Published Privacy Impact Assessments on the Web, 58814-58817 [2011-24220]

Download as PDF 58814 Federal Register / Vol. 76, No. 184 / Thursday, September 22, 2011 / Notices Notice of this meeting is given under the Federal Advisory Committee Act, 5 U.S.C. App. The HSAC provides independent advice to the Secretary of the Department of Homeland Security to aid in the creation and implementation of critical and actionable policies and capabilities across the spectrum of homeland security operations. The HSAC will meet to review and approve the Southwest Border Task Force’s report of findings and recommendations. Public Participation: Members of the public will be in listen-only mode. The public may register to participate in this HSAC teleconference via afore mentioned procedures. Each individual must provide his or her full legal name, e-mail address and phone number no later than 5 p.m. EDT on October 14, 2011, to Pat McQuillan via e-mail at HSAC@dhs.gov or via phone at (202) 447–3135. HSAC conference call details and the draft Southwest Border Task Force report will be provided to interested members of the public at the time they register. Information on Services for Individuals with Disabilities: For information on facilities or services for individuals with disabilities, or to request special assistance during the teleconference, contact Pat McQuillan (202) 447–3135. SUPPLEMENTARY INFORMATION: Dated: September 16, 2011. Becca Sharp, Executive Director, Homeland Security Advisory Council, DHS. [FR Doc. 2011–24393 Filed 9–21–11; 8:45 am] BILLING CODE 9110–9M–P DEPARTMENT OF HOMELAND SECURITY Office of the Secretary Published Privacy Impact Assessments on the Web Privacy Office, DHS. Notice of Publication of Privacy Impact Assessments (PIA). AGENCY: ACTION: The Privacy Office of DHS is making available twenty-six PIAs on various programs and systems in DHS. These assessments were approved and published on the Privacy Office’s Web site between June 1, 2011 and August 31, 2011. DATES: The PIAs will be available on the DHS Web site until November 21, 2011, after which they may be obtained by contacting the DHS Privacy Office (contact information below). FOR FURTHER INFORMATION CONTACT: Mary Ellen Callahan, Chief Privacy jlentini on DSK4TPTVN1PROD with NOTICES SUMMARY: VerDate Mar<15>2010 17:29 Sep 21, 2011 Jkt 223001 Officer, Department of Homeland Security, Washington, DC 20528, or email: pia@hq.dhs.gov. SUPPLEMENTARY INFORMATION: Between June 1, 2011 and August 31, 2011, the Chief Privacy Officer of the DHS approved and published twenty-six Privacy Impact Assessments (PIAs) on the DHS Privacy Office Web site, https://www.dhs.gov/privacy, under the link for ‘‘Privacy Impact Assessments.’’ These PIAs cover twenty-six separate DHS programs. Below is a short summary of those programs, indicating the DHS component responsible for the system, and the date on which the PIA was approved. Additional information can be found on the Web site or by contacting the Privacy Office. System: DHS/USCIS/PIA–029(a) Eligibility Risk and Fraud Assessment Testing Environment (EFRA) Update. Component: United States Citizenship and Immigration Services (USCIS). Date of approval: June 1, 2011. The Office of Transformation Coordination of USCIS is planning to update the EFRA Testing Environment. This update describes the next phase of this tool to develop, test, and refine the tool’s risk and fraud business rules and to load biographic data from legacy systems before deploying to a full production environment. System: DHS/USCIS/PIA–037 Standard Lightweight Operational Programming Environment—RulesBased Tools Prototype (SLOPE–RBTP). Component: USCIS. Date of approval: June 2, 2011. DHS USCIS Office of Information Technology (IT) developed the SLOPE– RBTP to streamline the adjudication of Form I–90, Application to Replace Permanent Resident Card. SLOPE–RBTP electronically organizes and automates the adjudication of pending Form I–90 applications. USCIS is conducting this PIA because SLOPE–RBTP collects and uses personally identifiable information. System: DHS/ICE/PIA–028 Automated Threat Prioritization (ATP) Web Service. Component: Immigration and Customs Enforcement (ICE). Date of approval: June 6, 2011. The Office of the Chief Information Officer, in coordination with the Offices of Homeland Security Investigations and Enforcement and Removal Operations within ICE, is developing and implementing the Automated Threat Prioritization (ATP) Web service, which is an IT tool that uses configurable and scalable search and data sharing capabilities to improve and automate existing IT systems. ATP electronically receives processes and PO 00000 Frm 00048 Fmt 4703 Sfmt 4703 transmits criminal history information about individuals who are the subjects of a broad range of enforcement actions or whose criminal history is required to be evaluated by law to determine eligibility for a benefit or credential. For example, this service is intended to enhance and support ICE’s investigative and enforcement operations by automating criminal history data processing and aid in its prioritization of enforcement actions. ICE is conducting this PIA because the ATP service will transmit and process PII. This PIA, however, only describes the general functionality of the ATP service and not its implementation. System: DHS/USCIS/PIA–010(e)— USCIS Person Centric Query Service (PCQS) Supporting Immigration Status Verifiers of the USCIS Enterprise Service Directorate/Verification Division Update. Component: USCIS. Date of approval: June 8, 2011. This is an update to the existing PIA for the USCIS PCQS. This update describes the privacy impact of expanding the status verifier’s personsearch capability by adding the American Association of Motor Vehicle Administrators Network Service system to the existing PCQS query inventory. System: DHS/ALL/PIA–033 Google Analytics. Component: DHS. Date of approval: June 9, 2011. DHS is planning to utilize Google Analytics (https://www.google.com/ analytics) for viewing and analyzing traffic to DHS’s public-facing Web site(s), including components. Google Analytics is a free, external, third-party hosted, Web site analytics solution that generates robust information about the interactions of public-facing Web site visitors with DHS. Google Analytics must collect the full Internet Protocol (IP) address, which Google masks prior to use and storage, and provides DHS with non-identifiable aggregated information in the form of custom reports. DHS implemented the IP address masking feature within Google Analytics to avoid the use and storage of the full IP address. For example, when the last octet is truncated from the IP address, 192.168.0.1 becomes 192.168.0. This masking will affect the geographic location metric within Google Analytics. Google Analytics uses first-party cookies to track visitor interactions. DHS shall not collect, maintain, or retrieve PII including a visitor’s IP address during this analytics process operated by Google. Google Analytics shall not provide to DHS, share with Google or any Google product for additional analysis, or use E:\FR\FM\22SEN1.SGM 22SEN1 jlentini on DSK4TPTVN1PROD with NOTICES Federal Register / Vol. 76, No. 184 / Thursday, September 22, 2011 / Notices the full or masked IP address or information to draw any conclusions in the analytics product. DHS has expressly chosen to opt-out of sharing information with Google or any Google product for additional analysis. This PIA is being conducted to identify and mitigate privacy concerns associated with the use of Google Analytics. System: DHS/USCIS/PIA–038 Freedom of Information Act/Privacy Act (FOIA/PIA) Information Processing System. Component: USCIS. Date of approval: June 14, 2011. USCIS uses the FOIA/PA Information Processing System (FIPS) to process FOIA and PA requests from any person requesting access to USCIS records. FIPS uses document imaging, workflow, and Web-server technologies to enable USCIS to efficiently and effectively manage the FOIA/PA case life cycle. USCIS is conducting this PIA because FIPS uses PII and to address major changes to the application. System: DHS/FEMA/PIA–017 Federal/Emergency Response Official (F/ERO) Repository. Component: Federal Emergency Management Agency (FEMA). Date of approval: June 20, 2011. FEMA Office of National Capital Region Coordination owns and operates the F/ERO Repository. FEMA uses the F/ERO Repository as the authoritative data source to identify and verify Federal employees/contractors, and participating non-Federal employees/ contractors likely to respond during times of response and recovery for natural disasters, terrorism, or other emergencies. The F/ERO Repository allows for immediate electronic verification of an employee/contractor’s personal identity and emergency management attribute at a given disaster zone. The purpose of this PIA is to document how FEMA collects, uses, maintains, and disseminates PII. System: DHS/CISOMB/PIA–001 Virtual Ombudsman System. Component: Citizenship and Immigration Services Ombudsman (CISOMB). Date of approval: June 22, 2011. The Virtual Ombudsman system has undergone a PIA 3-Year Review requiring no changes and continues to accurately relate to its originally stated mission. The Office of the CISOMB or Ombudsman at the DHS, as mandated by the Homeland Security Act of 2002 § 452, is an independent office that reports directly to the Deputy Secretary of Homeland Security. The CISOMB: (1) Assists individuals and employers with resolving problems with USCIS; (2) identifies areas in which individuals VerDate Mar<15>2010 17:29 Sep 21, 2011 Jkt 223001 and employers have problems in dealing with USCIS; and (3) proposes changes to mitigate those problems. CISOMB has developed the Virtual Ombudsman System to ensure the efficient and secure processing of information to aid the Ombudsman in assisting individuals and employers and making systemic recommendations to USCIS. CISOMB is conducting this PIA because these transactions require collection of PII. System: DHS/USCIS/PIA–027(a) Refugees, Asylum, and Parole System and the Asylum Pre-Screening System (APSS). Component: USCIS. Date of approval: June 30, 2011. The United States DHS, USCIS is updating the PIA for the Refugees, Asylum, and Parole System (RAPS) and the APSS in order to provide further notice of the expansion of routine sharing of RAPS with the intelligence community in support of the Department’s mission to protect the United States from potential terrorist activities. System: DHS/S&T/PIA–023— Biometrics Access Control System at the Transportation Security Lab. Component: Science and Technology (S&T). Date of approval: July 1, 2011. Biometrics Access Control System is a building facilities access control system used at the DHS S&T Directorate’s Transportation Security Lab. The system relies on biometrics (fingerprint and iris recognition) to enhance the physical security of the lab and provides a demonstration of advanced technologies. The S&T TSL is conducting a PIA because PII is collected during the testing and operational use of this system. System: DHS/USCG/PIA–002(c)— United States Coast Guard (USCG) ‘‘Biometrics at Sea’’ (BASS) Update. Component: USCG. Date of approval: July 12, 2011. BASS update allows merchant mariners to determine the status of their credential application using the Homeport Internet Portal. Homeport uses the identification information provided by the mariner to match records from the Merchant Mariner Licensing and Documentation system and provide mariners the current status of their credential application. Information provided by the mariner will be used solely for matching records and will not be retained in Homeport at the completion of the online session. System: DHS/NPPD/PIA–006(a) Protected Critical Infrastructure Management System (PCIIMS). Component: National Protection and Programs Directorate (NPPD). PO 00000 Frm 00049 Fmt 4703 Sfmt 4703 58815 Date of approval: July 13, 2011. The Protected Critical Infrastructure Information Program, part of the DHS, NPPD, Office of Infrastructure Protection, Infrastructure Information Collection Division, facilitates the sharing of PCII between the government and the private sector. The PCIIM System Final Operating Capability is an IT system and the means by which PCII submissions from the private sector are received and cataloged, and PCII Authorized Users are registered and managed. The PCII Program conducted this PIA to analyze and evaluate the privacy impact resulting from the consolidation of the PCIIMS Initial Operating Capability functionalities into PCIIMS FOC, as well as the collection of limited PII from the submitting individuals and PCII Authorized Users for contact purposes. System: DHS/ALL/PIA–027(b) Watchlist Service (WLS) Update. Component: DHS. Date of approval: July 19, 2011. DHS currently uses the Terrorist Screening Database (TSDB), a consolidated database maintained by the Department of Justice Federal Bureau of Investigation Terrorist Screening Center (TSC) that contains identifying information about those known or reasonably suspected of being involved in terrorist activity, in order to facilitate DHS mission-related functions, such as counterterrorism, law enforcement, border security, and inspection activities. In July 2010, DHS launched an improved method of transmitting TSDB data from TSC to DHS through a new service called DHS WLS. At that time, DHS published a PIA to describe and analyze privacy risks associated with this new service. The WLS maintains a synchronized copy of the TSDB, which contains PII, and disseminates it to authorized DHS components. DHS is issuing this PIA update to add the U.S. CBP Automated Targeting System as an authorized recipient of TSDB data via the WLS. System: DHS/CBP/PIA–007(a) Electronic System for Travel Authorization (ESTA) Fee and Information Sharing Update. Component: Customs and Border Protection (CBP). Date of approval: July 19, 2011. U.S. CBP is publishing this update to the PIA for the ESTA Fee and Information Sharing Update dated June 3, 2008. ESTA is a Web-based application and screening system used to determine whether certain aliens are eligible to travel to the U.S. under the Visa Waiver Program. This update will evaluate the privacy impacts of updating the login procedures, E:\FR\FM\22SEN1.SGM 22SEN1 jlentini on DSK4TPTVN1PROD with NOTICES 58816 Federal Register / Vol. 76, No. 184 / Thursday, September 22, 2011 / Notices collecting an application fee, and adding the Pay.gov tracking number and country of birth information to the ESTA system of records. Additionally, this update is to provide further notice of the expansion of routine sharing of ESTA with the intelligence community in support of DHS’s mission to protect the U.S. from potential terrorist activities. System: DHS/FEMA/PIA–014(a) National Emergency Family Registry and Locator System (NEFRLS) Update. Component: FEMA. Date of approval: July 25, 2011. DHS FEMA operates the NEFRLS system, a Web-based system that collects information from individuals to assist in reuniting family that have been displaced as a result of a Presidentiallydeclared disaster or emergency. An initial PIA was completed and approved for the NEFRLS system on August 27, 2009. This PIA update outlines and analyzes substantive enhancements made to the NEFRLS system including new information collected on law enforcement officers for identity verification and authentication purposes. When FEMA is conducting a search on behalf of a displaced individual the collection of cell phone numbers allows the FEMA Disaster Assistance Improvement Program system to use its text messaging functions to notify the individual when an official missing person report has been submitted. System: DHS/ICE/PIA–029 Alien Medical Records System. Component: ICE. Date of approval: July 25, 2011. U.S. ICE maintains medical records on aliens that ICE detains for violations of U.S. immigration law. Aliens held in ICE custody in a facility staffed by the ICE Health Services Corps, a division of ICE’s Office of Enforcement and Removal Operations, receive physical exams and treatment, dental services, and pharmacy services, depending on the alien’s medical conditions and length of stay. To properly record the medical assessments and services, ICE operates several IT systems that maintain electronic medical record information: CaseTrakker, MedEZ, Dental X-Ray System, the Criminal Institution Pharmacy System, the Medical Payment Authorization Request System (MedPAR), and the Medical Classification Database. This PIA describes the data maintained in these medical record systems, the purposes for which this information is collected and used, and the safeguards ICE has implemented to mitigate the privacy and security risks to PII stored in these systems. VerDate Mar<15>2010 17:29 Sep 21, 2011 Jkt 223001 System: DHS/NPPD/PIA–019 Secure Handling of Ammonium Nitrate Program. Component: NPPD. Date of approval: July 25, 2011. DHS, NPPD, published this PIA to provide a comprehensive analysis of the proposed Ammonium Nitrate Security Program. The proposed Ammonium Nitrate Security Program seeks to prevent the misappropriation or use of ammonium nitrate in an act of terrorism by regulating the sale and transfer of ammonium nitrate by ammonium nitrate facilities. This PIA provides transparency into how the proposed Ammonium Nitrate Security Program will support the homeland security and infrastructure protection missions of DHS/NPPD through the collection of PII, and describes reasonable mitigation solutions proposed to be implemented to address privacy and security risks. This PIA will be updated with any changes to the program concurrently with the rule making process. System: DHS/USSS/PIA–004 Counter Surveillance Unit Reporting (CSUR) Database. Component: United States Secret Service. Date of approval: July 27, 2011. The United States Secret Service (Secret Service or USSS) has created the CSUR Database. CSUR assists Secret Service employees in managing, analyzing, and distributing intelligence information regarding threats or potential threats to the safety of individuals, events, and facilities protected by the Secret Service. The Secret Service is conducting this PIA because CSUR contains PII regarding subjects of protective interest to the Secret Service. System: DHS/ICE/PIA–030 Security Management Closed-Circuit Television (SM–CCTV) System. Component: ICE. Date of approval: August 4, 2011. The SM–CCTV System is owned and operated by U.S. ICE, a component agency within the DHS. The SM–CCTV System is a video-only recording system installed to monitor the interior and exterior of ICE facilities. ICE conducted this PIA because the system has the ability to capture images of people, license plates, and any other visual information within range of its cameras. System: DHS/CBP/PIA–009(a) TECS System: CBP Primary and Secondary Processing (TECS) National Suspicious Activity Report (SAR) Initiative. Component: CBP. Date of approval: August 5, 2011. CBP is publishing this update to the PIA for DHS/CBP/PIA–009 the TECS System: Primary and Secondary PO 00000 Frm 00050 Fmt 4703 Sfmt 4703 Processing (TECS), dated December 22, 2010. TECS (not an acronym) is the updated and modified version of the former Treasury Enforcement Communications System. TECS is owned and managed by the DHS component CBP. TECS is the principal system used by officers at the border to assist with screening and determinations regarding admissibility of arriving persons. This update will evaluate the privacy impacts of identifying certain of the operational records maintained in TECS as SARs for inclusion in the National SAR Initiative, which is led by the Department of Justice on behalf of the entire Federal government. System: DHS/TSA/PIA–016 Screening of Passengers by Observation Techniques (SPOT) Program. Component: TSA. Date of approval: August 5, 2011. The SPOT program is a behavior observation and analysis program designed to provide Behavior Detection Officers with a means of identifying persons who pose or may pose potential transportation security risks by focusing on behaviors indicative of high levels of stress, fear, or deception. The SPOT program is a derivative of other behavioral analysis programs that have been successfully employed by law enforcement and security personnel both in the U.S. and around the world. System: DHS/NPPD/PIA–017 National Infrastructure Coordinating Center Suspicious Activity Reporting Initiative Privacy Impact Assessment Update (NICC SARS). Component: NPPD. Date of approval: August 12, 2011. DHS NPPD Office of Infrastructure Protection NICC is publishing this PIA to reflect activities under its SAR Initiative. The NICC SAR Initiative serves as a mechanism by which a report involving suspicious behavior related to an observed encounter or reported activity is received and evaluated to determine its potential nexus to terrorism. NICC is conducting this PIA because SAR occasionally contains PII and NICC will be collecting and contributing SAR data for reporting and evaluation proceedings. System: DHS/US–VISIT/PIA–005(a) Arrival and Departure Information System (ADIS). Component: US–VISIT. Date of approval: August 12, 2011. ADIS has undergone a PIA 3-Year Review requiring no changes and continues to accurately relate to its stated mission. This PIA for ADIS describes changes to ADIS corresponding to the publication of a new ADIS system of records notice. As E:\FR\FM\22SEN1.SGM 22SEN1 jlentini on DSK4TPTVN1PROD with NOTICES Federal Register / Vol. 76, No. 184 / Thursday, September 22, 2011 / Notices now proposed, ADIS will be a DHSwide system to serve certain programs, including those of the intelligence community, that require information, in support of the DHS mission, on individuals who seek to enter or who have arrived in or departed from the U.S. US–VISIT has conducted this PIA update based on these proposed changes. System: DHS/TSA/PIA–0018(b) Secure Flight Program Update. Component: TSA. Date of approval: August 15, 2011. The Secure Flight program will match identifying information of aviation passengers and certain non-travelers against the No Fly and Selectee portions of the consolidated and integrated terrorist watch list and, if warranted by security considerations, other watch lists maintained by the Federal government. The TSA published a Final Rule and PIA in October 2008, outlining TSA’s expected implementation of the Secure Flight program. This update reflects changes in the Secure Flight operational environment. Unless otherwise noted, the information provided in previously published PIAs remain in effect. Individuals are encouraged to read all program PIAs to have an understanding of TSA’s privacy assessment of the Secure Flight program. System: DHS/ALL/PIA–040 Electronic Patient Care Reporting System (ePCR). Component: DHS. Date of approval: August 25, 2011. The DHS Office of Health Affairs (OHA) is implementing a Web-based Commercial off the Shelf Internet software service called the ePCR. The ePCR system will establish a standardized approach to document care rendered by DHS Emergency Medical Services (EMS) medical care providers in pre-hospital environments. The system will also enhance OHA’s capability to evaluate quality of care delivery, quality assurance, performance improvement, and risk management activities. OHA conducted this PIA because accurate documentation and quality assurance of EMS care provided necessarily includes gathering PII from patient encounters. System: DHS/USCIS/PIA–0015(a) Computer Linked Application Information Management System (CLAIMS 4) Update. Component: USCIS. Date of approval: August 31, 2011. The USCIS is publishing this update to the PIA for the CLAIMS 4 dated September 5, 2008. CLAIMS 4 is an electronic case management system used to track and process applications for naturalization. The purpose of this VerDate Mar<15>2010 17:29 Sep 21, 2011 Jkt 223001 update is to: (1) Discuss the disposition of the Change of Address subsystem; (2) discuss the disposition of the Complete File Review subsystem; (3) describe the new privacy impacts associated with the exchange of zip codes between the Site Profile System and CLAIMS 4; (4) describe the new privacy impacts associated with the capturing of certain digitized biometric images through the Benefits Biometric Support System; and (5) provide notice of a pilot program under which DHS is expanding the sharing of CLAIMS 4 data with the National Counterterrorism Center in support of DHS’s mission to protect the U.S. from potential terrorist activities. Dated: September 7, 2011. Mary Ellen Callahan, Chief Privacy Officer, Department of Homeland Security. [FR Doc. 2011–24220 Filed 9–21–11; 8:45 am] BILLING CODE 9110–9L–P DEPARTMENT OF HOMELAND SECURITY Coast Guard [Docket No. USCG–2010–0164] National Boating Safety Advisory Council; Meeting Coast Guard, DHS. Notice of Federal Advisory Committee Meeting. AGENCY: ACTION: The National Boating Safety Advisory Council (NBSAC) will meet on October 14, 2011, in Washington, DC. NBSAC discusses issues relating to recreational boating safety. This meeting will be open to the public. DATES: NBSAC will meet Friday, October 14, 2011, from 8 a.m. to 5 p.m. Please note that the meeting may conclude early if NBSAC has completed its business. All written materials, comments, and requests to make oral presentations at the meeting should reach Mr. Jeff Ludwig, Assistant Designated Federal Officer (ADFO) for NBSAC by October 3, 2011. Any written material submitted by the public will be distributed to the committee and become part of the public record. ADDRESSES: The meeting will be held in the US Access Board’s conference room, 1331 F Street NW., Suite 800, Washington, DC 20004. For information on facilities or services for individuals with disabilities or to request special assistance at the meeting, contact Mr. Jeff Ludwig as soon as possible. To facilitate public participation, we are inviting public comment on the SUMMARY: PO 00000 Frm 00051 Fmt 4703 Sfmt 4703 58817 issues to be considered by the committee as listed in the ‘‘Agenda’’ section below. Please send written material, comments, and requests to make oral presentations to Mr. Jeff Ludwig, ADFO for NBSAC, by one of the submission methods described below. Written comments must be identified by Docket Number USCG–2010–0164: • Federal eRulemaking Portal: https:// www.regulations.gov. Follow the instructions for submitting comments. • E-mail: jeffrey.a.ludwig@uscg.mil. Include the docket number in the subject line of the message. • Fax: (202) 372–1932. • Mail: Mr. Jeff Ludwig, COMDT (CG–54221), 2100 2nd Street, SW., Stop 7581, Washington, DC 20593. We encourage use of electronic submissions because security screening may delay the delivery of mail. FOR FURTHER INFORMATION CONTACT: Mr. Jeff Ludwig, ADFO for NBSAC, COMDT (CG–54221), 2100 2nd Street, SW., Stop 7581, Washington, DC 20593; (202) 372– 1061; jeffrey.a.ludwig@uscg.mil. SUPPLEMENTARY INFORMATION: Notice of this meeting is given under the Federal Advisory Committee Act (FACA), (Title 5 United States Code, Appendix). Congress established NBSAC in the Federal Boat Safety Act of 1971 (Pub. L. 92–75). NBSAC currently operates under the authority of 46 U.S.C. 13110, which requires the Secretary of Homeland Security, and the Commandant of the Coast Guard by delegation, to consult with NBSAC in prescribing regulations for recreational vessels and associated equipment, and on other major safety matters. See 46 U.S.C. 4302(c) and 13110(c). Meeting Agenda The agenda for NBSAC meeting is as follows: (1) Opening Remarks—Mr. James P. Muldoon, NBSAC Chairman and RADM James Watson, USCG Director of Prevention Policy; (2) Receipt and discussion of the following reports: (a) Chief, Office of Auxiliary and Boating Safety Update on NBSAC Resolutions and Recreational Boating Safety Program report. (b) Assistant Designated Federal Officer’s report. (c) Towing Safety Advisory Committee (TSAC) Liaison’s report. (d) Navigation Safety Advisory Council (NAVSAC) Liaison’s report. (e) National Association of State Boating Law Administrators (NASBLA) report. (f) Boating Industry Risk Management Council (BIRMC) Liaison’s report. E:\FR\FM\22SEN1.SGM 22SEN1

Agencies

[Federal Register Volume 76, Number 184 (Thursday, September 22, 2011)]
[Notices]
[Pages 58814-58817]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2011-24220]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Office of the Secretary


Published Privacy Impact Assessments on the Web

AGENCY: Privacy Office, DHS.

ACTION: Notice of Publication of Privacy Impact Assessments (PIA).

-----------------------------------------------------------------------

SUMMARY: The Privacy Office of DHS is making available twenty-six PIAs 
on various programs and systems in DHS. These assessments were approved 
and published on the Privacy Office's Web site between June 1, 2011 and 
August 31, 2011.

DATES: The PIAs will be available on the DHS Web site until November 
21, 2011, after which they may be obtained by contacting the DHS 
Privacy Office (contact information below).

FOR FURTHER INFORMATION CONTACT: Mary Ellen Callahan, Chief Privacy 
Officer, Department of Homeland Security, Washington, DC 20528, or e-
mail: pia@hq.dhs.gov.

SUPPLEMENTARY INFORMATION: Between June 1, 2011 and August 31, 2011, 
the Chief Privacy Officer of the DHS approved and published twenty-six 
Privacy Impact Assessments (PIAs) on the DHS Privacy Office Web site, 
https://www.dhs.gov/privacy, under the link for ``Privacy Impact 
Assessments.'' These PIAs cover twenty-six separate DHS programs. Below 
is a short summary of those programs, indicating the DHS component 
responsible for the system, and the date on which the PIA was approved. 
Additional information can be found on the Web site or by contacting 
the Privacy Office.
    System: DHS/USCIS/PIA-029(a) Eligibility Risk and Fraud Assessment 
Testing Environment (EFRA) Update.
    Component: United States Citizenship and Immigration Services 
(USCIS).
    Date of approval: June 1, 2011.
    The Office of Transformation Coordination of USCIS is planning to 
update the EFRA Testing Environment. This update describes the next 
phase of this tool to develop, test, and refine the tool's risk and 
fraud business rules and to load biographic data from legacy systems 
before deploying to a full production environment.
    System: DHS/USCIS/PIA-037 Standard Lightweight Operational 
Programming Environment--Rules-Based Tools Prototype (SLOPE-RBTP).
    Component: USCIS.
    Date of approval: June 2, 2011.
    DHS USCIS Office of Information Technology (IT) developed the 
SLOPE-RBTP to streamline the adjudication of Form I-90, Application to 
Replace Permanent Resident Card. SLOPE-RBTP electronically organizes 
and automates the adjudication of pending Form I-90 applications. USCIS 
is conducting this PIA because SLOPE-RBTP collects and uses personally 
identifiable information.
    System: DHS/ICE/PIA-028 Automated Threat Prioritization (ATP) Web 
Service.
    Component: Immigration and Customs Enforcement (ICE).
    Date of approval: June 6, 2011.
    The Office of the Chief Information Officer, in coordination with 
the Offices of Homeland Security Investigations and Enforcement and 
Removal Operations within ICE, is developing and implementing the 
Automated Threat Prioritization (ATP) Web service, which is an IT tool 
that uses configurable and scalable search and data sharing 
capabilities to improve and automate existing IT systems. ATP 
electronically receives processes and transmits criminal history 
information about individuals who are the subjects of a broad range of 
enforcement actions or whose criminal history is required to be 
evaluated by law to determine eligibility for a benefit or credential. 
For example, this service is intended to enhance and support ICE's 
investigative and enforcement operations by automating criminal history 
data processing and aid in its prioritization of enforcement actions. 
ICE is conducting this PIA because the ATP service will transmit and 
process PII. This PIA, however, only describes the general 
functionality of the ATP service and not its implementation.
    System: DHS/USCIS/PIA-010(e)--USCIS Person Centric Query Service 
(PCQS) Supporting Immigration Status Verifiers of the USCIS Enterprise 
Service Directorate/Verification Division Update.
    Component: USCIS.
    Date of approval: June 8, 2011.
    This is an update to the existing PIA for the USCIS PCQS. This 
update describes the privacy impact of expanding the status verifier's 
person-search capability by adding the American Association of Motor 
Vehicle Administrators Network Service system to the existing PCQS 
query inventory.
    System: DHS/ALL/PIA-033 Google Analytics.
    Component: DHS.
    Date of approval: June 9, 2011.
    DHS is planning to utilize Google Analytics (https://www.google.com/analytics) for viewing and analyzing traffic to DHS's public-facing Web 
site(s), including components. Google Analytics is a free, external, 
third-party hosted, Web site analytics solution that generates robust 
information about the interactions of public-facing Web site visitors 
with DHS. Google Analytics must collect the full Internet Protocol (IP) 
address, which Google masks prior to use and storage, and provides DHS 
with non-identifiable aggregated information in the form of custom 
reports. DHS implemented the IP address masking feature within Google 
Analytics to avoid the use and storage of the full IP address. For 
example, when the last octet is truncated from the IP address, 
192.168.0.1 becomes 192.168.0. This masking will affect the geographic 
location metric within Google Analytics. Google Analytics uses first-
party cookies to track visitor interactions. DHS shall not collect, 
maintain, or retrieve PII including a visitor's IP address during this 
analytics process operated by Google. Google Analytics shall not 
provide to DHS, share with Google or any Google product for additional 
analysis, or use

[[Page 58815]]

the full or masked IP address or information to draw any conclusions in 
the analytics product. DHS has expressly chosen to opt-out of sharing 
information with Google or any Google product for additional analysis. 
This PIA is being conducted to identify and mitigate privacy concerns 
associated with the use of Google Analytics.
    System: DHS/USCIS/PIA-038 Freedom of Information Act/Privacy Act 
(FOIA/PIA) Information Processing System.
    Component: USCIS.
    Date of approval: June 14, 2011.
    USCIS uses the FOIA/PA Information Processing System (FIPS) to 
process FOIA and PA requests from any person requesting access to USCIS 
records. FIPS uses document imaging, workflow, and Web-server 
technologies to enable USCIS to efficiently and effectively manage the 
FOIA/PA case life cycle. USCIS is conducting this PIA because FIPS uses 
PII and to address major changes to the application.
    System: DHS/FEMA/PIA-017 Federal/Emergency Response Official (F/
ERO) Repository.
    Component: Federal Emergency Management Agency (FEMA).
    Date of approval: June 20, 2011.
    FEMA Office of National Capital Region Coordination owns and 
operates the F/ERO Repository. FEMA uses the F/ERO Repository as the 
authoritative data source to identify and verify Federal employees/
contractors, and participating non-Federal employees/contractors likely 
to respond during times of response and recovery for natural disasters, 
terrorism, or other emergencies. The F/ERO Repository allows for 
immediate electronic verification of an employee/contractor's personal 
identity and emergency management attribute at a given disaster zone. 
The purpose of this PIA is to document how FEMA collects, uses, 
maintains, and disseminates PII.
    System: DHS/CISOMB/PIA-001 Virtual Ombudsman System.
    Component: Citizenship and Immigration Services Ombudsman (CISOMB).
    Date of approval: June 22, 2011.
    The Virtual Ombudsman system has undergone a PIA 3-Year Review 
requiring no changes and continues to accurately relate to its 
originally stated mission. The Office of the CISOMB or Ombudsman at the 
DHS, as mandated by the Homeland Security Act of 2002 Sec.  452, is an 
independent office that reports directly to the Deputy Secretary of 
Homeland Security. The CISOMB: (1) Assists individuals and employers 
with resolving problems with USCIS; (2) identifies areas in which 
individuals and employers have problems in dealing with USCIS; and (3) 
proposes changes to mitigate those problems. CISOMB has developed the 
Virtual Ombudsman System to ensure the efficient and secure processing 
of information to aid the Ombudsman in assisting individuals and 
employers and making systemic recommendations to USCIS. CISOMB is 
conducting this PIA because these transactions require collection of 
PII.
    System: DHS/USCIS/PIA-027(a) Refugees, Asylum, and Parole System 
and the Asylum Pre-Screening System (APSS).
    Component: USCIS.
    Date of approval: June 30, 2011.
    The United States DHS, USCIS is updating the PIA for the Refugees, 
Asylum, and Parole System (RAPS) and the APSS in order to provide 
further notice of the expansion of routine sharing of RAPS with the 
intelligence community in support of the Department's mission to 
protect the United States from potential terrorist activities.
    System: DHS/S&T/PIA-023--Biometrics Access Control System at the 
Transportation Security Lab.
    Component: Science and Technology (S&T).
    Date of approval: July 1, 2011.
    Biometrics Access Control System is a building facilities access 
control system used at the DHS S&T Directorate's Transportation 
Security Lab. The system relies on biometrics (fingerprint and iris 
recognition) to enhance the physical security of the lab and provides a 
demonstration of advanced technologies. The S&T TSL is conducting a PIA 
because PII is collected during the testing and operational use of this 
system.
    System: DHS/USCG/PIA-002(c)--United States Coast Guard (USCG) 
``Biometrics at Sea'' (BASS) Update.
    Component: USCG.
    Date of approval: July 12, 2011.
    BASS update allows merchant mariners to determine the status of 
their credential application using the Homeport Internet Portal. 
Homeport uses the identification information provided by the mariner to 
match records from the Merchant Mariner Licensing and Documentation 
system and provide mariners the current status of their credential 
application. Information provided by the mariner will be used solely 
for matching records and will not be retained in Homeport at the 
completion of the online session.
    System: DHS/NPPD/PIA-006(a) Protected Critical Infrastructure 
Management System (PCIIMS).
    Component: National Protection and Programs Directorate (NPPD).
    Date of approval: July 13, 2011.
    The Protected Critical Infrastructure Information Program, part of 
the DHS, NPPD, Office of Infrastructure Protection, Infrastructure 
Information Collection Division, facilitates the sharing of PCII 
between the government and the private sector. The PCIIM System Final 
Operating Capability is an IT system and the means by which PCII 
submissions from the private sector are received and cataloged, and 
PCII Authorized Users are registered and managed. The PCII Program 
conducted this PIA to analyze and evaluate the privacy impact resulting 
from the consolidation of the PCIIMS Initial Operating Capability 
functionalities into PCIIMS FOC, as well as the collection of limited 
PII from the submitting individuals and PCII Authorized Users for 
contact purposes.
    System: DHS/ALL/PIA-027(b) Watchlist Service (WLS) Update.
    Component: DHS.
    Date of approval: July 19, 2011.
    DHS currently uses the Terrorist Screening Database (TSDB), a 
consolidated database maintained by the Department of Justice Federal 
Bureau of Investigation Terrorist Screening Center (TSC) that contains 
identifying information about those known or reasonably suspected of 
being involved in terrorist activity, in order to facilitate DHS 
mission-related functions, such as counterterrorism, law enforcement, 
border security, and inspection activities. In July 2010, DHS launched 
an improved method of transmitting TSDB data from TSC to DHS through a 
new service called DHS WLS. At that time, DHS published a PIA to 
describe and analyze privacy risks associated with this new service. 
The WLS maintains a synchronized copy of the TSDB, which contains PII, 
and disseminates it to authorized DHS components. DHS is issuing this 
PIA update to add the U.S. CBP Automated Targeting System as an 
authorized recipient of TSDB data via the WLS.
    System: DHS/CBP/PIA-007(a) Electronic System for Travel 
Authorization (ESTA) Fee and Information Sharing Update.
    Component: Customs and Border Protection (CBP).
    Date of approval: July 19, 2011.
    U.S. CBP is publishing this update to the PIA for the ESTA Fee and 
Information Sharing Update dated June 3, 2008. ESTA is a Web-based 
application and screening system used to determine whether certain 
aliens are eligible to travel to the U.S. under the Visa Waiver 
Program. This update will evaluate the privacy impacts of updating the 
login procedures,

[[Page 58816]]

collecting an application fee, and adding the Pay.gov tracking number 
and country of birth information to the ESTA system of records. 
Additionally, this update is to provide further notice of the expansion 
of routine sharing of ESTA with the intelligence community in support 
of DHS's mission to protect the U.S. from potential terrorist 
activities.
    System: DHS/FEMA/PIA-014(a) National Emergency Family Registry and 
Locator System (NEFRLS) Update.
    Component: FEMA.
    Date of approval: July 25, 2011.
    DHS FEMA operates the NEFRLS system, a Web-based system that 
collects information from individuals to assist in reuniting family 
that have been displaced as a result of a Presidentially-declared 
disaster or emergency. An initial PIA was completed and approved for 
the NEFRLS system on August 27, 2009. This PIA update outlines and 
analyzes substantive enhancements made to the NEFRLS system including 
new information collected on law enforcement officers for identity 
verification and authentication purposes. When FEMA is conducting a 
search on behalf of a displaced individual the collection of cell phone 
numbers allows the FEMA Disaster Assistance Improvement Program system 
to use its text messaging functions to notify the individual when an 
official missing person report has been submitted.
    System: DHS/ICE/PIA-029 Alien Medical Records System.
    Component: ICE.
    Date of approval: July 25, 2011.
    U.S. ICE maintains medical records on aliens that ICE detains for 
violations of U.S. immigration law. Aliens held in ICE custody in a 
facility staffed by the ICE Health Services Corps, a division of ICE's 
Office of Enforcement and Removal Operations, receive physical exams 
and treatment, dental services, and pharmacy services, depending on the 
alien's medical conditions and length of stay. To properly record the 
medical assessments and services, ICE operates several IT systems that 
maintain electronic medical record information: CaseTrakker, MedEZ, 
Dental X-Ray System, the Criminal Institution Pharmacy System, the 
Medical Payment Authorization Request System (MedPAR), and the Medical 
Classification Database. This PIA describes the data maintained in 
these medical record systems, the purposes for which this information 
is collected and used, and the safeguards ICE has implemented to 
mitigate the privacy and security risks to PII stored in these systems.
    System: DHS/NPPD/PIA-019 Secure Handling of Ammonium Nitrate 
Program.
    Component: NPPD.
    Date of approval: July 25, 2011.
    DHS, NPPD, published this PIA to provide a comprehensive analysis 
of the proposed Ammonium Nitrate Security Program. The proposed 
Ammonium Nitrate Security Program seeks to prevent the misappropriation 
or use of ammonium nitrate in an act of terrorism by regulating the 
sale and transfer of ammonium nitrate by ammonium nitrate facilities. 
This PIA provides transparency into how the proposed Ammonium Nitrate 
Security Program will support the homeland security and infrastructure 
protection missions of DHS/NPPD through the collection of PII, and 
describes reasonable mitigation solutions proposed to be implemented to 
address privacy and security risks. This PIA will be updated with any 
changes to the program concurrently with the rule making process.
    System: DHS/USSS/PIA-004 Counter Surveillance Unit Reporting (CSUR) 
Database.
    Component: United States Secret Service.
    Date of approval: July 27, 2011.
    The United States Secret Service (Secret Service or USSS) has 
created the CSUR Database. CSUR assists Secret Service employees in 
managing, analyzing, and distributing intelligence information 
regarding threats or potential threats to the safety of individuals, 
events, and facilities protected by the Secret Service. The Secret 
Service is conducting this PIA because CSUR contains PII regarding 
subjects of protective interest to the Secret Service.
    System: DHS/ICE/PIA-030 Security Management Closed-Circuit 
Television (SM-CCTV) System.
    Component: ICE.
    Date of approval: August 4, 2011.
    The SM-CCTV System is owned and operated by U.S. ICE, a component 
agency within the DHS. The SM-CCTV System is a video-only recording 
system installed to monitor the interior and exterior of ICE 
facilities. ICE conducted this PIA because the system has the ability 
to capture images of people, license plates, and any other visual 
information within range of its cameras.
    System: DHS/CBP/PIA-009(a) TECS System: CBP Primary and Secondary 
Processing (TECS) National Suspicious Activity Report (SAR) Initiative.
    Component: CBP.
    Date of approval: August 5, 2011.
    CBP is publishing this update to the PIA for DHS/CBP/PIA-009 the 
TECS System: Primary and Secondary Processing (TECS), dated December 
22, 2010. TECS (not an acronym) is the updated and modified version of 
the former Treasury Enforcement Communications System. TECS is owned 
and managed by the DHS component CBP. TECS is the principal system used 
by officers at the border to assist with screening and determinations 
regarding admissibility of arriving persons. This update will evaluate 
the privacy impacts of identifying certain of the operational records 
maintained in TECS as SARs for inclusion in the National SAR 
Initiative, which is led by the Department of Justice on behalf of the 
entire Federal government.
    System: DHS/TSA/PIA-016 Screening of Passengers by Observation 
Techniques (SPOT) Program.
    Component: TSA.
    Date of approval: August 5, 2011.
    The SPOT program is a behavior observation and analysis program 
designed to provide Behavior Detection Officers with a means of 
identifying persons who pose or may pose potential transportation 
security risks by focusing on behaviors indicative of high levels of 
stress, fear, or deception. The SPOT program is a derivative of other 
behavioral analysis programs that have been successfully employed by 
law enforcement and security personnel both in the U.S. and around the 
world.
    System: DHS/NPPD/PIA-017 National Infrastructure Coordinating 
Center Suspicious Activity Reporting Initiative Privacy Impact 
Assessment Update (NICC SARS).
    Component: NPPD.
    Date of approval: August 12, 2011.
    DHS NPPD Office of Infrastructure Protection NICC is publishing 
this PIA to reflect activities under its SAR Initiative. The NICC SAR 
Initiative serves as a mechanism by which a report involving suspicious 
behavior related to an observed encounter or reported activity is 
received and evaluated to determine its potential nexus to terrorism. 
NICC is conducting this PIA because SAR occasionally contains PII and 
NICC will be collecting and contributing SAR data for reporting and 
evaluation proceedings.
    System: DHS/US-VISIT/PIA-005(a) Arrival and Departure Information 
System (ADIS).
    Component: US-VISIT.
    Date of approval: August 12, 2011.
    ADIS has undergone a PIA 3-Year Review requiring no changes and 
continues to accurately relate to its stated mission. This PIA for ADIS 
describes changes to ADIS corresponding to the publication of a new 
ADIS system of records notice. As

[[Page 58817]]

now proposed, ADIS will be a DHS-wide system to serve certain programs, 
including those of the intelligence community, that require 
information, in support of the DHS mission, on individuals who seek to 
enter or who have arrived in or departed from the U.S. US-VISIT has 
conducted this PIA update based on these proposed changes.
    System: DHS/TSA/PIA-0018(b) Secure Flight Program Update.
    Component: TSA.
    Date of approval: August 15, 2011.
    The Secure Flight program will match identifying information of 
aviation passengers and certain non-travelers against the No Fly and 
Selectee portions of the consolidated and integrated terrorist watch 
list and, if warranted by security considerations, other watch lists 
maintained by the Federal government. The TSA published a Final Rule 
and PIA in October 2008, outlining TSA's expected implementation of the 
Secure Flight program. This update reflects changes in the Secure 
Flight operational environment. Unless otherwise noted, the information 
provided in previously published PIAs remain in effect. Individuals are 
encouraged to read all program PIAs to have an understanding of TSA's 
privacy assessment of the Secure Flight program.
    System: DHS/ALL/PIA-040 Electronic Patient Care Reporting System 
(ePCR).
    Component: DHS.
    Date of approval: August 25, 2011.
    The DHS Office of Health Affairs (OHA) is implementing a Web-based 
Commercial off the Shelf Internet software service called the ePCR. The 
ePCR system will establish a standardized approach to document care 
rendered by DHS Emergency Medical Services (EMS) medical care providers 
in pre-hospital environments. The system will also enhance OHA's 
capability to evaluate quality of care delivery, quality assurance, 
performance improvement, and risk management activities. OHA conducted 
this PIA because accurate documentation and quality assurance of EMS 
care provided necessarily includes gathering PII from patient 
encounters.
    System: DHS/USCIS/PIA-0015(a) Computer Linked Application 
Information Management System (CLAIMS 4) Update.
    Component: USCIS.
    Date of approval: August 31, 2011.
    The USCIS is publishing this update to the PIA for the CLAIMS 4 
dated September 5, 2008. CLAIMS 4 is an electronic case management 
system used to track and process applications for naturalization. The 
purpose of this update is to: (1) Discuss the disposition of the Change 
of Address subsystem; (2) discuss the disposition of the Complete File 
Review subsystem; (3) describe the new privacy impacts associated with 
the exchange of zip codes between the Site Profile System and CLAIMS 4; 
(4) describe the new privacy impacts associated with the capturing of 
certain digitized biometric images through the Benefits Biometric 
Support System; and (5) provide notice of a pilot program under which 
DHS is expanding the sharing of CLAIMS 4 data with the National 
Counterterrorism Center in support of DHS's mission to protect the U.S. 
from potential terrorist activities.

    Dated: September 7, 2011.
Mary Ellen Callahan,
Chief Privacy Officer, Department of Homeland Security.
[FR Doc. 2011-24220 Filed 9-21-11; 8:45 am]
BILLING CODE 9110-9L-P
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.