AGENCY:

Privacy Office, DHS.

ACTION:

Notice of publication of Privacy Impact Assessments.

SUMMARY:

The Privacy Office of the Department of Homeland Security (DHS) is making available thirty-five Privacy Impact Assessments on various programs and systems in the Department. These assessments were approved and published on the Privacy Office's Web site between October 1, 2009 and May 31, 2010.

DATES:

The Privacy Impact Assessments will be available on the DHS Web site until October 19, 2010, after which they may be obtained by contacting the DHS Privacy Office (contact information below).

FOR FURTHER INFORMATION CONTACT:

Mary Ellen Callahan, Chief Privacy Officer, Department of Homeland Security, Washington, DC 20528, or e-mail: pia@dhs.gov.

SUPPLEMENTARY INFORMATION:

Between October 1, 2009, and May 31, 2010, the Start Printed Page 51469Chief Privacy Officer of the Department of Homeland Security (DHS) approved and published thirty-five Privacy Impact Assessments (PIAs) on the DHS Privacy Office Web site, http://www.dhs.gov/​privacy,, under the link for “Privacy Impact Assessments.” These PIAs cover thirty-five separate DHS programs. Below is a short summary of the programs, indicating the DHS component responsible for the system, and the date on which the PIA was approved. Additional information can be found on the Web site or by contacting the Privacy Office.

System: IDOCX System.

Component: Immigration and Customs Enforcement.

Date of approval: October 14, 2009.

IDOCX is an information system owned by Immigration and Customs Enforcement (ICE). The system supports the collection, organization, and analysis of paper and electronic documents for law enforcement and other programmatic or administrative purposes. ICE conducted this PIA because IDOCX collects, analyzes, and stores personally identifiable information (PII).

System: Five Country Joint Enrollment and Information-Sharing Project.

Component: United States Visitor and Immigrant Status Indicator Technology.

Date of approval: November 2, 2009.

The United States Visitor and Immigration Status Indicator Technology (US-VISIT) Program of DHS published this PIA to cover a new, systematic and long-term information-sharing project with trusted partner nations for immigration purposes. The Five Country Conference (FCC) is a forum for co-operation on migration and border security, between the countries of Australia, Canada, New Zealand, United Kingdom, and the United States. The FCC Information-Sharing Project is a partnership among all the members of the FCC that is aligned with the DHS mission as well as the US-VISIT Strategic Plan because it will help identify individuals whose identities were previously unknown and by doing so, improve national security in support of DHS-wide initiatives and other mission goals.

System: Travel and Employment Authorization Listings.

Component: United States Citizenship and Immigration Services.

Date of approval: November 3, 2009.

The United States Citizenship and Immigration Services (USCIS) developed the Travel and Employment Authorization Listings (TEAL) system to streamline access to relevant information during the adjudication of certain benefits. TEAL consolidates immigration information about applicants from selected USCIS and DHS systems to provide greater accessibility to immigration information necessary to determine benefit eligibility. USCIS is conducting this PIA because TEAL retrieves PII from USCIS and DHS systems.

System: Bond Management Information System Web Version Interface and Collection Update.

Component: Immigration and Customs Enforcment.

Date of approval: November 20, 2009.

The Bond Management Information System/Web Version (BMIS Web) is an immigration bond management database used primarily by the Office of Financial Management (OFM) at ICE. The basic function of BMIS Web is to record and maintain for financial management purposes the immigration bonds that are posted for aliens involved in removal proceedings. The PIA for BMIS Web was originally published in August 2008. Since then, the system interfaces and the scope of the information collected have changed, thus necessitating an update to the PIA.

System: Boating Accident Report Database.

Component: United States Coast Guard.

Date of approval: November 12, 2009.

The United States Coast Guard (USCG) developed the Boating Accident Report Database (BARD) to serve as a receptacle for boating accident report data, submitted by each of the 56 State and territorial reporting authorities as required by 46 USC 6102. USCG conducted this PIA because the boating accident report data contains PII.

System: Refugees, Asylum, and Parole System and the Asylum Pre-Screening System.

Component: United States Citizenship and Immigration Services.

Date of approval: November 24, 2009.

USCIS maintains the Refugees, Asylum, and Parole System and the Asylum Pre-Screening System (RAPS APSS). Both systems, originally developed by the former Immigration and Naturalization Service (INS), comprise the USCIS' Asylum program and are used to capture information pertaining to asylum applications, credible fear and reasonable fear screening processes, and applications for benefits provided by Section 203 of the Nicaraguan Adjustment and Central American Relief Act (NACARA § 203). USCIS conducted PIA because both RAPS and APSS contain PII.

System: Password Issuance and Control System.

Component: Immigration and Customs Enforcement.

Date of approval: November 24, 2009.

The Password Issuance and Control System is used by ICE and USCIS for password management and to manage user access to ICE and USCIS information systems. ICE conducted this PIA because the system collects PII.

System: Financial Disclosure Management.

Component: Office of General Counsel.

Date of approval: November 24, 2009.

The Ethics Division of the Office of General Counsel of DHS published an update to the PIA for the Financial Disclosure Management System (FDMS) dated September 30, 2008. FDMS is a Web-based initiative developed to provide a mechanism for individuals to complete, sign, review, and file financial disclosure reports, first required by Title I of the Ethics in Government Act of 1978. This update extends coverage to the PII collected by Executive Branch Confidential Financial Disclosure Reports (OGE Form 450).

System: Recruit Analysis and Tracking System.

Component: United States Coast Guard.

Date of approval: November 30, 2009.

The DHS United States Coast Guard Recruiting Command operates the Recruit Analysis and Tracking System (RATS) to support the USCG recruiting mission. The system gathers and distributes recruiting leads, tracks recruit progression, prepares accession forms, processes reservations for enlisted and officer candidates, manages the mission plan, provides point-in-time projections, and reports on quality, quantity, and diversity statistics for the recruiting effort. USCG conducted this PIA because RATS collects and retains PII.

System: H1N1 Medical Care for DHS Employees.

Component: Office of Health Affairs.

Date of approval: December 1, 2009.

The DHS Office of Health Affairs (OHA) issued Standard Operating Procedures (SOP) to set forth requirements for DHS Components to provide medical care to DHS Mission Critical and Emergency Essential employees located in remote or medically austere environments who either present with influenza-like symptoms, or have been exposed to a probable case of H1N1 influenza. The SOP will remain in effect for the duration of the Department of Health and Human Services (HHS)—declared public health emergency with respect to H1N1. OHA is conducted this PIA Start Printed Page 51470because the SOP involves the collection of PII.

System: Student & Exchange Visitor Information.

Component: Immigration and Customs Enforcement.

Date of approval: December 4, 2009.

ICE is developing the Student & Exchange Visitor Information (SEVIS II) as a modernization effort to address limitations in the original SEVIS immigration benefits tracking tool. SEVIS II is an information system that tracks and monitors students, exchange visitors, and their dependents that are in the U.S. on F, M, or J classes of admission throughout the duration of approved participation within the U.S. education system or designated exchange visitor program. SEVIS also maintains information on the schools, exchange visitor program sponsors, and their representatives. ICE conducted this PIA to document publicly the privacy protections that are in place within the system because SEVIS II collects, maintains, and provides PII in the execution of its mission.

System: Alien Flight Student Program.

Component: Transportation Security Administration.

Date of approval: December 4, 2009.

The Transportation Security Administration (TSA) updated the PIA used by the Alien Flight Student Program (AFSP) to conduct security threat assessments (STAs). TSA issued this update to expand the covered population required to undergo STAs to include candidates seeking recurrent flight training. The AFSP PIA was published initially on June 18, 2004, and subsequently amended on December 22, 2006. The December 22, 2006 PIA remains in effect to the extent that it is consistent with this update, and should be read together with this update.

System: Stakeholder Engagement Initiative: Customer Relationship Management.

Component: DHS Wide.

Date of approval: December 10, 2009.

The Office of the White House Liaison and the Office of Policy, in coordination with the Office of Intergovernmental Affairs, are developing the Customer Relationship Management (CRM), a data management tool being employed by the Stakeholder Engagement Initiative (SEI). The system will be an online database which manages information on external stakeholders and tracks the interactions between these individuals and DHS. This PIA is being conducted because PII will be collected and maintained on a variety of stakeholders.

System: 287(g) Program Database.

Component: Immigration and Customs Enforcement.

Date of approval: December 28, 2009.

The ICE Office of State and Local Coordination maintains a database for the 287(g) Program, under which ICE delegates Federal immigration enforcement authorities to State and local law enforcement agencies. The database is used to track the progress of delegation agreements between ICE and State and local law enforcement agencies and the vetting and training of individual State and local law enforcement officers who are candidates for 287(g) authority. ICE conducted this PIA because the 287(g) Program database collects, uses, and maintains PII.

System: Enforcement Integrated Database.

Component: Immigration and Customs Enforcement.

Date of approval: January 14, 2010.

The Enforcement Integrated Database (EID) is a DHS shared common database repository for several DHS law enforcement and homeland security applications. EID captures and maintains information related to the investigation, arrest, booking, detention, and removal of persons encountered during immigration and criminal law enforcement investigations and operations conducted by ICE and Customs and Border Protection (CBP). The majority of records in EID are predicated on ongoing DHS law enforcement activity. ICE conducted this PIA to provide additional notice of the existence of the EID and the applications that access EID, and to publicly document the privacy protections that are in place for the system.

System: ICEGangs Database.

Component: Immigration and Customs Enforcement.

Date of approval: January 15, 2010.

ICE uses a gang-tracking software application used for investigative, analytical, and statistical recording and tracking of gang members and associates, gangs, and their activities called ICEGangs. The ICEGangs database supports information sharing on gang members and activities among participating law enforcement agencies. ICE conducted this PIA because the system collects and maintains PII.

System: Immigration and Customs Enforcement Child Exploitation Tracking System.

Component: Immigration and Customs Enforcement.

Date of approval: January 19, 2010.

The Immigration and Customs Enforcement Child Exploitation Tracking System (ICE-CETS) is a centralized information repository that assists law enforcement in conducting child exploitation investigations. The ICE-CETS database allows information about related investigations to be shared and tied together to reduce redundant investigative work. ICE conducted this PIA because PII is maintained in ICE-CETS.

System: Sensor Web.

Component: Science and Technology Directorate.

Date of approval: January 20, 2010.

The Sensor Web project is a research and development effort funded by DHS Science and Technology (S&T) Office of Small Business Innovation Research (SBIR) that seeks to develop and test the effectiveness of a smart sensor system for potential law enforcement and first responder applications. The technologies being tested—video recording technology and analytic tools to interpret and process that video—are technologies that potentially impact the privacy of individuals, both during the tests and in future live settings. S&T conducted this PIA to assess the immediate privacy impacts of conducting the tests as well as the more general privacy impacts of the technology itself.

System: Haiti Social Media Disaster Monitoring Initiative.

Component: Office of Operations Coordination and Planning.

Date of approval: January 21, 2010.

The Office of Operations Coordination and Planning (OPS), National Operations Center (NOC), launched a Haiti Social Media Disaster Monitoring Initiative (Initiative) to assist the DHS, and its components involved in the response, recovery, and rebuilding effort resulting from the recent earthquake and after-effects in Haiti. The NOC used this vehicle to fulfill its statutory responsibility to provide situational awareness and establish a common operating picture for the Federal Government, and for those State, local, and Tribal governments, as appropriate, assisting with the response, recovery, and rebuilding effort in Haiti. While this Initiative was not designed to collect PII, OPS conducted this PIA because the Initiative could potentially involve information received in an identifiable form. This PIA was effective for 90 days and expired in May 2010.

System: IdeaFactory.

Component: DHS Wide.

Date of approval: January 21, 2010.

DHS deployed IdeaFactory, an Intranet Web-based tool that uses social media concepts to enable innovation and organizational collaboration within the DHS. IdeaFactory empowers employees to develop, rate, and improve Start Printed Page 51471innovative ideas for programs, processes, and technologies. This privacy impact assessment was conducted because the site collects limited PII on users submitting ideas.

System: Enterprise Security System.

Component: Federal Law Enforcement Training Center.

Date of approval: January 25, 2010.

The Federal Law Enforcement Training Center (FLETC) launched the Enterprise Security System (ESS) to standardize the process for students, contractors, visitors, and personnel to obtain access to FLETC facilities. FLETC conducted this PIA because ESS collects and maintains PII on students, visitors, and personnel.

System: Academy Information System.

Component: United States Coast Guard.

Date of approval: January 26, 2010.

The United States Coast Guard Academy (CGA) developed the Academy information System (ACADIS) transactional database system. ACADIS provides an information resource for the management of the CGA educational environment including the training and development of all future Coast Guard officers. To support this function, ACADIS processes transactional data for cadet military program records and various facility applications, manages applicant data to facilitate the admissions process, and warehouses data on cadets, prior cadets, faculty, and staff. USCG conducted this PIA because ACADIS collects and maintains PII.

System: 2010 Winter Olympics Social Media Event Monitoring Initiative.

Component: Office of Operations Coordination and Planning.

Date of approval: February 10, 2010.

The OPS, National Operations Center (NOC), launched a 2010 Winter Olympics Social Media Event Monitoring Initiative (Initiative) to assist the DHS and its components involved in the security, safety, and border control associated with the 2010 Winter Olympics in Vancouver, British Columbia (BC). The NOC used this vehicle to fulfill its statutory responsibility to provide situational awareness and establish a common operating picture for the Federal government, and for those State, local, and Tribal governments, as appropriate, assisting with the security, safety, and border control associated with the Olympics. While this Initiative was not designed to collect PII, OPS conducted this PIA because the Initiative could potentially involve information received in an identifiable form. This PIA was effective for 30 days and expired March 10, 2010.

System: EINSTEIN 1: Michigan Proof of Concept.

Component: National Protection and Programs Directorate.

Date of approval: February 19, 2010.

The DHS and the State of Michigan (Michigan) plan to engage in a 12-month proof of concept to determine the benefits and issues presented by deploying the EINSTEIN 1 capability to Michigan government networks managed by the Michigan Department of Information Technology (MDIT). This PIA updates the previous EINSTEIN PIAs (EINSTEIN 1 PIA from 2004 and EINSTEIN 2 PIA from 2008, both available on http://www.dhs.gov/​privacy) in one narrow aspect: the use of EINSTEIN 1 technology in a proof of concept with Michigan. This PIA update addresses the privacy impacts of extending the current EINSTEIN 1 functionality to Michigan in this specific proof of concept.

System: Suspension and Debarment Case Management System.

Component: Immigration and Customs Enforcement.

Date of approval: February 19, 2010.

The Suspension and Debarment Case Management System (SDCMS) is a secure, Web-based workflow management system maintained by the Office of Acquisition Management (OAQ) of the ICE that manages ICE's suspension and debarment process. The purpose of SDCMS is to provide an automated mechanism for managing and reporting on all suspension and debarment activities from receipt of referral through the expiration date of the suspension or debarment period. The information maintained in SDCMS may contain PII on Federal contractors being referred for suspension or debarment. ICE conducted this PIA because SDCMS collects and maintains PII.

System: US-CERT: Initiative Three Exercise.

Component: National Protection and Programs Directorate.

Date of approval: March 18, 2010.

Pursuant to Initiative Three of the Comprehensive National Cybersecurity Initiative, DHS is engaging in an exercise to demonstrate a suite of technologies that could be included in the next generation of the Department's EINSTEIN network security program. This demonstration, (commonly referred to as the “Initiative Three Exercise” or, more simply, as “the Exercise”) will use a modified complement of system components currently providing the EINSTEIN 1 and EINSTEIN 2 capabilities, as well as a DHS test deployment of technology developed by the National Security Agency (NSA) that includes an intrusion prevention capability (collectively referred to as “the Exercise technology”). The purpose of the Exercise is to demonstrate the ability of an existing Internet Service Provider that is a designated as a Trusted Internet Connection Access Provider (TICAP) to select and redirect Internet traffic from a single participating government agency through the Exercise technology, for US-CERT to apply intrusion detection and prevention measures to that traffic and for US-CERT to generate automated alerts about selected cyber threats. This PIA is being conducted because the Exercise will analyze Internet traffic which may contain PII.

System: Background Vetting Service.

Component: United States Citizenship and Immigration Services.

Date of approval: March 22, 2010.

The USCIS developed the Background Vetting Service (BVS) to comply with the Adam Walsh Child Protection and Safety Act of 2006, Public Law 109-248 which restricts the ability of any U.S. citizen (USC) or lawful permanent resident alien (LPR) who has been convicted of any “specified offense against a minor” from filing certain family-based immigration petitions. Under the BVS, the USCIS will facilitate fingerprint checks of USCs whose principal residence is overseas filing family-based immigration petitions at Department of State (DOS) Overseas Posts against the Federal Bureau of Investigation's (FBI) Integrated Automated Fingerprint Identification System (IAFIS) and the US-VISIT Automated Biometric Identification System (IDENT). The information is collected and assembled by DOS. The USCIS BVS does not collect or originate any information but only serves as a conduit to route the information between DOS, US-VISIT, FBI IAFIS, and the USCIS BVS Users. USCIS Conducted this PIA because BVS checks PII collected by DOS against US-VISIT's IDENT and FBI's IAFIS and returns a status flag back to DOS for their use in the adjudication of the applicable petition.

System: Integrated Common Analytical Viewer Sensitive But Unclassified.

Component: National Protection and Programs Directorate.

Date of approval: March 29, 2010.

The DHS National Protection and Programs Directorate (NPPD) implemented the Integrated Common Analytical Viewer Sensitive But Unclassified (iCAV SBU), a sensitive but unclassified, secure, Web-based, geospatial visualization tool that integrates commercial and government-Start Printed Page 51472owned data and imagery from multiple sources enabling homeland security partners to establish comprehensive situational and strategic awareness across the nation and around the globe to better prepare for, prevent, respond to and recover from natural and man-made disasters. This PIA was performed to analyze and evaluate any privacy impact resulting from the use of visualization technology.

System: Workplace Violence Prevention Program.

Component: Transportation Security Administration.

Date of approval: March 30, 2010.

The TSA is committed to providing a safe work environment for its personnel. Toward that goal, TSA has established a Workplace Violence Protection Program (WVPP) that provides: national guidance to TSA program coordinators regarding the prevention of, and response to, incidents of actual or alleged workplace violence; reviews reports of credible threats or actual incidents of workplace violence; provides advice and guidance to program coordinators and management regarding agency action; and coordinates training for program coordinators and TSA employees and contractors. Workplace violence incident data, including PII, is maintained and secured by TSA program personnel.

System: Online Detainee Locator System.

Component: Immigration and Customs Enforcement.

Date of approval: April 9, 2010.

The Online Detainee Locator System (ODLS) is a publicly accessible, Web-based system owned by ICE. ODLS allows the public to conduct online Internet-based queries to locate persons detained by ICE for civil violations of the Immigration and Nationality Act. ODLS is intended to allow members of the public, especially family members and legal representatives, to determine whether an individual is currently in ICE detention and, if so, at which facility the person is detained. ICE conducted this PIA because this system makes available to the public PII about individuals detained by ICE.

System: Eligibility Risk and Fraud Assessment Testing Environment.

Component: United States Citizenship and Immigration Services.

Date of approval: April 9, 2010.

The Office of Transformation Coordination of the USCIS is planning to prototype the Eligibility Risk and Fraud Assessment Testing Environment. This environment will be used to develop, test, and refine the risk and fraud business rules against historical data extracts before deploying to a full production environment. This new testing involves the use of personally indefinable information.

System: Alien Criminal Response Information Management System.

Component: Immigration and Customs Enforcement.

Date of approval: April 22, 2010.

The Alien Criminal Response Information Management System (ACRIMe) is an information system used by ICE to support various law enforcement activities at the ICE Law Enforcement Support Center and other ICE locations. ACRIMe supports ICE's handling of and response to immigration status inquiries made by other agencies regarding individuals arrested, subject to background checks, or otherwise encountered by those agencies. ACRIMe also supports the ICE Secure Communities Program, which provides a biometric-based means to identify criminal aliens for possible removal from the United States.

System: Data Analysis and Research for Trade Transparency System.

Component: Immigration and Customs Enforcement.

Date of approval: April 26, 2010.

The DHS, ICE operates the Data Analysis and Research for Trade Transparency System (DARTTS), which supports ICE investigations of trade-based money laundering, contraband smuggling, and trade fraud. DARTTS analyzes trade and financial data to identify statistically anomalous transactions that may warrant investigation for money laundering or other import-export crimes. These anomalies are then independently confirmed and further investigated by experienced ICE investigators. The original PIA for DARTTS was published in October 2008. ICE is migrating DARTTS to the ICE Enterprise Network, and has added two new sets of financial data and a new set of trade data. ICE also implemented new audit features and capabilities to enhance integrity and accountability. ICE is updating and republishing the DARTTS PIA to reflect these changes.

System: Customer Identity Verification System Update.

Component: United States Citizenship and Immigration Services.

Date of approval: April 26, 2010.

The USCIS is updating its PIA for the Customer Identity Verification (CIV) system to remove the “Pilot” designation of the system and to address the further deployment of the system to all field offices. The CIV system collects and uses biometrics (fingerprints and pictures) when an applicant appears before USCIS in person at the time of an interview so that USCIS can verify that the individual being interviewed is the same person for whom it conducted a background check and collected other information at the Application Support Center. USCIS will use US-VISIT Secondary Inspections Tool, a Web-based tool, that processes, displays, and retrieves biometric and biographic data from the Automated Biometric Identification System.

System: April 2010 BP Oil Spill Response Social Media Event Monitoring Initiative.

Component: Office of Operations Coordination and Planning.

Date of approval: April 29, 2010.

The OPS, National Operations Center (NOC), has launched an April 2010 BP Oil Spill Response Social Media Event Monitoring Initiative (Initiative) to assist the DHS and its components involved in the security, safety, and emergency response associated with the BP oil spill response off the Gulf Coast. The NOC is using this vehicle to fulfill its statutory responsibility to provide situational awareness and establish a common operating picture for the Federal government, and for those State, local, and Tribal governments, as appropriate, assisting with the security, safety, and emergency response associated with the oil spill. While this Initiative is not designed to collect PII, OPS is conducting this PIA because the Initiative could potentially involve PII or other information received in an identifiable form. This PIA was effective for 60 days and expired at that time.

System: Malware Lab Network.

Component: National Protection and Programs Directorate.

Date of approval: May 4, 2010.

The goal of the DHS, NPPD is to advance the risk-reduction segment of the Department's overall mission. To meet this goal, the NPPD/U.S. Computer Emergency Readiness Team (US-CERT) provides key capabilities in four cyber mission areas: (1) Alert, Warning, and Analysis; (2) Coordination and Collaboration; (3) Response and Assistance; and (4) Protection and Detection. The Malware Lab Network (MLN) contributes critical support to existing tools used by US-CERT to better meet these cyber mission areas. The MLN collects, uses, and maintains analytically relevant information in order to support the Department's cyber security mission, including the prevention and mitigation of cyber attacks, protection of information infrastructure, the assessment of cyber vulnerabilities, and response to cyber incidents. DHS conducted this PIA to Start Printed Page 51473publicly analyze and evaluate the PII within the MLN.