U.S. flag

An official website of the United States government

Government Website

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Safely connect using HTTPS

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

  1. Home
  2. Publications Library
  3. Privacy Impact Assessments (PIA) Collection

Privacy Impact Assessments (PIA) Collection

The Privacy Impact Assessment (PIA) is a decision tool to identify and mitigate privacy risks that notifies the public what Personally Identifiable Information (PII) DHS is collecting, why the PII is being collected and how the PII will be collected, used, accessed, shared, safeguarded and stored.

Use the “Filter” field to search PIAs by keyword and select a “Topic” to narrow results.

Return to the Privacy Impact Assessments page.

  • DHS-TSA-PIA-026 Alien Flight Student Program

    The Transportation Security Administration (TSA) conducts Security Threat Assessments (STA) on individuals who are not U.S. citizens or nationals and other individuals designated by TSA seeking flight instruction or recurrent training from Federal Aviation Administration (FAA)-certified flight training providers. TSA previously conducted a Privacy Impact Assessment (PIA) and PIA Updates for the Alien Flight Student Program (AFSP). TSA conducted this PIA because several updates to AFSP have been made, including: 1) TSA performs recurrent vetting of covered individuals; 2) The Defense Attaché collects biographic information and creates a record in AFSP about foreign military pilots endorsed by the Department of Defense (DoD) for flight training in the United States; and 3) TSA has submitted an updated National Archives and Records Administration (NARA) schedule to change records retention to 80 years in order to permit TSA to comply with a requirement that it re-use fingerprints for recurrent flight training during the life of the covered individual.  This PIA should be read as a stand-alone document.  Upon publication of this PIA, the previous PIA and PIA Updates for AFSP will be retired.

  • DHS-USCIS-PIA-054 National Customer Service Center

    USCIS operates the National Customer Service Center (NCSC) to provide nationwide telephonic assistance to customers calling with immigration service and benefit inquiries.  The NCSC uses a wide variety of systems, applications, and tools as part of its call center infrastructure to ensure calls are queued and processed as quickly as possible.  This Privacy Impact Assessment (PIA) discusses the USCIS systems used to operate NCSC, and evaluates the privacy risks and mitigation associated with the collection, use, and maintenance of Personally Identifiable Information (PII).

  • DHS/S&T/PIA–027 S&T Test Data

    An integral part of the Department of Homeland Security (DHS) Science and Technology Directorate (S&T)’s mission is to conduct research, development, testing, and evaluation (RDT&E) on technologies or topics related to improving homeland security and combating terrorism. Some S&T RDT&E activities receive datasets from other DHS Components or partner agencies to test, evaluate, and provide feedback on certain research topics, technologies, equipment, and capabilities related to S&T’s mission. S&T published this Privacy Impact Assessment (PIA) to establish baseline protections for test data provided by other DHS Components, other government agencies, or other data sharing partners. RDT&E test data that are covered by the PIA are listed in the appendix. The appendix will be updated as new projects, programs, systems, or other types of information collection are identified.

  • DHS-FEMA-PIA – 037 National Responder Support Camp (NRSC)

    The Federal Emergency Management Agency (FEMA) established the National Responder Support Camp (RSC) initiative to support FEMA’s mission to improve its ability to prepare for, protect against, respond to, recover from, and mitigate all hazards. RSCs are contractor-built and operated structures that are assembled (as requested) during emergencies and disasters to provide shelter, food, and other basic needs to emergency response personnel. FEMA published this Privacy Impact Assessment (PIA) for the initiative because FEMA collects Personally Identifiable Information (PII) from the emergency response personnel to provide secured access to the RSC.

  • DHS-FEMA-PIA-038(a) Virginia Systems Repository (VSR): Data Repositories

    The Federal Emergency Management Agency (FEMA)’s Office of Response and Recovery (OR&R) Recovery Directorate, develops, maintains, and supports the Virginia Systems Repository (VSR). VSR is a multifaceted system that develops and deploys applications and services to support the rapidly changing needs of FEMA programs. VSR also has data repository capabilities that systematically ingest and store information from various FEMA source systems for the explicit purpose of replication and use by VSR applications. FEMA conducted this Privacy Impact Assessment (PIA) to document the retrieval, replication, and storage of Personally Identifiable Information (PII) held in VSR data repositories.

  • DHS/FEMA/PIA – 036 Emergency Notification System

    FEMA’s Office of Response and Recovery (ORR), Response Directorate, Operations Division, FEMA Operations Center, operates and directs the Emergency Notification System (ENS).  ENS provides alerts, notifications, warnings, and other similar operations during all hazards, threats, and emergencies to designated FEMA personnel, DHS employees, detailees, contractors, and employees of other participating federal, state, and local agencies and non-governmental organizations (NGO) in the event of a scheduled exercise or an actual emergency. FEMA conducted this Privacy Impact Assessment (PIA) because ENS collects, uses, maintains, retrieves, and disseminates Personally Identifiable Information (PII) in order to provide this service to DHS.

  • DHS/TSA/PIA-042 - TSA OIA Technology Infrastructure Modernization Program

    The Transportation Security Administration (TSA)’s Office of Intelligence and Analysis (OIA) Technology Infrastructure Modernization (TIM) Program is an enterprise architecture designed to align TSA security threat assessment (STA) with credentialing activities for individuals.   These individuals require access to transportation facilities, infrastructure, assets, Sensitive Security Information (SSI), or related security credentials or clearances.  TIM integrates several vetting programs and systems and facilitates STA adjudication, credentialing, and redress processes.  TIM accesses the same Personally Identifiable Information (PII) that is already collected for the underlying STA programs.  TIM performs credentialing activities utilizing the PII that the underlying programs collect for the STAs.  In light of this new information technology framework involving existing PII, TSA is conducted this Privacy Impact Assessment (PIA) pursuant to the privacy provisions of the E-Government Act of 2002.

  • DHS/TSA/PIA-043 - Travel Protocol Office Program

    The Transportation Security Administration (TSA) established the Travel Protocol Office (TPO) to support and facilitate the movement of eligible travelers whose presence at a security screening checkpoint may distract other travelers and/or reduce the efficiency of the screening process. TSA plans to collect limited Personally Identifiable Information (PII) on these individuals in order to facilitate airport transit and to conduct security screening operations.  The TPO Program applies to commercial airports within the continental United States and its territories.  Because this program entails collecting information about members of the public in identifiable form, the E-Government Act of 2002 requires that TSA conduct a Privacy Impact Assessment.

  • DHS/USCIS/PIA-046 Customer Scheduling and Services

    U.S. Citizenship and Immigration Services (USCIS) allows customers to schedule appointments with an Immigration Service Officer (ISO) to discuss the specifics of their benefit application and petition through the infopass.uscis.gov website and customer service kiosks.  This Privacy Impact Assessment (PIA) discusses the USCIS systems associated with scheduling and managing appointments and evaluates the privacy risks and mitigation strategies built into the systems.  These systems include InfoPass and the Customer Management Information System (CMIS).  USCIS is updating and reissuing this PIA, originally published on June 6, 2013, because CMIS may collect, use, and maintain not only Alien Number, but also USCIS Electronic Immigration System Numbers and Receipt Numbers. USCIS also removed references to a planned automated process for an individual to check in for his or her appointment at a USCIS field office through bar code scanners that was not implemented, and updated the system’s Authority to Operate.

  • DHS/CBP/PIA–024 Arrival and Departure Information System

    The Department of Homeland Security (DHS), U.S. Customs and Border Protection (CBP) Arrival and Departure Information System (ADIS) consolidates data from a variety of systems to create a unique person-centric record with complete travel history. Originally, CBP created ADIS to identify individuals who had overstayed their class of admission (“visa overstays”); however, due to ADIS’s unique abilities to conduct biographic matching, data-tagging, and filtering, CBP is broadening its use of ADIS for all traveler encounters regardless of citizenship. CBP is republishing this Privacy Impact Assessment (PIA) to provide notice, and assess the privacy risks, of expanding ADIS beyond its original visa overstay mission. As the primary CBP system used to determine person-centric travel history and immigration status, ADIS supports a variety of non-law enforcement use cases that often require U.S. citizen travel history. CBP is reissuing this PIA to document the expanded uses of ADIS and its maintenance of all CBP travel records, including those of U.S. citizens.