[Federal Register Volume 74, Number 37 (Thursday, February 26, 2009)]
[Notices]
[Pages 8804-8807]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E9-4151]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Office of the Secretary


Published Privacy Impact Assessments on the Web

AGENCY: Privacy Office, DHS.

ACTION: Notice of publication of Privacy Impact Assessments.

-----------------------------------------------------------------------

SUMMARY: The Privacy Office of the Department of Homeland Security 
(DHS) is making available twenty-nine Privacy Impact Assessments on 
various programs and systems in the Department. These assessments were 
approved and published on the Privacy Office's Web site between October 
1 and December 31, 2008.

DATES: The Privacy Impact Assessments will be available on the DHS Web 
site until April 27, 2009, after which they may be obtained by 
contacting the DHS Privacy Office (contact information below).

FOR FURTHER INFORMATION CONTACT: John W. Kropf, Acting Chief Privacy 
Officer, Department of Homeland Security, Mail Stop 0550, Washington, 
DC 20528, or e-mail: [email protected].

SUPPLEMENTARY INFORMATION: Between October 1 and December 31, 2008, the 
Chief Privacy Officer of the Department of Homeland Security (DHS) 
approved and published twenty-nine Privacy Impact Assessments (PIAs) on 
the DHS Privacy Office Web site, http://www.dhs.gov/privacy, under the 
link for ``Privacy Impact Assessments.'' These PIAs cover twenty-nine 
separate DHS programs. Below is a short summary of those programs, 
indicating the DHS component responsible for the system, and the date 
on which the PIA was approved. Additional information can be found on 
the Web site or by contacting the Privacy Office.
    System: Financial Disclosure Management.
    Component: Office of General Counsel.
    Date of approval: October 1, 2008.
    The Ethics Division of the Office of General Counsel of DHS 
published this PIA for the Financial Disclosure Management System 
(FDMS). FDMS is a Web-based initiative developed to provide a mechanism 
for individuals to complete, sign, review, and file financial 
disclosure reports, first required by Title I of the Ethics in 
Government Act of 1978. This PIA was conducted because FDMS collects 
personally identifiable information (PII).

    System: Keeping Schools Safe.
    Component: Science and Technology.
    Date of approval: October 1, 2008.
    Keeping Schools Safe is a research and development effort funded by 
the DHS Science & Technology Directorate (S&T) in support of the 
Alabama State Department of Homeland Security. The purpose of this 
pilot is to test the functionality and clarity of live streaming video 
technology for first responders and law enforcement applications in a 
school environment. A PIA was conducted because images of individuals 
(volunteer Alabama law enforcement officials) will be captured during 
the field test. This PIA will only cover the research activities being 
conducted on behalf of S&T during this operational field test.

    System: United States Homeport Update.
    Component: U.S. Coast Guard.
    Date of approval: October 17, 2008.
    This is an update to the previous Homeport PIA, dated May 9, 2006, 
in order to describe the new functionality that allows merchant 
mariners to determine the status of their credential application using 
the Homeport Internet Portal. Homeport uses the identification 
information provided by the mariner to match records from the Merchant 
Mariner Licensing and Documentation system and provide mariners the 
current status of their credential application. Information provided by 
the mariner will be used solely for matching records and will not be 
retained in Homeport at the completion of the online session.

    System: Data Analysis and Research for Trade Transparency System.
    Component: Immigration and Customs Enforcement.
    Date of approval: October 20, 2008.
    Immigration and Customs Enforcement (ICE) operates the Data 
Analysis and Research for Trade Transparency System (DARTTS), which 
supports ICE investigations of trade-based money laundering, contraband 
smuggling, and trade fraud. DARTTS analyzes trade and financial data to 
identify statistically anomalous transactions that may warrant 
investigation for money laundering or other import-export crimes. These 
anomalies are then independently confirmed and further investigated by 
experienced ICE investigators. ICE conducted this PIA because DARTTS 
collects and uses PII associated with money laundering, contraband 
smuggling, and trade fraud.

    System: Secure Flight Program.
    Component: Transportation Security Administration.
    Date of approval: October 21, 2008.
    The Secure Flight program matches identifying information of 
aviation passengers and certain non-travelers against the consolidated 
and integrated terrorist watch list maintained by the Federal 
Government in a consistent and accurate manner, while minimizing false 
matches and protecting PII. TSA published a Final Rule outlining TSA's 
implementation of the Secure Flight program. In conjunction with this 
Final Rule, TSA published this updated PIA. This updated PIA reflects 
the Secure Flight program as described in the Final Rule.

    System: Alien Change of Address Card.
    Component: U.S. Citizenship and Immigration Service.
    Date of approval: October 21, 2008.
    United States Citizenship and Immigration Service (USCIS) published 
this PIA for the Alien Change of Address Card (AR-11) System. The AR-11 
tracks the address changes submitted to the Department of Homeland 
Security (DHS) in paper and electronic form as required by Section 265 
of the Immigration and Nationality Act (INA), 8 U.S.C. 1305. USCIS has 
conducted this PIA because AR-11 contains PII.

    System: First Phase of the Initial Operating Capability of 
Interoperability Between the U.S. Department of Homeland Security and 
the U.S. Department of Justice.
    Component: US VISIT.
    Date of approval: October 23, 2008.
    The DHS United States Visitor and Immigrant Status Indicator 
Technology (US-VISIT) Program, in cooperation with the Department of 
Justice Federal Bureau of Investigation (FBI) Criminal Justice 
Information Services (CJIS) Division, implemented the first phase of 
initial operating capability (IOC) of system interoperability 
(Interoperability) between US-VISIT's Automated Biometric 
Identification System (IDENT) and CJIS' Integrated Automated 
Fingerprint Identification System (IAFIS). This capability, which 
expands upon and improves the method of exchange and sharing of certain 
biometric and biographic data between IDENT and IAFIS, is intended to 
increase data sharing between DHS and Federal, State, and local 
agencies for law enforcement activity relating to the DHS mission. This 
PIA describes these uses and sharing of data under the first phase of 
the Interoperability IOC, as well as the associated privacy risks and 
measures taken by US-VISIT to mitigate those risks.


[[Page 8805]]


    System: Reality Mobile Kentucky: Operational Field Test.
    Component: Science and Technology.
    Date of approval: October 24, 2008.
    The Reality Mobile Kentucky project is a research and development 
effort by DHS S&T that seeks to test the operational effectiveness and 
efficiency of streaming video for law enforcement applications. Reality 
Mobile software is a commercially available software-driven system that 
would allow first responders and law enforcement officials to send and 
receive live video and geospatial coordinates. S&T conducted this PIA 
because the Kentucky State Police will capture images of individuals 
during the field test in accordance with their law enforcement 
authorities, standard operating procedures, and applicable state and 
local laws. This PIA covers only the research activities conducted by 
S&T during this operational field test. Should S&T acquire the 
technology and transition it to a DHS Component, that DHS Component 
will be responsible for completing the subsequent privacy assessments 
of the Reality Mobile technology and its use.

    System: Chemical Security Assessment Tool Update.
    Component: National Protection and Programs.
    Date of approval: October 27, 2008.
    This is an update to the previous Chemical Security Assessment Tool 
(CSAT) PIA. CSAT collects PII from CSAT users and Chemical-Terrorism 
Vulnerability Information Web site users. This update improves a CSAT 
user's ability to know who else in their company also has access to 
CSAT. Further, the CSAT Helpdesk collects contact information both from 
CSAT users requesting basic CSAT IT support and from the general public 
inquiring about the CSAT program. Provision of basic CSAT user 
information to the Helpdesk will allow quicker services and support.

    System: Homeland Security Virtual Assistance Center.
    Component: Federal Emergency Management Agency.
    Date of approval: November 3, 2008.
    The DHS Federal Emergency Management Agency (FEMA) National 
Preparedness Directorate operates the Homeland Security Virtual 
Assistance Center (HSVAC). HSVAC is an advanced Web-based, technical 
assistance management solution that supports FEMA in the scheduling, 
coordination, and management of training provided to First Responders, 
including state and local government entities and organizations. FEMA 
conducted this PIA because HSVAC will use and maintain PII to 
authenticate user identities of those individuals requesting access to 
the application.

    System: USCIS Person Centric Query Service Supporting Visa Benefit 
Adjudicators, Visa Fraud Officers, and Consular Officers of the 
Department of State, Bureau of Consular Affairs.
    Component: U.S. Citizenship and Immigration Services.
    Date of approval: November 5, 2008.
    This is an update to the existing PIA for the Department of State, 
Bureau of Consular Affairs, Visa Benefit Adjudicators, Visa Fraud 
Officers, and Consular Officers (Adjudicators and Officers) use of the 
Person Centric Query Service (PCQS), operating through the USCIS 
Enterprise Service Bus to expand the PCQS person-search capability and 
describe the privacy impact of expanding the PCQS to include the 
following additional systems to the PCQS query for the Bureau of 
Consular Affairs, Adjudicators and Officers Client: (1) USCIS Marriage 
Fraud Amendment System and (2) USCIS Reengineered Naturalization 
Applications Casework System.

    System: Air Cargo Security Requirements.
    Component: Transportation Security Administration.
    Date of approval: November 12, 2008.
    TSA made several changes to its air cargo program that involve the 
collection of PII and the addition of new populations for which 
information will be collected. First, for TSA conducted security threat 
assessments (STAs) on individuals participating in its air cargo 
programs, TSA requires the submittal of contact and employer 
information for all participants so TSA can contact the individual in 
the adjudication process. Second, TSA allows non-citizens who do not 
have an Alien Registration Number to provide a Form I-94 Arrival/
Departure number. Third, TSA created a new Certified Cargo Screening 
Program (CCSP), expanding the population of individuals who will need 
to provide PII for TSA-conducted STAs. A new automated collection STA 
Tool deployed to support the collection of PII from the CCSP 
population. Fourth, TSA updated the records retention schedule and 
redress processes applicable to all populations submitting PII for STAs 
under its air cargo programs. In accordance with Section 222 of the 
Homeland Security Act of 2002, TSA issued this update (PIA Update) to 
the Air Cargo Security Requirements PIA published on April 14, 2006, to 
incorporate these changes. The April 14, 2006 PIA remains in effect to 
the extent that it is consistent with this update. This update should 
be read together with the 2006 PIA.

    System: Advance Passenger Information System Final Rule.
    Component: Customs and Border Protection.
    Date of approval: November 18, 2008.
    CBP issued a Final Rule to amend regulations governing the 
submission of Advanced Passenger Information System (APIS) data to 
include private aircraft. CBP published a revised PIA and a revised 
associated System of Records Notice to include these final changes with 
its existing APIS privacy notices. The previous System of Records 
Notice for the APIS system was last published at 72 FR 48349, August 
23, 2007. On September 18, 2007, CBP published a Notice of Proposed 
Rulemaking in the Federal Register (72 FR 53393) proposing amendments 
to CBP regulations concerning the advance electronic transmission of 
passenger and crew manifests for private aircraft arriving in and 
departing from the United States, commonly referred to as APIS. A PIA 
update was published on the DHS Web site at the same time discussing 
the impact of the notice of proposed rule.

    System: Law Enforcement Intelligence Fusion Systems.
    Component: Immigration and Customs Enforcement.
    Date of approval: November 17, 2008.
    The ICE Law Enforcement Intelligence Fusion System (IFS) enables 
ICE and other DHS law enforcement and homeland security personnel to 
analyze volumes of information from multiple data sources through a 
single Web-based access point. All IFS activity is predicated on 
ongoing and valid homeland security operations, law enforcement 
activities, and intelligence production requirements. IFS was formerly 
known as the ICE Network Law Enforcement Analysis Data System. ICE has 
completed this PIA to provide additional notice of the existence of IFS 
and publicly document the privacy protections that are in place for 
IFS.

    System: Vessel Requirements for Notices of Arrival and Departure 
and Automatic Identification System Notice of Proposed Rulemaking.
    Component: U.S. Coast Guard.
    Date of approval: November 19, 2008.
    The USCG published a proposed rule entitled ``Vessel Requirements 
for Notices of Arrival and Departure and Automatic Identification 
System.'' The rule proposes to expand the applicability of notice of 
arrival (NOA) requirements to additional vessels,

[[Page 8806]]

establish a separate requirement for certain vessels to submit notices 
of departure (NOD), set forth a mandatory method for electronic 
submission of NOA and NOD, and modify related reporting content, 
timeframes, and procedures. This proposed rule would also expand the 
applicability of Automatic Identification System (AIS) requirements 
beyond Vessel Traffic Service areas to all U.S. navigable waters and 
require AIS carriage for additional commercial vessels. USCG conducted 
this PIA because portions of the rule require an expansion of an 
existing collection of PII and because the system, Ship Arrival 
Notification System, which maintains the NOA and NOD information, will 
maintain the collection of PII.

    System: Verification Information System Update.
    Component: U.S. Citizenship and Immigration Services.
    Date of approval: November 20, 2008.
    The Verification Division of USCIS operates the Verification 
Information System (VIS). VIS is a composite information system that 
provides immigration status verification for government agencies and 
verification of employment authorization for employers participating in 
the E-Verify program. USCIS conducted this PIA to: (1) Cover the 
expansion of VIS to collect and verify information from United States 
Passports and Passport Cards from E-Verify users, (2) describe the 
expansion of the scope of SAVE to include verification of citizenship 
and immigration status for any DHS lawful purpose, not just for 
government benefit granting purposes as described in previous PIAs, and 
(3) describe the expansion of the scope of E-Verify to indicate that it 
is no longer solely voluntary in some cases and no longer solely for 
new employees in certain cases.

    System: Suspicious Activity Reports Project.
    Component: Operations.
    Date of approval: November 21, 2008.
    The Office of Operations Coordination and Planning (OPS), in 
cooperation with the S&T published this PIA to reflect a planned 
research project regarding Suspicious Activity Reports (SARs). The 
Operations Coordination and Planning Directorate will host a stand-
alone system designed to analyze Suspicious Activity Report data taken 
from several DHS components. OPS conducted this PIA because SARs 
occasionally contain PII and because it is physically hosting the 
project in addition to contributing SARS data.

    System: National Flood Insurance Program (NFIP) Modernization/
Business Process Improvement/Systems Engineering Management Support.
    Component: Federal Emergency Management Agency.
    Date of approval: November 26, 2008.
    The DHS FEMA National Flood Insurance Program (NFIP) Modernization, 
Business Process Improvement, and Systems Engineering Management 
Support project has transitioned into NFIP IT NextGen. The NFIP IT 
NextGen service oriented and integrated systems will support daily 
reporting by NFIP insurance companies and improve services to 
stakeholders, especially policy holders. The purpose of this PIA is to 
describe the collection of information in conducting NFIP processes and 
how NFIP information is used by FEMA and the NFIP community.

    System: Automated Targeting System Update.
    Component: Customs and Border Protection.
    Date of approval: December 2, 2008.
    This is an update to the previous Automated Targeting System PIA, 
dated August 3, 2007, in order to expand the scope of the data accessed 
for screening and targeting purposes to include additional importer and 
carrier requirements. In conjunction with this update, CBP published an 
Interim Final Rule that amends the CBP regulations contained in 19 CFR 
parts 4, 12, 18, 101, 103, 113, 122, 123, 141, 143, 149, 178, and 192 
addressing the advanced electronic submission of information by 
importers and vessel carriers.

    System: Automated Commercial System/Automated Commercial 
Environment-Importer Security Filing Data.
    Component: Customs and Border Protection.
    Date of approval: December 2, 2008.
    CBP expanded and revised the collection of data from carriers and 
importers to the Automated Commercial System (ACS) in an effort to 
prevent terrorist weapons from being transported to the United States. 
Using ACS, CBP collects cargo, carrier, importer, and other data to 
achieve improved high-risk cargo targeting as required by Section 203 
of the Security and Accountability for Every Port Act of 2006 (Pub. L. 
109-347, 120 Stat. 1884 (SAFE Port Act)). This PIA was conducted to 
explore the use of PII contained in the Importer Security Filing 
submitted by the importer to CBP.

    System: Customer Relationship Interface System.
    Component: U.S. Citizenship and Immigration Services.
    Date of approval: December 4, 2008.
    USCIS developed the Customer Relationship Interface System (CRIS) 
to provide USCIS customers with the status of pending applications and 
petitions for benefits and processing time information. This PIA is 
required because the CRIS database contains PII such as Alien 
Registration Number (A-Number), full name, date of birth, and address.

    System: State, Local, and Regional Fusion Center Initiative.
    Component: Department of Homeland Security.
    Date of approval: December 11, 2008.
    Pursuant to Section 511 of the Implementing Recommendations of the 
9/11 Commission Act of 2007 (the ``9/11 Commission Act'' or ``the 
Act''), Public Law No. 110-53, the DHS Privacy Office conducted a PIA 
on the Homeland Security State, Local, and Regional Fusion Center 
Initiative (the Initiative). Under the Initiative, DHS will facilitate 
appropriate, bi-directional information sharing between the Department 
and State, Local, and Regional Fusion Centers. In addition, the 
Department will assign trained intelligence analysts to fusion centers, 
provided those centers meet a number of criteria set forth in the text. 
The Act requires the Department to complete a concept of operations 
(CONOPS) for the Initiative, including a PIA. The CONOPS also includes 
a Civil Liberties Impact Assessment, conducted by the DHS Office for 
Civil Rights and Civil Liberties.

    System: Future Attribute Screening Technology Project.
    Component: Science and Technology.
    Date of approval: December 15, 2008.
    DHS identified a need for new technical capabilities that can 
rapidly identify suspicious behavior indicators to provide real-time 
decision support to security and law enforcement personnel. The Future 
Attribute Screening Technology Mobile Module (FAST) project, sponsored 
by S&T Homeland Security Advanced Research Projects Agency and executed 
under the oversight of DHS S&T's Human Factors Behavior Sciences 
Division, seeks to develop people screening technologies that will 
enable security officials to test the effectiveness of current 
screening methods at evaluating suspicious behaviors and judging the 
implications of those behaviors. The ultimate goal of the FAST project 
is to equip security officials with the tools to assess potential 
threats rapidly. This first phase of the FAST project is limited to

[[Page 8807]]

identifying various screening sensors and conducting testing of various 
sensors with volunteer participants.

    System: Scheduling and Notification of Applicants for Processing.
    Component: U.S. Citizenship and Immigration Services.
    Date of approval: December 15, 2008.
    USCIS developed the Scheduling and Notification of Applicants for 
Processing (SNAP) system. SNAP automatically schedules appointments for 
immigration benefits for applicants/petitioners to submit biometric 
information to USCIS. USCIS conducted this PIA because SNAP uses PII to 
perform its scheduling functions.

    System: Customer Proprietary Network Information.
    Component: United States Secret Service.
    Date of approval: December 17, 2008.
    The U.S. Secret Service (USSS) and the FBI co-sponsor and manage 
the Customer Proprietary Network Information (CPNI) Reporting Web site. 
The Web site is a tool for telecommunications carriers to report a 
breach of its customer proprietary network information to law 
enforcement. The USSS and the FBI conducted this PIA because the CPNI 
Reporting Web site contains PII.

    System: Changes to Requirements Affecting H-2A Nonimmigrants and 
Changes to Requirements Affecting H-2B Nonimmigrants and Employers 
Final Rules.
    Component: U.S. Citizenship and Immigration Services.
    Date of approval: December 18, 2008.
    USCIS published this PIA in conjunction with two Final Rules titled 
Changes to Requirements Affecting H-2A Nonimmigrants and Changes to 
Requirements Affecting H-2B Nonimmigrants and Employers. The Final 
Rules announce employers' requirements to notify USCIS when an H-2A or 
H-2B worker absconds, fails to report for work, or is terminated early 
and/or when any prohibited fees are collected from aliens as a 
condition of H-2A or H-2B employment. USCIS conducted this PIA because 
the nonimmigrant visa programs associated with these Final Rules 
involve the collection of PII.

    System: Stand-Off Detection.
    Component: Transportation Security Administration.
    Date of approval: December 23, 2008.
    TSA deploys advanced explosives detection technology using passive 
millimeter wave screening technologies as part of the agency's efforts 
to ensure the safety of travelers. The objective is to identify 
individuals who may seek to detonate explosives in transportation 
facilities. This PIA was conducted to provide transparency into TSA 
operations affecting the public.

    System: Disaster Assistance Improvement Plan.
    Component: Federal Emergency Management Agency.
    Date of approval: December 31, 2008.
    DHS FEMA developed the Disaster Assistance Improvement Program 
(Disaster Assistance Center) in accordance with the August 29, 2006, 
Executive Order 13411, ``Improving Assistance for Disaster Victims.'' 
The Disaster Assistance Center is an enhancement and upgrade of the 
current system known as the National Emergency Management Information 
System, which contains, stores, and manages information contained in 
the Disaster Recovery Assistance Files System of Records (DHS/FEMA--REG 
2), as announced in the Disaster Recovery Assistance Files System of 
Record Notice (71 FR 38408, July 6, 2006) (DRA SORN). The data elements 
include those that are contained and captured on the FEMA form 90-69. 
The objective of this PIA is to identify and address the safeguarding 
of PII that may result from FEMA's proposed implementation of Executive 
Order 13411 and its modification of the Individual Assistance Center 
application.

    System: Department of Homeland Security General Contact List.
    Component: DHS Wide.
    Date of approval: December 19, 2008.
    Many DHS operations and projects collect a minimal amount of 
contact information in order to distribute information and perform 
various other administrative tasks. Department Headquarters conducted 
this PIA because contact lists contain PII. The Department added the 
following systems to this PIA:
     U.S. Coast Guard Citizen's Action Network.
     Transportation Security Administration Rail Security.
     Transportation Security Administration Enterprise 
Performance Management Platform.
     National Protection and Programs Directorate Vehicle-
Bourne Explosive Device Training.
     U.S. Coast Guard 2009 World Maritime Day Parallel Event.
     Transportation Security Administration Inquiry Management 
System.

John W. Kropf,
Acting Chief Privacy Officer, Department of Homeland Security.
[FR Doc. E9-4151 Filed 2-25-09; 8:45 am]
BILLING CODE 4410-10-P