[Federal Register Volume 76, Number 66 (Wednesday, April 6, 2011)]
[Notices]
[Pages 19110-19116]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2011-8086]
-----------------------------------------------------------------------
DEPARTMENT OF HOMELAND SECURITY
Office of the Secretary
Published Privacy Impact Assessments on the Web
AGENCY: Privacy Office, Department of Homeland Security (DHS).
ACTION: Notice of Publication of Privacy Impact Assessments (PIAs).
-----------------------------------------------------------------------
SUMMARY: The Privacy Office of the DHS has made available forty PIAs on
various programs and systems in the Department. The assessments were
approved and published on the Privacy Office's Web site between May 3,
2010 and January 7, 2011.
DATES: The Privacy Impact Assessments are available on the DHS Web site
until June 6, 2011, after which they are obtained by contacting the DHS
Privacy Office (contact information below).
FOR FURTHER INFORMATION CONTACT: Mary Ellen Callahan, Chief Privacy
Officer, DHS, Washington, DC 20528, or e-mail: [email protected].
SUPPLEMENTARY INFORMATION: Between May 3, 2010 and January 7, 2011, the
Chief Privacy Officer of the DHS approved and published forty Privacy
Impact Assessments (PIAs) on the DHS Privacy Office Web site, http://www.dhs.gov/privacy, under the link for
[[Page 19111]]
``Privacy Impact Assessments.'' Below is a short summary of the
programs, indicating the DHS component responsible for the system, and
the date on which the PIA was approved. Additional information can be
found on the Web site or by contacting the Privacy Office.
System: E-Verify Program: Use of Commercial Data for Employer
Verification.
Component: United States Citizenship and Immigration Services
(USCIS).
Date of approval: May 4, 2010.
The Verification Division of USCIS operates the E-Verify Program,
which provides verification of employment authorization for employers
participating in the E-Verify program. The E-Verify Program collects
additional employer business information from both registering
employers and a commercial data provider, Dun and Bradstreet (D&B), to
enhance the employer registration process, manage customer
relationships, improve reporting capabilities and operational
effectiveness. This expanded information collection pertains to
registered employers participating in the E-Verify Program.
System: CRCL Matters.
Component: Civil Rights and Civil Liberties (CRCL).
Date of approval: May 6, 2010.
CRCL has established the CRCL Matters database. CRCL Matters is a
database developed to respond to allegations of abuses of civil rights,
civil liberties, and religious, racial, and ethnic profiling by
department employees and officials. The PIA is being conducted because
CRCL collects personally identifiable information (PII).
System: Exodus Accountability Referral System (EARS).
Component: Immigration and Customs Enforcement (ICE).
Date of approval: May 6, 2010.
In order to enforce U.S. federal export control laws, ICE and U.S.
Customs and Border Protection (CBP) require information from federal
regulatory agencies that grant export licenses on controlled items;
specifically whether a license is required and whether a license has
been granted. The ICE Exodus Command Center operates the EARS database
that initiates, tracks, and manages requests to regulatory agencies for
this information. The purpose of the PIA is to document the system's
collection and use of PII.
System: Hiring Information Tracking System (HITS).
Component: ICE.
Date of approval: May 13, 2010.
HITS is an information system used by ICE to track current and
prior hiring actions. HITS maintains information about individuals who
are selected for vacant positions at ICE. ICE has conducted the PIA
because HITS collect PII about individuals who are offered employment
with ICE.
System: First Responder Technologies (R-Tech) Program.
Component: Science and Technology (S&T).
Date of approval: May 13, 2010.
The DHS S&T First Responder Technologies (R-Tech) program requires
the collection of personal information and video recordings of first
responder research volunteers in support of operational testing,
evaluation, demonstration, and outreach activities. The PIA discusses
the risks associated with the use of volunteers to test first responder
technologies that are not privacy sensitive.
System: Equal Employment Opportunities (EEO) Eagle Compliant
Enterprise System.
Component: CRCL.
Date of approval: June 3, 2010.
The CRCL EEO Program operates the EEO Eagle Complaint Enterprise
System. EEO Eagle is an electronic records system used to track
complaints and supporting documentation related to individual and class
complaints of employment discrimination and retaliation prohibited by
the DHS civil rights statutes. CRCL EEO has conducted this PIA because
EEO Eagle collects and stores PII.
System: Security and Safety Computer Network.
Component: United States Coast Guard (USCG).
Date of approval: June 16, 2010.
The USCG operates the Coast Guard Headquarters (CGHQ) Support
Command Security and Safety Computer Network (CSS LAN). The CSS LAN is
a stand-alone system that encompasses multiple applications that
support: physical access control to the CGHQ facility, identity
verification, security camera monitoring, and key security and tracking
for master keys that are used throughout CGHQ. USCG conducted this PIA
because the applications that comprise the CSS LAN collect PII.
System: Digital Mail Pilot Program.
Component: DHS Wide.
Date of approval: June 18, 2010.
The DHS Office of the Chief Administrative Officer (OCAO) has
implemented a Digital Mail Pilot Program for DHS Headquarters (HQ) and
Components within the National Capital Region. The Digital Mail Pilot
Program provides users the opportunity to receive mail via email
thereby improving DHS business processes and increasing security. The
purpose of this PIA is to demonstrate that the Digital Mail Pilot
Program has considered and incorporated privacy protections of PII that
may be collected, used, disseminated, and maintained throughout the
entire lifecycle of the program.
System: Accessibility Compliance Management System (ACMS).
Component: DHS Wide.
Date of approval: June 22, 2010.
The DHS Office of Accessible Systems & Technology (OAST) operates
the Accessibility Compliance Management System (ACMS). ACMS is intended
to bring together a web-based DHS-wide single point-of-entry reporting
system. ACMS allows documenting and reporting of all Section 508
compliance and accessibility activities it consistently tracks current
status and progress towards meeting Section 508 compliance requirements
for OAST and Component Accessible Systems and Technology Programs
(ASTP). The PIA is being conducted to determine any privacy issues with
customer information.
System: Publicly Available Social Media Monitoring and Situational
Awareness Initiative.
Component: Office of Operations Coordination and Planning (OPS).
Date of approval: June 22, 2010.
The OPS, National Operations Center (NOC), has launched and lead
the Publicly Available Social Media Monitoring and Situational
Awareness (Initiative) to assist DHS and its components involved in
fulfilling OPS statutory responsibility (Section 515 of the Homeland
Security Act (6 U.S.C. 321d(b)(1)) to provide situational awareness and
establish a common operating picture for the federal government, and
for those state, local, and tribal governments, as appropriate. While
this Initiative is not designed to actively collect PII, OPS conducted
this PIA because the Initiative could potentially involve PII or other
information received in an identifiable form. In the event PII comes
into the Department's possession under this Initiative, the NOC will
redact all PII prior to further dissemination of any collected
information. In the event of an in extremis situation involving
potential life and death, OPS will share certain PII with the
responding authority in order for them to take the necessary actions to
save a life, such as name and location of a person calling for help
buried under rubble, or hiding in a hotel room when the hotel is under
attack by terrorists.
[[Page 19112]]
System: MyTSA.
Component: Transportation Security Administration (TSA).
Date of approval: July 1, 2010.
TSA's MyTSA consists of a mobile and an iTunes application that
provides the traveling public access to relevant TSA travel information
via any mobile phone with internet access. MyTSA allows individuals to
access such information as the types of items that may be carried
through TSA security checkpoints, basic information regarding TSA
checkpoint policy, estimated wait times at TSA checkpoints, and current
travel conditions. The MyTSA application does not collect or use
personally identifiable information. The PIA addresses the privacy
impact of TSA's use of mobile media for delivering information to the
public.
System: iComplaints.
Component: CRCL.
Date of approval: July 8, 2010.
CRCL EEO Program operates the iComplaints Complaint Enterprise
System. IComplaints is an electronic records system used to track
complaints and supporting documentation relating to individual and
class complaints of employment discrimination and retaliation
prohibited by DHS civil rights statutes. IComplaints will replace EEO
Eagle as EEO Eagle is being decommissioned. CRCL EEO has conducted this
PIA because iComplaints collects and stores PII.
System: Operations Center Incident Management System (OCIMS)
Update.
Component: TSA.
Date of approval: July 12, 2010.
Under the Aviation and Transportation Security Act (ATSA), TSA has
``responsibility for security in all modes of transportation.'' TSA
uses an operations center incident management system called WebEOC to
perform incident management, coordination, and situation awareness
functions for all modes of transportation. The system stores
information that it receives about the following categories of
individuals: (1) Individuals who violate, or are suspected of violating
transportation security laws, regulations, policies or procedures; (2)
individuals whose behavior or suspicious activity resulted in referrals
by Ticket Document Checkers to Behavior Detection Officer or Law
Enforcement Officer interview (primarily at airports); or (3)
individuals whose identity must be verified, or checked against federal
watch lists. Individuals whose identity must be verified includes both
those individuals who fail to show acceptable identification documents
to compare to boarding documents and law enforcement officials seeking
to fly armed. The system collects and compiles reports from federal,
state, local, tribal, or private sector security officials related to
incidents that may pose a threat to transportation or national
security. TSA republished this PIA to clarify that the TSA Operations
Center will record telephonic communications. The PIA previously
disclosed in section 1.4 that telephone calls were a source of
information but did not explicitly state that telephone calls would be
recorded. Daily reports will be provided to executives at TSA and DHS
to assist in incident and operational response management.
System: Targeted Violence Information Sharing System (TAVISS).
Component: United States Secret Service (USSS).
Date of approval: July 13, 2010.
USSS has created the Targeted Violence Information Sharing System
(TAVISS). TAVISS is used to conduct name checks and determine whether a
subject is of protective interest to any agency within the TAVISS
network. The Secret Service is conducting this PIA because TAVISS
contains personally identifiable information (PII) regarding subjects
of protective interest to the Secret Service and agencies participating
in the network.
System: Watchlist Service.
Component: DHS Wide.
Date of approval: July 14, 2010.
DHS currently uses the Terrorist Screening Database (TSDB), a
consolidated database maintained by the Department of Justice Federal
Bureau of Investigation Terrorist Screening Center (TSC) of identifying
information about those known or reasonably suspected of being involved
in terrorist activity in order to facilitate DHS mission-related
functions, such counterterrorism, law enforcement, border security, and
inspection activities. DHS and TSC are improving the current method of
transmitting TSDB data from TSC to DHS. Through a new service called
the ``DHS Watchlist Service'' (WLS), TSC and DHS will automate and
simplify the current manual process. TSC remains the authoritative
source of watchlist data and will provide DHS with near real-time
synchronization of the TSDB. DHS will ensure that each DHS component
system receives only those TSDB records which they are authorized to
use under the WLS Memorandum of Understanding and authorized under
existing regulations and privacy compliance documentation between TSC
and DHS (WLS MOU) and any amendments or modifications thereto. DHS
conducted this privacy impact assessment (PIA) because the WLS will
maintain a synchronized copy of the TSDB, which contains PII, and
disseminate it to authorized DHS components.
System: Significant Event Notification (SEN) System.
Component: ICE.
Date of approval: July 26, 2010.
The Significant Event Notification system (SEN) is a reporting and
law enforcement intelligence transmission capability developed for DHS
and ICE. The ICE Office of Homeland Security Investigations initiated
the reporting capability to create reports for ICE field and
headquarters managers to provide timely information about critical
incidents, activities, and events that involve or impact ICE field
staff. The system also handles law enforcement intelligence
communication from ICE Office of Enforcement and Removal Operations
field offices to field and headquarters managers and the ERO
Intelligence Operations Unit. The PIA is being completed to provide
notice of the existence of SEN and to publicly document the privacy
protections in place.
System: Enforcement Integrated Database (EID) Update.
Component: ICE.
Date of approval: July 28, 2010.
The Enforcement Integrated Database (EID) is a DHS shared common
database repository for several DHS law enforcement and homeland
security applications. EID captures and maintains information related
to the investigation, arrest, booking, detention, and removal of
persons encountered during immigration and criminal law enforcement
investigations and operations conducted by ICE and CBP, both components
within DHS. The PIA for EID was published in January 2010. The
information entered into EID and the scope of external information
sharing is being expanded, thus necessitating an update to the EID PIA.
System: Iris and Face Technology Demonstration and Evaluation
(IFTDE).
Component: Science and Technology (S&T).
Date of approval: August 12, 2010.
As part of its Multi-Modal Biometrics Projects, S&T Directorate and
the National Institute of Standards and Technology (NIST) are
investigating iris recognition as a promising biometric modality that
may become suitable to support DHS operations in the near future. As
iris recognition technologies mature, it is important to understand
[[Page 19113]]
the capabilities and limitations of the technologies in operational
settings, as well as what additional technology development is
necessary to reduce technical risk in potential future acquisitions by
DHS operational components. The purpose of this evaluation of iris
recognition technologies is to conduct field trials/studies of iris
camera prototypes under conditions and environments of relevance (e.g.,
humidity levels, amount of sunlight, etc.) to DHS operational users to
assess the viability of the technology and its potential operational
effectiveness in support of DHS operations. S&T is conducting a PIA
because biometric information is being collected from individuals
detained in an operational setting.
System: Freedom of Information Act (FOIA) and Privacy Act (PA)
Records Program.
Component: DHS Wide.
Date of approval: August 18, 2010.
DHS and its components have established a Departmental Freedom of
Information Act (FOIA) and Privacy Act (PA) Program to maintain records
created by the Department's FOIA and PA staff, as well as manage a
multitude of FOIA and PA systems. While DHS has established the
Department's FOIA and PA program, some components have established
information technology as well as paper-based systems designed to
handle component-specific FOIA and PA processing. The purpose of the
various systems within the FOIA and PA program is to process record
requests and administrative appeals under the FOIA and PA, as well as
access, notification, and amendment requests and appeals under the PA.
These systems also maintain records used in litigation arising from
such requests and appeals, and in assisting DHS in carrying out any
other responsibilities under the FOIA and PA. The DHS Privacy Office
has conducted PIA to assess the risks presented by the use of PII in
the various FOIA and PA processes and systems employed by DHS' FOIA and
PA program.
System: Entellitrack.
Component: CRCL.
Date of approval: August 23, 2010.
CRCL and TSA have established a new database called Entellitrak
which is an enterprise tracking system that has been configured to
track, search, and report on complaints data. It is a database
developed to respond to allegations of abuses of civil rights, civil
liberties, and religious, racial, and ethnic profiling by department
employees and officials. Entellitrak will replace the legacy system
CRCL Matters with all CRCL Matters data migrating onto Entellitrak in
the transition. The PIA is being conducted because Entellitrak collects
and stores PII.
System: Watchlist Service Update.
Component: DHS Wide.
Date of approval: September 7, 2010.
DHS currently uses the Terrorist Screening Database (TSDB), a
consolidated database maintained by the Department of Justice Federal
Bureau of Investigation Terrorist Screening Center (TSC) that contains
identifying information about those known or reasonably suspected of
being involved in terrorist activity in order to facilitate DHS
mission-related functions, such counterterrorism, law enforcement,
border security, and inspection activities. In July 2010, DHS launched
an improved method of transmitting TSDB data from TSC to DHS through a
new service called the ``DHS Watchlist Service'' (WLS). At that time,
DHS published a PIA to describe and analyze privacy risks associated
with this new service. The WLS maintains a synchronized copy of the
TSDB, which contains PII, and disseminates it to authorized DHS
components. DHS is issuing this privacy impact assessment update to
identify two additional authorized DHS recipients of TSDB data via the
WLS in the form of a computer readable extract: the DHS Office of
Intelligence and Analysis and the ICE.
System: Citizenship and Immigration Data Repository (CIDR).
Component: USCIS.
Date of approval: September 8, 2010.
DHS and USCIS developed the Citizenship Immigration Data Repository
(CIDR), hosted on DHS classified networks, in order to make information
from multiple USCIS benefits administration systems available for
querying by authorized USCIS personnel for the following three
purposes: (1) Vetting USCIS application information for indications of
possible immigration fraud and national security concerns; (2)
detecting possible fraud and misuse of immigration information or
position by USCIS employees, for personal gain or by coercion; and (3)
responding to requests for information (RFIs) from the DHS Office of
Intelligence and Analysis (I&A) and/or the federal intelligence and law
enforcement community members that are based on classified criteria. In
conjunction with this PIA, DHS is issuing a new Privacy Act system of
records notice to cover the search parameters and the results of the
searches.
System: Access to Sensitive Security Information and Contract
Solicitation.
Component: TSA.
Date of approval: September 9, 2010.
TSA is responsible for the acquisition of services and supplies
related to protecting the nation's transportation system. If determined
necessary for the proposal preparation process, TSA may permit offerors
to have access to Sensitive Security Information (SSI) necessary to
prepare a proposal. SSI is a form of unclassified information that if
publicly released would be detrimental to transportation security. The
standards governing SSI are promulgated under 49 U.S.C. 114(r) in 49
CFR part 1520. In order to determine if a potential offer or may be
granted access to SSI in the pre-contract award acquisition process,
TSA will conduct a security threat assessment (STA) of the individuals
and company. The STA may include a verification of site facility
clearance in the National Industrial Security Program, contractor
suitability determination or other federal background investigation,
individual security clearance(s), and if required, a criminal history
records check and/or a check against terrorism databases. Because this
program entails a new collection of information about members of the
public in identifiable form, the E-Government Act of 2002 and the
Homeland Security Act of 2002 requires that TSA conduct a PIA.
System: Eversity Enterprise System.
Component: CRCL.
Date of approval: September 14, 2010.
The CRCL EEO Program operates the Eversity Enterprise System.
Eversity is an electronic records system used in workforce analysis,
tracking, management, and reporting required under Equal Employment
Opportunity Commission (EEOC) Management Directive (MD) 715. CRCL EEO
has conducted this PIA because Eversity collects and stores PII.
System: Social Networking Interactions and Applications
(Communications/Outreach/Public Dialogue).
Component: DHS Wide.
Date of approval: September 16, 2010.
Social networking interactions and applications includes a sphere
of non-government Web sites and web-based tools that focuses on
connecting users, inside and outside of the DHS, to engage in dialogue,
share information and media, and collaborate. Third parties control and
operate these non-governmental websites; however, the Department may
use them as alternative channels to provide robust information and
engage with the public. The Department may also use these websites to
make information and services
[[Page 19114]]
widely available, while promoting transparency and accountability, as a
service for those seeking information about or services from the
Department. This PIA analyzes the Department's use of social networking
and how these interactions and applications could result in the
Department receiving PII. This PIA describes the information the
Department may have access to, how it will use the information, what
information is retained and shared, and how individuals can gain access
to and correct their information.
System: Alien Criminal Response Information Management System
(ACRIMe) & Enforcement Integrated Database (EID) Update.
Component: ICE.
Date of approval: September 29, 2010.
ACRIMe is an information system used by ICE to receive and respond
to immigration status inquiries made by other agencies about
individuals arrested, subject to background checks, or otherwise
encountered by those agencies. EID is an ICE case management system
that captures and maintains information related to the investigation,
arrest, booking, detention, and removal of persons encountered during
immigration and criminal law enforcement investigations and operations
conducted by ICE and U.S. Customs and Border Protection. ICE is
combining ACRIMe and EID data via the ICE Integrated Decision Support
System, a reporting sub system of EID, to enable and enhance
comprehensive reporting about criminal aliens throughout the alien
identification, apprehension, and removal process. To effectuate this
reporting, ICE is modifying ACRIMe to expand its user base within the
agency, implementing new user functionality in ACRIMe and EID, and
updating IIDS to support enhanced reporting of ACRIMe and EID data. ICE
is further expanding ACRIMe support for the Secure Communities
initiative. ICE is conducting this PIA update to address these
modifications and enhancements.
System: National File Tracking System (NFTS).
Component: USCIS.
Date of approval: October 5, 2010.
USCIS has prepared this PIA for the National File Tracking System
(NFTS). NFTS is an automated file-tracking system used to maintain an
accurate file inventory and track the physical location of files. The
system facilitates USCIS's ability to efficiently manage and streamline
access to the millions of immigration files under its control. USCIS is
conducting this PIA to document, analyze and assess the current
practices with respect to the PII, NFTS collects, uses and shares.
System: Standoff Technology Integration and Demonstration Program
Update.
Component: S&T.
Date of approval: October 14, 2010.
S&T has updated the Standoff Explosives Detection Technology
Demonstration Program (now referred to as the Standoff Technology
Integration and Demonstration Program, or STIDP) PIA issued July 21,
2008 to reflect updates to the program involving live crowd testing.
The program is adding new technologies, expanding the use of the
test center, enhancing object tracking technologies and beginning to
distribute crowd video data to vendors. The PIA update identifies and
addresses the privacy issues associated with public test and evaluation
activities on technologies that will be acquired, matured, and
integrated by STIDP between now and the end of the program, currently
slated for 2014. Based on the privacy issues identified, three sets of
privacy protective requirements were developed and implemented at all
stages of the program. The Live Testing Requirements and Law
Enforcement Operations Requirements apply to conducting and operating a
test in a public environment and the Data Protection Requirements
address the collection and protection of PII. These requirements, when
systematically applied to test and evaluation plans and their
implementation, ensure that privacy concerns are appropriately
addressed for broad classes of technologies tested in a range of venues
with and without law enforcement operations. This update assists
STIDP's mission of developing an integrated countermeasure architecture
to prevent person-borne improvised explosive device attacks.
System: Electronic Surveillance System (ELSUR).
Component: ICE.
Date of approval: November 2, 2010.
The Electronic Surveillance System (ELSUR) is owned by ICE. ELSUR
allows ICE to track and search for ICE applications for court orders
that authorize ICE to intercept oral, wire, or electronic
communications during the course of a criminal investigation. ICE
conducted this PIA because ELSUR contains PII and to publicly document
the privacy protections that are in place.
System: Immigration Benefits Background Check Systems (IBBCS).
Component: USCIS.
Date of approval: November 5, 2010.
As part of its benefits adjudication process and as required by
law, USCIS conducts background checks on petitioners and applicants who
seek certain immigration benefits. These background checks consist of
four separate checks against systems within Department of Justice
(DOJ), Federal Bureau of Investigation (FBI), and DHS. In order to
facilitate the collection and transmission of information necessary to
complete background check processes, USCIS maintains five information
technology electronic systems: The Fingerprint Masthead Notification
System (FMNS), the Customer Identity Capture System (CICS), the FD-258
Tracking System--Mainframe (FD-258 MF), the Benefits Biometrics Support
System (BBSS), and the Interagency Border Inspection System (IBIS)
Manifest. USCIS is conducting this PIA because FMNS, CICS, FD-258 MF,
BBSS, and IBIS Manifest collect, use, and share PII. The PIA replaces
the previously published USCIS PIA for the ``Background Check Service
(BCS)'' which describes planned background check-related systems that
were never implemented. Upon publication of this PIA, the BCS PIA will
be retired.
System: Quality Assurance Recording System (QARS).
Component: Federal Emergency Management Agency (FEMA).
Date of approval: November 10, 2010.
FEMA, Response and Recovery Bureau operates the QARS. The proposed
system of telephone call and computer screen capture recording is for
internal employee and contractor performance evaluation, training and
quality assurance purposes to improve customer service to disaster
assistance applicants requesting assistance under the Robert T.
Stafford Disaster Relief and Emergency Assistance Act. FEMA is
conducting the PIA because QARS call recordings and screen captures
information about the FEMA employees and/or contractors as they provide
customer service to disaster assistance applicants. The system will
maintain information about disaster assistance applicants, but the
focus of this system is on employee and contractor quality assurance.
System: Protective Research Information System Management (PRISM-
ID).
Component: USSS.
Date of approval: November 12, 2010.
USSS has created and used the PRISM-ID system to record information
that in accordance with Secret Service criteria is required to assist
the agency in meeting its protective mission that includes the
protection of the President, Vice President, their immediate families,
former Presidents and First
[[Page 19115]]
Ladies, major candidates for the presidency and vice presidency,
foreign heads of state visiting the United States, and other
individuals authorized to receive Secret Service protection. The PIA is
being conducted because PRISM-ID collects PII.
System: Department of Homeland Security Information Sharing
Environment Suspicious Activity Reporting Initiative (ISE-SAR).
Component: DHS Wide.
Date of approval: November 17, 2010.
The Office and Intelligence and Analysis, primarily through the
State and Local Program Office in coordination with the Office of
Operations Coordination Planning, is leading the DHS effort to
implement the Nationwide Suspicious Activity Reporting Initiative
(NSI). The NSI is a key aspect of the federal Information Sharing
Environment (ISE) that Congress created in the Intelligence Reform and
Terrorism Prevention Act of 2004 (IRPTA). The NSI is overseen by DOJ
and is designed to support the sharing of information through the ISE
about suspicious activities which are defined as ``official
documentation of observed behavior reasonably indicative of pre-
operational planning related to terrorism or other criminal activity
[related to terrorism].'' The Office of Intelligence and Analysis and
the Office of Operations and Coordination Planning have been jointly
coordinating activities throughout DHS to develop a department-level
interface with the NSI that will enable DHS to share Suspicious
Activity Reporting (SAR) that meet the ISE-SAR Functional Standard
Version 1.5 (hereinafter referred to as ISE-SAR). Throughout this PIA,
the term ``SAR'' refers to suspicious activity reporting, which may
include activities that do not have a nexus to terrorism, and the term
``ISE-SAR'' refers to a subset of SAR that meet the ISE-SAR Functional
Standard. The ISE-SAR Functional Standard Version 1.5 defines an ISE-
SAR as official documentation of observed behavior reasonably
indicative of: Pre-operational planning related to terrorism or other
criminal activity associated with terrorism. DHS conducted the PIA
because ISE-SAR may contain PII. The PIA describes the coordinated
activities of the DHS ISE-SAR Initiative, including the process for DHS
component level review, identification, and submission of ISE-SAR to
the NSI Shared Space as well as the technology that DHS developed to
support DHS' participation in the NSI.
System: Research Project Involving Volunteers.
Component: S&T.
Date of approval: November 23, 2010.
An integral part of the S&T mission is to conduct research,
development, testing, and evaluation (RDT&E) on technologies or topics
related to improving homeland security and combating terrorism. Some
S&T RDT&E activities use volunteers to test, evaluate, provide
feedback, or otherwise collect data on certain research topics,
technologies, equipment, and capabilities related to S&T's mission.
Volunteer RDT&E activities require the collection of a range of
information from volunteers including work experience, biographic data
and images. RDT&E activities will vary in the types and breadth of data
elements and information collected from volunteers. S&T is conducting
this PIA to establish protections for all volunteer S&T RTD&E
activities. Volunteer RDT&E activities that are covered by the PIA are
listed in the appendix, updated periodically.
System: NOC Patriot Report Database.
Component: OPS.
Date of approval: December 7, 2010.
The NOC in OPS operates the NOC Patriot Report Database. The NOC
Patriot Report Database is a repository for reports generated to record
and track suspicious activity that may implicate terrorism-related or
criminal activity. OPS has conducted this PIA because the NOC Patriot
Report Database may contain PII.
System: Electronic Discovery Software System (EDSS).
Component: ICE.
Date of approval: December 10, 2010.
The Electronic Discovery Software System (EDSS) is owned by the
Office of the Principal Legal Advisor (OPLA) within ICE. EDSS supports
the collection and organization of paper and electronic documents for
analysis, review, redaction, and production to meet litigation
discovery requirements. ICE may also use the system to process agency
records in response to FOIA or PA requests. ICE conducted this PIA
because EDSS collects, analyzes, and stores PII.
System: TECS System: CBP Primary and Secondary Processing.
Component: CBP.
Date of approval: December 23, 2010.
The TECS (not an acronym) System is the updated and modified
version of the former Treasury Enforcement Communications System. TECS
is owned and managed by CBP. TECS is both an information-sharing
platform, which allows users to access different databases that may be
maintained on the platform or accessed through the platform, and the
name of a system of records that include temporary and permanent
enforcement, inspection, and operational records relevant to the
antiterrorism and law enforcement mission of CBP and numerous other
federal agencies that it supports. TECS not only provides a platform
for interaction between these systems and defined TECS users, but also
serves as a data repository to support law enforcement ``lookouts,''
border screening, and reporting for CBP's primary and secondary
inspection processes, which are generally referenced as TECS Records or
Subject Records. In order to provide more transparency as it relates to
the functions and data in TECS, CBP published separate PIAs and Privacy
Act System of Records Notices (SORNs) for the CBP sub-systems based on
the purpose and use of the information. CBP also maintains other
federal agency data on TECS to stage the information for use by CBP at
the time an individual presents himself/herself to CBP. This allows
TECS to work more efficiently and reduces the performance impact on the
originating systems. The PIA focuses on CBP's use and modernization of
TECS as it relates to the primary and secondary inspection processes
(including information collected in advance of arrival, during
inspections at the United States (U.S.) port of entry (POE), and
retention of information and reports following interactions during U.S.
border crossing activities) to ensure compliance with the numerous laws
enforced by CBP, including determining the admissibility of persons
attempting to enter the U.S. CBP will issue a separate PIA to address
the information access and system linkages facilitated for CBP, DHS,
and other federal agency systems that link to TECS and share data
within the TECS user community.
System: ELBC System: Exit Line Breach Control System.
Component: TSA.
Date of approval: December 28, 2010.
TSA has conducted an assessment of ELBC systems for use in
airports. The assessment will evaluate the ELBC systems' capability to
monitor traffic flow at the exit lanes from the sterile areas of the
airport and initiate an automated response if it appears that an
individual is entering the sterile area through the exit lane. TSA will
make results of the assessment available to airports seeking to
implement such systems. This PIA is being conducted to provide
transparency into TSA testing affecting the public and the collection
of images as part of the assessment. If TSA decides to implement such
systems for
[[Page 19116]]
its own use, a new PIA will be conducted.
System: NICC SARS: National Infrastructure Coordinating Center
Suspicious Activity Reporting Initiative (NICC).
Component: National Protection and Programs Directorate (NPPD).
Date of approval: December 29, 2010.
NPPD Office of Infrastructure Protection (IP) National
Infrastructure Coordinating Center (NICC) has published this PIA to
reflect activities under its Suspicious Activity Reporting (SAR)
Initiative. The NICC SAR Initiative serves as a mechanism by which a
report involving suspicious behavior related to an observed encounter
or reported activity is received and evaluated to determine its
potential nexus to terrorism. NICC is conducting this PIA because SAR
occasionally contain PII and NICC will be collecting and contributing
SAR data for reporting and evaluation proceedings.
System: Publicly Available Social Media Monitoring and Situational
Awareness Initiative Update.
Component: OPS.
Date of approval: January 7, 2011.
OPS, NOC, leads the Publicly Available Social Media Monitoring and
Situational Awareness (Initiative) to assist the DHS and its components
involved in fulfilling OPS statutory responsibility (Section 515 of the
Homeland Security Act (6 U.S.C. 321d(b)(1)) to provide situational
awareness and establish a common operating picture for the federal
government, and for those state, local, and tribal governments, as
appropriate. The NOC and participating components may also share this
de-identified information with international partners and the private
sector where necessary and appropriate for coordination. While this
Initiative is not designed to actively collect PII, OPS is conducting
this update to the PIA because the initiative may now collect and
disseminate PII for certain narrowly tailored categories. For example,
in the event of an in extremis situation involving potential life and
death, OPS will share certain PII with the responding authority in
order for them to take the necessary actions to save a life, such as
name and location of a person calling for help buried under rubble, or
hiding in a hotel room when the hotel is under attack by terrorists. In
the event PII comes into the Department's possession under
circumstances other than those itemized herein, the NOC will redact all
PII prior to further dissemination of any collected information. After
conducting the Second Privacy Compliance Review, it was determined that
the PIA should be updated to allow for collection and dissemination of
PII in a limited number of situations in order to respond to the
evolving operational needs of the NOC. The PIA will be reviewed every
six months to ensure compliance. The review will be done in conjunction
with a Privacy Office-led Privacy Compliance Review (PCR) of the
Initiative and of OPS social media monitoring Internet-based platforms
and information technology infrastructure.
Dated: March 17, 2011.
Mary Ellen Callahan,
Chief Privacy Officer, Department of Homeland Security.
[FR Doc. 2011-8086 Filed 4-5-11; 8:45 am]
BILLING CODE 9110-9L-P