[Federal Register Volume 76, Number 66 (Wednesday, April 6, 2011)]
[Notices]
[Pages 19110-19116]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2011-8086]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Office of the Secretary


Published Privacy Impact Assessments on the Web

AGENCY: Privacy Office, Department of Homeland Security (DHS).

ACTION: Notice of Publication of Privacy Impact Assessments (PIAs).

-----------------------------------------------------------------------

SUMMARY: The Privacy Office of the DHS has made available forty PIAs on 
various programs and systems in the Department. The assessments were 
approved and published on the Privacy Office's Web site between May 3, 
2010 and January 7, 2011.

DATES: The Privacy Impact Assessments are available on the DHS Web site 
until June 6, 2011, after which they are obtained by contacting the DHS 
Privacy Office (contact information below).

FOR FURTHER INFORMATION CONTACT: Mary Ellen Callahan, Chief Privacy 
Officer, DHS, Washington, DC 20528, or e-mail: [email protected].

SUPPLEMENTARY INFORMATION: Between May 3, 2010 and January 7, 2011, the 
Chief Privacy Officer of the DHS approved and published forty Privacy 
Impact Assessments (PIAs) on the DHS Privacy Office Web site, http://www.dhs.gov/privacy, under the link for

[[Page 19111]]

``Privacy Impact Assessments.'' Below is a short summary of the 
programs, indicating the DHS component responsible for the system, and 
the date on which the PIA was approved. Additional information can be 
found on the Web site or by contacting the Privacy Office.

    System: E-Verify Program: Use of Commercial Data for Employer 
Verification.
    Component: United States Citizenship and Immigration Services 
(USCIS).
    Date of approval: May 4, 2010.
    The Verification Division of USCIS operates the E-Verify Program, 
which provides verification of employment authorization for employers 
participating in the E-Verify program. The E-Verify Program collects 
additional employer business information from both registering 
employers and a commercial data provider, Dun and Bradstreet (D&B), to 
enhance the employer registration process, manage customer 
relationships, improve reporting capabilities and operational 
effectiveness. This expanded information collection pertains to 
registered employers participating in the E-Verify Program.

    System: CRCL Matters.
    Component: Civil Rights and Civil Liberties (CRCL).
    Date of approval: May 6, 2010.
    CRCL has established the CRCL Matters database. CRCL Matters is a 
database developed to respond to allegations of abuses of civil rights, 
civil liberties, and religious, racial, and ethnic profiling by 
department employees and officials. The PIA is being conducted because 
CRCL collects personally identifiable information (PII).

    System: Exodus Accountability Referral System (EARS).
    Component: Immigration and Customs Enforcement (ICE).
    Date of approval: May 6, 2010.
    In order to enforce U.S. federal export control laws, ICE and U.S. 
Customs and Border Protection (CBP) require information from federal 
regulatory agencies that grant export licenses on controlled items; 
specifically whether a license is required and whether a license has 
been granted. The ICE Exodus Command Center operates the EARS database 
that initiates, tracks, and manages requests to regulatory agencies for 
this information. The purpose of the PIA is to document the system's 
collection and use of PII.

    System: Hiring Information Tracking System (HITS).
    Component: ICE.
    Date of approval: May 13, 2010.
    HITS is an information system used by ICE to track current and 
prior hiring actions. HITS maintains information about individuals who 
are selected for vacant positions at ICE. ICE has conducted the PIA 
because HITS collect PII about individuals who are offered employment 
with ICE.

    System: First Responder Technologies (R-Tech) Program.
    Component: Science and Technology (S&T).
    Date of approval: May 13, 2010.
    The DHS S&T First Responder Technologies (R-Tech) program requires 
the collection of personal information and video recordings of first 
responder research volunteers in support of operational testing, 
evaluation, demonstration, and outreach activities. The PIA discusses 
the risks associated with the use of volunteers to test first responder 
technologies that are not privacy sensitive.

    System: Equal Employment Opportunities (EEO) Eagle Compliant 
Enterprise System.
    Component: CRCL.
    Date of approval: June 3, 2010.
    The CRCL EEO Program operates the EEO Eagle Complaint Enterprise 
System. EEO Eagle is an electronic records system used to track 
complaints and supporting documentation related to individual and class 
complaints of employment discrimination and retaliation prohibited by 
the DHS civil rights statutes. CRCL EEO has conducted this PIA because 
EEO Eagle collects and stores PII.

    System: Security and Safety Computer Network.
    Component: United States Coast Guard (USCG).
    Date of approval: June 16, 2010.
    The USCG operates the Coast Guard Headquarters (CGHQ) Support 
Command Security and Safety Computer Network (CSS LAN). The CSS LAN is 
a stand-alone system that encompasses multiple applications that 
support: physical access control to the CGHQ facility, identity 
verification, security camera monitoring, and key security and tracking 
for master keys that are used throughout CGHQ. USCG conducted this PIA 
because the applications that comprise the CSS LAN collect PII.

    System: Digital Mail Pilot Program.
    Component: DHS Wide.
    Date of approval: June 18, 2010.
    The DHS Office of the Chief Administrative Officer (OCAO) has 
implemented a Digital Mail Pilot Program for DHS Headquarters (HQ) and 
Components within the National Capital Region. The Digital Mail Pilot 
Program provides users the opportunity to receive mail via email 
thereby improving DHS business processes and increasing security. The 
purpose of this PIA is to demonstrate that the Digital Mail Pilot 
Program has considered and incorporated privacy protections of PII that 
may be collected, used, disseminated, and maintained throughout the 
entire lifecycle of the program.

    System: Accessibility Compliance Management System (ACMS).
    Component: DHS Wide.
    Date of approval: June 22, 2010.
    The DHS Office of Accessible Systems & Technology (OAST) operates 
the Accessibility Compliance Management System (ACMS). ACMS is intended 
to bring together a web-based DHS-wide single point-of-entry reporting 
system. ACMS allows documenting and reporting of all Section 508 
compliance and accessibility activities it consistently tracks current 
status and progress towards meeting Section 508 compliance requirements 
for OAST and Component Accessible Systems and Technology Programs 
(ASTP). The PIA is being conducted to determine any privacy issues with 
customer information.

    System: Publicly Available Social Media Monitoring and Situational 
Awareness Initiative.
    Component: Office of Operations Coordination and Planning (OPS).
    Date of approval: June 22, 2010.
    The OPS, National Operations Center (NOC), has launched and lead 
the Publicly Available Social Media Monitoring and Situational 
Awareness (Initiative) to assist DHS and its components involved in 
fulfilling OPS statutory responsibility (Section 515 of the Homeland 
Security Act (6 U.S.C. 321d(b)(1)) to provide situational awareness and 
establish a common operating picture for the federal government, and 
for those state, local, and tribal governments, as appropriate. While 
this Initiative is not designed to actively collect PII, OPS conducted 
this PIA because the Initiative could potentially involve PII or other 
information received in an identifiable form. In the event PII comes 
into the Department's possession under this Initiative, the NOC will 
redact all PII prior to further dissemination of any collected 
information. In the event of an in extremis situation involving 
potential life and death, OPS will share certain PII with the 
responding authority in order for them to take the necessary actions to 
save a life, such as name and location of a person calling for help 
buried under rubble, or hiding in a hotel room when the hotel is under 
attack by terrorists.


[[Page 19112]]


    System: MyTSA.
    Component: Transportation Security Administration (TSA).
    Date of approval: July 1, 2010.
    TSA's MyTSA consists of a mobile and an iTunes application that 
provides the traveling public access to relevant TSA travel information 
via any mobile phone with internet access. MyTSA allows individuals to 
access such information as the types of items that may be carried 
through TSA security checkpoints, basic information regarding TSA 
checkpoint policy, estimated wait times at TSA checkpoints, and current 
travel conditions. The MyTSA application does not collect or use 
personally identifiable information. The PIA addresses the privacy 
impact of TSA's use of mobile media for delivering information to the 
public.

    System: iComplaints.
    Component: CRCL.
    Date of approval: July 8, 2010.
    CRCL EEO Program operates the iComplaints Complaint Enterprise 
System. IComplaints is an electronic records system used to track 
complaints and supporting documentation relating to individual and 
class complaints of employment discrimination and retaliation 
prohibited by DHS civil rights statutes. IComplaints will replace EEO 
Eagle as EEO Eagle is being decommissioned. CRCL EEO has conducted this 
PIA because iComplaints collects and stores PII.

    System: Operations Center Incident Management System (OCIMS) 
Update.
    Component: TSA.
    Date of approval: July 12, 2010.
    Under the Aviation and Transportation Security Act (ATSA), TSA has 
``responsibility for security in all modes of transportation.'' TSA 
uses an operations center incident management system called WebEOC to 
perform incident management, coordination, and situation awareness 
functions for all modes of transportation. The system stores 
information that it receives about the following categories of 
individuals: (1) Individuals who violate, or are suspected of violating 
transportation security laws, regulations, policies or procedures; (2) 
individuals whose behavior or suspicious activity resulted in referrals 
by Ticket Document Checkers to Behavior Detection Officer or Law 
Enforcement Officer interview (primarily at airports); or (3) 
individuals whose identity must be verified, or checked against federal 
watch lists. Individuals whose identity must be verified includes both 
those individuals who fail to show acceptable identification documents 
to compare to boarding documents and law enforcement officials seeking 
to fly armed. The system collects and compiles reports from federal, 
state, local, tribal, or private sector security officials related to 
incidents that may pose a threat to transportation or national 
security. TSA republished this PIA to clarify that the TSA Operations 
Center will record telephonic communications. The PIA previously 
disclosed in section 1.4 that telephone calls were a source of 
information but did not explicitly state that telephone calls would be 
recorded. Daily reports will be provided to executives at TSA and DHS 
to assist in incident and operational response management.

    System: Targeted Violence Information Sharing System (TAVISS).
    Component: United States Secret Service (USSS).
    Date of approval: July 13, 2010.
    USSS has created the Targeted Violence Information Sharing System 
(TAVISS). TAVISS is used to conduct name checks and determine whether a 
subject is of protective interest to any agency within the TAVISS 
network. The Secret Service is conducting this PIA because TAVISS 
contains personally identifiable information (PII) regarding subjects 
of protective interest to the Secret Service and agencies participating 
in the network.

    System: Watchlist Service.
    Component: DHS Wide.
    Date of approval: July 14, 2010.
    DHS currently uses the Terrorist Screening Database (TSDB), a 
consolidated database maintained by the Department of Justice Federal 
Bureau of Investigation Terrorist Screening Center (TSC) of identifying 
information about those known or reasonably suspected of being involved 
in terrorist activity in order to facilitate DHS mission-related 
functions, such counterterrorism, law enforcement, border security, and 
inspection activities. DHS and TSC are improving the current method of 
transmitting TSDB data from TSC to DHS. Through a new service called 
the ``DHS Watchlist Service'' (WLS), TSC and DHS will automate and 
simplify the current manual process. TSC remains the authoritative 
source of watchlist data and will provide DHS with near real-time 
synchronization of the TSDB. DHS will ensure that each DHS component 
system receives only those TSDB records which they are authorized to 
use under the WLS Memorandum of Understanding and authorized under 
existing regulations and privacy compliance documentation between TSC 
and DHS (WLS MOU) and any amendments or modifications thereto. DHS 
conducted this privacy impact assessment (PIA) because the WLS will 
maintain a synchronized copy of the TSDB, which contains PII, and 
disseminate it to authorized DHS components.

    System: Significant Event Notification (SEN) System.
    Component: ICE.
    Date of approval: July 26, 2010.
    The Significant Event Notification system (SEN) is a reporting and 
law enforcement intelligence transmission capability developed for DHS 
and ICE. The ICE Office of Homeland Security Investigations initiated 
the reporting capability to create reports for ICE field and 
headquarters managers to provide timely information about critical 
incidents, activities, and events that involve or impact ICE field 
staff. The system also handles law enforcement intelligence 
communication from ICE Office of Enforcement and Removal Operations 
field offices to field and headquarters managers and the ERO 
Intelligence Operations Unit. The PIA is being completed to provide 
notice of the existence of SEN and to publicly document the privacy 
protections in place.

    System: Enforcement Integrated Database (EID) Update.
    Component: ICE.
    Date of approval: July 28, 2010.
    The Enforcement Integrated Database (EID) is a DHS shared common 
database repository for several DHS law enforcement and homeland 
security applications. EID captures and maintains information related 
to the investigation, arrest, booking, detention, and removal of 
persons encountered during immigration and criminal law enforcement 
investigations and operations conducted by ICE and CBP, both components 
within DHS. The PIA for EID was published in January 2010. The 
information entered into EID and the scope of external information 
sharing is being expanded, thus necessitating an update to the EID PIA.

    System: Iris and Face Technology Demonstration and Evaluation 
(IFTDE).
    Component: Science and Technology (S&T).
    Date of approval: August 12, 2010.
    As part of its Multi-Modal Biometrics Projects, S&T Directorate and 
the National Institute of Standards and Technology (NIST) are 
investigating iris recognition as a promising biometric modality that 
may become suitable to support DHS operations in the near future. As 
iris recognition technologies mature, it is important to understand

[[Page 19113]]

the capabilities and limitations of the technologies in operational 
settings, as well as what additional technology development is 
necessary to reduce technical risk in potential future acquisitions by 
DHS operational components. The purpose of this evaluation of iris 
recognition technologies is to conduct field trials/studies of iris 
camera prototypes under conditions and environments of relevance (e.g., 
humidity levels, amount of sunlight, etc.) to DHS operational users to 
assess the viability of the technology and its potential operational 
effectiveness in support of DHS operations. S&T is conducting a PIA 
because biometric information is being collected from individuals 
detained in an operational setting.

    System: Freedom of Information Act (FOIA) and Privacy Act (PA) 
Records Program.
    Component: DHS Wide.
    Date of approval: August 18, 2010.
    DHS and its components have established a Departmental Freedom of 
Information Act (FOIA) and Privacy Act (PA) Program to maintain records 
created by the Department's FOIA and PA staff, as well as manage a 
multitude of FOIA and PA systems. While DHS has established the 
Department's FOIA and PA program, some components have established 
information technology as well as paper-based systems designed to 
handle component-specific FOIA and PA processing. The purpose of the 
various systems within the FOIA and PA program is to process record 
requests and administrative appeals under the FOIA and PA, as well as 
access, notification, and amendment requests and appeals under the PA. 
These systems also maintain records used in litigation arising from 
such requests and appeals, and in assisting DHS in carrying out any 
other responsibilities under the FOIA and PA. The DHS Privacy Office 
has conducted PIA to assess the risks presented by the use of PII in 
the various FOIA and PA processes and systems employed by DHS' FOIA and 
PA program.

    System: Entellitrack.
    Component: CRCL.
    Date of approval: August 23, 2010.
    CRCL and TSA have established a new database called Entellitrak 
which is an enterprise tracking system that has been configured to 
track, search, and report on complaints data. It is a database 
developed to respond to allegations of abuses of civil rights, civil 
liberties, and religious, racial, and ethnic profiling by department 
employees and officials. Entellitrak will replace the legacy system 
CRCL Matters with all CRCL Matters data migrating onto Entellitrak in 
the transition. The PIA is being conducted because Entellitrak collects 
and stores PII.

    System: Watchlist Service Update.
    Component: DHS Wide.
    Date of approval: September 7, 2010.
    DHS currently uses the Terrorist Screening Database (TSDB), a 
consolidated database maintained by the Department of Justice Federal 
Bureau of Investigation Terrorist Screening Center (TSC) that contains 
identifying information about those known or reasonably suspected of 
being involved in terrorist activity in order to facilitate DHS 
mission-related functions, such counterterrorism, law enforcement, 
border security, and inspection activities. In July 2010, DHS launched 
an improved method of transmitting TSDB data from TSC to DHS through a 
new service called the ``DHS Watchlist Service'' (WLS). At that time, 
DHS published a PIA to describe and analyze privacy risks associated 
with this new service. The WLS maintains a synchronized copy of the 
TSDB, which contains PII, and disseminates it to authorized DHS 
components. DHS is issuing this privacy impact assessment update to 
identify two additional authorized DHS recipients of TSDB data via the 
WLS in the form of a computer readable extract: the DHS Office of 
Intelligence and Analysis and the ICE.

    System: Citizenship and Immigration Data Repository (CIDR).
    Component: USCIS.
    Date of approval: September 8, 2010.
    DHS and USCIS developed the Citizenship Immigration Data Repository 
(CIDR), hosted on DHS classified networks, in order to make information 
from multiple USCIS benefits administration systems available for 
querying by authorized USCIS personnel for the following three 
purposes: (1) Vetting USCIS application information for indications of 
possible immigration fraud and national security concerns; (2) 
detecting possible fraud and misuse of immigration information or 
position by USCIS employees, for personal gain or by coercion; and (3) 
responding to requests for information (RFIs) from the DHS Office of 
Intelligence and Analysis (I&A) and/or the federal intelligence and law 
enforcement community members that are based on classified criteria. In 
conjunction with this PIA, DHS is issuing a new Privacy Act system of 
records notice to cover the search parameters and the results of the 
searches.

    System: Access to Sensitive Security Information and Contract 
Solicitation.
    Component: TSA.
    Date of approval: September 9, 2010.
    TSA is responsible for the acquisition of services and supplies 
related to protecting the nation's transportation system. If determined 
necessary for the proposal preparation process, TSA may permit offerors 
to have access to Sensitive Security Information (SSI) necessary to 
prepare a proposal. SSI is a form of unclassified information that if 
publicly released would be detrimental to transportation security. The 
standards governing SSI are promulgated under 49 U.S.C. 114(r) in 49 
CFR part 1520. In order to determine if a potential offer or may be 
granted access to SSI in the pre-contract award acquisition process, 
TSA will conduct a security threat assessment (STA) of the individuals 
and company. The STA may include a verification of site facility 
clearance in the National Industrial Security Program, contractor 
suitability determination or other federal background investigation, 
individual security clearance(s), and if required, a criminal history 
records check and/or a check against terrorism databases. Because this 
program entails a new collection of information about members of the 
public in identifiable form, the E-Government Act of 2002 and the 
Homeland Security Act of 2002 requires that TSA conduct a PIA.

    System: Eversity Enterprise System.
    Component: CRCL.
    Date of approval: September 14, 2010.
    The CRCL EEO Program operates the Eversity Enterprise System. 
Eversity is an electronic records system used in workforce analysis, 
tracking, management, and reporting required under Equal Employment 
Opportunity Commission (EEOC) Management Directive (MD) 715. CRCL EEO 
has conducted this PIA because Eversity collects and stores PII.

    System: Social Networking Interactions and Applications 
(Communications/Outreach/Public Dialogue).
    Component: DHS Wide.
    Date of approval: September 16, 2010.
    Social networking interactions and applications includes a sphere 
of non-government Web sites and web-based tools that focuses on 
connecting users, inside and outside of the DHS, to engage in dialogue, 
share information and media, and collaborate. Third parties control and 
operate these non-governmental websites; however, the Department may 
use them as alternative channels to provide robust information and 
engage with the public. The Department may also use these websites to 
make information and services

[[Page 19114]]

widely available, while promoting transparency and accountability, as a 
service for those seeking information about or services from the 
Department. This PIA analyzes the Department's use of social networking 
and how these interactions and applications could result in the 
Department receiving PII. This PIA describes the information the 
Department may have access to, how it will use the information, what 
information is retained and shared, and how individuals can gain access 
to and correct their information.

    System: Alien Criminal Response Information Management System 
(ACRIMe) & Enforcement Integrated Database (EID) Update.
    Component: ICE.
    Date of approval: September 29, 2010.
    ACRIMe is an information system used by ICE to receive and respond 
to immigration status inquiries made by other agencies about 
individuals arrested, subject to background checks, or otherwise 
encountered by those agencies. EID is an ICE case management system 
that captures and maintains information related to the investigation, 
arrest, booking, detention, and removal of persons encountered during 
immigration and criminal law enforcement investigations and operations 
conducted by ICE and U.S. Customs and Border Protection. ICE is 
combining ACRIMe and EID data via the ICE Integrated Decision Support 
System, a reporting sub system of EID, to enable and enhance 
comprehensive reporting about criminal aliens throughout the alien 
identification, apprehension, and removal process. To effectuate this 
reporting, ICE is modifying ACRIMe to expand its user base within the 
agency, implementing new user functionality in ACRIMe and EID, and 
updating IIDS to support enhanced reporting of ACRIMe and EID data. ICE 
is further expanding ACRIMe support for the Secure Communities 
initiative. ICE is conducting this PIA update to address these 
modifications and enhancements.

    System: National File Tracking System (NFTS).
    Component: USCIS.
    Date of approval: October 5, 2010.
    USCIS has prepared this PIA for the National File Tracking System 
(NFTS). NFTS is an automated file-tracking system used to maintain an 
accurate file inventory and track the physical location of files. The 
system facilitates USCIS's ability to efficiently manage and streamline 
access to the millions of immigration files under its control. USCIS is 
conducting this PIA to document, analyze and assess the current 
practices with respect to the PII, NFTS collects, uses and shares.

    System: Standoff Technology Integration and Demonstration Program 
Update.
    Component: S&T.
    Date of approval: October 14, 2010.
    S&T has updated the Standoff Explosives Detection Technology 
Demonstration Program (now referred to as the Standoff Technology 
Integration and Demonstration Program, or STIDP) PIA issued July 21, 
2008 to reflect updates to the program involving live crowd testing.
    The program is adding new technologies, expanding the use of the 
test center, enhancing object tracking technologies and beginning to 
distribute crowd video data to vendors. The PIA update identifies and 
addresses the privacy issues associated with public test and evaluation 
activities on technologies that will be acquired, matured, and 
integrated by STIDP between now and the end of the program, currently 
slated for 2014. Based on the privacy issues identified, three sets of 
privacy protective requirements were developed and implemented at all 
stages of the program. The Live Testing Requirements and Law 
Enforcement Operations Requirements apply to conducting and operating a 
test in a public environment and the Data Protection Requirements 
address the collection and protection of PII. These requirements, when 
systematically applied to test and evaluation plans and their 
implementation, ensure that privacy concerns are appropriately 
addressed for broad classes of technologies tested in a range of venues 
with and without law enforcement operations. This update assists 
STIDP's mission of developing an integrated countermeasure architecture 
to prevent person-borne improvised explosive device attacks.

    System: Electronic Surveillance System (ELSUR).
    Component: ICE.
    Date of approval: November 2, 2010.
    The Electronic Surveillance System (ELSUR) is owned by ICE. ELSUR 
allows ICE to track and search for ICE applications for court orders 
that authorize ICE to intercept oral, wire, or electronic 
communications during the course of a criminal investigation. ICE 
conducted this PIA because ELSUR contains PII and to publicly document 
the privacy protections that are in place.

    System: Immigration Benefits Background Check Systems (IBBCS).
    Component: USCIS.
    Date of approval: November 5, 2010.
    As part of its benefits adjudication process and as required by 
law, USCIS conducts background checks on petitioners and applicants who 
seek certain immigration benefits. These background checks consist of 
four separate checks against systems within Department of Justice 
(DOJ), Federal Bureau of Investigation (FBI), and DHS. In order to 
facilitate the collection and transmission of information necessary to 
complete background check processes, USCIS maintains five information 
technology electronic systems: The Fingerprint Masthead Notification 
System (FMNS), the Customer Identity Capture System (CICS), the FD-258 
Tracking System--Mainframe (FD-258 MF), the Benefits Biometrics Support 
System (BBSS), and the Interagency Border Inspection System (IBIS) 
Manifest. USCIS is conducting this PIA because FMNS, CICS, FD-258 MF, 
BBSS, and IBIS Manifest collect, use, and share PII. The PIA replaces 
the previously published USCIS PIA for the ``Background Check Service 
(BCS)'' which describes planned background check-related systems that 
were never implemented. Upon publication of this PIA, the BCS PIA will 
be retired.

    System: Quality Assurance Recording System (QARS).
    Component: Federal Emergency Management Agency (FEMA).
    Date of approval: November 10, 2010.
    FEMA, Response and Recovery Bureau operates the QARS. The proposed 
system of telephone call and computer screen capture recording is for 
internal employee and contractor performance evaluation, training and 
quality assurance purposes to improve customer service to disaster 
assistance applicants requesting assistance under the Robert T. 
Stafford Disaster Relief and Emergency Assistance Act. FEMA is 
conducting the PIA because QARS call recordings and screen captures 
information about the FEMA employees and/or contractors as they provide 
customer service to disaster assistance applicants. The system will 
maintain information about disaster assistance applicants, but the 
focus of this system is on employee and contractor quality assurance.

    System: Protective Research Information System Management (PRISM-
ID).
    Component: USSS.
    Date of approval: November 12, 2010.
    USSS has created and used the PRISM-ID system to record information 
that in accordance with Secret Service criteria is required to assist 
the agency in meeting its protective mission that includes the 
protection of the President, Vice President, their immediate families, 
former Presidents and First

[[Page 19115]]

Ladies, major candidates for the presidency and vice presidency, 
foreign heads of state visiting the United States, and other 
individuals authorized to receive Secret Service protection. The PIA is 
being conducted because PRISM-ID collects PII.

    System: Department of Homeland Security Information Sharing 
Environment Suspicious Activity Reporting Initiative (ISE-SAR).
    Component: DHS Wide.
    Date of approval: November 17, 2010.
    The Office and Intelligence and Analysis, primarily through the 
State and Local Program Office in coordination with the Office of 
Operations Coordination Planning, is leading the DHS effort to 
implement the Nationwide Suspicious Activity Reporting Initiative 
(NSI). The NSI is a key aspect of the federal Information Sharing 
Environment (ISE) that Congress created in the Intelligence Reform and 
Terrorism Prevention Act of 2004 (IRPTA). The NSI is overseen by DOJ 
and is designed to support the sharing of information through the ISE 
about suspicious activities which are defined as ``official 
documentation of observed behavior reasonably indicative of pre-
operational planning related to terrorism or other criminal activity 
[related to terrorism].'' The Office of Intelligence and Analysis and 
the Office of Operations and Coordination Planning have been jointly 
coordinating activities throughout DHS to develop a department-level 
interface with the NSI that will enable DHS to share Suspicious 
Activity Reporting (SAR) that meet the ISE-SAR Functional Standard 
Version 1.5 (hereinafter referred to as ISE-SAR). Throughout this PIA, 
the term ``SAR'' refers to suspicious activity reporting, which may 
include activities that do not have a nexus to terrorism, and the term 
``ISE-SAR'' refers to a subset of SAR that meet the ISE-SAR Functional 
Standard. The ISE-SAR Functional Standard Version 1.5 defines an ISE-
SAR as official documentation of observed behavior reasonably 
indicative of: Pre-operational planning related to terrorism or other 
criminal activity associated with terrorism. DHS conducted the PIA 
because ISE-SAR may contain PII. The PIA describes the coordinated 
activities of the DHS ISE-SAR Initiative, including the process for DHS 
component level review, identification, and submission of ISE-SAR to 
the NSI Shared Space as well as the technology that DHS developed to 
support DHS' participation in the NSI.

    System: Research Project Involving Volunteers.
    Component: S&T.
    Date of approval: November 23, 2010.
    An integral part of the S&T mission is to conduct research, 
development, testing, and evaluation (RDT&E) on technologies or topics 
related to improving homeland security and combating terrorism. Some 
S&T RDT&E activities use volunteers to test, evaluate, provide 
feedback, or otherwise collect data on certain research topics, 
technologies, equipment, and capabilities related to S&T's mission. 
Volunteer RDT&E activities require the collection of a range of 
information from volunteers including work experience, biographic data 
and images. RDT&E activities will vary in the types and breadth of data 
elements and information collected from volunteers. S&T is conducting 
this PIA to establish protections for all volunteer S&T RTD&E 
activities. Volunteer RDT&E activities that are covered by the PIA are 
listed in the appendix, updated periodically.

    System: NOC Patriot Report Database.
    Component: OPS.
    Date of approval: December 7, 2010.
    The NOC in OPS operates the NOC Patriot Report Database. The NOC 
Patriot Report Database is a repository for reports generated to record 
and track suspicious activity that may implicate terrorism-related or 
criminal activity. OPS has conducted this PIA because the NOC Patriot 
Report Database may contain PII.

    System: Electronic Discovery Software System (EDSS).
    Component: ICE.
    Date of approval: December 10, 2010.
    The Electronic Discovery Software System (EDSS) is owned by the 
Office of the Principal Legal Advisor (OPLA) within ICE. EDSS supports 
the collection and organization of paper and electronic documents for 
analysis, review, redaction, and production to meet litigation 
discovery requirements. ICE may also use the system to process agency 
records in response to FOIA or PA requests. ICE conducted this PIA 
because EDSS collects, analyzes, and stores PII.

    System: TECS System: CBP Primary and Secondary Processing.
    Component: CBP.
    Date of approval: December 23, 2010.
    The TECS (not an acronym) System is the updated and modified 
version of the former Treasury Enforcement Communications System. TECS 
is owned and managed by CBP. TECS is both an information-sharing 
platform, which allows users to access different databases that may be 
maintained on the platform or accessed through the platform, and the 
name of a system of records that include temporary and permanent 
enforcement, inspection, and operational records relevant to the 
antiterrorism and law enforcement mission of CBP and numerous other 
federal agencies that it supports. TECS not only provides a platform 
for interaction between these systems and defined TECS users, but also 
serves as a data repository to support law enforcement ``lookouts,'' 
border screening, and reporting for CBP's primary and secondary 
inspection processes, which are generally referenced as TECS Records or 
Subject Records. In order to provide more transparency as it relates to 
the functions and data in TECS, CBP published separate PIAs and Privacy 
Act System of Records Notices (SORNs) for the CBP sub-systems based on 
the purpose and use of the information. CBP also maintains other 
federal agency data on TECS to stage the information for use by CBP at 
the time an individual presents himself/herself to CBP. This allows 
TECS to work more efficiently and reduces the performance impact on the 
originating systems. The PIA focuses on CBP's use and modernization of 
TECS as it relates to the primary and secondary inspection processes 
(including information collected in advance of arrival, during 
inspections at the United States (U.S.) port of entry (POE), and 
retention of information and reports following interactions during U.S. 
border crossing activities) to ensure compliance with the numerous laws 
enforced by CBP, including determining the admissibility of persons 
attempting to enter the U.S. CBP will issue a separate PIA to address 
the information access and system linkages facilitated for CBP, DHS, 
and other federal agency systems that link to TECS and share data 
within the TECS user community.

    System: ELBC System: Exit Line Breach Control System.
    Component: TSA.
    Date of approval: December 28, 2010.
    TSA has conducted an assessment of ELBC systems for use in 
airports. The assessment will evaluate the ELBC systems' capability to 
monitor traffic flow at the exit lanes from the sterile areas of the 
airport and initiate an automated response if it appears that an 
individual is entering the sterile area through the exit lane. TSA will 
make results of the assessment available to airports seeking to 
implement such systems. This PIA is being conducted to provide 
transparency into TSA testing affecting the public and the collection 
of images as part of the assessment. If TSA decides to implement such 
systems for

[[Page 19116]]

its own use, a new PIA will be conducted.

    System: NICC SARS: National Infrastructure Coordinating Center 
Suspicious Activity Reporting Initiative (NICC).
    Component: National Protection and Programs Directorate (NPPD).
    Date of approval: December 29, 2010.
    NPPD Office of Infrastructure Protection (IP) National 
Infrastructure Coordinating Center (NICC) has published this PIA to 
reflect activities under its Suspicious Activity Reporting (SAR) 
Initiative. The NICC SAR Initiative serves as a mechanism by which a 
report involving suspicious behavior related to an observed encounter 
or reported activity is received and evaluated to determine its 
potential nexus to terrorism. NICC is conducting this PIA because SAR 
occasionally contain PII and NICC will be collecting and contributing 
SAR data for reporting and evaluation proceedings.

    System: Publicly Available Social Media Monitoring and Situational 
Awareness Initiative Update.
    Component: OPS.
    Date of approval: January 7, 2011.
    OPS, NOC, leads the Publicly Available Social Media Monitoring and 
Situational Awareness (Initiative) to assist the DHS and its components 
involved in fulfilling OPS statutory responsibility (Section 515 of the 
Homeland Security Act (6 U.S.C. 321d(b)(1)) to provide situational 
awareness and establish a common operating picture for the federal 
government, and for those state, local, and tribal governments, as 
appropriate. The NOC and participating components may also share this 
de-identified information with international partners and the private 
sector where necessary and appropriate for coordination. While this 
Initiative is not designed to actively collect PII, OPS is conducting 
this update to the PIA because the initiative may now collect and 
disseminate PII for certain narrowly tailored categories. For example, 
in the event of an in extremis situation involving potential life and 
death, OPS will share certain PII with the responding authority in 
order for them to take the necessary actions to save a life, such as 
name and location of a person calling for help buried under rubble, or 
hiding in a hotel room when the hotel is under attack by terrorists. In 
the event PII comes into the Department's possession under 
circumstances other than those itemized herein, the NOC will redact all 
PII prior to further dissemination of any collected information. After 
conducting the Second Privacy Compliance Review, it was determined that 
the PIA should be updated to allow for collection and dissemination of 
PII in a limited number of situations in order to respond to the 
evolving operational needs of the NOC. The PIA will be reviewed every 
six months to ensure compliance. The review will be done in conjunction 
with a Privacy Office-led Privacy Compliance Review (PCR) of the 
Initiative and of OPS social media monitoring Internet-based platforms 
and information technology infrastructure.

    Dated: March 17, 2011.
Mary Ellen Callahan,
Chief Privacy Officer, Department of Homeland Security.
[FR Doc. 2011-8086 Filed 4-5-11; 8:45 am]
BILLING CODE 9110-9L-P