[Federal Register Volume 75, Number 161 (Friday, August 20, 2010)]
[Notices]
[Pages 51468-51473]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2010-20629]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF HOMELAND SECURITY
Office of the Secretary
Published Privacy Impact Assessments on the Web
AGENCY: Privacy Office, DHS.
ACTION: Notice of publication of Privacy Impact Assessments.
-----------------------------------------------------------------------
SUMMARY: The Privacy Office of the Department of Homeland Security
(DHS) is making available thirty-five Privacy Impact Assessments on
various programs and systems in the Department. These assessments were
approved and published on the Privacy Office's Web site between October
1, 2009 and May 31, 2010.
DATES: The Privacy Impact Assessments will be available on the DHS Web
site until October 19, 2010, after which they may be obtained by
contacting the DHS Privacy Office (contact information below).
FOR FURTHER INFORMATION CONTACT: Mary Ellen Callahan, Chief Privacy
Officer, Department of Homeland Security, Washington, DC 20528, or e-
mail: [email protected].
SUPPLEMENTARY INFORMATION: Between October 1, 2009, and May 31, 2010,
the
[[Page 51469]]
Chief Privacy Officer of the Department of Homeland Security (DHS)
approved and published thirty-five Privacy Impact Assessments (PIAs) on
the DHS Privacy Office Web site, http://www.dhs.gov/privacy, under the
link for ``Privacy Impact Assessments.'' These PIAs cover thirty-five
separate DHS programs. Below is a short summary of the programs,
indicating the DHS component responsible for the system, and the date
on which the PIA was approved. Additional information can be found on
the Web site or by contacting the Privacy Office.
System: IDOCX System.
Component: Immigration and Customs Enforcement.
Date of approval: October 14, 2009.
IDOCX is an information system owned by Immigration and Customs
Enforcement (ICE). The system supports the collection, organization,
and analysis of paper and electronic documents for law enforcement and
other programmatic or administrative purposes. ICE conducted this PIA
because IDOCX collects, analyzes, and stores personally identifiable
information (PII).
System: Five Country Joint Enrollment and Information-Sharing
Project.
Component: United States Visitor and Immigrant Status Indicator
Technology.
Date of approval: November 2, 2009.
The United States Visitor and Immigration Status Indicator
Technology (US-VISIT) Program of DHS published this PIA to cover a new,
systematic and long-term information-sharing project with trusted
partner nations for immigration purposes. The Five Country Conference
(FCC) is a forum for co-operation on migration and border security,
between the countries of Australia, Canada, New Zealand, United
Kingdom, and the United States. The FCC Information-Sharing Project is
a partnership among all the members of the FCC that is aligned with the
DHS mission as well as the US-VISIT Strategic Plan because it will help
identify individuals whose identities were previously unknown and by
doing so, improve national security in support of DHS-wide initiatives
and other mission goals.
System: Travel and Employment Authorization Listings.
Component: United States Citizenship and Immigration Services.
Date of approval: November 3, 2009.
The United States Citizenship and Immigration Services (USCIS)
developed the Travel and Employment Authorization Listings (TEAL)
system to streamline access to relevant information during the
adjudication of certain benefits. TEAL consolidates immigration
information about applicants from selected USCIS and DHS systems to
provide greater accessibility to immigration information necessary to
determine benefit eligibility. USCIS is conducting this PIA because
TEAL retrieves PII from USCIS and DHS systems.
System: Bond Management Information System Web Version Interface
and Collection Update.
Component: Immigration and Customs Enforcment.
Date of approval: November 20, 2009.
The Bond Management Information System/Web Version (BMIS Web) is an
immigration bond management database used primarily by the Office of
Financial Management (OFM) at ICE. The basic function of BMIS Web is to
record and maintain for financial management purposes the immigration
bonds that are posted for aliens involved in removal proceedings. The
PIA for BMIS Web was originally published in August 2008. Since then,
the system interfaces and the scope of the information collected have
changed, thus necessitating an update to the PIA.
System: Boating Accident Report Database.
Component: United States Coast Guard.
Date of approval: November 12, 2009.
The United States Coast Guard (USCG) developed the Boating Accident
Report Database (BARD) to serve as a receptacle for boating accident
report data, submitted by each of the 56 State and territorial
reporting authorities as required by 46 USC 6102. USCG conducted this
PIA because the boating accident report data contains PII.
System: Refugees, Asylum, and Parole System and the Asylum Pre-
Screening System.
Component: United States Citizenship and Immigration Services.
Date of approval: November 24, 2009.
USCIS maintains the Refugees, Asylum, and Parole System and the
Asylum Pre-Screening System (RAPS APSS). Both systems, originally
developed by the former Immigration and Naturalization Service (INS),
comprise the USCIS' Asylum program and are used to capture information
pertaining to asylum applications, credible fear and reasonable fear
screening processes, and applications for benefits provided by Section
203 of the Nicaraguan Adjustment and Central American Relief Act
(NACARA Sec. 203). USCIS conducted PIA because both RAPS and APSS
contain PII.
System: Password Issuance and Control System.
Component: Immigration and Customs Enforcement.
Date of approval: November 24, 2009.
The Password Issuance and Control System is used by ICE and USCIS
for password management and to manage user access to ICE and USCIS
information systems. ICE conducted this PIA because the system collects
PII.
System: Financial Disclosure Management.
Component: Office of General Counsel.
Date of approval: November 24, 2009.
The Ethics Division of the Office of General Counsel of DHS
published an update to the PIA for the Financial Disclosure Management
System (FDMS) dated September 30, 2008. FDMS is a Web-based initiative
developed to provide a mechanism for individuals to complete, sign,
review, and file financial disclosure reports, first required by Title
I of the Ethics in Government Act of 1978. This update extends coverage
to the PII collected by Executive Branch Confidential Financial
Disclosure Reports (OGE Form 450).
System: Recruit Analysis and Tracking System.
Component: United States Coast Guard.
Date of approval: November 30, 2009.
The DHS United States Coast Guard Recruiting Command operates the
Recruit Analysis and Tracking System (RATS) to support the USCG
recruiting mission. The system gathers and distributes recruiting
leads, tracks recruit progression, prepares accession forms, processes
reservations for enlisted and officer candidates, manages the mission
plan, provides point-in-time projections, and reports on quality,
quantity, and diversity statistics for the recruiting effort. USCG
conducted this PIA because RATS collects and retains PII.
System: H1N1 Medical Care for DHS Employees.
Component: Office of Health Affairs.
Date of approval: December 1, 2009.
The DHS Office of Health Affairs (OHA) issued Standard Operating
Procedures (SOP) to set forth requirements for DHS Components to
provide medical care to DHS Mission Critical and Emergency Essential
employees located in remote or medically austere environments who
either present with influenza-like symptoms, or have been exposed to a
probable case of H1N1 influenza. The SOP will remain in effect for the
duration of the Department of Health and Human Services (HHS)--declared
public health emergency with respect to H1N1. OHA is conducted this PIA
[[Page 51470]]
because the SOP involves the collection of PII.
System: Student & Exchange Visitor Information.
Component: Immigration and Customs Enforcement.
Date of approval: December 4, 2009.
ICE is developing the Student & Exchange Visitor Information (SEVIS
II) as a modernization effort to address limitations in the original
SEVIS immigration benefits tracking tool. SEVIS II is an information
system that tracks and monitors students, exchange visitors, and their
dependents that are in the U.S. on F, M, or J classes of admission
throughout the duration of approved participation within the U.S.
education system or designated exchange visitor program. SEVIS also
maintains information on the schools, exchange visitor program
sponsors, and their representatives. ICE conducted this PIA to document
publicly the privacy protections that are in place within the system
because SEVIS II collects, maintains, and provides PII in the execution
of its mission.
System: Alien Flight Student Program.
Component: Transportation Security Administration.
Date of approval: December 4, 2009.
The Transportation Security Administration (TSA) updated the PIA
used by the Alien Flight Student Program (AFSP) to conduct security
threat assessments (STAs). TSA issued this update to expand the covered
population required to undergo STAs to include candidates seeking
recurrent flight training. The AFSP PIA was published initially on June
18, 2004, and subsequently amended on December 22, 2006. The December
22, 2006 PIA remains in effect to the extent that it is consistent with
this update, and should be read together with this update.
System: Stakeholder Engagement Initiative: Customer Relationship
Management.
Component: DHS Wide.
Date of approval: December 10, 2009.
The Office of the White House Liaison and the Office of Policy, in
coordination with the Office of Intergovernmental Affairs, are
developing the Customer Relationship Management (CRM), a data
management tool being employed by the Stakeholder Engagement Initiative
(SEI). The system will be an online database which manages information
on external stakeholders and tracks the interactions between these
individuals and DHS. This PIA is being conducted because PII will be
collected and maintained on a variety of stakeholders.
System: 287(g) Program Database.
Component: Immigration and Customs Enforcement.
Date of approval: December 28, 2009.
The ICE Office of State and Local Coordination maintains a database
for the 287(g) Program, under which ICE delegates Federal immigration
enforcement authorities to State and local law enforcement agencies.
The database is used to track the progress of delegation agreements
between ICE and State and local law enforcement agencies and the
vetting and training of individual State and local law enforcement
officers who are candidates for 287(g) authority. ICE conducted this
PIA because the 287(g) Program database collects, uses, and maintains
PII.
System: Enforcement Integrated Database.
Component: Immigration and Customs Enforcement.
Date of approval: January 14, 2010.
The Enforcement Integrated Database (EID) is a DHS shared common
database repository for several DHS law enforcement and homeland
security applications. EID captures and maintains information related
to the investigation, arrest, booking, detention, and removal of
persons encountered during immigration and criminal law enforcement
investigations and operations conducted by ICE and Customs and Border
Protection (CBP). The majority of records in EID are predicated on
ongoing DHS law enforcement activity. ICE conducted this PIA to provide
additional notice of the existence of the EID and the applications that
access EID, and to publicly document the privacy protections that are
in place for the system.
System: ICEGangs Database.
Component: Immigration and Customs Enforcement.
Date of approval: January 15, 2010.
ICE uses a gang-tracking software application used for
investigative, analytical, and statistical recording and tracking of
gang members and associates, gangs, and their activities called
ICEGangs. The ICEGangs database supports information sharing on gang
members and activities among participating law enforcement agencies.
ICE conducted this PIA because the system collects and maintains PII.
System: Immigration and Customs Enforcement Child Exploitation
Tracking System.
Component: Immigration and Customs Enforcement.
Date of approval: January 19, 2010.
The Immigration and Customs Enforcement Child Exploitation Tracking
System (ICE-CETS) is a centralized information repository that assists
law enforcement in conducting child exploitation investigations. The
ICE-CETS database allows information about related investigations to be
shared and tied together to reduce redundant investigative work. ICE
conducted this PIA because PII is maintained in ICE-CETS.
System: Sensor Web.
Component: Science and Technology Directorate.
Date of approval: January 20, 2010.
The Sensor Web project is a research and development effort funded
by DHS Science and Technology (S&T) Office of Small Business Innovation
Research (SBIR) that seeks to develop and test the effectiveness of a
smart sensor system for potential law enforcement and first responder
applications. The technologies being tested--video recording technology
and analytic tools to interpret and process that video--are
technologies that potentially impact the privacy of individuals, both
during the tests and in future live settings. S&T conducted this PIA to
assess the immediate privacy impacts of conducting the tests as well as
the more general privacy impacts of the technology itself.
System: Haiti Social Media Disaster Monitoring Initiative.
Component: Office of Operations Coordination and Planning.
Date of approval: January 21, 2010.
The Office of Operations Coordination and Planning (OPS), National
Operations Center (NOC), launched a Haiti Social Media Disaster
Monitoring Initiative (Initiative) to assist the DHS, and its
components involved in the response, recovery, and rebuilding effort
resulting from the recent earthquake and after-effects in Haiti. The
NOC used this vehicle to fulfill its statutory responsibility to
provide situational awareness and establish a common operating picture
for the Federal Government, and for those State, local, and Tribal
governments, as appropriate, assisting with the response, recovery, and
rebuilding effort in Haiti. While this Initiative was not designed to
collect PII, OPS conducted this PIA because the Initiative could
potentially involve information received in an identifiable form. This
PIA was effective for 90 days and expired in May 2010.
System: IdeaFactory.
Component: DHS Wide.
Date of approval: January 21, 2010.
DHS deployed IdeaFactory, an Intranet Web-based tool that uses
social media concepts to enable innovation and organizational
collaboration within the DHS. IdeaFactory empowers employees to
develop, rate, and improve
[[Page 51471]]
innovative ideas for programs, processes, and technologies. This
privacy impact assessment was conducted because the site collects
limited PII on users submitting ideas.
System: Enterprise Security System.
Component: Federal Law Enforcement Training Center.
Date of approval: January 25, 2010.
The Federal Law Enforcement Training Center (FLETC) launched the
Enterprise Security System (ESS) to standardize the process for
students, contractors, visitors, and personnel to obtain access to
FLETC facilities. FLETC conducted this PIA because ESS collects and
maintains PII on students, visitors, and personnel.
System: Academy Information System.
Component: United States Coast Guard.
Date of approval: January 26, 2010.
The United States Coast Guard Academy (CGA) developed the Academy
information System (ACADIS) transactional database system. ACADIS
provides an information resource for the management of the CGA
educational environment including the training and development of all
future Coast Guard officers. To support this function, ACADIS processes
transactional data for cadet military program records and various
facility applications, manages applicant data to facilitate the
admissions process, and warehouses data on cadets, prior cadets,
faculty, and staff. USCG conducted this PIA because ACADIS collects and
maintains PII.
System: 2010 Winter Olympics Social Media Event Monitoring
Initiative.
Component: Office of Operations Coordination and Planning.
Date of approval: February 10, 2010.
The OPS, National Operations Center (NOC), launched a 2010 Winter
Olympics Social Media Event Monitoring Initiative (Initiative) to
assist the DHS and its components involved in the security, safety, and
border control associated with the 2010 Winter Olympics in Vancouver,
British Columbia (BC). The NOC used this vehicle to fulfill its
statutory responsibility to provide situational awareness and establish
a common operating picture for the Federal government, and for those
State, local, and Tribal governments, as appropriate, assisting with
the security, safety, and border control associated with the Olympics.
While this Initiative was not designed to collect PII, OPS conducted
this PIA because the Initiative could potentially involve information
received in an identifiable form. This PIA was effective for 30 days
and expired March 10, 2010.
System: EINSTEIN 1: Michigan Proof of Concept.
Component: National Protection and Programs Directorate.
Date of approval: February 19, 2010.
The DHS and the State of Michigan (Michigan) plan to engage in a
12-month proof of concept to determine the benefits and issues
presented by deploying the EINSTEIN 1 capability to Michigan government
networks managed by the Michigan Department of Information Technology
(MDIT). This PIA updates the previous EINSTEIN PIAs (EINSTEIN 1 PIA
from 2004 and EINSTEIN 2 PIA from 2008, both available on http://www.dhs.gov/privacy) in one narrow aspect: the use of EINSTEIN 1
technology in a proof of concept with Michigan. This PIA update
addresses the privacy impacts of extending the current EINSTEIN 1
functionality to Michigan in this specific proof of concept.
System: Suspension and Debarment Case Management System.
Component: Immigration and Customs Enforcement.
Date of approval: February 19, 2010.
The Suspension and Debarment Case Management System (SDCMS) is a
secure, Web-based workflow management system maintained by the Office
of Acquisition Management (OAQ) of the ICE that manages ICE's
suspension and debarment process. The purpose of SDCMS is to provide an
automated mechanism for managing and reporting on all suspension and
debarment activities from receipt of referral through the expiration
date of the suspension or debarment period. The information maintained
in SDCMS may contain PII on Federal contractors being referred for
suspension or debarment. ICE conducted this PIA because SDCMS collects
and maintains PII.
System: US-CERT: Initiative Three Exercise.
Component: National Protection and Programs Directorate.
Date of approval: March 18, 2010.
Pursuant to Initiative Three of the Comprehensive National
Cybersecurity Initiative, DHS is engaging in an exercise to demonstrate
a suite of technologies that could be included in the next generation
of the Department's EINSTEIN network security program. This
demonstration, (commonly referred to as the ``Initiative Three
Exercise'' or, more simply, as ``the Exercise'') will use a modified
complement of system components currently providing the EINSTEIN 1 and
EINSTEIN 2 capabilities, as well as a DHS test deployment of technology
developed by the National Security Agency (NSA) that includes an
intrusion prevention capability (collectively referred to as ``the
Exercise technology''). The purpose of the Exercise is to demonstrate
the ability of an existing Internet Service Provider that is a
designated as a Trusted Internet Connection Access Provider (TICAP) to
select and redirect Internet traffic from a single participating
government agency through the Exercise technology, for US-CERT to apply
intrusion detection and prevention measures to that traffic and for US-
CERT to generate automated alerts about selected cyber threats. This
PIA is being conducted because the Exercise will analyze Internet
traffic which may contain PII.
System: Background Vetting Service.
Component: United States Citizenship and Immigration Services.
Date of approval: March 22, 2010.
The USCIS developed the Background Vetting Service (BVS) to comply
with the Adam Walsh Child Protection and Safety Act of 2006, Public Law
109-248 which restricts the ability of any U.S. citizen (USC) or lawful
permanent resident alien (LPR) who has been convicted of any
``specified offense against a minor'' from filing certain family-based
immigration petitions. Under the BVS, the USCIS will facilitate
fingerprint checks of USCs whose principal residence is overseas filing
family-based immigration petitions at Department of State (DOS)
Overseas Posts against the Federal Bureau of Investigation's (FBI)
Integrated Automated Fingerprint Identification System (IAFIS) and the
US-VISIT Automated Biometric Identification System (IDENT). The
information is collected and assembled by DOS. The USCIS BVS does not
collect or originate any information but only serves as a conduit to
route the information between DOS, US-VISIT, FBI IAFIS, and the USCIS
BVS Users. USCIS Conducted this PIA because BVS checks PII collected by
DOS against US-VISIT's IDENT and FBI's IAFIS and returns a status flag
back to DOS for their use in the adjudication of the applicable
petition.
System: Integrated Common Analytical Viewer Sensitive But
Unclassified.
Component: National Protection and Programs Directorate.
Date of approval: March 29, 2010.
The DHS National Protection and Programs Directorate (NPPD)
implemented the Integrated Common Analytical Viewer Sensitive But
Unclassified (iCAV SBU), a sensitive but unclassified, secure, Web-
based, geospatial visualization tool that integrates commercial and
government-
[[Page 51472]]
owned data and imagery from multiple sources enabling homeland security
partners to establish comprehensive situational and strategic awareness
across the nation and around the globe to better prepare for, prevent,
respond to and recover from natural and man-made disasters. This PIA
was performed to analyze and evaluate any privacy impact resulting from
the use of visualization technology.
System: Workplace Violence Prevention Program.
Component: Transportation Security Administration.
Date of approval: March 30, 2010.
The TSA is committed to providing a safe work environment for its
personnel. Toward that goal, TSA has established a Workplace Violence
Protection Program (WVPP) that provides: national guidance to TSA
program coordinators regarding the prevention of, and response to,
incidents of actual or alleged workplace violence; reviews reports of
credible threats or actual incidents of workplace violence; provides
advice and guidance to program coordinators and management regarding
agency action; and coordinates training for program coordinators and
TSA employees and contractors. Workplace violence incident data,
including PII, is maintained and secured by TSA program personnel.
System: Online Detainee Locator System.
Component: Immigration and Customs Enforcement.
Date of approval: April 9, 2010.
The Online Detainee Locator System (ODLS) is a publicly accessible,
Web-based system owned by ICE. ODLS allows the public to conduct online
Internet-based queries to locate persons detained by ICE for civil
violations of the Immigration and Nationality Act. ODLS is intended to
allow members of the public, especially family members and legal
representatives, to determine whether an individual is currently in ICE
detention and, if so, at which facility the person is detained. ICE
conducted this PIA because this system makes available to the public
PII about individuals detained by ICE.
System: Eligibility Risk and Fraud Assessment Testing Environment.
Component: United States Citizenship and Immigration Services.
Date of approval: April 9, 2010.
The Office of Transformation Coordination of the USCIS is planning
to prototype the Eligibility Risk and Fraud Assessment Testing
Environment. This environment will be used to develop, test, and refine
the risk and fraud business rules against historical data extracts
before deploying to a full production environment. This new testing
involves the use of personally indefinable information.
System: Alien Criminal Response Information Management System.
Component: Immigration and Customs Enforcement.
Date of approval: April 22, 2010.
The Alien Criminal Response Information Management System (ACRIMe)
is an information system used by ICE to support various law enforcement
activities at the ICE Law Enforcement Support Center and other ICE
locations. ACRIMe supports ICE's handling of and response to
immigration status inquiries made by other agencies regarding
individuals arrested, subject to background checks, or otherwise
encountered by those agencies. ACRIMe also supports the ICE Secure
Communities Program, which provides a biometric-based means to identify
criminal aliens for possible removal from the United States.
System: Data Analysis and Research for Trade Transparency System.
Component: Immigration and Customs Enforcement.
Date of approval: April 26, 2010.
The DHS, ICE operates the Data Analysis and Research for Trade
Transparency System (DARTTS), which supports ICE investigations of
trade-based money laundering, contraband smuggling, and trade fraud.
DARTTS analyzes trade and financial data to identify statistically
anomalous transactions that may warrant investigation for money
laundering or other import-export crimes. These anomalies are then
independently confirmed and further investigated by experienced ICE
investigators. The original PIA for DARTTS was published in October
2008. ICE is migrating DARTTS to the ICE Enterprise Network, and has
added two new sets of financial data and a new set of trade data. ICE
also implemented new audit features and capabilities to enhance
integrity and accountability. ICE is updating and republishing the
DARTTS PIA to reflect these changes.
System: Customer Identity Verification System Update.
Component: United States Citizenship and Immigration Services.
Date of approval: April 26, 2010.
The USCIS is updating its PIA for the Customer Identity
Verification (CIV) system to remove the ``Pilot'' designation of the
system and to address the further deployment of the system to all field
offices. The CIV system collects and uses biometrics (fingerprints and
pictures) when an applicant appears before USCIS in person at the time
of an interview so that USCIS can verify that the individual being
interviewed is the same person for whom it conducted a background check
and collected other information at the Application Support Center.
USCIS will use US-VISIT Secondary Inspections Tool, a Web-based tool,
that processes, displays, and retrieves biometric and biographic data
from the Automated Biometric Identification System.
System: April 2010 BP Oil Spill Response Social Media Event
Monitoring Initiative.
Component: Office of Operations Coordination and Planning.
Date of approval: April 29, 2010.
The OPS, National Operations Center (NOC), has launched an April
2010 BP Oil Spill Response Social Media Event Monitoring Initiative
(Initiative) to assist the DHS and its components involved in the
security, safety, and emergency response associated with the BP oil
spill response off the Gulf Coast. The NOC is using this vehicle to
fulfill its statutory responsibility to provide situational awareness
and establish a common operating picture for the Federal government,
and for those State, local, and Tribal governments, as appropriate,
assisting with the security, safety, and emergency response associated
with the oil spill. While this Initiative is not designed to collect
PII, OPS is conducting this PIA because the Initiative could
potentially involve PII or other information received in an
identifiable form. This PIA was effective for 60 days and expired at
that time.
System: Malware Lab Network.
Component: National Protection and Programs Directorate.
Date of approval: May 4, 2010.
The goal of the DHS, NPPD is to advance the risk-reduction segment
of the Department's overall mission. To meet this goal, the NPPD/U.S.
Computer Emergency Readiness Team (US-CERT) provides key capabilities
in four cyber mission areas: (1) Alert, Warning, and Analysis; (2)
Coordination and Collaboration; (3) Response and Assistance; and (4)
Protection and Detection. The Malware Lab Network (MLN) contributes
critical support to existing tools used by US-CERT to better meet these
cyber mission areas. The MLN collects, uses, and maintains analytically
relevant information in order to support the Department's cyber
security mission, including the prevention and mitigation of cyber
attacks, protection of information infrastructure, the assessment of
cyber vulnerabilities, and response to cyber incidents. DHS conducted
this PIA to
[[Page 51473]]
publicly analyze and evaluate the PII within the MLN.
Mary Ellen Callahan,
Chief Privacy Officer, Department of Homeland Security.
[FR Doc. 2010-20629 Filed 8-19-10; 8:45 am]
BILLING CODE 9110-9L-P