US-VISIT has made a clearly articulated commitment to comply with U.S. privacy laws and maintain a culture where privacy is valued and fundamental to how the program operates. In fact, protecting privacy is one of US-VISIT's four goals.
Through its biometrics-based technological solutions, US-VISIT provides identity management services to agencies throughout the federal government, as well as to state and local law enforcement agencies. Advanced technologies such as biometrics require equally advanced, responsible methods to ensure the highest levels of protection for the information the public entrusts to US-VISIT. From conception through execution, the protection of privacy is an essential component of the program and is ensured by the US-VISIT Privacy Office.
US-VISIT's policies extend to non-U.S. citizens most of the same privacy protections we give by law to U.S. citizens. US-VISIT has a dedicated privacy officer who is responsible not only for ensuring compliance with privacy laws and procedures, but also for creating a culture within the program where privacy is inherently valued, treated as a fundamental right and obligation, and embedded into US-VISIT's enterprise planning and development process.
As a government-wide identity management service provider, US-VISIT adheres to the highest level of privacy protections by maintaining public transparency, a well-managed and articulated redress policy and strict data storage protocols.
US-VISIT Privacy Impact Assessments and Systems of Records Notices
Through ongoing public information and education efforts, coupled with the development and publication of Privacy Impact Assessments (PIAs) and System of Records Notices (SORNs), US-VISIT maintains accountability and transparency with regard to personal information. US-VISIT's privacy officer and personnel regularly coordinate with their counterparts within the government regarding federal privacy policies and initiatives and meet with interested stakeholders, including privacy and civil liberties organizations.
US-VISIT publishes a Privacy Impact Assessment (PIA) for each new initiative the program undertakes. A PIA, like a System of Records Notice (SORN), is an evaluation of actual or potential impacts--including social and ethical--that an information system may have on privacy and the ways in which any adverse impacts may be mitigated. These documents are available to the public.
Privacy advocates have publicly recognized US-VISIT’s Privacy Impact Assessments as models for providing a transparent view of what information is collected, how it is stored, and the policies and practices in place to prevent abuse.
US-VISIT Redress Process (DHS TRIP)
To facilitate efficient processing of redress requests, US-VISIT has developed a redress request form for users to complete and submit.
While the US-VISIT Privacy Office maintains a dedicated e-mail address, US-VISIT no longer encourages the submission of redress requests containing personally identifiable information (PII) by e-mail, recognizing that the sending of such information via non-secure e-mail could lead to such information being intercepted or compromised.
Requestors are instead asked to send personally identifiable information directly to US-VISIT via mail or fax. The Privacy Office's e-mail address is still useful for answering basic questions about the US-VISIT privacy program and requesting additional information, such as the US-VISIT redress request form.
US-VISIT also supports the Department of Homeland Security's Traveler Redress Inquiry Program (DHS TRIP). Established cooperatively by the Department of Homeland Security and the Department of State in February 2007, DHS TRIP provides a single point of contact for persons who have questions about or seek resolution of difficulties they experienced during the U.S. travel screening process, including:
- denied or delayed airline boarding,
- denied or delayed entry into and exit from the United States at a port of entry or border checkpoint, and/or
- continuously referred to additional (secondary) screening.
While US-VISIT continues to respond to redress inquiries it receives directly, those inquiries are also coordinated with DHS TRIP.
Data about people processed through US-VISIT is securely stored on systems that have been certified and accredited and made available only to authorized officials and selected law enforcement agencies. US-VISIT storage protocols provide for the adequate security of data collected and ensure the availability of the data stored. US-VISIT vigilantly protects the personal information from misuse by anyone within or outside the government.
Under the leadership of its privacy officer, US-VISIT has developed requirements for privacy-compliant activities and operations including the development of data usage agreements between US-VISIT and other agencies. The specific access controls for each use of information are described in the related Privacy Impact Assessment (PIA).
With regard to data retention, the biographic and biometric data collected by US-VISIT for which the statute of limitations has expired for all criminal violations or that are older than 75 years will be purged as specified under the System of Records Notices published in the Federal Register.
Questions about US-VISIT's privacy protections and protocols can be sent to:
US-VISIT Privacy Officer
U.S. Department of Homeland Security
Washington, D.C. 20528, USA
Additionally, the US-VISIT privacy officer can be reached for questions at 202-298-5200 or by e-mail at email@example.com.