US flag   Official website of the Department of Homeland Security

Privacy Documents for Department-wide Programs

DHS/ALL/PIA-002(a) - DHS Traveler Redress Inquiry Program (TRIP)

DHS Traveler Redress Inquiry Program Update, June 5, 2013 (PDF 5 pages, 207 KB).  DHS TRIP is a customer service web-based initiative developed as a voluntary program to provide a one-stop mechanism for individuals to request redress, who make inquiries, or seek resolution regarding difficulties they experienced during their travel screening at transportation hubs (such as airports and train stations), or crossing U.S. borders.  DHS TRIP provides traveler redress intake and processing support while working with relevant DHS components to review and respond to requests for redress. This PIA update is necessary because the documentation required to resolve a request is now based upon the nature of the traveler’s complaint, rather than the previous requirement of a traveler submitting “at least three” documents for all requests.

Associated SORN(s):

DHS/ALL/PIA-003 - DHScovery

DHS/ALL/PIA-003 DHS Headquarters DHScovery, January 19, 2007 (PDF, 33 Pages – 483 KB) DHScovery is owned by the Office of the Chief Information Officer (OCIO) in partnership with the Office of the Chief Human Capital Officer (OCHCO). DHScovery will create an e-training environment that supports development of the Department of Homeland Security workforce through simplified one-stop access to high quality e-training products and services. This privacy impact assessment (PIA) is being conducted because DHScovery collects personally identifiable information about department employees and contractors.

Associated SORN(s):

DHS/ALL/PIA-004 - REAL-ID

DHS/ALL/PIA-004 The Department of Homeland Security REAL-ID, March 1, 2007, (PDF, 24 pages - 296KB) The Department of Homeland Security (DHS) Privacy Office is conducting a Privacy Impact Assessment (PIA) on the rule proposed by DHS to implement the REAL ID Act. The authority for this PIA is Subsection 4 of Section 222 of the Homeland Security Act of 2002, as amended, which calls for the Chief Privacy Officer of the Department of Homeland Security (DHS) to conduct a “privacy impact assessment of proposed rules of the Department.” This analysis reflects the framework of the Privacy Office’s Fair Information Principles, which are: Transparency, Individual Participation, Purpose Specification, Minimization, Use Limitation, Data Quality and Integrity, Security, and Accountability and Auditing. The Privacy Office conducts PIAs, whether under Subsection 4 of Section 222 or under Section 208 of the E-Government Act, to ensure that DHS is fully transparent about how its proposed rules, final rules, and intended information technology systems may affect privacy and to review alternative approaches and technologies that may minimize the privacy impact on individuals. This PIA examines the manner and method by which the personal information of American drivers and identification (ID) holders will be collected, used, disseminated, and maintained pursuant to the proposed rule issued under the REAL ID Act. This PIA will be updated, as necessary, when the rule is final.

Associated SORN(s):

DHS/ALL/PIA-005 - Automated Continuing Evaluation System (ACES) Pilot

DHS/ALL/PIA-005 Automated Continuing Evaluation System (ACES) Pilot, April 9, 2007 (PDF, 29 pages - 289 KB) The Department of Homeland Security (DHS) is working with the Department of Defense to pilot the Automated Continuing Evaluation System (ACES). ACES conducts automated records checks to identify new issues of security concern for DHS personnel and contractors requiring a security clearance. During the ACES pilot, DHS will assess the feasibility of using ACES for initial and continuing evaluation of DHS security clearance holders. This Privacy Impact Assessment (PIA) is for the DHS implementation of the ACES Pilot.

Associated SORN(s):

DHS/ALL/PIA-006 - DHS General Contacts List

DHS/ALL/PIA-006 Department of Homeland Security General Contact Lists (PDF, 29 Pages – 529 KB) Many Department of Homeland Security operations and projects collect a minimal amount of contact information in order to distribute information and perform various other administrative tasks. Department Headquarters has conducted this privacy impact assessment because contact lists contain personally identifiable information.

Associated SORN(s):

DHS/ALL/PIA-007 - Enterprise Correspondence Tracking (ECT) System

DHS/ALL/PIA-007 Enterprise Correspondence Tracking System (ECT), December 3, 2007 (PDF, 18 Pages – 329 KB) The Executive Secretariat of the Department of Homeland Security (DHS) operates the Enterprise Correspondence Tracking (ECT) system. The ECT is a correspondence workflow management system that assists DHS in responding to inquiries from the public, other government agencies, and the private sector. Tens of thousands of pieces of correspondence ranging from official rulings, policy statements, testimony, or even thank you letters are processed annually by DHS. The Executive Secretariat conducted this privacy impact assessment because the ECT collects and uses personally identifiable information (PII).

Associated SORN(s):

DHS/ALL/PIA-008 - DHS Access Gate System

DHS/ALL/PIA-008 DHSAccessGate System, December 3, 2007 (PDF, 32 Pages – 352 KB) The Department of Homeland Security (DHS) is adding a new layer of security to its vendor employee access control procedures at certain facilities by offering a new and voluntary vendor program called the DHSAccessGate Program. Part of this program will involve the collection of personally identifiable information from individuals who are not DHS employees or contractors. The DHS Office of Security has conducted this privacy impact assessment because of the collection of new personally identifiable information.

Associated SORN(s):

DHS/ALL/PIA-009 - DHS Web Time and Attendance (Web T&A) System

DHS/ALL/PIA-009 The Department of Homeland Security Web Time and Attendance System, May 1, 2008, (PDF, 14 pages - 268 KB ) The Department of Homeland Security (DHS) Office of the Chief Human Capital Officer (OCHO) has procured a COTS application and customized it to meet DHS standard requirements. This system is designed to implement an enterprise system that can efficiently automate the timesheet collection process and provide robust reporting features and a labor distribution capability. This privacy impact assessment was conducted because WebTA utilizes personally identifiable information.

Associated SORN(s):

DHS/ALL/PIA-010 - DHS HR Solutions

DHS/ALL/PIA-010 The Department of Homeland Security HR Solutions, August 12, 2008, (PDF, 16 Pages - 246 KB) The Department of Homeland Security, Office of the Chief Human Capital Officer (OCHCO) operates the HR Solutions System. HR Solutions is a newly developed system designed to aid in the administration of the Human Capital Processing of human resources operations and services. OCHCO conducted this PIA because HR Solutions collects and maintains personally identifiable information (PII).

Associated SORN(s):

DHS/ALL/PIA-011 - DHS State, Local, and Regional Fusion Center Initiative

DHS/ALL/PIA-011 Department of Homeland Security State, Local, and Regional Fusion Center Initiative, December 11, 2008 (PDF, 42 pages - 319 KB) Pursuant to Section 511 of the Implementing Recommendations of the 9/11 Commission Act of 2007 (the “9/11 Commission Act” or “the Act”), Public Law No. 110-53, the Department of Homeland Security (DHS) Privacy Office is conducting a Privacy Impact Assessment (PIA) on the Homeland Security State, Local, and Regional Fusion Center Initiative (the Initiative). Under the Initiative, DHS will facilitate appropriate, bi-directional information sharing between the Department and State, Local, and Regional Fusion Centers. In addition, the Department will assign trained intelligence analysts to fusion centers, provided those centers meet a number of criteria set forth in the text. The Act requires the Department to complete a concept of operations (CONOPS) for the Initiative, including a PIA. The CONOPS also includes a Civil Liberties Impact Assessment, conducted by the DHS Office for Civil Rights and Civil Liberties.

Associated SORN(s):

DHS/ALL/PIA-012(b) - E-Mail Secure Gateway

E-Mail Secure Gateway, February 25, 2013 (PDF 7 pages, 135 KB).  DHS manages and operates the E-Mail Secure Gateway (EMSG) used by all DHS e-mail users. This PIA Update clarifies that the directory of user contact information and all e-mail traffic in, out, and between DHS, its components, and the Internet is also available to users on mobile devices.  This update also clarifies the records retention schedule and security of mobile devices; it does not cover the PII that may be contained within the body of an email or attachment.

Associated SORN(s):

DHS/ALL/PIA-013(a) - DHS PRISM

DHS/ALL/PIA-013(a) Department of Homeland Security PRISM November 10, 2011 (PDF, 6 pages - 173 KB)  The Department of Homeland Security (DHS) Management Directorate, Office of the Chief Procurement Officer (OCPO) is the owner of the PRISM contract writing management system. PRISM provides comprehensive, Federal Acquisition Regulation (FAR)-based acquisition support for all DHS headquarters entities. The purpose of this Privacy Impact Assessment (PIA) update is to reflect changes to the collection of information, and the addition of a classified PRISM system.

Associated SORN(s):

DHS/ALL/PIA-014(b) - Personal Identity Verification (PIV) Management System

DHS/ALL/PIA-014(b) Personal Identity Verification (PIV) Management System, August 23, 2012, (PDF, 12 pages, 188KB).

DHS, Personal Identity Verification (PIV) DHS/ALL/PIA-014(b) August 23, 2012, (PDF, 12 pages, 188KB) The Department of Homeland Security (DHS) is updating the Personal Identity Verification (PIV) Privacy Impact Assessment (PIA) Update, issued on June 18, 2009, to reflect changes in Departmental requirements and enhanced interoperability with US-VISIT Automated Biometric Identification System (IDENT) and the Federal Bureau of Investigation (FBI) Criminal Justice Information Services (CJIS) Integrated Automated Fingerprint Identification System (IAFIS), DHS Component Physical Access Control Systems (PACS), DHS Component Active Directories, as well as issuance of PIV compatible credentials to visitors to DHS.

Associated SORN(s):

DHS/ALL/PIA-015 - DHS Web Portals

DHS/ALL/PIA-015 Department of Homeland Security Web Portals June 15, 2009, (PDF, 16 pages – 237 KB) Many Department of Homeland Security (DHS) operations and projects require collaboration and communication amongst affected stakeholders users to obtain, post and exchange information, access common resources, and generally communicate with similarly situated and interested individuals. DHS has written this general privacy impact assessment (PIA) to document these informational and collaboration-based portals in operation at DHS and its components which collect, usincluding employees, contractors, federal, state, local and tribal officials, as well as members of the public. One method of effectuating such collaboration is the establishment of an online “portal” allowing authorized e, maintain, and share limited personally identifiable information (PII) about individuals who are “members” of the portal or who seek to gain access to the portal “potential members.”

Associated SORN(s):

DHS/ALL/PIA-016(a) - DHS e-Recruitment

Department of Homeland Security eRecruitment Update

DHS/ALL/PIA-016(a) Department of Homeland Security eRecruitment Update July 28, 2009, (PDF, 5 pages – 204 KB) The Department of Homeland Security (DHS), Office of the Chief Human Capital Officer (OCHCO), has implemented an enterprise recruiting system, called eRecruitment. OCHCO conducted a privacy impact assessment (PIA) with the original system deployment because eRecruitment uses and maintains personally identifiable information. The purpose for this update is to expand the scope of the data being addressed within eRecruitment.

Associated SORN(s):

DHS/ALL/PIA-017 - DHS Complaint Tracking System (CTS)

DHS/ALL/PIA-017 Department of Homeland Security Complaint Tracking System (CTS) June 29, 2009, (PDF, 17 pages – 193 KB) The Privacy Office of the Department of Homeland Security (DHS) operates the Complaint Tracking System (CTS). CTS is a correspondence workflow management system that assists the DHS Privacy Office (hereinafter referred to as Privacy Office) in responding to complaints, comments, and requests for redress from the public, other government agencies, and the private sector. The Privacy Office conducted this privacy impact assessment because CTS collects and uses personally identifiable information (PII).

Associated SORN(s):

DHS/ALL/PIA-018 - National Dialogue for the Quadrennial Homeland Security Review (QHSR)

DHS/ALL/PIA-018 Department of Homeland Security National Dialogue for the Quadrennial Homeland Security Review (QHSR) July 31, 2009, (PDF, 14 pages – 173 KB) The National Dialogue on the Quadrennial Homeland Security Review is a conversation between the Department of Homeland Security and Homeland Security stakeholders on an innovative web-based platform. The National Dialogue is an interactive process, building on the public’s input over the course of three dialogues. The Department conducted this privacy impact assessment because the participant feedback will be collected with limited personally identifiable information.

Associated SORN(s):

DHS/ALL/PIA-019 - DHS Our Border Network

DHS/ALL/PIA-019 Department of Homeland Security Our Border Network August 10, 2009, (PDF, 16 pages – 218 KB) The Department of Homeland Security (DHS) Public Affairs, in coordination with the Office of International Affairs plans to use the social networking site Ning.com to facilitate the creation of a “civic network” focused on southwest border issues. To become a member of the DHS network hosted by Ning, individuals must be a member of Ning.com which requires the collection of certain personally identifiable information (PII). Although Ning is not collecting this PII on behalf of DHS, DHS will be able to review PII as part of its participation in the social network; therefore, DHS conducted this privacy impact assessment (PIA) to identify and mitigate privacy issues associated with the administration of a DHS-created social media network hosted on a non-DHS platform.

DHS/ALL/PIA-020(a) - Financial Disclosure Management (FDM)

DHS/ALL/PIA-020(a) Financial Disclosure Management (FDM) Update November 24, 2009 (PDF, 5 pages – 225KB) The Ethics Division of the Office of General Counsel (OGC) of the Department of Homeland Security (DHS) is publishing this update to the Privacy Impact Assessment (PIA) for the Financial Disclosure Management System (FDMS)1 dated September 30, 2008. FDMS is a web-based initiative developed to provide a mechanism for individuals to complete, sign, review, and file financial disclosure reports, first required by Title I of the Ethics in Government Act of 1978. This update will extend coverage to the personally identifiable information (PII) collected in Executive Branch Confidential Financial Disclosure Reports (OGE Form 450).

DHS/ALL-020 - Financial Disclosure Management (FDM) September 30, 2008 (PDF, 13 pages – 210 KB)

Associated SORN(s):

DHS/ALL/PIA-021 - H1N1 Medical Care for DHS Employees

DHS/ALL/PIA-021 H1N1 Medical Care for DHS Employees December 1, 2009 (PDF, 16 pages – 262 KB) The Department of Homeland Security (DHS) Office of Health Affairs (OHA) is issuing Standard Operating Procedures (SOP) to set forth requirements for DHS Components to provide medical care to DHS Mission Critical and Emergency Essential employees located in remote or medically austere environments who either present with influenza-like symptoms, or have been exposed to a probable case of H1N1 Influenza. The SOP will remain in effect for the duration of the Department of Health and Human Services (HHS) -declared public health emergency with respect to H1N1. OHA is conducting this PIA because the SOP involves the collection of personally identifiable information (PII).

Associated SORN(s):

DHS/ALL/PIA-022 - Stakeholder Engagement Initiative: Customer Relationship Management

DHS/ALL/PIA-022 Stakeholder Engagement Initiative: Customer Relationship Management December 10, 2009 (PDF, 14 pages – 224 KB) The Office of the White House Liaison and the Office of Policy, in coordination with the Office of Intergovernmental Affairs, are developing the Customer Relationship Management (CRM), a data management tool being employed by the Stakeholder Engagement Initiative (SEI). The system will be an online database which manages information on external stakeholders and tracks the interactions between these individuals and the Department of Homeland Security. This PIA is being conducted because personally identifiable information (PII) will be collected and maintained on a variety of stakeholders.

Associated SORN(s):

DHS/ALL/PIA-023 - DHS IdeaFactory

DHS/ALL/PIA-023 IdeaFactory January 21, 2010 (PDF, 12 pages – 198 KB) IdeaFactory is an Intranet Web-based tool that uses social media concepts to enable innovation and organizational collaboration within the Department of Homeland Security. IdeaFactory empowers employees to develop, rate, and improve innovative ideas for programs, processes, and technologies. This privacy impact assessment is being conducted because the site will collect limited personally identifiable information (PII) on users submitting ideas.

Associated SORN(s):

DHS/ALL/PIA-024 - Digital Mail Pilot Program

DHS/ALL/PIA-024 Digital Mail Pilot Program June 18, 2010 (PDF, 10 pages – 177 KB) The Department of Homeland Security (DHS) Office of the Chief Administrative Officer (OCAO) plans to implement a Digital Mail Pilot Program for DHS Headquarters (HQ) and Components within the National Capital Region. The Digital Mail Pilot Program will give users the opportunity to receive their mail via email thereby improving DHS business processes and increasing security. The purpose of this Privacy Impact Assessment (PIA) is to demonstrate that the Digital Mail Pilot Program has considered and incorporated privacy protections of personally identifiable information (PII) that may be collected, used, disseminated, and maintained throughout the entire lifecycle of the program.

DHS/ALL/PIA-025 - Accessibility Compliance Management System (ACMS)

DHS/ALL/PIA-025 Accessibility Compliance Management System (ACMS) June 22, 2010 (PDF, 14 pages – 208 KB) The Department of Homeland Security (DHS) Office of Accessible Systems & Technology (OAST) operates the Accessibility Compliance Management System (ACMS). ACMS is intended to bring together a web-based, DHS-wide single point-of-entry reporting system. ACMS will allow documenting and reporting of all Section 508 compliance and accessibility activities and consistently track current status and progress towards meeting Section 508 compliance requirements for OAST and Component Accessible Systems and Technology Programs (ASTP). The PIA is being conducted to determine any privacy issues with customer information.

Associated SORN(s):

DHS/ALL/PIA-026(a) - iComplaints Complaint Enterprise System

DHS/ALL/PIA-026(a) iComplaints July 8, 2010 (PDF, 21 pages - 231 KB) The Office for Civil Rights and Civil Liberties (CRCL) Equal Employment Opportunities (EEO) Program operates the iComplaints Complaint Enterprise System. iComplaints is an electronic records system used to track complaints and supporting documentation relating to individual and class complaints of employment discrimination and retaliation prohibited by Department of Homeland Security (DHS) civil rights statutes. iComplaints will replace EEO Eagle as EEO Eagle is being decommissioned. CRCL EEO has conducted this Privacy Impact Assessment (PIA) because iComplaints collects and stores personally identifiable information (PII).

Associated SORN(s):

DHS/ALL/PIA-027(b) - Watchlist (WLS) Update

DHS/ALL/PIA-027(b) Watchlist Service (WLS) Update, July 19, 2011 (PDF, 5 pages - 170.90KB) The Department of Homeland Security (DHS) currently uses the Terrorist Screening Database (TSDB), a consolidated database maintained by the Department of Justice Federal Bureau of Investigation Terrorist Screening Center (TSC) that contains identifying information about those known or reasonably suspected of being involved in terrorist activity, in order to facilitate DHS mission-related functions, such as counterterrorism, law enforcement, border security, and inspection activities. In July 2010, DHS launched an improved method of transmitting TSDB data from TSC to DHS through a new service called the "DHS Watchlist Service" (WLS). At that time, DHS published a privacy impact assessment (PIA) to describe and analyze privacy risks associated with this new service. The WLS maintains a synchronized copy of the TSDB, which contains personally identifiable information (PII), and disseminates it to authorized DHS components. DHS is issuing this privacy impact assessment update to add the U.S. Customs and Border Protection (CBP) Automated Targeting System (ATS) as an authorized recipient of TSDB data via the WLS.

Associated SORN(s):

DHS/ALL/PIA-028(b) - DHS Freedom of Information Act (FOIA) and Privacy Act (PA) Records Program Update

Freedom of Information Act (FOIA) and Privacy Act Records Program Update February 11, 2013 (PDF, 5 pages – 128KB).  The FOIA and Privacy Act process for DHS is maintained by the DHS Privacy Office.  The process allows individuals to request access to federal agency records.  DHS deployed new software which allows this process to be more efficient and automated.  This PIA Update was conducted to document the new uses, reporting, and internal information sharing of the PII collected in the FOIA and PA process.

Associated SORN:

DHS/ALL/PIA-029(a) - Entellitrak

DHS/ALL/PIA-029(a) Entellitrak August 23, 2010 (PDF,4 pages – 210 KB)  The Offices for Civil Rights and Civil Liberties (CRCL) for the Department of Homeland Security (DHS) and Transportation Security Administration (TSA) have established a new database called Entellitrak which is an enterprise tracking system that has been configured to track, search, and report on complaints data. It is a database developed to respond to allegations of abuses of civil rights, civil liberties, and religious, racial, and ethnic profiling by department employees and officials. Entellitrak will replace the legacy system CRCL Matters with all CRCL Matters data migrating onto Entellitrak in the transition. This Privacy Impact Assessment (PIA) is being conducted because Entellitrak collects and stores personally identifiable information (PII).

Associated SORN

DHS/ALL/PIA-030 - Eversity

DHS/ALL/PIA-030 Eversity Enterprise System September 14, 2010 (PDF, 15 pages – 202 KB) The Office for Civil Rights and Civil Liberties (CRCL) Equal Employment Opportunity (EEO) Program operates the Eversity Enterprise System. Eversity is an electronic records system used in workforce analysis,1 tracking, management, and reporting required under Equal Employment Opportunity Commission (EEOC) Management Directive (MD) 715. CRCL EEO has conducted this Privacy Impact Assessment (PIA) because Eversity collects and stores personally identifiable information (PII). 74 FR 55571 published on October 28, 2009

Associated SORN:

  • OPM/GOVT-7 Applicant Race, Sex, National Origin and Disability Status Records, 71 FR 35356 published on June 19, 2006

DHS/ALL/PIA-031 - Use of Social Networking Interactions and Applications Communications/Outreach/Public Dialogue

DHS/ALL/PIA-031 Use of Social Networking Interactions and Applications Communications/Outreach/Public Dialogue September 16, 2010, (PDF, 21 pages - 283 KB). Social networking interactions and applications includes a sphere of non-government websites and web-based tools that focuses on connecting users, inside and outside of the Department of Homeland Security (DHS or Department), to engage in dialogue, share information and media, and collaborate. Third-parties control and operate these non-governmental websites; however, the Department may use them as alternative channels to provide robust information and engage with the public. The Department may also use these websites to make information and services widely available, while promoting transparency and accountability, as a service for those seeking information about or services from the Department. This Privacy Impact Assessment (PIA) analyzes the Department’s use of social networking and how these interactions and applications could result in the Department receiving personally identifiable information (PII). This PIA describes the information the Department may have access to, how it will use the information, what information is retained and shared, and how individuals can gain access to and correct their information.

DHS/ALL/PIA-032 - DHS Information Sharing Environment Suspicious Activity Reporting Initiative

DHS/ALL/PIA-032 Department of Homeland Security Information Sharing Environment Suspicious Activity Reporting Initiative November 17, 2010 (PDF, 30 pages – 331.87 KB) The Department of Homeland Security (DHS or Department) Office and Intelligence and Analysis, primarily through the State and Local Program Office in coordination with the Office of Operations Coordination Planning, is leading the DHS effort to implement the Nationwide Suspicious Activity Reporting Initiative (NSI). The NSI is a key aspect of the federal Information Sharing Environment (ISE) that Congress created in the Intelligence Reform and Terrorism Prevention Act of 2004 (IRPTA). The NSI is overseen by the Department of Justice (DOJ) and is designed to support the sharing of information through the ISE about suspicious activities which are defined as "official documentation of observed behavior reasonably indicative of pre-operational planning related to terrorism or other criminal activity [related to terrorism]." The Office of Intelligence and Analysis and the Office of Operations and Coordination Planning have been jointly coordinating activities throughout DHS to develop a department-level interface with the NSI that will enable DHS to share Suspicious Activity Reporting (SAR) that meet the ISE-SAR Functional Standard Version 1.5 (hereinafter referred to as ISE-SAR). Throughout this PIA, the term "SAR" refers to suspicious activity reporting, which may include activities that do not have a nexus to terrorism, and the term "ISE-SAR" refers to a subset of SAR that meet the ISE-SAR Functional Standard. The ISE-SAR Functional Standard Version 1.5 defines an ISE-SAR as official documentation of observed behavior reasonably indicative of: pre-operational planning related to terrorism or other criminal activity associated with terrorism. DHS conducted this privacy impact assessment (PIA) because ISE-SAR may contain personally identifiable information (PII). This PIA describes the coordinated activities of the DHS ISE-SAR Initiative, including the process for DHS component level review, identification, and submission of ISE-SAR to the NSI Shared Space as well as the technology that DHS developed to support DHS' participation in the NSI.

Appendix A – Associated PIAs and SORNs

TSA

NPPD

OPS

ICE

USCG

USSS

CBP

FEMA

Appendix B

Associated SORN:

DHS/ALL/PIA-033 - Google Analytics

DHS/ALL/PIA-033 Google Analytics June 9, 2011 (PDF, 16 pages – 216.48 KB) The Department of Homeland Security (DHS or the Department) is planning to utilize Google Analytics (www.google.com/analytics) for viewing and analyzing traffic to the Department’s public-facing website(s), including components (Department’s websites). Google Analytics is a free, external, third-party hosted, website analytics solution that generates robust information about the interactions of public-facing website visitors with the Department. Google Analytics must collect the full IP Address, which Google will then mask prior to use and storage, and proceed with providing the Department non-identifiable aggregated information in the form of custom reports. The Department has implemented the IP Address masking feature1 within Google Analytics to avoid the use and storage of the full IP Address. For example, when the last octet is truncated from the IP address, 192.168.0.1 becomes 192.168.0. This masking will affect the geographic location metric within Google Analytics. Google Analytics uses first-party cookies to track visitor interactions. DHS shall not collect, maintain, or retrieve personally identifiable information (PII) including a visitor’s Internet Protocol (IP) Address during this analytics process operated by Google. Google Analytics shall not provide to DHS, share with Google or any Google product for additional analysis, or use the full or masked IP Address or information to draw any conclusions in the analytics product. The Department has expressly chosen to opt-out of sharing information with Google or any Google product for additional analysis. This privacy impact assessment (PIA) is being conducted to identify and mitigate privacy concerns associated with the use of Google Analytics.

DHS/ALL/PIA-034 - Medical Credentials Management System

DHS/ALL/PIA-034 Medical Credentials Management System February 10, 2011 (PDF 16 pages – 192 KB) The Department of Homeland Security (DHS) Office of Health Affairs (OHA) is instituting a centralized medical credentialing system for DHS employees that provide health care services as part of their job and the Components’ mission or incidental to their ongoing operations. The purpose of the program is to formalize a process for verifying DHS employee (applicant) qualifications, licensure information, and relevant health care provider data. In accordance with the DHS Directive 248-01, Medical Quality Management, the Assistant Secretary for Health Affairs and Chief Medical Officer (ASHA/CMO) is responsible for developing a centralized credentials management system for approving credentials for DHS employee medical care providers. The credentialing process will include the collection of and maintenance of information related to professional education, state license number(s), national registry certification, board certification, training and other pertinent information related to medical care practices. OHA conducted this privacy impact assessment (PIA) because the medical credentials management system will collect and maintain personally identifiable information (PII) on DHS medical care providers.

Associated SORN:

DHS/ALL/PIA-035 - Retired---see below.

DHS/ALL/PIA-036 - Use of Unidirectional Social Media Applications

DHS/ALL/PIA-036 Use of Unidirectional Social Media Applications March 8, 2011 (PDF, 19 pages – 242 KB) Unidirectional social media applications encompass a range of applications, often referred to as applets or widgets, that allow users to view relevant, real-time content from predetermined sources. The Department of Homeland Security (DHS or Department) intends to use unidirectional social media tools including desktop widgets, mobile apps, podcasts, audio and video streams, Short Message Service (SMS) texting, and Really Simple Syndication (RSS) feeds, among others, for external relations (communications and outreach) and to disseminate timely content to the public about DHS initiatives, public safety, and other official activities and one-way notifications. These dynamic communication tools broaden the Department’s ability to disseminate content and provide the public multiple channels to receive and view content. The public will continue to have the option of obtaining comparable content and services through the Department’s official websites and other official means. This Privacy Impact Assessment (PIA) analyzes the Department’s use of unidirectional social media applications. This PIA does not cover users sending content to the Department. Additionally, this PIA will describe the personally identifiable information (PII) and the extremely limited circumstances that the Department will have access to PII, how it will use the PII, what PII is retained and shared, and how individuals can gain access to their PII. Appendix A of this PIA will serve as a listing, to be updated periodically, of DHS unidirectional social media applications, approved by the Chief Privacy Officer, that follow the requirements and analytical understanding outlined in this PIA. The unidirectional social media applications listed in Appendix A are subject to Privacy Compliance Reviews by the DHS Privacy Office.

DHS/ALL/PIA-037 - DHS SharePoint and Collaboration Sites

DHS/ALL/PIA-037 DHS SharePoint and Collaboration Sites March 22, 2011 (PDF, 7 pages – 193 KB) The Department of Homeland Security (DHS) is developing SharePoint as a Service (SharePoint), which will be an enterprise offering available to all organizations within the Department. This platform will serve as an enterprise collaboration and communication solution, eliminating additional investments in duplicative collaborative technologies, leveraging economies of scale, and connecting separate organizations through the use of the same platform in an integrated environment. DHS is conducting this Privacy Impact Assessment (PIA) because personally identifiable information (PII) may be collected and stored in the SharePoint environment. This PIA sets out the minimum standard for SharePoint privacy and security requirements; DHS components may build more detailed controls and technical enhancements into their respective sites.

Associated SORN:

DHS/ALL/PIA-038 - Integrated Security Management System (ISMS)

DHS/ALL/PIA-038 Integrated Security Management System (ISMS) March 22, 2011 (PDF, 21 pages – 249 KB) The Integrated Security Management System (ISMS) is a web-based case management tool designed to support the lifecycle of DHS personnel security, administrative security, and classified visit management programs. Personnel security records maintained in ISMS include suitability and security clearance investigations which contain information related to background checks, investigations, and access determinations. For administrative security and classified visit management ISMS contains records associated with security container/document tracking, classified contract administration, and incoming and outgoing classified visitor tracking. The system is a DHS enterprise-wide application that replaced the Personnel Security Activities Management System, which was decommissioned on May 31, 2010.

Associated SORN:

DHS/ALL/PIA-039 - Physical Access Control System (PACS)

DHS/ALL/PIA-039 Physical Access Control System June 9, 2011 (PDF, 15 pages – 232.32 KB) The Department of Homeland Security (DHS), Office of the Chief Security Officer (OCSO), Physical Access Control Division (PHYSD) operates the Physical Access Control System (PACS). PACS is a security technology integration application suite used to control and manage physical access devices, intrusion detection, and video surveillance at DHS Headquarters (HQ) facilities in the National Capital Region (NCR), primarily the Nebraska Avenue Complex (NAC). This PIA will focus exclusively on the physical access control and intrusion detection functions within PACS. The video surveillance function within PACS is covered by a separate PIA and can be found at DHS/ALL/PIA-035 - Nebraska Avenue Complex (NAC) Closed Circuit Television (CCTV) System (Part of PACS). PACS provides advanced access control, alarm monitoring, digital video,1 intrusion detection, and employee, visitor, and parking management. PACS allows authorized security personnel to simultaneously manage and monitor multiple entry points from a single, centralized location. The OCSO has conducted this Privacy Impact Assessment (PIA) to analyze the personally identifiable information (PII) that PACS collects, uses, and maintains. To the extent that other Departmental components use a system(s) that operates in the same way as PACS and will follow the rules outlined in this PIA, that system will be covered by this PIA and listed as part of an update to this PIA appendix.

Associated SORN:

DHS/ALL/PIA-040 – Electronic Patient Care Reporting System

DHS/ALL/PIA-040 Electronic Patient Care Reporting System, August 25, 2011 (PDF, 16 pages - 229 KB) The Department of Homeland Security (DHS) Office of Health Affairs (OHA) is implementing a web-based Commercial off the Shelf (COTS) Internet software service called the Electronic Patient Care Reporting System (ePCR). The ePCR system will establish a standardized approach to document care rendered by DHS Emergency Medical Services (EMS) medical care providers in pre-hospital environments. The system will also enhance OHA’s capability to evaluate quality of care delivery, quality assurance, performance improvement, and risk management activities. OHA conducted this privacy impact assessment because accurate documentation and quality assurance of EMS care provided necessarily includes gathering personally identifiable information (PII) from patient encounters.

Associated SORN(s):

DHS/ALL/PIA-041 – One DHS Overstay Vetting Pilot

DHS/ALL/PIA-041 One DHS Overstay Vetting Pilot, December 29, 2011 (PDF, 20 pages - 238 KB) DHS is conducting the One DHS Overstay Vetting Pilot to improve DHS' ability to identify and vet foreign nationals who have remained in the United States beyond their authorized period of admission (overstays). The pilot will attempt to streamline data sharing between the National Protection and Programs Directorate's United States Visitor and Immigrant Status Indicator Technology (US-VISIT) Program, U.S. Customs and Border Protection (CBP), and U.S. Immigration and Customs Enforcement (ICE). The overstay vetting process is covered by existing PIAs for the CBP Automated Targeting System (ATS), US-VISIT Technical Reconciliation Analysis Classification System (TRACS), and US-VISIT Arrival Departure Information System (ADIS). In addition to this existing coverage, US-VISIT has worked with the DHS Privacy Office to complete this PIA specific to the Overstay Vetting Pilot to add another layer of analysis and transparency to this specific process which can be updated as the program matures. Data sharing conducted through this program allows DHS to better identify which individuals have overstayed their authorized periods of admission, and of those overstays, which are the highest law enforcement or national security priority for enforcement action by ICE. DHS is conducting this PIA because the pilot increases the sharing within DHS of PII about travelers.

Associated SORN(s):

DHS/ALL/PIA-042 Closed Circuit Television (CCTV)

DHS/ALL/PIA-042 DHS CCTV Systems, July 18, 2012 (PDF, 16 pages - 216KB). The Department of Homeland Security (DHS) and its components deploy a number of Closed-Circuit Television (CCTV) systems throughout the department (See Appendix for detailed list). DHS’ CCTV systems are used to obtain real-time and recorded visual information in and around federal worksites and facilities to aid in crime prevention and criminal prosecution, enhance officer safety, secure physical access, promote cost savings, and assist in terrorism investigation or terrorism prevention. DHS conducted this Privacy Impact Assessment (PIA) because these systems have the ability to capture images of people, license plates, and any other visual information within range of the cameras. This PIA replaces existing CCTV PIAs: those PIAs will be retired with the publication of this PIA and are listed in the appendix.

DHS/ALL/PIA-043 DHS Hiring and On-Boarding Process

DHS Hiring and On-Boarding Process, April 22, 2013, (PDF 30 pages).  DHS is committed to hiring and retaining a qualified and dedicated workforce of almost a quarter million federal employees. To coordinate the hiring and on-boarding process for new and prospective DHS employees, DHS relies on the Chief Human Capital Officer and Component Human Capital Officers throughout the Department to serve as their component hiring authorities. DHS hiring authorities are responsible for posting vacancy announcements, producing certificates of referral for hiring managers, and extending tentative and final job offers to new employees. DHS is conducting this Privacy Impact Assessment (PIA) because these activities require DHS hiring authorities to receive Personally Identifiable Information (PII) from job candidates and new employees during the hiring and on-boarding processes within the DHS-wide organization.

Associated SORNs:

OPM/GOVT-1 - General Personnel Records December 11, 2012 77 FR 73694

OPM/GOVT-5 - Recruiting, Examining, and Placement Records June 19, 2006 71 FR 35351

OPM/GOVT-6 - Personnel Research and Test Validation Records June 19, 2006 71 FR 35354

OPM/GOVT-7 - Applicant Race, Sex, National Origin and Disability Status Records June 19, 2006 71 FR 35356

DHS/ALL-022 - Department of Homeland Security Drug Free Workplace October 31, 2008, 73 FR 64974

DHS/ALL/PIA-044 DHS Single Point of Service Request for Information Management Tool  

DHS Single Point of Service Request for Information Management Tool, June 17, 2013 (PDF 17 pages, 232 KB).  The Single Point of Service (SPS) refers to a joint effort between the Office of Operations Coordination and Planning (OPS), National Operations Center (NOC), and the Office of Intelligence and Analysis (I&A) to provide a centralized DHS Headquarters location to receive, facilitate, process, and, in some circumstances, respond to operational or intelligence related “Requests for Information” (RFI) that originate from federal, state, local, tribal, and territorial entities. In order to perform this function, OPS and I&A employ the RFI Management Tool, which standardizes the process by which entities request operational or intelligence-related information. DHS is conducting this PIA because the RFI Management Tool collects, retains, and disseminates PII.

Associated SORNs:

DHS/ALL/PIA-046 DHS Data Framework

DHS Data Framework, November 6, 2013, PDF, 18 pages.  DHS is developing the DHS Data Framework, which is a scalable information technology program with built-in capabilities to support advanced data architecture and governance processes. This program will alleviate mission limitations associated with stove-piped IT systems that are currently deployed across multiple operational components in DHS. It will also enable more controlled, effective, efficient use and sharing of available homeland security-related information across the DHS enterprise and, as appropriate, the U.S. Government while protecting privacy.

DHS is developing three systems to test different capabilities needed to implement the program: the Neptune Pilot, the Common Entity Index Prototype (CEI Prototype), and the Cerberus Pilot. Each of these has a separate Privacy Impact Assessment (PIA).

DHS is publishing this PIA because the DHS Data Framework will use PII collected from members of the public using information technology. This PIA covers the overall approach and vision for the program. As DHS develops the DHS Data Framework, this PIA will be updated.

Associated SORNs:

  • N/A

DHS/ALL/PIA-046-1 Neptune Pilot 

Neptune Pilot, September 25, 2013, PDF, 19 pages.  The Neptune Pilot is a part of the overall DHS Data Framework, which directly supports DHS’s need to use and share homeland security-related information across systems and components with privacy and civil liberties protections built directly into the data.  The Neptune system is designed to ingest authoritative unclassified data sets of person-centric identity information that DHS gathers during its routine interactions with the public for the purpose of tagging the data, and providing the tagged data to authorized systems.  Neptune tags the data by assigning both tag names and values to all of the ingested information.  During the first sixty to ninety days, the Neptune Pilot will tag and share data with two different systems: the Common Entity Index Prototype (CEI Prototype) and the Cerberus Pilot.  Both the CEI Prototype and Cerberus Pilot are described in separate Privacy Impact Assessments (PIA).  The Neptune Pilot is a DHS-wide pilot administered by the Common Vetting Task Force (CVTF) with the support of the Office of Intelligence and Analysis (I&A) acting in coordination with the Office of the Chief Information Officer (OCIO).  DHS is publishing this PIA pursuant to Section 208 of the E-Government Act of 2002 since the Neptune system handles PII.  If the system passes the testing and evaluation stage and DHS moves to an operational system, a new PIA will be published.

Associated SORNs:

DHS/ALL/PIA-046-2 Common Entity Index Prototype

Common Entity Index Prototype (CEI Prototype), September 26, 2013, PDF, 18 pages.  DHS’ Office of the Chief Information Officer (OCIO) is developing a new system called the CEI Prototype to enable DHS to correlate and consolidate a limited set of identity data from select component-level systems, and organize key identifiers collected about individual members of the public.  The purpose of this prototype is to determine the feasibility of establishing and effectively controlling access to a centralized index of select biographic information, enabling DHS to provide correlated and consolidated identities.  This PIA was conducted because it will use datasets provided by select DHS components containing PII for testing and evaluation purposes.  If the system passes the testing and evaluation stage and DHS moves to an operational system, a new PIA will be published.

Associated SORNs:          

DHS/ALL/PIA-046-3 Cerberus Pilot

Cerberus Pilot, November 22, 2013, PDF, 22 pages, 332KB.  The Cerberus Pilot is part of the overall DHS Data Framework.  The framework’s goal is to help alleviate mission limitations associated with stove-piped Information Technology (IT) systems that are currently deployed across multiple operational components at DHS.  More specifically, the Cerberus Pilot is intended to test the feasibility of a more controlled, effective, efficient use and sharing of available homeland security information across the DHS Enterprise while protecting privacy and safeguarding personal data.   During the Cerberus Pilot, the system ingests certain DHS component unclassified data about individuals and maintains the data in a DHS owned and controlled cloud computing environment on a Top Secret/Sensitive Compartmented Information (TS/SCI) network, where it is available for classified searches and evaluation using various analytical tools. The goal of the Cerberus Pilot is to test the ability to ensure that only users with certain attributes are able to access data based on defined purposes using the dynamic access control process.  The Cerberus Pilot will be populated with data imported from the Neptune Pilot data store via bulk load.  The DHS Data Framework and Neptune Pilot are described in separate Privacy Impact Assessments (PIA).  The Cerberus Pilot is a DHS-wide pilot administered by the Office of Intelligence and Analysis (I&A) on behalf of the Department in coordination with the Office of the Chief Information Officer (OCIO) and overseen by the Common Vetting Task Force (CVTF).  DHS is publishing this PIA pursuant to Section 208 of the E-Government Act of 2002 because the Cerberus Pilot system handles PII.

Associated SORNs:

Retirement

Back To Top

 

Back to Top