[Federal Register Volume 78, Number 36 (Friday, February 22, 2013)]
[Notices]
[Pages 12337-12343]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2013-04109]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Office of the Secretary


Published Privacy Impact Assessments on the Web

AGENCY: Privacy Office, DHS.

ACTION: Notice of Publication of Privacy Impact Assessments.

-----------------------------------------------------------------------

SUMMARY: The Department of Homeland Security (DHS) Privacy Office is 
making available thirty-eight Privacy Impact Assessments (PIA) on 
various programs and systems in the Department. These assessments were 
approved and published on the Privacy Office's Web

[[Page 12338]]

site between June 1, 2012, and November 30, 2012.

DATES: The PIA will be available on the DHS Web site until April 23, 
2013, after which they may be obtained by contacting the DHS Privacy 
Office (contact information below).

FOR FURTHER INFORMATION CONTACT: Jonathan R. Cantor, Acting Chief 
Privacy Officer, Department of Homeland Security, Washington, DC 20528, 
or email: [email protected].

SUPPLEMENTARY INFORMATION: Between June 1, 2012, and November 30, 2012, 
the DHS Chief Privacy Officer and Acting Chief Privacy Officer approved 
and published thirty-eight PIAs on the DHS Privacy Office Web site, 
www.dhs.gov/privacy, under the link for ``Privacy Impact Assessments.'' 
Below is a short summary of those programs, indicating the DHS 
component responsible for the system and the date on which the PIA was 
approved. Additional information can be found on the Web site or by 
contacting the Privacy Office.
    System: DHS/S&T/PIA-025 Gaming System Monitoring and Analysis 
Effort.
    Component: Science and Technology Directorate (S&T).
    Date of approval: June 1, 2012.
    The Gaming System Monitoring and Analysis project is a research 
effort funded by the Department's S&T Cyber Security Division to design 
and develop forensic tools for extracting data from gaming systems. S&T 
conducted a PIA because gaming systems used in this research project 
may contain personally identifiable information (PII).
    System: DHS/CBP/PIA-006(b) Automated Targeting System (ATS).
    Component: U.S. Customs and Border Protection (CBP).
    Date of approval: June 1, 2012.
    As a decision support tool, ATS compares traveler, cargo, and 
conveyance information against law enforcement, intelligence, and other 
enforcement data using risk-based targeting scenarios and assessments. 
This PIA was conducted to notify the public about the changes in 
modules and expansion of access to datasets used by and stored in ATS.
    This PIA was published in conjunction with an updated System of 
Records Notice, 77 FR 30297 (May 22, 2012).
    System: DHS/CBP/PIA-010 Analytical Framework for Intelligence 
(AFI).
    Component: CBP.
    Date of approval: June 1, 2012.
    AFI enhances DHS's ability to identify, apprehend, and prosecute 
individuals who pose a potential law enforcement or security risk, and 
aids in the enforcement of customs and immigration laws, and other laws 
enforced by DHS at the border. AFI is used for the purposes of: (1) 
Identifying individuals, associations, or relationships that may pose a 
potential law enforcement or security risk, targeting cargo that may 
present a threat, and assisting intelligence product users in the field 
in preventing the illegal entry of people and goods, or identifying 
other violations of law; (2) conducting additional research on persons 
and/or cargo to understand whether there are patterns or trends that 
could assist in the identification of potential law enforcement or 
security risks; and (3) sharing finished intelligence products 
developed in connection with the above purposes with DHS employees who 
have a need to know in the performance of their official duties and who 
have appropriate clearances or permissions. Finished intelligence 
products are tactical, operational, and strategic law enforcement 
intelligence products that have been reviewed and approved for sharing 
with finished intelligence product users and authorities outside of 
DHS, pursuant to routine uses in the published Privacy Act System of 
Records Notice.
    In order to mitigate privacy and security risks associated with the 
deployment of AFI, CBP has built technical safeguards into AFI and 
developed a governance process that includes the operational components 
of CBP, the oversight functions of the CBP Privacy Officer and Office 
of Chief Counsel, and the Office of Information and Technology. 
Additionally, the DHS Privacy Office provides oversight for the 
program.
    This PIA was necessary because AFI accesses and stores PII 
retrieved from DHS, other federal agency, and commercially available 
databases.
    System: DHS/FEMA/PIA-027 Accounting Package (ACCPAC).
    Component: Federal Emergency Management Agency (FEMA).
    Date of approval: June 8, 2012.
    FEMA, Office of the Chief Financial Officer, Debt Establishment 
Unit, owns and operates the ACCPAC application. ACCPAC is a commercial-
off-the-shelf product that assists FEMA Accounts Receivable personnel 
in tracking, monitoring, and managing debts owed to the Agency. FEMA 
conducted this PIA because ACCPAC collects, uses, maintains, retrieves, 
and disseminates PII, including Employer Identification Numbers and 
Social Security Numbers, to perform its tasks.
    System: DHS/FEMA/PIA-027 National Emergency Management Information 
System--Individual Assistance (NEMIS-IA) Web-based and Client-based 
Modules.
    Component: FEMA.
    Date of approval: June 29, 2012.
    FEMA, Office of Response and Recovery, Recovery Directorate, and 
National Processing Service Center Division operate the National 
Emergency Management Information System (NEMIS) Individual Assistance 
(IA) system. NEMIS-IA supports FEMA's recovery mission under the Robert 
T. Stafford Disaster Relief and Emergency Assistance Act, Pub. L. 93-
288, as amended, by processing information obtained from disaster 
recovery assistance applications via the Disaster Assistance 
Improvement Program/Disaster Assistance Call Center system. NEMIS-IA, 
which consists of both client-based and web-based modules, also 
utilizes business rules to detect and prevent ``duplication of 
benefits.'' FEMA conducted this PIA because NEMIS-IA collects, uses, 
maintains, retrieves, and disseminates the PII of applicants to FEMA's 
disaster recovery individual assistance programs.
    System: DHS/FEMA/PIA-026 Operational Data Store (ODS) and 
Enterprise Data Warehouse (EDW) systems.
    Component: FEMA.
    Date of approval: June 29, 2012.
    FEMA and the Office of the Chief Information Officer own and 
operate the ODS and EDW systems. ODS and EDW replicate source system-
provided data from other operational FEMA systems and provide a 
simplified way of producing Agency reports for internal use as well for 
external stakeholders. These reports relate to FEMA mission activities, 
such as FEMA's readiness to deploy, disaster response, internal 
operations, and oversight. Reports are based on the needs of the 
particular program requirements or mission-related activity. Each 
source system has a separate data mart within the ODS to ensure that 
information is not commingled and that the source system rules for use 
are followed within the ODS. Data marts allow for the manipulation of 
data while at the same time ensuring that the exact same data within 
the source system remains static. FEMA conducted this PIA because ODS 
and EDW collect, use, maintain, retrieve, and disseminate PII pulled 
from the source systems.
    System: DHS/FEMA/PIA-025 Hazard Mitigation Grant Program (HMGP) 
System.
    Component: FEMA.

[[Page 12339]]

    Date of approval: June 29, 2012.
    FEMA's Federal Insurance and Mitigation Administration (FIMA) 
operates the HMGP system. The HMGP system is a grant application and 
management system. FEMA conducted this PIA because the FEMA FIMA HMGP 
system may collect, use, maintain, retrieve, and disseminate the PII of 
grantees or sub-grantees as well as the PII of individual property 
owners associated with the grants or sub-grants.
    System: DHS/ALL/PIA-042 Department of Homeland Security (DHS) 
Closed-Circuit Television (CCTV).
    Component: DHS-wide.
    Date of approval: July 18, 2012.
    DHS and its components deploy a number of CCTV systems throughout 
the Department. DHS' CCTV systems are used to obtain real-time and 
recorded visual information in and around federal worksites and 
facilities to aid in crime prevention and criminal prosecution, enhance 
officer safety, secure physical access, promote cost savings, and 
assist in terrorism investigation and terrorism prevention. DHS 
conducted this PIA because these systems have the ability to capture 
images of people, license plates, and other visual information within 
range of the cameras. This PIA replaced existing CCTV PIAs. Those PIAs 
were retired with the publication of this PIA and are listed in an 
appendix.
    System: DHS/ICE/PIA-010(a) The National Child Victim Identification 
System (NCVIS).
    Component: U.S. Immigration and Customs Enforcement (ICE).
    Date of approval: July 18, 2012.
    NCVIS is owned by ICE, Homeland Security Investigations (HSI), and 
is an application that assists federal, state, local, and international 
law enforcement agencies, INTERPOL, and other supporting organizations, 
such as the National Center for Missing and Exploited Children 
(hereafter, authorized partners) in the investigation and prosecution 
of child exploitation crimes, specifically those involving images of 
child sexual exploitation. NCVIS maintains a repository of digital 
images of child exploitation seized and/or submitted to ICE for 
comparison by law enforcement agencies. These images may capture the 
faces or other identifying features of the victims and violators 
involved in these crimes. HSI is expanding the scope of system 
information that is shared with authorized partners that maintain their 
own databases of images related to child exploitation crimes for the 
purposes of identifying the child victims and supporting law 
enforcement investigations and prosecutions of these crimes. This 
expanded sharing is intended to allow law enforcement personnel to use 
these images during investigations to identify and rescue child victims 
as well as to identify and prosecute the perpetrators of these crimes. 
HSI is also expanding the range of images shared with law enforcement 
agencies that have requested a matching report of an image submitted 
for NCVIS comparison. The PIA for NCVIS was originally published on 
August 21, 2009. Because HSI is expanding the scope of NCVIS 
information that is shared with authorized partners, an update to the 
NCVIS PIA was required.
    System: DHS/NPPD/PIA-021(a) Joint Cybersecurity Services Program 
Defense Industrial Base (DIB)--Enhanced Cybersecurity Services (DECS).
    Component: National Protection and Programs Directorate (NPPD).
    Date of approval: July 18, 2012.
    The Joint Cybersecurity Services Pilot (JCSP) is the Department's 
voluntary information sharing initiative with the Department of Defense 
(DOD) and participating commercial companies. NPPD is updating the DHS/
NPPD/PIA-021 National Cyber Security Division Joint Cybersecurity 
Services Pilot PIA published on January 13, 2012, to reflect the 
establishment of the JCSP as an ongoing permanent program (now known as 
the Joint Cybersecurity Services Program (JCSP)). The purpose of the 
program is to enhance the cybersecurity of participating critical 
infrastructure entities through information sharing partnerships with 
the critical infrastructure organization or their Commercial Service 
Provider (CSP). The first phase of the JCSP will focus on the cyber 
protection of the Defense Industrial Base (DIB) companies that are 
participating in the DoD's Cyber Security/Information Assurance (CS/IA) 
Program. This sub-program is known as the DIB Enhanced Cybersecurity 
Services (DECS). The JCSP may also be used to provide equivalent 
protection to participating Federal civilian agencies pending 
deployment of EINSTEIN intrusion prevention capabilities.
    System: DHS/CBP/PIA-007(b) Electronic System for Travel 
Authorization (ESTA).
    Component: CBP.
    Date of approval: July 18, 2012.
    CBP published this update to the PIA for ESTA, last updated July 
18, 2011. ESTA is a web-based application and screening system used to 
determine whether certain aliens are eligible to travel to the United 
States under the Visa Waiver Program. CBP conducted this updated PIA to 
evaluate the privacy impact of including the Internet Protocol address 
associated with a submitted ESTA application for vetting purposes, as 
well as to evaluate the privacy impact of various updates to the ESTA 
System of Records Notice, including updates and clarifications to the 
routine uses and a new routine use permitting the sharing of 
information in connection with judicial proceedings.
    System: DHS/TSA/PIA-037 Automated Wait Time (AWT).
    Component: Transportation Security Administration (TSA).
    Date of approval: July 22, 2012.
    TSA will test and deploy systems automating the collection of 
information to calculate passenger average wait time in the checkpoint 
queue. TSA's AWT system utilizes information broadcast from 
Bluetooth[supreg]-enabled devices carried by individuals in the general 
checkpoint queuing area to calculate wait times and deploy resources, 
as appropriate, to reduce delays in checkpoint queues. In the interest 
of transparency to the public, this PIA was conducted pursuant to 
Section 222 of the Homeland Security Act to assess privacy risk from 
the AWT system. In order to ensure that AWT systems sustain and do not 
erode privacy protections, TSA developed and implemented processes that 
give effect to the Fair Information Practice Principles while 
generating statistical data used for improving checkpoint operations.
    System: DHS/CBP/PIA-012 CBP Portal (E3) to ENFORCE/IDENT.
    Component: CBP.
    Date of approval: July 25, 2012.
    CBP has established E3, the CBP portal to U.S. Immigration and 
Customs Enforcement's Immigration and Enforcement Operational Records 
System, Enforcement Integrated Database and US-VISIT's Automated 
Biometric Identification System (IDENT), to collect and transmit data 
related to law enforcement activities. E3 collects and transmits 
biographic, encounter, and biometric data including, but not limited 
to, fingerprints for identification and verification of individuals 
encountered at the border for CBP's law enforcement and immigration 
mission. In addition to the collection of fingerprints, beginning at 
the end of July 2012, the E3 portal began a six-week pilot program to 
collect iris scans of individuals apprehended by CBP Border Patrol at 
the McAllen, Texas, Border Patrol Station. Collection of iris scans 
provides the capability to capture biometric data from individuals if 
their fingerprints cannot be obtained, and also to biometrically 
compare and authenticate an individual's identity. In different

[[Page 12340]]

operational environments, iris scans can be captured more quickly than 
fingerprints, are as or more reliable in providing a unique biometric, 
do not involve the touching of the subject with respect to those 
cultures for whom such contact poses a concern, and require less 
storage capacity and transmission bandwidth than fingerprints. This PIA 
was conducted because E3 requires the collection of PII.
    System: DHS/ICE/PIA-015(e) Enforcement Integrated Database (EID)--
EAGLE.
    Component: ICE.
    Date of approval: July 25, 2012.
    ICE has established a new subsystem within EID called EID Arrest 
Guide for Law Enforcement (EAGLE). EAGLE is a booking application used 
by ICE law enforcement officers to process the biometric and biographic 
information of individuals arrested by ICE for criminal violations of 
law and administrative violations of the Immigration and Nationality 
Act. Once fully deployed, EAGLE will replace the existing EID booking 
applications, the Enforcement Apprehension and Booking Module, Mobile 
IDENT, and WebIDENT, and will perform the identical functions of those 
applications as described below and in the EID PIA. EAGLE will also 
forge a new connection to the Department of Defense's (DOD) Automated 
Biographic Information System (ABIS) and permit the comparison of the 
fingerprints of foreign nationals arrested by ICE with the DOD's 
information in ABIS. This PIA update was conducted to provide public 
notice of the operation of the EAGLE booking system and its 
interconnection to the DOD ABIS database.
    System: DHS/OPS/PIA-008 Homeland Security Information Network R3 
User Accounts (HSIN).
    Component: Operations Coordination and Planning (OPS).
    Date of approval: July 25, 2012.
    HSIN is maintained by the Department of Homeland Security, OPS. 
HSIN is designed to facilitate the secure integration and 
interoperability of information-sharing resources among federal, state, 
local, tribal, private-sector commercial, and other non-governmental 
stakeholders involved in identifying and preventing terrorism as well 
as in undertaking incident management activities. HSIN is a user-
driven, web-based, information-sharing platform that connects all 
homeland security mission partners within a wide spectrum of homeland 
security mission areas. OPS conducted this PIA because HSIN collects 
PII in the form of user account registration information from HSIN 
users in order to allow them access to the HSIN Release 3 (R3) 
community.
    System: DHS/OPS/PIA-007 Homeland Security Information Network 3.0 
Shared Spaces.
    Component: OPS.
    Date of approval: July 25, 2012.
    OPS maintains HSIN on the Sensitive but Unclassified network. HSIN 
is designed to facilitate the secure integration and interoperability 
of information-sharing resources between federal, state, local, tribal, 
territorial, private sector, international, and other non-governmental 
partners involved in identifying and preventing terrorism as well as in 
undertaking incident management activities. HSIN is a user-driven, web-
based, information-sharing platform that connects all homeland security 
mission partners within a wide spectrum of homeland security mission 
areas. OPS conducted this PIA because the substantive material posted 
and shared within the HSIN collaboration spaces contains PII about 
members of the public who are the subject of documents, reports, or 
bulletins contained in those spaces.
    System: DHS/NPPD/PIA-009 Chemical Facility Anti-Terrorism Standards 
(CFATS).
    Component: NPPD.
    Date of approval: July 26, 2012.
    NPPD consolidated and updated this PIA for the CFATS regulations, 6 
CFR Part 27. This PIA replaced the former PIAs for the Chemical 
Security Assessment Tool and CFATS, in order to provide a unified 
analysis of the collection and use of PII as part of CFATS. CFATS is 
the DHS regulation that governs security at high-risk chemical 
facilities and represents a national-level effort to minimize terrorism 
risk to such facilities.
    System: DHS/USCIS/PIA-006(a) Systematic Alien Verification for 
Entitlements (SAVE).
    Component: U.S. Citizenship and Immigration Services (USCIS).
    Date of approval: July 27, 2012.
    USCIS's Verification Division published an update to the SAVE 
Program PIA dated August 26, 2011. SAVE is a fee-based, inter-
governmental initiative designed to help federal, state, tribal, and 
local government agencies confirm immigration status prior to the 
granting of benefits and licenses, as well as for other lawful 
purposes. USCIS updated this PIA to: (1) Describe the new collection of 
foreign passport country of issuance from agencies issuing benefits and 
from the United States Visitor and Immigrant Status Indicator 
Technology Arrival and Departure Information System, (2) describe the 
addition of Enterprise Citizenship and Immigration Services Centralized 
Operational Repository, (3) describe the decommissioning of the Image 
Storage and Retrieval System and replacement by the Customer Profile 
Management System, and (4) describe the decommissioning of the 
Reengineered Naturalization Applications Casework System and 
replacement by Claims Linked Application Information Management System 
4.
    System: DHS/USCIS/PIA-030(d) E-Verify Program.
    Component: USCIS.
    Date of approval: July 27, 2012.
    USCIS's Verification Division published an update to the DHS/USCIS-
030 E-Verify Program PIA. USCIS administers the E-Verify program, which 
allows participating employers the ability to verify the employment 
eligibility of all newly hired employees. USCIS updated this PIA to: 
(1) describe collection and verification of the foreign passport 
country of issuance through the U.S. Visitor and Immigrant Status 
Indicator Technology program's Arrival and Departure Information 
System, and (2) discuss the decommissioning of the Image Storage and 
Retrieval System (ISRS) and the Reengineered Naturalization 
Applications Casework System (RNACS) subsystems. The functionality 
previously provided by ISRS and RNACS will be replaced by the Customer 
Profile Management System and Claims Linked Application Information 
Management System 4, respectively.
    System: DHS/USCIS/PIA-036(a) Employment Eligibility Verification 
Requirements Under the Form I-9.
    Component: USCIS.
    Date of approval: July 27, 2012.
    The Verification Division of USCIS manages the business process in 
support of the statutory requirement that employers in the United 
States complete and maintain the Form I-9, Employment Eligibility 
Verification, to identify and verify employment authorization for all 
of their new employees. While the recent rulemakings that implemented 
changes to the Form I-9 did not impact what information DHS collects 
directly from individuals, which would trigger the requirement for a 
PIA, under the E-Government Act, USCIS conducted this PIA to provide 
more transparency into the design and use of the Form I-9, a key aspect 
of the employment eligibility verification process.
    System: DHS/TSA/PIA-030(a) Access to Sensitive Security Information 
(SSI) in Contract Solicitations.
    Component: TSA.
    Date of approval: July 27, 2012.

[[Page 12341]]

    TSA currently conducts security threat assessments (STA) on 
individuals and companies that seek access to SSI necessary to prepare 
a proposal in the pre-contract award phase of contracting with TSA. SSI 
is a form of unclassified information that if publicly released would 
be detrimental to transportation security. The standards governing SSI 
are promulgated under 49 U.S.C. 114(r) in 49 CFR. part 1520. There may, 
however, also be circumstances under which individuals and companies 
will require access to SSI in order to prepare a proposal for contracts 
with other governmental agencies (federal, state, or local level) or 
with private industry. TSA updated this PIA to reflect that TSA will 
perform STA on individuals and companies seeking access to SSI in order 
to prepare a proposal with such other entities.
    System: DHS/OPS/PIA-009 National Operations Center Operations 
Counterterrorism Desk (NCOD) Database.
    Component: OPS.
    Date of approval: July 30, 2012.
    The National Operations Center (NOC), within OPS, operates the NOC 
Counterterrorism Operations Desk (NCOD) and serves as the primary 
Department of Homeland Security point of contact to streamline 
counterterrorism Requests for Information (RFI). The NCOD Database is a 
tracking tool used by NCOD Officers to track all counterterrorism 
related incoming and outgoing inquiries. OPS conducted this PIA because 
the NCOD Database contains PII.
    System: DHS/NPPD/PIA-026 National Cybersecurity Protection System 
(NCPS).
    Component: NPPD.
    Date of approval: July 30, 2012.
    NCPS is an integrated system for intrusion detection, analysis, 
intrusion prevention, and information sharing capabilities that are 
used to defend the federal civilian government agencies' information 
technology infrastructure from cyber threats. The NCPS includes the 
hardware, software, supporting processes, training, and services that 
are developed and acquired to support its mission. NPPD conducted this 
PIA because PII may be collected by the NCPS, or through submissions of 
known or suspected cyber threats received by US-CERT for analysis. This 
PIA will serve as a replacement for previously published PIAs submitted 
by NSCD for the 24/7 Incident Handling Center (March 29, 2007), and the 
Malware Lab Network (May 4, 2010), and is a program-focused PIA to 
better characterize the efforts of NCPS and US-CERT.
    System: DHS/USCIS/PIA-044 Fraud Detection and National Security 
Directorate (FDNS).
    Component: USCIS.
    Date of approval: July 30, 2012.
    USCIS created the FDNS to strengthen the integrity of the nation's 
immigration system and to ensure that immigration benefits are not 
granted to individuals that may pose a threat to national security and/
or public safety. In addition, the FDNS is responsible for detecting, 
deterring, and combating immigration benefit fraud. USCIS conducted 
this PIA to document and assess how the FDNS collects, uses, and 
maintains PII.
    System: DHS/USCIS/PIA-045 Deferred Action for Childhood Arrivals.
    Component: USCIS.
    Date of approval: August 14, 2012.
    On June 15, 2012, Secretary of Homeland Security Janet Napolitano 
(the Secretary) issued a DHS memorandum entitled, ``Exercising 
Prosecutorial Discretion with Respect to Individuals Who Came to the 
United States as Children.'' The Secretary addressed the memorandum to 
the Acting Commissioner of U.S. Customs and Border Protection, and to 
the Directors of USCIS and U.S. Immigration and Customs Enforcement. 
The Secretary's memorandum set forth how prosecutorial discretion may 
be exercised in cases involving certain people who arrived in the 
United States as children. The Secretary emphasized that generally, 
this population lacked the intent to violate the law, and that her 
memorandum would ensure enforcement resources would not be expended on 
these low priority cases.
    The basis for the Secretary's memorandum is the Secretary's 
authority to exercise prosecutorial discretion by deferring action in 
appropriate cases. Prosecutorial discretion is the authority to 
determine how and when to exercise enforcement authority in line with 
agency priorities. Deferred action is an exercise of this prosecutorial 
discretion to defer removal action against certain individuals who are 
unlawfully present in the United States in order to devote scarce 
enforcement resources to the highest priority removal cases, including 
individuals who pose a danger to national security or public safety or 
have been convicted of specific crimes. USCIS published this PIA 
because the deferred action for childhood arrivals process associated 
with this memorandum involves the collection and use of PII.
    System: DHS/ALL/PIA-042 Department of Homeland Security (DHS) 
Personal Identity Verification (PIV).
    Component: DHS-Wide.
    Date of approval: August 23, 2012.
    DHS updated the PIV Privacy Impact Assessment Update to reflect 
changes in Departmental requirements and enhanced interoperability with 
US-VISIT Automated Biometric Identification System and the Federal 
Bureau of Investigation Criminal Justice Information Services, 
Integrated Automated Fingerprint Identification System, DHS Component 
Physical Access Control Systems, DHS Component Active Directories, as 
well as issuance of PIV-compatible credentials to visitors to DHS.
    System: DHS/S&T/PIA-001(a) Border Network (BorderNet) and Northeast 
Test Bed (NET-B).
    Component: S&T.
    Date of approval: August 23, 2012.
    BorderNet (formerly named the Border and Transportation Security 
Network, or BTSNet) is a technology test bed developed and maintained 
by the Department of Homeland Security (DHS), Science and Technology 
Directorate (S&T) located at the United States-Mexico border. The 
purpose of the test bed is to test and evaluate technologies in an 
operational environment that assist DHS Customs and Border Protection 
field agents in securing our nation's borders. S&T updated this PIA to 
reflect the addition of mobile enrollment technology and surveillance 
cameras, and the deployment of an additional test bed site at the 
United States-Canada border, called NET-B.
    System: DHS/S&T/PIA-024 Rapid Deoxyribonucleic Acid (DNA) System.
    Component: S&T.
    Date of approval: September 14, 2012.
    S&T developed the Rapid DNA System primarily to meet the need of 
U.S. Citizenship and Immigration Services (USCIS) to verify family 
relationships in refugee immigration processes. The Rapid DNA System 
performs rapid, low-cost DNA analysis to meet this USCIS need and may 
also address operational needs of other DHS components. S&T conducted 
this PIA because the collection and analysis of DNA information raises 
potential privacy concerns.
    System: DHS/TSA/PIA-038 Performance and Results Information System 
(PARIS).
    Component: TSA.
    Date of approval: September 18, 2012.
    TSA PARIS system is a database used for maintaining information 
associated with TSA's regulatory investigations, security incidents, 
and enforcement actions, as well as for recording the

[[Page 12342]]

details of security incidents involving passenger and property 
screening. PARIS maintains PII about individuals, including witnesses, 
involved in security incidents or regulatory enforcement activities. 
PARIS also creates and maintains a list of individuals who, based upon 
their involvement in security incidents of sufficient severity or 
frequency, are disqualified from receiving expedited screening for some 
period of time or permanently. The purpose of this PIA is to inform the 
public of changes in the use of PARIS and any resulting impact to 
personal privacy.
    System: DHS/CBP/PIA-004(f) Western Hemisphere Travel Initiative 
(WHTI).
    Component: CBP.
    Date of approval: September 24, 2012.
    CBP published this PIA to give notice of an update to the WHTI PIA. 
This update describes Phase I of the Beyond the Border entry/exit 
program, which is an initiative of the U.S.-Canada Beyond the Border 
Action Plan. The Beyond the Border entry/exit program will expand the 
sharing of border crossing information with the Canada Border Services 
Agency by exchanging biographic, travel document, and other border 
crossing information collected from individuals entering the United 
States from Canada and vice versa at land ports of entry. This exchange 
of border crossing entry information will assist both countries so that 
the record of an entry into one country establishes an exit record from 
the other, ultimately supporting each nation in their immigration and 
law enforcement missions, as well as facilitating cross-border travel. 
This PIA update covered Phase I of the entry/exit program only, which 
is limited to exchanging entry records from certain individuals (other 
than U.S. and Canadian citizens) at certain land ports of entry to 
measure the ability to reconcile biographic entry records between 
Canada and the United States. DHS will publish additional updates to 
this PIA in advance of deployment of any subsequent phases to the 
Beyond the Border entry/exit program.
    System: DHS/NPPD/PIA-011 Federal Protective Service (FPS) 
Information Support Tracking System (FISTS).
    Component: National Protection and Programs Directorate (NPPD).
    Date of review: October 4, 2012.
    This PIA was reviewed using the three-year PIA checklist. U.S. 
Immigration and Customs Enforcement (ICE), Federal Protective Service 
(FPS), Information Support Tracking System (FISTS), Contract 
Suitability Module is a web-based application used to automate the 
process for assessing the suitability of FPS and General Services 
Administration contract personnel to work in secure Federal buildings, 
and to track periodic background re-investigations of those contract 
employees. The system collects and maintains information on applicants 
and contractor personnel who work in secure Federal buildings such as 
security officers, childcare workers, cleaners, and other contracted 
service positions. FPS conducted this PIA because FISTS collects and 
uses PII on members of the public who seek or are currently employed in 
these positions within Federal facilities.
    System: DHS/FEMA/PIA-011 National Flood Insurance Program 
Information Technology System.
    Component: FEMA.
    Date of approval: October 12, 2012.
    DHS FEMA FIMA National Flood Insurance Program (NFIP) owns and 
operates the NFIP Information Technology System (ITS). The NFIP ITS 
processes flood insurance policies and claims, specifically, policies 
and claims from the FEMA Direct Servicing Agent (DSA) contractor on 
behalf of the NFIP and by Write Your Own Companies (WYO) that sell and 
service flood insurance policies. An NFIP flood insurance policy can be 
obtained directly from a DSA through a licensed insurance broker or 
from WYOs. Since 1983, participating insurance companies have delivered 
and serviced NFIP policies in their own names, through the ``Write Your 
Own'' arrangement. The policy coverage and premiums do not differ if 
purchased from the DSA or WYOs. FEMA conducted this PIA because NFIP 
ITS collects, uses, maintains, retrieves, and disseminates PII about 
individuals who purchase, as well as those who process, flood insurance 
policies from NFIP and individuals requesting access to the system.
    System: DHS/TSA/PIA-040 Port Authority of New York/New Jersey 
(PANYNJ) Secure Worker Access Consortium Vetting Services (SWAC).
    Component: TSA.
    Date of approval: November 13, 2012.
    TSA will conduct terrorism watch list checks of workers at PANYNJ 
facilities and job sites, including critical infrastructure such as 
airports, marine ports, bus terminals, rail transit facilities, 
bridges, tunnels, and real estate such as the World Trade Center 
memorial site. TSA will also conduct terrorism watch list checks of 
individuals identified by PANYNJ as requiring such checks for access to 
sensitive information, and for workers at facilities and job sites of 
PANYNJ regional partners. Results of the checks will not be reported to 
PANYNJ, but instead will be forwarded to the Federal Bureau of 
Investigation Terrorist Screening Center. This PIA was conducted 
pursuant to the E-Government Act of 2002 because PII will be collected 
to conduct terrorism watch list checks of workers at PANYNJ facilities 
and job sites.
    System: DHS/TSA/PIA-039 Trends and Patterns Branch (TPB).
    Component: TSA.
    Date of approval: November 13, 2012.
    TSA, Trends and Patterns Branch (TPB) seeks to improve the ability 
to identify potential risks to transportation security by discovering 
and analyzing previously unknown links or patterns among individuals 
who undergo a TSA security threat assessment, aviation passengers 
identified as a match to a watch list, and passengers who do not 
present acceptable identification documents to access the sterile area 
of an airport whose identity is unverified. TSA conducted this PIA 
because the TPB will collect and use PII to perform these functions.
    System: DHS/FEMA/PIA-012(a) Disaster Assistance Improvement Program 
(DAIP).
    Component: FEMA.
    Date of approval: November 16, 2012.
    FEMA, Office of Response & Recovery, Recovery Directorate, National 
Processing Service Center Operations Branch, sponsors and funds the 
DAIP. In accordance with Executive Order 13411 ``Improving Assistance 
for Disaster Victims,'' DAIP developed the Disaster Assistance Center 
(DAC) system. As a part of DAIP, DAC maintains disaster survivor 
application and registration information collected through various 
media including: (1) DAIP paper forms, (2) the 
www.disasterassistance.gov Web site, (3) the http://m.fema.gov mobile 
Web site, and (4) via telephone. DAIP/DAC shares the information with 
the National Emergency Management Information System- Individual 
Assistance (IA) module to facilitate eligibility determinations and 
with other federal, tribal, state, local, and non-profit agencies/
organizations that also service disaster survivors. FEMA conducted this 
PIA because DAIP/DAC collects, uses, maintains, retrieves, and 
disseminates PII of disaster survivors who either request IA benefits 
from FEMA or whom FEMA may refer to its partners.
    System: DHS/S&T/PIA-026 Robotic Aircraft for Public Safety (RAPS).
    Component: S&T.
    Date of approval: November 16, 2012.

[[Page 12343]]

    S&T and the State of Oklahoma are partnering on the RAPS project to 
test and evaluate Small Unmanned Aircraft Systems (SUAS) for potential 
use by the first responder community and DHS operational components. 
SUAS include small aircraft (typically under 55 pounds and having 
wingspans of 3-6 feet or less) that are operated using a wireless 
ground control station. The aircraft are equipped with sensors and 
cameras that can capture images and transmit them to a ground control 
system to provide aerial views of emergency situations and situational 
awareness. S&T conducted a PIA to address the privacy impact of the 
system's surveillance and image capturing capabilities.
    System: DHS/USCG/PIA-001(b) Homeport Internet Portal.
    Component: USCG.
    Date of approval: November 16, 2012.
    USCG currently uses the Homeport Internet Portal to provide secure 
information dissemination, advanced collaboration for Area Maritime 
Security Committees, electronic submission and approval for facility 
security plans, and complex electronic notification capabilities. 
Homeport includes a subsystem called the Alert Warning System (AWS), 
which provides USCG Headquarters, Districts, Sectors, and other units 
an enterprise solution for sending alerts and warnings to maritime 
security (MARSEC) partners, stakeholders, and appropriate port 
constituents for MARSEC level changes and other MARSEC-related 
activities requiring port-wide notifications. Through a Memorandum of 
Agreement between the USCG and the Transportation Security 
Administration (TSA), use of AWS capabilities will be shared between 
these two DHS components, thereby leveraging DHS investment in the 
system and avoiding duplicative operations and maintenance costs within 
DHS. The USCG issued this PIA update to include TSA operations center 
personnel as authorized users of Homeport's AWS, which contains non-
sensitive PII and disseminates airport security information to 
authorized recipients.
    System: DHS/ICE/PIA-029 Alien Medical Records Systems.
    Component: ICE.
    Date of approval: November 27, 2012.
    ICE maintains medical records on aliens that ICE detains for 
violations of U.S. immigration law. Aliens held in ICE custody in a 
facility staffed by the ICE Health Services Corps, a division of ICE's 
Office of Enforcement and Removal Operations, receive physical exams 
and treatment, dental services, and pharmacy services, depending on the 
alien's medical conditions and length of stay. To properly record the 
medical assessments and services, ICE operates the following 
information technology systems that maintain electronic medical record 
information: CaseTrakker, MedEZ, Dental X-Ray System, the Criminal 
Institution Pharmacy System, the Medical Payment Authorization Request 
Web System (MedPAR), and the Medical Classification Database. This PIA 
was originally published on July 25, 2011, and described the 
information in these medical record systems, the purposes for which 
this information was collected and used, and the safeguards ICE had 
implemented to mitigate the privacy and security risks to PII stored in 
these systems. The PIA was republished in full primarily to modify the 
description of the MedPAR system, which originally was to be hosted by 
the U.S. Department of Veterans Affairs, but now remains at ICE.

    Dated: February 13, 2013.
Jonathan R. Cantor,
Acting Chief Privacy Officer, Department of Homeland Security.
[FR Doc. 2013-04109 Filed 2-21-13; 8:45 am]
BILLING CODE 9110-9L-P