a screening by a WBI device. A subsequent phase will evaluate WBI technology for individuals undergoing primary screening. Individuals will be able to choose to undergo WBI screening in primary.

Transportation Security Administration's Secure Flight Program, October 21, 2008, (PDF, 27 pages - 284 KB) The Secure Flight program will match identifying information of aviation passengers and certain non-travelers against the consolidated and integrated terrorist watch list maintained by the Federal Government in a consistent and accurate manner, while minimizing false matches and protecting personally identifiable information. The Transportation Security Administration (TSA) is publishing a Final Rule outlining TSA's implementation of the Secure Flight program. In conjunction with this Final Rule, TSA is publishing this updated Privacy Impact Assessment (PIA). This updated PIA reflects the Secure Flight program as described in the Final Rule.

Transportation Security Administration’s Large Aircraft Security Program, October 2, 2008, (PDF, 17 pages – 253 KB) The Transportation Security Administration (TSA) proposes to amend current aviation transportation security regulations to expand the scope of current general aviation requirements and add new requirements for large aircraft operators and airports that service these aircraft. The proposed regulation would establish a security program called the Large Aircraft Security Program (LASP) for the large aircraft operators, and will require security threat assessments (STAs) for various categories of individuals. This Privacy Impact Assessment (PIA) is being conducted in conjunction with a Notice of Proposed Rule Making (NPRM). This PIA will be updated to reflect any changes made prior to publication of the Final Rule. No information will be collected by TSA prior to publication of the Final Rule.

Screening of Passengers by Observation Techniques (SPOT) Program, August 5, 2008 (PDF, 12 Pages - 237 KB) The Screening of Passengers by Observation Techniques (SPOT) program is a behavior observation and analysis program designed to provide the Transportation Security Administration (TSA) Behavior Detection Officers (BDOs) with a means of identifying persons who pose or may pose potential transportation security risks by focusing on behaviors indicative of high levels of stress, fear, or deception. The SPOT program is a derivative of other behavioral analysis programs that have been successfully employed by law enforcement and security personnel both in the U.S. and around the world.

Operations Center Incident Management System (OCIMS), July, 7, 2008 (PDF, 15 Pages – 215 KB) Under the Aviation and Transportation Security Act (ATSA), the Transportation Security Administration (TSA) has “responsibility for security in all modes of transportation.” TSA uses an operations center incident management system called WebEOC to perform incident management, coordination, and situation awareness functions for all modes of transportation. The system will store information that it receives about the following categories of individuals: 1) individuals who violate, or are suspected of violating transportation security laws, regulations, policies or procedures; 2) individuals whose behavior or suspicious activity resulted in referrals by Ticket Document Checkers (TDC) to Behavior Detection Officer (BDO) or Law Enforcement Officer (LEO) interview (primarily at airports); or 3) individuals whose identity must be verified, or checked against Federal watch lists. Individuals whose identity must be verified includes both those individuals who fail to show acceptable identification documents to compare to boarding documents and law enforcement officials seeking to fly armed. The system also collects and compiles reports from Federal, state, local, tribal, or private sector security officials related to incidents that may pose a threat to transportation or national security. Daily reports will be provided to executives at TSA and the Department of Homeland Security (DHS) to assist in incident and operational response management.

Transportation Security Administration Security Threat Assessment for Airport Badge and Credential Holders, June 2, 2008 (PDF, 13 Pages - 204 KB ) The Transportation Security Administration (TSA) is updating the Privacy Impact Assessment for the Security Threat Assessment (STA) for Airport Badge and Credential Holders to reflect an expansion of the covered population to include certain holders of airport approved badges, and to reflect the use of US-VISIT's Automated Biometrics Identification System (IDENT) database as part of the STA process, including enrollment of fingerprints in that database for recurring checks. This Privacy Impact Assessment (PIA) is an updated and amended version of the PIA originally published by TSA on June 15, 2004, and subsequently amended on August 19, 2005 and on December 20, 2006. The requirements addressed in the previous PIAs are still in effect, including the requirement to conduct name-based STAs on all individuals seeking or holding airport identification badges or credentials and the requirement to conduct fingerprint-based criminal history record checks (CHRCs) along with name-based checks on individuals seeking access to the Security Identification Display Area (SIDA) or Sterile Area of an airport.

Transportation Security Administration's Tactical Information Sharing System, June 1, 2008 (PDF, 15 pages - 202 KB ) The Transportation Security Administration (TSA) operates the Transportation Information Sharing System (TISS). The Transportation Information Sharing System receives, assesses, and distributes intelligence information related to transportation security to Federal Air Marshals (FAMs) and other Federal, State, and local law enforcement. This PIA is being updated to reflect more clearly that TISS applies to all transportation modes, not just aviation modes as might have been assumed because the system involves Federal Air Marshals.

Crew Member Self Defense Training (CMSDT) Program, February 6, 2008, (PDF, 14 Pages - 326 KB). The Department of Homeland Security Transportation Security Administration (TSA) has developed the Crew Member Self-Defense Training Program (CMSDT), a voluntary self-defense training course, for air carrier crew members. TSA will collect name, last 4 numerals of the Social Security Number (SSN), contact information, employer information including employee identification number, and course location preferences in order to verify a crew member's eligibility for the program and to provide the self-defense training. Because the CMSDT collects personally identifiable information (PII) on members of the public, TSA is conducting this Privacy Impact Assessment (PIA) in accordance with the statutory requirements of the E-Government Act of 2002.

Transportation Security Administration’s Federal Flight Deck Officer Program, January 10, 2008, (PDF, 17 Pages – 350 KB). The Federal Flight Deck Officer (FFDO) program was established by the Arming Pilots Against Terrorism Act (APATA) as Title XIV of the Homeland Security Act (Pub. L. 107-296, Nov. 25, 2003, 116 Stat. 2300), codified at 49 U.S.C. 44921. Under this program, TSA deputizes qualified volunteer pilots and flight crewmembers of passenger and cargo aircraft as law enforcement officers to defend the flight deck of aircraft against acts of criminal violence or air piracy. Participants in the program, known as Federal Flight Deck Officers (FFDOs), are trained and authorized to transport and carry a firearm and to use force, including deadly force. Through this program, TSA collects data on pilots to assess the qualification and suitability of prospective and current FFDOs through an online application, and to administer the program.

Boarding Pass Scanning System, November 29, 2007 (PDF, 7 Pages – 163KB) The Boarding Pass Scanning System (BPSS) is a process and technology that validates the authenticity of the boarding pass at the TSA security checkpoint using 2-dimensional (2D) bar code readers and encryption techniques. The BPSS will display machine readable data from the boarding pass for confirmation against the human readable portions of the boarding pass to verify that the boarding pass is legitimate and has not been tampered with. Once confirmed, the displayed data will be deleted from the BPSS.

Transportation Security Administration's Airmen Certificate Vetting Program October 22, 2007 (PDF 17 pages - 282 KB) The Department of Homeland Security (DHS) Transportation Security Administration (TSA) is implementing a process to conduct security threat assessments on all Federal Aviation Administration (FAA) Airmen Certificate applicants and holders to ensure that the individual does not pose or is not suspected of posing a threat to transportation or national security. As described below, FAA Airmen Certificate holders include pilots, air crews, and others required to hold a certificate pursuant to FAA regulations. Because this program entails a new collection of information by TSA about members of the public in an identifiable form, the E-Government Act of 2002 and the Homeland Security Act of 2002 require that the TSA issue a Privacy Impact Assessment (PIA). The data collected and maintained for this program and the details and uses of this information are outlined in this PIA.

Transportation Security Administration's Visitor Management System, October 19, 2007 (PDF 15 pages - 186 KB) The Privacy Impact Assessment (PIA) previously published on July 14, 2006 is being amended to reflect the collection of a photograph to be placed on the temporary badge. The photograph will be stored in the system only for so long as is required to create the badge, then is deleted to create the next badge. This PIA replaces the previously published PIA.

Transportation Security Administration's Universal Commercial Driver's License (CDL) Security Threat Assessment, October 12, 2007 (PDF, 18 pages – 222 KB ) The Transportation Security Administration (TSA) will conduct security threat assessments on Commercial Driver's License (CDL) holders. CDL holders are licensed to operate large commercial motor vehicles that potentially pose threats to transportation security. Congress directed TSA to perform threat assessments on certain CDL holders in the SAFE PORT Act Pub. L. No.109-347, 120 Stat. 1884 (2006). Since the potential threat extends beyond ports, TSA will perform security threat assessments on all CDL holders pursuant to its authority under 49 U.S.C. §114 (f) which gives TSA broad authority "to assess threats to transportation" including vetting persons who could pose a threat to transportation.

Transportation Security Administration's Transportation Worker Identification Credential Program Final Rule, October 5, 2007 (PDF, 23 pages – 211 KB) The Transportation Security Administration (TSA) published a joint Final Rule with the United States Coast Guard (Coast Guard) to implement a Transportation Worker Identification Credential (TWIC) program to provide a biometric credential that can be used to confirm the identity of workers in the national transportation system, and conducted a Privacy Impact Assessment (PIA) associated with that Final Rule. TSA is amending the PIA to reflect the development of TWIC contactless card capability in sections 1.4, 1.6, 9.2 and 9.3, and the approval of the records schedule by NARA in section 3. This PIA replaces the one published December 29, 2006.

Transportation Security Administration’s Secure Flight Program (PDF, 29  pages – 215 KB)  The Secure Flight program is intended to match identifying information of aviation passengers and certain non-travelers against the consolidated and integrated terrorist watch list maintained by the Federal Government in a consistent and accurate manner, while minimizing false matches and protecting personally identifiable information.  The program, this PIA, the associated System of Records Notice, and the Notice of Proposed Rulemaking are expected to change in response to public comment.  A revised PIA and if necessary a revised SORN will be issued in conjunction with the Final Rule for Secure Flight. 

Transportation Security Administration's Tactical Information Sharing System, March 28, 2007 (PDF, 19 pages - 229 KB) The Transportation Security Administration (TSA) operates the Tactical Information Sharing System (TISS). The Tactical Information Sharing System receives, assesses, and distributes intelligence information related to transportation security to Federal Air Marshals (FAMs) and other Federal, State, and local law enforcement.

Transportation Security Administration’s Claims Management System, February 5, 2007 (PDF, 13 Pages – 195 KB) Transportation Security Administration (TSA) has created the Claims Management System (CMS). The TSA Claims Management Office (CMO) investigates and adjudicates Federal tort claims filed against TSA. The CMO developed the CMS as the primary tool for the CMO to receive, investigate, and adjudicate Federal tort claims against the Transportation Security Administration.  This PIA covers all claims submission processes.

Transportation Security Administration’s Sensitive Security Information for use in Litigation, December 28, 2006 (PDF, 17 pages – 249 KB) Transportation Security Administration (TSA) is implementing a process whereby a party seeking access to Sensitive Security Information (SSI) in a civil proceeding in a Federal court that demonstrates substantial need for relevant SSI in preparation of the party’s case may request access to SSI.  In order to determine if an individual representing the party may be granted access to SSI for this purpose, TSA will conduct a threat assessment that includes a fingerprint-based criminal history records check (CHRC) and a name-based check.

Transportation Security Administration's Alien Flight Student Program (Amended), December 22, 2006 (PDF, 15 pages - 441 KB) Transportation Security Administration (TSA) will collect personal information about flight-training candidates to conduct the security threat assessments on alien flight students required by the Aviation and Transportation Security Act and Section 612 of Vision 100-Century of Aviation Reauthorization Act. For pilots seeking recurrent training, the Alien Flight Student Program will verify eligibility for recurrent training. TSA is amending the PIA originally published in June 2004 to reflect certain updates after periodic review, including its use of commercial data for identity verification purposes, and the promulgation of an applicable record retention schedule.

Transportation Security Administration's Security Threat Assessment for Airport Badge and Credential Holders, December 20, 2006 (PDF, 9 pages - 144 KB). The Transportation Security Administration (TSA) is amending the Privacy Impact Assessment for the Security Threat Assessment for Airport Badge and Credential Holders to reflect an expansion of the covered population. The amended airport security directives now require that individuals to whom airports issue identification badges or credentials undergo a security threat assessment regardless of the level of unescorted access permitted the individual. Name-based security threat assessments will be performed on all individuals seeking or holding airport identification badges or credentials. Fingerprint-based criminal history checks, in addition to the name-based security threat assessment, will continue to be required for those individuals seeking access to the Security Identification Area or Sterile Area. TSA is amending this Privacy Impact Assessment to reflect the amended requirements.

Transportation Security Administration's Airport Access Authorization To Commercial Establishments Beyond The Screening Checkpoint (AAACE) Program, November 22, 2006, November 22, 2006 (PDF, 15 pages - 291 KB) The airport operating authorities at Dallas-Fort Worth International Airport (DFW) and Detroit Metropolitan Wayne County Airport (DTW) seek to establish the Airport Access Authorization To Commercial Establishments Beyond The Screening Checkpoint (AAACE) Program. Under this pilot program, each airport operator may issue an Authorization Form to current registered overnight hotel guests (Registered Guest) at certain hotels physically connected to the airport terminal, who have requested access to commercial establishments beyond the screening checkpoint in the sterile area of the airport if they meet the requirements of the program. Additional airports participating in the pilot will be identified in Appendix B.

TSA Registered Traveler, September 1, 2006 (PDF, 27 pages - 409 KB) Pursuant to TSA's authority to operate trusted traveler programs and following two sets of pilot programs, TSA is conducting the next phase of Registered Traveler at approximately 10-20 participating airports to further test and evaluate this type of trusted passenger program. This phase introduces interoperability among participating airports/air carriers and operating with larger populations.

TSA Office of Transportation Redress, August 31, 2006 (PDF 20 pages - 397 KB) The TSA Traveler Identity Verification Program was developed as a voluntary program by the Transportation Security Administration (TSA) to provide a forum for individuals who believe they have been unfairly or incorrectly delayed, denied boarding, or identified for additional screening at our Nation's airports to request redress. Responsibility for the program lies in TSA's Office of Transportation Security Redress (OTSR).

Transportation Security Administration's Visitor Management System, July 14, 2006 (PDF 14 pages - 157 KB) TSA's Office of Security has established a Security Appointment Center (SAC), which will utilize a Visitor Management System (VMS). The VMS is a system by which computerized visitor logs will be generated and temporary self-expiring paper badges will be issued for all visitors entering the TSA Headquarters Buildings and the Transportation Security Operations Center.

Final Rule for TSA's Air Cargo Security Requirements, May 25, 2006 (PDF, 14 pages - 177 KB) TSA is currently publishing an air cargo security final rule (FR) that will significantly enhance air cargo security requirements. This Privacy Impact Assessment (PIA) explains that pursuant to the FR for Air Cargo Security Requirements, TSA will collect and retain personal information about four sets of individuals. The first set consists of certain individuals who have, or are applying for, unescorted access to air cargo. The second set consists of each individual who is a sole proprietor, general partner, officer or director of an IAC or an applicant to be an IAC, and certain owners of an IAC or an applicant to be an IAC. The third set consists of known shippers who are individuals. The fourth set consists of individuals who in addition to having unescorted access to cargo have responsibilities for screening cargo under 49 CFR 1544.

TWIC NPRM: Notice of Proposed Rulemaking (NPRM) for the TSA Transportation Worker Identification Credential (TWIC), May 11, 2006 (PDF, 19 pages - 175 KB).TSA is publishing a joint Notice of Proposed Rulemaking (NPRM) with the U.S. Coast Guard to implement a Transportation Worker Identification Credential (TWIC) program to provide a biometric credential that can be used to confirm the identity of workers in the national transportation system. TSA will conduct a security threat assessment before issuing the credential. TSA expects to collect identifying information, supporting documentation, a digital photograph, and fingerprints, as more fully set forth below in section 1.1. This PIA reflects the TWIC Program as proposed in the NPRM and follows on the PIA for the TWIC Prototype, which was published at www.dhs.gov on November 5, 2004. The program - and this PIA - are expected to change in response to public comment on the NPRM. A revised PIA and Final Rule will be issued prior to any collection of information.

TSA U.S. Port Access Threat Assessments, April 28, 2006 (PDF, 14 pages - 252 KB) TSA has broad authority to assess threats and threat information and to plan and execute such actions as may be appropriate to address threats to transportation. Working in conjunction with the United States Coast Guard and its statutory mandate, TSA will conduct security threat assessments of port workers in order to ensure that individuals who are allowed access to U.S. port facilities do not pose or are not suspected of posing a threat to transportation security.

TSA P&O Ports North America, Inc. Threat Assessments, March 22, 2006 (PDF, 13 pages - 250 KB). The Ports, Customs and Free Zone Corporation (PCFC) recently acquired P&O Ports North America, Inc. (P&O NA). On January 6, 2006, PCFC and P&O NA provided the U.S. Department of Homeland Security (DHS) certain national security assurances in connection with DHS's review of the foregoing acquisition in the Committee on Foreign Investment in the United States (CFIUS), 50 U.S.C. App. 2170. One of those assurances is to make P&O NA books and records available to DHS upon request. DHS has requested information about P&O NA employees in order to undertake security threat assessments on these employees pursuant to the authority of the Transportation Security Administration (TSA) under 49 U.S.C. §114(f) to assess threats and threat information and to plan and execute such actions as may be appropriate to address threats to transportation. P&O NA will provide the name, job title, date of birth, and social security number, as well as alien registration number if applicable, for all of its employees operating in the United States.

TSA Airspace Waivers and Flight for Certain Aviation Operations (Including DCA), September 20, 2005 (PDF, 10 pages - 219 KB ) This Privacy Impact Assessment (PIA) is an updated and amended version of the PIA originally published on July 19, 2005. TSA has revised the information it intends to collect from Armed Security Officers (ASO) to include the collection of a photograph and electronic signature for use in preparing the ASO credential, as well as the collection of ASO weapon information. TSA has also developed a redress policy.

TSA Registered Traveler Pilot (Private Sector Subpilot), September 20, 2005 (PDF, 13 pages - 233 KB) The purpose of this Privacy Impact Assessment (PIA) is to revise the PIA for the Private Sector Known Traveler (PSKT) sub-pilot. The PSKT subpilot revises TSA's role by incorporating a Private Sector Partner (PSP) that will carry out certain responsibilities. The PSKT is designed to have a structure that is very similar to the other pilots in the Registered Traveler (RT) Pilot Program. The difference between PSKT and the other RT pilots centers on the division of responsibilities between TSA and its Private Sector Partner. TSA's role will focus on conducting the initial security threat assessment and periodic reassessments, conducting security threat assessment screening, and oversight. The Private Sector Partner will have responsibility for procurement, marketing and operational functions consistent with TSA guidelines and Federal technology standards for Information Technology and biometric security. The Private Sector Partner collects the KT applicant's pertinent biographic and biometric information and sends it to TSA to conduct security threat assessments including running the applicant's biographical information through Federal databases, such as the Terrorist Screening Data Base (TSDB) and the TSA selectee list, databases containing outstanding wants and warrants, and against other governmental sources. Once TSA completes the initial security threat assessment, the agency will inform the Private Sector Partner whether the KT applicant has been approved or not approved; however, the details of the security threat assessments will be retained by TSA and not shared with the Private Sector Partner or KT applicant. The Private Sector Partner will inform the individual KT applicant whether he or she has or has not been accepted.

TSA Hazardous Materials Endorsement, Amendment, September 16, 2005 (PDF, 14 pages - 188 KB) The purpose of this Privacy Impact Assessment (PIA) is to amend the original PIA that the Transportation Security Administration (TSA) issued on January 26, 2005, concerning security threat assessments for drivers authorized to transport hazardous materials. TSA is providing two new electronic data transmission processes for the States to use to submit driver information needed to complete a security threat assessment to TSA. These processes replace non-electronic transmissions and provide a more efficient, secure transmission of the data to TSA. This addition will improve the security of the system and the efficacy of the security threat assessments for this program and should enhance the privacy of individuals who participate in this program.

TSA Security Threat Assessment for SIDA and Sterile Area Workers, August 10, 2005 (PDF, 7 pages - 169 KB) This PIA is an updated and amended version of the PIA originally published by TSA on June 15, 2004, covering individuals with unescorted access authority to Security Identification Display Areas of airports, workers who perform duties in airport sterile areas, and individuals who are applying for these positions. TSA has revised the operation of its security threat assessment for individuals to include an immigration status check. These changes are necessary in order to improve the efficacy of security threat assessments for this program.

TSA Airspace Waivers and Flight for Certain Aviation Operations (Including DCA) Privacy Impact Assessment, July 19, 2005 (PDF, 9 pages - 444 KB) The purpose of this Privacy Impact Assessment (PIA) is to provide details about this collection of information and how the airspace waiver and flight authorization programs impact the privacy of security coordinators, flight crewmembers, and passengers, including armed security officers, who apply for or are identified on an application for an airspace waiver or flight authorization to operate in restricted airspace, and the steps that TSA will take to minimize the burden on these aircraft operators and protect their information. The collection of information will differ slightly depending on the type of waiver/authorization requested and this PIA highlights the particular procedures for DCA flight authorizations throughout this document.

Registered Traveler Pilot (Private Sector Subpilot), June 20, 2005 (PDF, 11 pages - 61 KB) Because of the success of the Registered Traveler Pilot Program, TSA is now exploring the feasibility of applying the RT concept to a modified model that uses a Private Sector Partner. A Private Sector Partner may include airport authorities, air carriers, or other entities designated by TSA. To test the proposed model, TSA is launching a sub-pilot program known as the Private Sector Known Traveler (PSKT) in conjunction with the Greater Orlando Aviation Authority (GOAA).

Hazardous Materials Endorsement, January 26, 2005 (PDF, 15 pages - 75 KB) This Privacy Impact Assessment (PIA) applies to the systems and procedures implemented by the Transportation Security Administration (TSA) to conduct security threat assessments on individuals applying for, renewing or transferring a Hazardous Materials Endorsement (HME) for a commercial drivers license (CDL). This PIA is an updated and amended version of the Hazardous Materials Endorsement PIA (PDF, 7 pages - 215 KB) that the Transportation Security Administration issued on June 1, 2004.

Vetting and Credentialing Screening Gateway System, January 14, 2005 (PDF, 15 pages - 103 KB) This PIA pertains to the hardware, software and communications infrastructure systems that are used by the Transportation Security Administration to conduct security threat assessments on various transportation worker and other populations related to transportation.

Transportation Worker Identification Credential (TWIC) Program, November 5, 2004 (PDF, 21 pages - 326 KB) The Program's objective is to design and implement a standardized secure credential for the identification of transportation workers whose duties require unescorted physical access to secured areas of the nation's transportation system, or logical (i.e., cyber) access to computer-based information systems that relate to the security of the transportation system. The Transportation Security Administration is beginning a volunteer Prototype demonstration to evaluate the use of this credential at designated locations throughout the transportation system.

Alien Flight Student Program, June 18, 2004 (PDF, 12 pages - 186 KB) TSA will collect personal information about certain flight-training candidates to conduct the security threat assessments required by ATSA and Section 612 of Vision 100. For pilots seeking recurrent training, AFSP will verify eligibility for recurrent training. This information will enable TSA to identify individuals who may pose a threat to aviation or national security, or who may be wanted for the commission of a crime in the United States or elsewhere, or are currently in violation of United States immigration laws or regulations.

Security Threat Assessment for Aircraft and Heliport Operators, August 16, 2004 (PDF, 9 pages - 55 KB) Under the Aviation and Transportation Security Act (ATSA) and authority delegated from the Secretary of Homeland Security, the Assistant Secretary of Homeland Security for Transportation Security Administration (TSA) has "the responsibility for security in all modes of transportation…."

Crew Vetting Program, July 28, 2004 (PDF, 8 pages - 69 KB) TSA has been involved in crew "vetting," — the process by which security threat assessments are conducted on airline crewmembers are verified for authenticity — since the program was established by the FAA in October, 2001.

Registered Traveler Pilot, June 24, 2004 (PDF, 9 pages - 176 KB) Under the Registered Traveler Program as envisioned by TSA, qualified travelers will be positively identified via advanced identification technologies to confirm that these travelers are not suspected of posing a threat to aviation security.

Airport Access Control Pilot Project, June 18, 2004 (PDF, 7 pages - 122 KB) The purpose of TSA's Airport Access Control Pilot Program is to implement pilot projects at airports to evaluate and demonstrate applications of new and emerging technologies that enhance the performance of access controls to ensure that unauthorized persons cannot gain access to sensitive areas in airports.

SIDA and Sterile Area Workers, June 15, 2004 (PDF, 7 pages - 201 KB) TSA implemented the criminal history record check mandated by law by requiring a fingerprint-based criminal history records check for individuals with unescorted access authority to Security Identification Display Areas (SIDA), workers who perform duties in airport sterile areas, [and individuals who are applying for these positions (referred to collectively as SIDA and Sterile Area Workers).

Back To Top

US-VISIT

First Phase of the Initial Operating Capability (IOC) of Interoperability between the U.S. Department of Homeland Security and the U.S. Department of Justice, October 23, 2008, (PDF, 22 Pages - 249KB) The United States Visitor and Immigrant Status Indicator Technology (US-VISIT) Program of the Department of Homeland Security (DHS), in cooperation with the Department of Justice (DOJ) Federal Bureau of Investigation (FBI) Criminal Justice Information Services (CJIS) Division, is implementing the first phase of initial operating capability (IOC) of system interoperability (Interoperability) between US-VISIT's Automated Biometric Identification System (IDENT) and CJIS' Integrated Automated Fingerprint Identification System (IAFIS). This capability, which expands upon and improves the method of exchange and sharing of certain biometric and biographic data between IDENT and IAFIS, is intended to increase data sharing between DHS and Federal, State, and local agencies for law enforcement activity relating to the DHS mission. This Privacy Impact Assessment (PIA) describes these uses and sharing of data under the first phase of the Interoperability IOC, as well as the associated privacy risks and measures taken by US-VISIT to mitigate those risks.

United States Visitor and Immigrant Status Indicator Technology Program/Department of Homeland Security and the United Kingdom Border Agency's International Group Visa Services Project, July 1, 2008, (PDF, 24 Pages - 268KB) For this project, the U.S. Department of Homeland Security (DHS) will provide the United Kingdom Border Agency's (UKBA) International Group Visa Services (formerly known as UKvisas) with additional information to determine whether visa applicants for entry into the United Kingdom are eligible to obtain a visa or other travel documents according to applicable United Kingdom laws. Accordingly, the United States Visitor and Immigrant Status Indicator Technology (US VISIT) Program will receive biometric and biographic information from UKBA International Group Visa Services about applicants for visas to the United Kingdom and will query those applicants' biometric information against the Automated Biometric Identification System's (IDENT) list of subjects of interest (e.g., “Subjects of interest” are people of interest to the U.S. or international law enforcement and/or intelligence agencies because of suspected or confirmed illegal activity.) US-VISIT will provide UKBA with results from the query, along with, in some cases, details of the analysis supporting the returned results. US-VISIT is publishing this privacy impact assessment (PIA) because US-VISIT will receive and share personally identifiable information (PII) with the UKBA.

Technical Reconciliation Analysis Classification System (TRACS), June 6, 2008, (PDF, 20 Pages – 370KB) The United States Visitor and Immigrant Status Indicator Technology (US-VISIT) Program will operate the Technical Reconciliation Analysis Classification System (TRACS). TRACS will serve as an information management tool used for management and analysis of US-VISIT records to enhance the integrity of the United States immigration system by detecting, deterring, and pursuing immigration fraud, and by identifying persons who pose a threat to national security and/or public safety. US-VISIT is conducting this privacy impact assessment (PIA) because TRACS will use personally identifiable information.

United States Visitor and Immigrant Status Indicator Technology (US-VISIT) Program In conjunction with the Notice of Proposed Rulemaking on the Collection of Alien Biometric Data upon Exit from the United States at Air and Sea Ports of Departure, April 22, 2008, (PDF, 26 Pages - 851 KB). The United States Visitor and Immigrant Status Technology (US-VISIT) Program is implementing the first phase of the Exit component of its integrated, automated biometric entry-exit system that records the arrival and departure of covered aliens; conducts certain terrorist, criminal, and immigration violation checks of covered aliens; and compares biometric identifiers to those collected on previous encounters to verify identity. The US-VISIT Program has been implemented in phases with each phase adding additional capabilities, locations of implementation, or subject populations. US-VISIT is publishing this Privacy Impact Assessment (PIA) in conjunction with the Notice of Proposed Rulemaking (NPRM) on Collection of Alien Biometric Data upon Exit from the United States at Air and Sea Ports of Departure. A revised PIA will be issued in conjunction with the Final Rule on Collection of Alien Biometric Data upon Exit from the United States at Air and Sea Ports of Departure. US-VISIT does not collect any information on United States citizens.

Conversion to 10-Fingerprint Collection for the United States Visitor and Immigrant Status Indicator Technology Program (US-VISIT), November 15, 2007 (PDF, 16 pages – 240 KB). US-VISIT is an office and program within the National Protection and Programs Directorate of the Department of Homeland Security. The office manages DHS’ IDENT system and provides biometrics-based identity management services to agencies throughout immigration and border management, law enforcement, and intelligence communities. The Program provides an integrated, automated, biometric entry and exit system that records the arrival and departure of foreign nationals. US-VISIT is publishing this Privacy Impact Assessment (PIA) to update and describe the US-VISIT Program’s change from collecting two (2) fingerprints to collecting up to ten (10) fingerprints (using inkless optical reading devices) from foreign nationals upon entering or exiting the United States.

Arrival and Departure Information System (ADIS), August 1, 2007 (PDF, 19 pages – 295 KB). This privacy impact assessment (PIA) for the Arrival and Departure Information System (ADIS) describes changes to ADIS corresponding to the publication of a new ADIS system of records notice (SORN). As now proposed, ADIS will be a Department of Homeland Security (DHS)-wide system to serve certain programs, including those of the intelligence community, that require information, in support of the DHS mission, on individuals who seek to enter or who have arrived in or departed from the United States. US-VISIT has conducted this PIA update based on these proposed changes.

Enumeration Services of the Automated Biometric Identification System (IDENT), May 25, 2007 (PDF, 20 pages – 329 KB) The Automated Biometric Identification System (IDENT) is the primary repository of biometric information held by DHS in connection with its several and varied missions and functions, including but not limited to: the enforcement of civil and criminal laws (including immigration laws); investigations, inquiries, and proceedings in connection with those missions and functions; and national security and intelligence activities. IDENT is a centralized and dynamic DHS-wide biometric database. The Department of Homeland Security United States Visitor and Immigrant Status Indicator Technology (US-VISIT) program is publishing this privacy impact assessment (PIA) update for the Automated Biometric Identification System (IDENT) to describe the changes to IDENT required to support enumeration services, a new service offering from IDENT. Enumeration services generates a unique personal identifier, known as an enumerator, for each individual for whom ten fingerprints and minimal biographic data has been collected in IDENT. Within IDENT the enumerator will be used to uniquely identify individuals and to link and retrieve immigration and border management records with a single identifier instead of multiple identifiers. This privacy impact assessment (PIA) has been conducted because the addition of enumerator services constitutes a significant change to IDENT.

Automated Identification Management System (AIDMS) Update , May 14, 2007 (5 pages – 194 KB). In accordance with the guidance issued by the Office of Management and Budget (OMB) implementing the E-Government Act of 2002 to promote program transparency and address any privacy concerns, this revision of the United States Visitor and Immigrant Status Indicator Technology (US-VISIT) Program Privacy Impact Assessment (PIA) is prompted by the decommissioning of the Automated Identification Management System (AIDMS).

United States Visitor and Immigrant Status Indicator Technology Program (US-VISIT) Inclusion of Form I-94 Data in the Arrival and Departure Information System (ADIS), March 27, 2007 (PDF, 6 pages - 197 KB). This Privacy Impact Assessment update for the Arrival and Departure Information System is necessary to 1) clarify that I-94 data from land points of entry (POEs) is stored in ADIS and not just in the Treasury Enforcement Communications System; and 2) notify the public of the extension of the collection and processing of Form I-94 data in ADIS to include air and sea POEs.

US-VISIT IDSM, September 1, 2006 (PDF, 15 pages – 236 KB)  Interim Data Sharing Model (iDSM) for the Automated Biometric Identification System (IDENT)/Integrated Automated Fingerprint Identification System (IAFIS) Interoperability Project.  As anticipated under the External Data Sharing section of the IDENT PIA, this document discusses the sharing of data between IDENT and the Department of Justice (DOJ) Federal Bureau of Investigation (FBI) Criminal Justice Information Service (CJIS) Division’s Integrated Automated Fingerprint Identification System (IAFIS). FBI/CJIS provides criminal history information to Federal, state, and local law enforcement agencies.  The FBI completed its own PIA on the data it shares with IDENT. Therefore, this PIA discusses only the DHS sharing of IDENT data with the FBI/CJIS.

US-VISIT ePassport Program, August 18, 2006 (PDF, 21 pages - 256 KB) This is an update to previous United States Visitor and Immigrant Status Indicator Technology Program (US-VISIT) privacy impact assessments (PIAs) to address the changes to the port of entry (POE) processing that will result from the deployment of the capability to biometrically compare and authenticate RFID chip-enabled, International Civil Aviation Organization (ICAO)-compliant passports (e-Passports).

US VISIT, IDENT, July 31, 2006 (PDF, 16 pages – 236 KB) This privacy impact assessment (PIA) for the Automated Biometric Identification System (IDENT) describes changes to IDENT corresponding to the publication of a new IDENT system of records notice (SORN).  IDENT is a Department of Homeland Security wide system for the collection and processing of biometric and limited biographic information for DHS national security, law enforcement, immigration, intelligence and other DHS mission-related functions and to provide associated testing, training, management reporting, planning and analysis, or other administrative uses.

US VISIT Update,  July 12, 2006 (PDF, 7 pages - 202 KB).  This is an update to previous United States Visitor and Immigrant Status Indicator Technology (US-VISIT) privacy impact assessments (PIAs) in order to describe the expansion of US-VISIT biometric collection requirements to cover additional classes of aliens in conjunction with the Notice of Proposed Rulemaking on the Authority to Process Additional Aliens in US-VISIT.

US-VISIT Update, March 14, 2006 (PDF, 3 pages – 184 KB).  This document is an update of the International Live Test Privacy Impact Assessment, dated June 15, 2005, and updated December 22, 2005.  The original PIA contains the complete analysis of privacy issues around the live test of the readers.  The December update included enhancements to the test to cover the testing of basic access controls of the e-Passports and certain changes to the composition and logistics of the testing.  The only change being made in this current update for Phase III is an extension of time to afford DHS the additional opportunity to continue testing the readers until the deployment of the selected reader solution begins.

US-VISIT Update, December 22, 2005, (PDF, 20 pages – 232 KB) to the Privacy Impact Assessment for US-VISIT addresses Phase II of the International Live Test.

US-VISIT Program Privacy Impact Assessment, July 1, 2005 (PDF, 42 pages – 300 KB) The US-VISIT PIA was first published on January 4, 2004, in conjunction with the initial deployment of US-VISIT.  The PIA was updated on September 14, 2004,  to reflect inclusion of visa waiver program (VWP) travelers in US-VISIT, expansion of US-VISIT to the 50 busiest land border ports of entry (POE) and changes in the business processes used by DHS to share information with Federal law enforcement agencies.  The PIA was updated on June 15, 2005 to include the Live Test to read ICAO-compliant biometrically enabled travel documents by October 26, 2005. This revision of the PIA is prompted by: (1) Implementation of technology (Exit devices) and processes for recording the exit of covered individuals from air and sea ports by December 31, 2005; and (2) The proof of concept for technology and processes for automatically recording the entry and exit of covered individuals at U.S. land border POEs using Radio Frequency Identification (RFID)-enabled I-94 Arrival/Departure Forms.  The proof of concept of the capability will begin in August 2005 and, if successful, will be deployed to the 50 busiest land ports by December 31, 2007. Associated with the above PIA and published concurrently is a Privacy Act of 1974, System of Records Notice for the Department of Homeland Security (DHS), United States Visitor and Immigration Status Indicator Technology, Automated Identification Management System (AIDMS),  July 1, 2005 (PDF, 11 pages – 102 KB).

US-VISIT Live Test, June 15, 2005 (PDF, 34 pages – 137 KB) This revision of the US-VISIT PIA is prompted by enhancements to the US-VISIT Program that provide the capability to biometrically compare and authenticate valid documents at all Points of Entry. As the next step in implementing these legislative requirements, an International Live Test will be conducted. Australia, New Zealand, and the U.S. are the participants in the test that will be conducted from June to September at the Los Angeles, CA Airport POE and at the Sydney, Australia Airport POE. The International Live Test will evaluate the operational impact of new technology as well as the performance of the e-Passports and the reader solutions being tested.

US-VISIT, Increment 2, September 14, 2004 (PDF, 34 pages - 273 KB) US-VISIT captures entry and exit information from non-immigrant visa holders and Visa Waiver Program entrants traveling through air, sea, and the 50 busiest U.S. land border Ports of Entry.

USVISIT, Increment 1, December 18, 2003 (PDF, 14 pages – 157 KB) The first phase of US-VISIT, referred to as Increment 1, will capture entry and exit information about non-immigrant visitors.  Information to be collected from these individuals includes complete name, date of birth, gender, country of citizenship, passport number and country of issuance, country of residence, travel document type, number, date and country of issuance, complete U.S. address, arrival and departure information, and for the first time, a photograph and fingerprints.

Back To Top

U.S. Coast Guard

United States Homeport Update, October 17, 2008, (PDF, 5 Pages - 147 KB ) This is an update to the previous Homeport privacy impact assessment, dated May 9, 2006, in order to describe the new functionality that will allow merchant mariners to determine the status of their credential application using the Homeport Internet Portal. Homeport will use the identification information provided by the mariner to match records from the Merchant Mariner Licensing and Documentation (MMLD) system and provide mariners the current status of their credential application. Information provided by the mariner will be used solely for matching records and will not be retained in Homeport at the completion of the online session.

United States Coast Guard Maritime Awareness Global Network (MAGNET), April 11, 2008, (PDF, 19 Pages - 239 KB ) The Department of Homeland Security (DHS) United States Coast Guard (USCG) has developed the Maritime Awareness Global Network (MAGNET) system. MAGNET will use information relating to vessels and activities within the maritime environment to accomplish the Coast Guard's missions in the areas of Maritime Safety, Maritime Security, Maritime Mobility, National Defense, and Protection of Natural Resources. MAGNET is a new system that will replace the existing integrated intelligence sharing system known as the Joint Maritime Information Element (JMIE) Support System (JSS). This PIA was completed because MAGNET will process personally identifiable information (PII).

United States Coast Guard Law Enforcement Information Data Base (LEIDB)/Pathfinder, March 31, 2008, (PDF, 16 Pages - 230 KB ) The United States Coast Guard (USCG), a component of the Department of Homeland Security, is establishing the Law Enforcement Information Data Base (LEIDB)/Pathfinder. LEIDB/Pathfinder archives text messages prepared by individuals engaged in Coast Guard law enforcement, counter terrorism, maritime security, maritime safety and other Coast Guard missions enabling intelligence analysis of field reporting. USCG has conducted this PIA because the LEIDB/Pathfinder system collects and uses personally identifiable information (PII).

United States Coast Guard "Biometrics at Sea", March 14, 2008 (PDF, 25 Pages – 236 KB) This Privacy Impact Assessment (PIA) describes expanding the existing U.S. Coast Guard (USCG) and U.S. Visitor and Immigrant Status Indicator Technology (US-VISIT) Program partnership to provide mobile biometrics collection and analysis capability at sea, along with other remote areas where DHS operates. As a result of the success of this partnership’s USCG Mona Pass Proof of Concept (POC), the USCG plans a measured expansion of at-sea biometric capability throughout its mission scope and areas of operation. This measured expansion of biometrics at sea will assist in the prosecution of persons engaged in such activities as illegal maritime migration, smuggling, illegal drug transportation, and other types illegal maritime activity. By deterring unsafe and illegal maritime migration and other illegal activities at sea, the use of biometrics will promote an important USCG mission, in particular the preservation of life at sea and the enforcement of U.S. law.

United States Coast Guard “Biometrics at Sea” Mona Passage Proof of Concept Update, May 15, 2007 (PDF, 8 pages – 118 KB) This is an update to the previous Privacy Impact Assessment (PIA) for the U.S. Coast Guard (Coast Guard) Biometrics At Sea Mona Passage Proof of Concept, dated November 3, 2006. This update describes new means by which the Coast Guard will transmit information to the United States Visitor and Immigrant Status Indicator Technology (US-VISIT) Automated Biometric Identification System (IDENT) in connection with the Coast Guard Biometrics At Sea Mona Pass Proof of Concept program (the "Program"). With the addition of capabilities described in this update, the Coast Guard will be able to transmit biometric data obtained from undocumented aliens that the Coast Guard interdicts in the Mona Passage directly to US-VISIT via secure, encrypted satellite communications for analysis against the IDENT database. Biometric information to be searched against will no longer be stored on the laptops. If there is a communications failure, the Coast Guard may revert back to the ability to search biometric data against the distributed IDENT data sets on stand-alone non-networked secured laptop computers on board Coast Guard cutters more fully described in the November 3, 2006 PIA. This change in process will take approximately several working days to establish.

United States Coast Guard "Biometrics at Sea" Mona Passage Proof of Concept, November 3, 2006 (PDF, 26 pages - 211 KB) This privacy impact assessment (PIA) describes the U.S. Coast Guard (USCG) and U.S. Visitor and Immigrant Status Indicator Technology (US-VISIT) Program partnership. This project is in furtherance of the broader objective to develop mobile biometric capabilities for the Department of Homeland Security (DHS). The findings from this proof of concept will develop and refine technologies needed for mobile biometrics collection and analysis capability at sea, along with other remote areas where DHS operates. This deployment will assist in the apprehension and prosecution of illegal migrants and migrant smugglers. It will also deter unsafe and illegal maritime migration, which will help preserve life at sea. The USCG plans to deploy at-sea biometric capability during the operational Proof of Concept (POC) beginning in November 2006.

United States Coast Guard Homeport, May 9, 2006 (PDF 12 pages – 194 KB) U.S. law requires that maritime security plans be developed for ports, vessels and facilities, and that those individuals with access to maritime facilities have credentials demonstrating their eligibility for such access. Accordingly, the United States Coast Guard’s Homeport has three main functions: 1) a secure means for regulated entities to submit and store security plans for approval; 2) a secure means by which facility operators may view lists of union personnel authorized to access their facility; and 3) a secure means for representatives from the maritime domain to submit personal information to the Transportation Security Administration (TSA) needed to conduct background screening and credentialing.

Back To Top

Download Plug-in

Some of the links on this page require a plug-in to view them. Links to the plug-ins are available below.

Click Here to Download Adobe Acrobat Reader Adobe Acrobat (PDF)

This page was last reviewed/modified on November 26, 2008.