The DHS Privacy Office launched a Privacy Compliance Review (PCR) on July 27, 2018, under the Chief Privacy Officer’s authority in accordance with Section 222 of the Homeland Security Act of 2002, as a result of growing concerns that the DHS Science and Technology Directorate’s (S&T) privacy compliance process, particularly for those programs involving social media and volunteers, did not meet requirements under DHS policies.  The PCR reviewed DHS S&T’s privacy compliance and privacy practices from October 1, 2016, through July 28, 2018.

This instruction mandates a reduction in the use of the SSN in DHS programs, systems, and forms.

Memo to DHS employees from Acting Secretary McAleenan providing information regarding first amendment protected activities.

Beginning in 2016, the former DHS Office of Community Partnerships and the Federal Emergency Management Agency (FEMA) managed the Countering Violent Extremism Grant Program (CVEGP) to fulfill a congressional mandate to help states and local communities prepare for, prevent, and respond to emergent threats from violent extremism.  The CVEGP Privacy Impact Assessment  (PIA) discussed the privacy risks of the first iteration of this grant program. The PIA noted that the DHS Privacy Office (PRIV) would initiate a Privacy Compliance Review  (PCR) to provide recommendations for improving the privacy protections inherent in deploying a security review process as part of the grant application process. While the CVEGP was not renewed from its initial 2016 funding, the findings reflected in this report serve as lessons learned that the Office of Terrorism Prevention Partnerships and the Office for Targeted Violence and Terrorism Prevention should carefully consider for any future CVEGP iterations, if applicable.  Further, the FEMA Grant Programs Directorate, as the administrator and manager of DHS grants, should fully implement PRIV recommendations to improve privacy protections for any future grant program that includes a security review.

Records released by U.S. Customs and Border Protection (CBP) to the Sierra Club concerning the construction of border fencing sections O-1, O-2, and O-3 in the vicinity of the communities of Roma, Rio Grande City, and Los Ebanos, Texas and their impact on the Rio Grande Valley floodplain.

The U.S. Department of Homeland Security (DHS) U.S. Customs and Border Protection (CBP) takes steps to ensure the safety of its facilities and personnel from natural disasters, threats of violence, and other harmful events and activities. In support of these efforts, designated CBP personnel monitor publicly available, open source social media to provide situational awareness and to monitor potential threats or dangers to CBP personnel and facility operators. Authorized CBP personnel may collect publicly available information posted on social media sites to create reports and disseminate information related to personnel and facility safety. CBP is conducting this Privacy Impact Assessment (PIA) because, as part of this initiative, CBP may incidentally collect, maintain, and disseminate personally identifiable information (PII) over the course of these activities.

Associated SORNs:

• DHS/CBP-024 Intelligence Records System (CIRS) System of Records

U.S. Citizenship and Immigration Services (USCIS) uses Data Streaming Services as intermediary messengers to effectively and efficiently move data among USCIS systems in near real-time. The use of these services allows USCIS to transport data without the technical and administrative burden usually placed on the operating systems. USCIS is publishing this Privacy Impact Assessment (PIA) to evaluate the privacy risks and mitigations associated with the transport of personally identifiable information (PII) using these services.

U.S. Citizenship and Immigration Services (USCIS), a component of the Department of Homeland Security (DHS), operates the Freedom of Information Act (FOIA) Immigration Records System (FIRST) to process FOIA requests, Privacy Act requests, and Privacy Act amendment requests from any eligible person or entity requesting access to or amendment of USCIS records. FIRST serves two purposes: (1) FIRST has a public-facing portal that allows members of the public to submit FOIA/Privacy Act requests online and allows USCIS to electronically deliver responsive records, and (2) FIRST is an internal case management system for USCIS. USCIS is conducting this Privacy Impact Assessment (PIA) to analyze the privacy impacts associated with USCIS’ use of FIRST, as well as the information collected, used, maintained, and disseminated.

U.S. Customs and Border Protection (CBP) is tasked with determining the admissibility of all individuals seeking admission into the United States. For non-immigrants seeking admission into the United States, CBP is automating the collection of information from visa-exempt citizens of Canada, Palau, Federated States of Micronesia, and the Republic of the Marshall Islands who are eligible to apply for temporary and permanent waivers of inadmissibility through the creation of the Electronic Secured Adjudication Forms Environment (e-SAFE). CBP is conducting this Privacy Impact Assessment (PIA) because waiver applicants will now be able to submit information electronically as part of the waiver application process, and because CBP collects, maintains, and disseminates personally identifiable information to vet inadmissible non-immigrants applying for a waiver.

The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) National Biodefense Analysis and Countermeasures Center (NBACC) created the Genomics Informatics System (GIS) to analyze bio-forensic data for classified development projects and law enforcement casework. GIS processes deoxyribonucleic acid (DNA) and amino-acid sequences transferred to GIS from external sources. S&T uses GIS for the analysis of bio-forensic data that may include the DNA or amino-acid sequences of synthetic constructs, viruses, bacteria, plants, animals, and/or humans. GIS is not used to identify individuals, and the identity of an individual cannot be inferred from a DNA sequence or other information in the GIS database. S&T is conducting this PIA to analyze potential privacy risks in the collection, analysis, and storage of human DNA sequences by GIS.