The Department of Homeland Security’s (DHS) Federal Protective Service (FPS) is developing the Post Tracking System (PTS). PTS will be used to verify the identity, suitability, training completion, and time and attendance of Protective Security Officers (PSO) who serve as contracted guards at federal facilities. FPS is conducting this Privacy Impact Assessment (PIA) because PTS collects personally identifiable information (PII) of DHS employees and contract personnel.

The Department of Homeland Security (DHS) Office of Intelligence and Analysis (I&A) manages data on behalf of DHS Components when there is a need to share that data with the Intelligence Community (IC) and other national security partners or to support DHS mission use cases and applications using a secure data environment. The Data Management Hub (or “Data Hub”) is a set of technical components that facilitates the storage, enrichment, tagging, and movement of DHS and partner data by I&A on the classified network fabric. The goal of the Data Hub is to provide a single authoritative data store of datasets in order to reduce data duplication and improve the authorized usage of data for data-sharing and analysis. It also centralizes and streamlines the data formatting, tagging, and transfer of data for approved internal and external mission applications, including bulk sharing with national security partners and other government agencies.

The Data Hub is a series of technical components and, while it does not itself use specific information about individuals, it supports the storage and use of data and datasets that contain personally identifiable information (PII). The Data Hub simply transports and stores data and datasets; there is no data or dataset inherent to it. As such, data or datasets that use the Data Hub process will be listed in the appendices to this PIA.

U.S. Customs and Border Protection (CBP) requires air-cargo and shipping companies to submit their electronic manifest information in advance to CBP under the Air Cargo Advance Screening (ACAS) program. This advance information improves CBP’s ability to conduct risk assessments of incoming shipments in order to improve security and compliance with customs and other laws CBP enforces at the border. CBP is publishing this new Privacy Impact Assessment (PIA) to provide notice of the new mandatory requirements for ACAS participants, and to assess the privacy risks of its collection and use of personally identifiable information under this program.

The Department of Homeland Security (DHS), U.S. Customs and Border Protection (CBP) is responsible for securing the United States and its borders while facilitating lawful travel and trade. The CBP Office of Trade (OT) facilitates lawful international trade activities, enforces violations of various trade laws and regulations, and investigates allegations of trade violations made by the members of the public. CBP created a public-facing website called “e-Allegations” for members of the public and the trade community to report potential violation of criminal and trade laws and regulations.

The DHS Privacy Office conducted a Privacy Compliance Review (PCR) of FEMA that focused on information sharing practices and oversight in response to two major privacy incidents that occurred during Fiscal Year 2019.  This PCR details six recommendations to improve FEMA’s implementation of information sharing and safeguarding activities that adequately protect individuals’ privacy.

Memo signed by Secretary John Kelly on May 24, 2017, directing the Department to enhance biometric collection practices to improve identity resolution and encounter management.

U.S. Customs and Border Protection (CBP) is conducting a voluntary test to collect certain advance data related to shipments potentially eligible for release under Section 321 of the Tariff Act of 1930, as amended, 19 U.S.C. § 1321 (“Section 321”). Section 321 provides for an administrative exemption from duty and taxes for shipments of merchandise (other than bona-fide gifts and certain personal and household goods) imported by one person on one day having an aggregate fair retail value in the country of shipment of not more than $800. Pursuant to this test, participants will electronically transmit certain data elements pertaining to these shipments to CBP in advance of arrival. CBP is conducting this test to determine the feasibility of requiring advance data from different types of parties and requiring additional data that is generally not required under current regulations in order to effectively identify and target high-risk shipments in the e-commerce1 environment. CBP published a Notice in the Federal Register on July 23, 2019, announcing the pilot.2 CBP is publishing this new Privacy Impact Assessment (PIA) to provide notice of information collection requirements for the Section 321 Data Pilot, and to assess the privacy risks of its collection and use of personally identifiable information under this pilot.

Workforce Analytics and Employee Records is a Federal Human Capital Business Function whereby federal agencies implement a systematic process to review workforce and performance data, metrics, and results. Federal agencies conduct these reviews in an effort to anticipate and plan for future strategic and operational requirements and to make holistically informed Human Capital Management decisions. Specifically, federal human capital organizations generate evidence-based metrics to support decision-making concerning recruitment, staffing, training, and workforce development. The Workforce Analytics and Employee Records Business Function also facilitates compensation and benefits modeling, as well as the application of statistical models on such human resources (HR) issues as retention rates, time to on-board, retirement trends, and employee engagement. The Department of Homeland Security (DHS) is conducting this Privacy Impact Assessment (PIA) because the systems and data sources that support Workforce Analytics and Employee Records at DHS collect, use, store, and transmit personally identifiable information (PII) and sensitive personally identifiable information (SPII).

The Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) Cybersecurity Division (CSD) leads the Federal Government effort to protect and defend federal civilian Executive Branch agency networks from cyber threats. These efforts are conducted, in part, through the National Cybersecurity Protection System’s (NCPS) intrusion detection capabilities — formerly referred to as EINSTEIN 1 and EINSTEIN 2. This Privacy Impact Assessment (PIA) provides a programmatic update on the NCPS intrusion detection capabilities and provides an in-depth analysis of the collection of information related to known or suspected cyber threats that could potentially include information that could be considered personally identifiable information (PII). Due to the close operational relationship between the NCPS network flow (netflow) and intrusion detection capabilities, this PIA combines, updates, and replaces the former EINSTEIN PIA (September 2004) and EINSTEIN 2 PIA (May 2008).

The United States Secret Service’s (USSS or Secret Service) Special Operations Division (SOD) is conducting a pilot, in coordination with the U.S. Coast Guard (USCG) and Science & Technology Directorate (S&T), to test and evaluate technologies used to detect, identify, and mitigate Unmanned Aircraft Systems (UAS) that may pose a potential threat to “covered facilities” and assets at the September 2019 United Nations General Assembly (UNGA). These protective technologies are referred to as Counter-UAS (C-UAS) systems. This Privacy Impact Assessment (PIA) discusses measures taken to mitigate privacy risks and the impact to protect personally identifiable information (PII) during the deployment of C-UAS technologies in an urban setting under operational circumstances.