[Federal Register Volume 76, Number 184 (Thursday, September 22, 2011)]
[Notices]
[Pages 58814-58817]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2011-24220]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Office of the Secretary


Published Privacy Impact Assessments on the Web

AGENCY: Privacy Office, DHS.

ACTION: Notice of Publication of Privacy Impact Assessments (PIA).

-----------------------------------------------------------------------

SUMMARY: The Privacy Office of DHS is making available twenty-six PIAs 
on various programs and systems in DHS. These assessments were approved 
and published on the Privacy Office's Web site between June 1, 2011 and 
August 31, 2011.

DATES: The PIAs will be available on the DHS Web site until November 
21, 2011, after which they may be obtained by contacting the DHS 
Privacy Office (contact information below).

FOR FURTHER INFORMATION CONTACT: Mary Ellen Callahan, Chief Privacy 
Officer, Department of Homeland Security, Washington, DC 20528, or e-
mail: [email protected].

SUPPLEMENTARY INFORMATION: Between June 1, 2011 and August 31, 2011, 
the Chief Privacy Officer of the DHS approved and published twenty-six 
Privacy Impact Assessments (PIAs) on the DHS Privacy Office Web site, 
http://www.dhs.gov/privacy, under the link for ``Privacy Impact 
Assessments.'' These PIAs cover twenty-six separate DHS programs. Below 
is a short summary of those programs, indicating the DHS component 
responsible for the system, and the date on which the PIA was approved. 
Additional information can be found on the Web site or by contacting 
the Privacy Office.
    System: DHS/USCIS/PIA-029(a) Eligibility Risk and Fraud Assessment 
Testing Environment (EFRA) Update.
    Component: United States Citizenship and Immigration Services 
(USCIS).
    Date of approval: June 1, 2011.
    The Office of Transformation Coordination of USCIS is planning to 
update the EFRA Testing Environment. This update describes the next 
phase of this tool to develop, test, and refine the tool's risk and 
fraud business rules and to load biographic data from legacy systems 
before deploying to a full production environment.
    System: DHS/USCIS/PIA-037 Standard Lightweight Operational 
Programming Environment--Rules-Based Tools Prototype (SLOPE-RBTP).
    Component: USCIS.
    Date of approval: June 2, 2011.
    DHS USCIS Office of Information Technology (IT) developed the 
SLOPE-RBTP to streamline the adjudication of Form I-90, Application to 
Replace Permanent Resident Card. SLOPE-RBTP electronically organizes 
and automates the adjudication of pending Form I-90 applications. USCIS 
is conducting this PIA because SLOPE-RBTP collects and uses personally 
identifiable information.
    System: DHS/ICE/PIA-028 Automated Threat Prioritization (ATP) Web 
Service.
    Component: Immigration and Customs Enforcement (ICE).
    Date of approval: June 6, 2011.
    The Office of the Chief Information Officer, in coordination with 
the Offices of Homeland Security Investigations and Enforcement and 
Removal Operations within ICE, is developing and implementing the 
Automated Threat Prioritization (ATP) Web service, which is an IT tool 
that uses configurable and scalable search and data sharing 
capabilities to improve and automate existing IT systems. ATP 
electronically receives processes and transmits criminal history 
information about individuals who are the subjects of a broad range of 
enforcement actions or whose criminal history is required to be 
evaluated by law to determine eligibility for a benefit or credential. 
For example, this service is intended to enhance and support ICE's 
investigative and enforcement operations by automating criminal history 
data processing and aid in its prioritization of enforcement actions. 
ICE is conducting this PIA because the ATP service will transmit and 
process PII. This PIA, however, only describes the general 
functionality of the ATP service and not its implementation.
    System: DHS/USCIS/PIA-010(e)--USCIS Person Centric Query Service 
(PCQS) Supporting Immigration Status Verifiers of the USCIS Enterprise 
Service Directorate/Verification Division Update.
    Component: USCIS.
    Date of approval: June 8, 2011.
    This is an update to the existing PIA for the USCIS PCQS. This 
update describes the privacy impact of expanding the status verifier's 
person-search capability by adding the American Association of Motor 
Vehicle Administrators Network Service system to the existing PCQS 
query inventory.
    System: DHS/ALL/PIA-033 Google Analytics.
    Component: DHS.
    Date of approval: June 9, 2011.
    DHS is planning to utilize Google Analytics (http://www.google.com/analytics) for viewing and analyzing traffic to DHS's public-facing Web 
site(s), including components. Google Analytics is a free, external, 
third-party hosted, Web site analytics solution that generates robust 
information about the interactions of public-facing Web site visitors 
with DHS. Google Analytics must collect the full Internet Protocol (IP) 
address, which Google masks prior to use and storage, and provides DHS 
with non-identifiable aggregated information in the form of custom 
reports. DHS implemented the IP address masking feature within Google 
Analytics to avoid the use and storage of the full IP address. For 
example, when the last octet is truncated from the IP address, 
192.168.0.1 becomes 192.168.0. This masking will affect the geographic 
location metric within Google Analytics. Google Analytics uses first-
party cookies to track visitor interactions. DHS shall not collect, 
maintain, or retrieve PII including a visitor's IP address during this 
analytics process operated by Google. Google Analytics shall not 
provide to DHS, share with Google or any Google product for additional 
analysis, or use

[[Page 58815]]

the full or masked IP address or information to draw any conclusions in 
the analytics product. DHS has expressly chosen to opt-out of sharing 
information with Google or any Google product for additional analysis. 
This PIA is being conducted to identify and mitigate privacy concerns 
associated with the use of Google Analytics.
    System: DHS/USCIS/PIA-038 Freedom of Information Act/Privacy Act 
(FOIA/PIA) Information Processing System.
    Component: USCIS.
    Date of approval: June 14, 2011.
    USCIS uses the FOIA/PA Information Processing System (FIPS) to 
process FOIA and PA requests from any person requesting access to USCIS 
records. FIPS uses document imaging, workflow, and Web-server 
technologies to enable USCIS to efficiently and effectively manage the 
FOIA/PA case life cycle. USCIS is conducting this PIA because FIPS uses 
PII and to address major changes to the application.
    System: DHS/FEMA/PIA-017 Federal/Emergency Response Official (F/
ERO) Repository.
    Component: Federal Emergency Management Agency (FEMA).
    Date of approval: June 20, 2011.
    FEMA Office of National Capital Region Coordination owns and 
operates the F/ERO Repository. FEMA uses the F/ERO Repository as the 
authoritative data source to identify and verify Federal employees/
contractors, and participating non-Federal employees/contractors likely 
to respond during times of response and recovery for natural disasters, 
terrorism, or other emergencies. The F/ERO Repository allows for 
immediate electronic verification of an employee/contractor's personal 
identity and emergency management attribute at a given disaster zone. 
The purpose of this PIA is to document how FEMA collects, uses, 
maintains, and disseminates PII.
    System: DHS/CISOMB/PIA-001 Virtual Ombudsman System.
    Component: Citizenship and Immigration Services Ombudsman (CISOMB).
    Date of approval: June 22, 2011.
    The Virtual Ombudsman system has undergone a PIA 3-Year Review 
requiring no changes and continues to accurately relate to its 
originally stated mission. The Office of the CISOMB or Ombudsman at the 
DHS, as mandated by the Homeland Security Act of 2002 Sec.  452, is an 
independent office that reports directly to the Deputy Secretary of 
Homeland Security. The CISOMB: (1) Assists individuals and employers 
with resolving problems with USCIS; (2) identifies areas in which 
individuals and employers have problems in dealing with USCIS; and (3) 
proposes changes to mitigate those problems. CISOMB has developed the 
Virtual Ombudsman System to ensure the efficient and secure processing 
of information to aid the Ombudsman in assisting individuals and 
employers and making systemic recommendations to USCIS. CISOMB is 
conducting this PIA because these transactions require collection of 
PII.
    System: DHS/USCIS/PIA-027(a) Refugees, Asylum, and Parole System 
and the Asylum Pre-Screening System (APSS).
    Component: USCIS.
    Date of approval: June 30, 2011.
    The United States DHS, USCIS is updating the PIA for the Refugees, 
Asylum, and Parole System (RAPS) and the APSS in order to provide 
further notice of the expansion of routine sharing of RAPS with the 
intelligence community in support of the Department's mission to 
protect the United States from potential terrorist activities.
    System: DHS/S&T/PIA-023--Biometrics Access Control System at the 
Transportation Security Lab.
    Component: Science and Technology (S&T).
    Date of approval: July 1, 2011.
    Biometrics Access Control System is a building facilities access 
control system used at the DHS S&T Directorate's Transportation 
Security Lab. The system relies on biometrics (fingerprint and iris 
recognition) to enhance the physical security of the lab and provides a 
demonstration of advanced technologies. The S&T TSL is conducting a PIA 
because PII is collected during the testing and operational use of this 
system.
    System: DHS/USCG/PIA-002(c)--United States Coast Guard (USCG) 
``Biometrics at Sea'' (BASS) Update.
    Component: USCG.
    Date of approval: July 12, 2011.
    BASS update allows merchant mariners to determine the status of 
their credential application using the Homeport Internet Portal. 
Homeport uses the identification information provided by the mariner to 
match records from the Merchant Mariner Licensing and Documentation 
system and provide mariners the current status of their credential 
application. Information provided by the mariner will be used solely 
for matching records and will not be retained in Homeport at the 
completion of the online session.
    System: DHS/NPPD/PIA-006(a) Protected Critical Infrastructure 
Management System (PCIIMS).
    Component: National Protection and Programs Directorate (NPPD).
    Date of approval: July 13, 2011.
    The Protected Critical Infrastructure Information Program, part of 
the DHS, NPPD, Office of Infrastructure Protection, Infrastructure 
Information Collection Division, facilitates the sharing of PCII 
between the government and the private sector. The PCIIM System Final 
Operating Capability is an IT system and the means by which PCII 
submissions from the private sector are received and cataloged, and 
PCII Authorized Users are registered and managed. The PCII Program 
conducted this PIA to analyze and evaluate the privacy impact resulting 
from the consolidation of the PCIIMS Initial Operating Capability 
functionalities into PCIIMS FOC, as well as the collection of limited 
PII from the submitting individuals and PCII Authorized Users for 
contact purposes.
    System: DHS/ALL/PIA-027(b) Watchlist Service (WLS) Update.
    Component: DHS.
    Date of approval: July 19, 2011.
    DHS currently uses the Terrorist Screening Database (TSDB), a 
consolidated database maintained by the Department of Justice Federal 
Bureau of Investigation Terrorist Screening Center (TSC) that contains 
identifying information about those known or reasonably suspected of 
being involved in terrorist activity, in order to facilitate DHS 
mission-related functions, such as counterterrorism, law enforcement, 
border security, and inspection activities. In July 2010, DHS launched 
an improved method of transmitting TSDB data from TSC to DHS through a 
new service called DHS WLS. At that time, DHS published a PIA to 
describe and analyze privacy risks associated with this new service. 
The WLS maintains a synchronized copy of the TSDB, which contains PII, 
and disseminates it to authorized DHS components. DHS is issuing this 
PIA update to add the U.S. CBP Automated Targeting System as an 
authorized recipient of TSDB data via the WLS.
    System: DHS/CBP/PIA-007(a) Electronic System for Travel 
Authorization (ESTA) Fee and Information Sharing Update.
    Component: Customs and Border Protection (CBP).
    Date of approval: July 19, 2011.
    U.S. CBP is publishing this update to the PIA for the ESTA Fee and 
Information Sharing Update dated June 3, 2008. ESTA is a Web-based 
application and screening system used to determine whether certain 
aliens are eligible to travel to the U.S. under the Visa Waiver 
Program. This update will evaluate the privacy impacts of updating the 
login procedures,

[[Page 58816]]

collecting an application fee, and adding the Pay.gov tracking number 
and country of birth information to the ESTA system of records. 
Additionally, this update is to provide further notice of the expansion 
of routine sharing of ESTA with the intelligence community in support 
of DHS's mission to protect the U.S. from potential terrorist 
activities.
    System: DHS/FEMA/PIA-014(a) National Emergency Family Registry and 
Locator System (NEFRLS) Update.
    Component: FEMA.
    Date of approval: July 25, 2011.
    DHS FEMA operates the NEFRLS system, a Web-based system that 
collects information from individuals to assist in reuniting family 
that have been displaced as a result of a Presidentially-declared 
disaster or emergency. An initial PIA was completed and approved for 
the NEFRLS system on August 27, 2009. This PIA update outlines and 
analyzes substantive enhancements made to the NEFRLS system including 
new information collected on law enforcement officers for identity 
verification and authentication purposes. When FEMA is conducting a 
search on behalf of a displaced individual the collection of cell phone 
numbers allows the FEMA Disaster Assistance Improvement Program system 
to use its text messaging functions to notify the individual when an 
official missing person report has been submitted.
    System: DHS/ICE/PIA-029 Alien Medical Records System.
    Component: ICE.
    Date of approval: July 25, 2011.
    U.S. ICE maintains medical records on aliens that ICE detains for 
violations of U.S. immigration law. Aliens held in ICE custody in a 
facility staffed by the ICE Health Services Corps, a division of ICE's 
Office of Enforcement and Removal Operations, receive physical exams 
and treatment, dental services, and pharmacy services, depending on the 
alien's medical conditions and length of stay. To properly record the 
medical assessments and services, ICE operates several IT systems that 
maintain electronic medical record information: CaseTrakker, MedEZ, 
Dental X-Ray System, the Criminal Institution Pharmacy System, the 
Medical Payment Authorization Request System (MedPAR), and the Medical 
Classification Database. This PIA describes the data maintained in 
these medical record systems, the purposes for which this information 
is collected and used, and the safeguards ICE has implemented to 
mitigate the privacy and security risks to PII stored in these systems.
    System: DHS/NPPD/PIA-019 Secure Handling of Ammonium Nitrate 
Program.
    Component: NPPD.
    Date of approval: July 25, 2011.
    DHS, NPPD, published this PIA to provide a comprehensive analysis 
of the proposed Ammonium Nitrate Security Program. The proposed 
Ammonium Nitrate Security Program seeks to prevent the misappropriation 
or use of ammonium nitrate in an act of terrorism by regulating the 
sale and transfer of ammonium nitrate by ammonium nitrate facilities. 
This PIA provides transparency into how the proposed Ammonium Nitrate 
Security Program will support the homeland security and infrastructure 
protection missions of DHS/NPPD through the collection of PII, and 
describes reasonable mitigation solutions proposed to be implemented to 
address privacy and security risks. This PIA will be updated with any 
changes to the program concurrently with the rule making process.
    System: DHS/USSS/PIA-004 Counter Surveillance Unit Reporting (CSUR) 
Database.
    Component: United States Secret Service.
    Date of approval: July 27, 2011.
    The United States Secret Service (Secret Service or USSS) has 
created the CSUR Database. CSUR assists Secret Service employees in 
managing, analyzing, and distributing intelligence information 
regarding threats or potential threats to the safety of individuals, 
events, and facilities protected by the Secret Service. The Secret 
Service is conducting this PIA because CSUR contains PII regarding 
subjects of protective interest to the Secret Service.
    System: DHS/ICE/PIA-030 Security Management Closed-Circuit 
Television (SM-CCTV) System.
    Component: ICE.
    Date of approval: August 4, 2011.
    The SM-CCTV System is owned and operated by U.S. ICE, a component 
agency within the DHS. The SM-CCTV System is a video-only recording 
system installed to monitor the interior and exterior of ICE 
facilities. ICE conducted this PIA because the system has the ability 
to capture images of people, license plates, and any other visual 
information within range of its cameras.
    System: DHS/CBP/PIA-009(a) TECS System: CBP Primary and Secondary 
Processing (TECS) National Suspicious Activity Report (SAR) Initiative.
    Component: CBP.
    Date of approval: August 5, 2011.
    CBP is publishing this update to the PIA for DHS/CBP/PIA-009 the 
TECS System: Primary and Secondary Processing (TECS), dated December 
22, 2010. TECS (not an acronym) is the updated and modified version of 
the former Treasury Enforcement Communications System. TECS is owned 
and managed by the DHS component CBP. TECS is the principal system used 
by officers at the border to assist with screening and determinations 
regarding admissibility of arriving persons. This update will evaluate 
the privacy impacts of identifying certain of the operational records 
maintained in TECS as SARs for inclusion in the National SAR 
Initiative, which is led by the Department of Justice on behalf of the 
entire Federal government.
    System: DHS/TSA/PIA-016 Screening of Passengers by Observation 
Techniques (SPOT) Program.
    Component: TSA.
    Date of approval: August 5, 2011.
    The SPOT program is a behavior observation and analysis program 
designed to provide Behavior Detection Officers with a means of 
identifying persons who pose or may pose potential transportation 
security risks by focusing on behaviors indicative of high levels of 
stress, fear, or deception. The SPOT program is a derivative of other 
behavioral analysis programs that have been successfully employed by 
law enforcement and security personnel both in the U.S. and around the 
world.
    System: DHS/NPPD/PIA-017 National Infrastructure Coordinating 
Center Suspicious Activity Reporting Initiative Privacy Impact 
Assessment Update (NICC SARS).
    Component: NPPD.
    Date of approval: August 12, 2011.
    DHS NPPD Office of Infrastructure Protection NICC is publishing 
this PIA to reflect activities under its SAR Initiative. The NICC SAR 
Initiative serves as a mechanism by which a report involving suspicious 
behavior related to an observed encounter or reported activity is 
received and evaluated to determine its potential nexus to terrorism. 
NICC is conducting this PIA because SAR occasionally contains PII and 
NICC will be collecting and contributing SAR data for reporting and 
evaluation proceedings.
    System: DHS/US-VISIT/PIA-005(a) Arrival and Departure Information 
System (ADIS).
    Component: US-VISIT.
    Date of approval: August 12, 2011.
    ADIS has undergone a PIA 3-Year Review requiring no changes and 
continues to accurately relate to its stated mission. This PIA for ADIS 
describes changes to ADIS corresponding to the publication of a new 
ADIS system of records notice. As

[[Page 58817]]

now proposed, ADIS will be a DHS-wide system to serve certain programs, 
including those of the intelligence community, that require 
information, in support of the DHS mission, on individuals who seek to 
enter or who have arrived in or departed from the U.S. US-VISIT has 
conducted this PIA update based on these proposed changes.
    System: DHS/TSA/PIA-0018(b) Secure Flight Program Update.
    Component: TSA.
    Date of approval: August 15, 2011.
    The Secure Flight program will match identifying information of 
aviation passengers and certain non-travelers against the No Fly and 
Selectee portions of the consolidated and integrated terrorist watch 
list and, if warranted by security considerations, other watch lists 
maintained by the Federal government. The TSA published a Final Rule 
and PIA in October 2008, outlining TSA's expected implementation of the 
Secure Flight program. This update reflects changes in the Secure 
Flight operational environment. Unless otherwise noted, the information 
provided in previously published PIAs remain in effect. Individuals are 
encouraged to read all program PIAs to have an understanding of TSA's 
privacy assessment of the Secure Flight program.
    System: DHS/ALL/PIA-040 Electronic Patient Care Reporting System 
(ePCR).
    Component: DHS.
    Date of approval: August 25, 2011.
    The DHS Office of Health Affairs (OHA) is implementing a Web-based 
Commercial off the Shelf Internet software service called the ePCR. The 
ePCR system will establish a standardized approach to document care 
rendered by DHS Emergency Medical Services (EMS) medical care providers 
in pre-hospital environments. The system will also enhance OHA's 
capability to evaluate quality of care delivery, quality assurance, 
performance improvement, and risk management activities. OHA conducted 
this PIA because accurate documentation and quality assurance of EMS 
care provided necessarily includes gathering PII from patient 
encounters.
    System: DHS/USCIS/PIA-0015(a) Computer Linked Application 
Information Management System (CLAIMS 4) Update.
    Component: USCIS.
    Date of approval: August 31, 2011.
    The USCIS is publishing this update to the PIA for the CLAIMS 4 
dated September 5, 2008. CLAIMS 4 is an electronic case management 
system used to track and process applications for naturalization. The 
purpose of this update is to: (1) Discuss the disposition of the Change 
of Address subsystem; (2) discuss the disposition of the Complete File 
Review subsystem; (3) describe the new privacy impacts associated with 
the exchange of zip codes between the Site Profile System and CLAIMS 4; 
(4) describe the new privacy impacts associated with the capturing of 
certain digitized biometric images through the Benefits Biometric 
Support System; and (5) provide notice of a pilot program under which 
DHS is expanding the sharing of CLAIMS 4 data with the National 
Counterterrorism Center in support of DHS's mission to protect the U.S. 
from potential terrorist activities.

    Dated: September 7, 2011.
Mary Ellen Callahan,
Chief Privacy Officer, Department of Homeland Security.
[FR Doc. 2011-24220 Filed 9-21-11; 8:45 am]
BILLING CODE 9110-9L-P