Published Privacy Impact Assessments on the Web

AGENCY:

Privacy Office, DHS.

ACTION:

Notice of publication of Privacy Impact Assessments.

SUMMARY:

The Privacy Office of the Department of Homeland Security is making available twelve Privacy Impact Assessments on various programs and systems in the Department. These assessments were approved and published on the Privacy Office's Web site between April 1, 2009, and June 30, 2009.

DATES:

The Privacy Impact Assessments will be available on the DHS Web site until December 14, 2009, after which they may be obtained by contacting the DHS Privacy Office (contact information below).

FOR FURTHER INFORMATION CONTACT:

Mary Ellen Callahan, Chief Privacy Officer, Department of Homeland Security, Washington, DC 20528, or e-mail: pia@dhs.gov.

SUPPLEMENTARY INFORMATION:

Between April 1, 2009, and June 30, 2009, the Chief Privacy Officer of the Department of Homeland Security (DHS) approved and published twelve Privacy Impact Assessments (PIAs) on the DHS Privacy Office web site, www.dhs.gov/privacy , under the link for “Privacy Impact Assessments.” These PIAs cover twelve separate DHS programs. Below is a short summary of those programs, indicating the DHS component responsible for the system, and the date on which the PIA was approved. Additional information can be found on the Web site or by contacting the Privacy Office.

System: FireGround Compass.

Component: Science and Technology.

Date of approval: April 1, 2009.

The DHS Science and Technology Directorate (S&T) TechSolutions Program contracted with G&H International Services, Inc. to perform operational testing and evaluations on the FireGround Compass for first responder firefighter applications. Halcyon Products designed the FireGround Compass, a navigational device that helps firefighters reestablish their orientation within a burning or smoke-filled building should they become lost or disoriented. The purpose of this project is to test the features, functions, and operational readiness of the FireGround Compass through human testing of the equipment. S&T conducted a PIA for this project because G&H International collected the personally identifiable information (PII) of firefighter volunteers during the testing of the device.

System: Security and Video Quality for the Public Safety Statement of Requirements Project.

Component: Science and Technology.

Date of approval: April 1, 2009.

The Security and Video Quality for the Public Safety Statement of Requirements project is a research and development effort funded by the DHS S&T. S&T is funding Noblis Inc., a nonprofit science and technology organization, through a cooperative agreement to conduct several research efforts, one of which is to examine facial recognition requirements in emergency response operations. S&T is conducting a PIA because research staff will use images collected from individuals during this research project. This PIA will only cover the research and testing activities conducted during this project.

System: Comprehensive Exit Program: Air Exit Pilot.

Component: US-VISIT.

Date of approval: May 20, 2009.

The United States Visitor and Immigrant Status Indicator Technology (US-VISIT) Program is implementing a new pilot phase of a comprehensive exit program for integrating non-U.S. citizen departure with existing arrival information. The Exit Program requires the collection of minimal biometric and biographic data from covered aliens, enabling US-VISIT Entry/Exit matching, identity verification, and cross-checking against a list of subjects of interest. This PIA is conducted because US-VISIT collects PII on non-U.S. citizens.

System: Compliance Tracking and Management System.

Component: U.S. Citizenship and Immigration Services.

Date of approval: May 22, 2009.

The Verification Division of the United States Citizenship and Immigration Services (USCIS) operates the Compliance Tracking and Management System (CTMS). CTMS collects and uses information necessary to support monitoring and compliance activities for researching and managing misuse, abuse, discrimination, breach of privacy, and fraudulent use of USCIS Verification Division's verification programs, the Systematic Alien Verification for Entitlements and E-Verify. This is a new system that requires publication of a PIA and System of Records Notice.

System: PRISM.

Component: Management Directorate.

Date of approval: June 4, 2009.

The DHS Management Directorate, Office of the Chief Procurement Officer is the owner of the PRISM contract writing management system. PRISM provides comprehensive, Federal Acquisition Regulation based acquisition support for all DHS headquarters entities. The purpose of this PIA is to document how PRISM collects, uses, disseminates, and maintains PII.

System: Vessel Requirements for Notices of Arrival and Departure and Automatic Identification System to add the Notice of Arrival on the Outer Continental Shelf Update.

Component: U.S. Coast Guard.

Date of approval: June 4, 2009.

This is a PIA update to the previous “Vessel Requirements for Notice of Arrival and Departure and Automatic Identification System Notice of Proposed Rulemaking” (NOA/D and AIS) PIA dated November 19, 2008. The United States Coast Guard (USCG) is publishing a Notice of Proposed Rulemaking entitled “Notice of Arrival on the Outer Continental Shelf.” The USCG conducted this update because portions of this rulemaking will require an expansion of an existing collection of PII and because the system, Ship Arrival Notification System, which maintains the NOA information, will maintain this new collection of PII.

System: Chemical Facility Anti-Terrorism Standards.

Component: National Protection and Programs Directorate.

Date of approval: June 5, 2009.

This PIA update for the Chemical Facility Anti-Terrorism Standards (CFATS), formally the Chemical Security Assessment Tool (CSAT), describes the new PII collected though the CFATS Site Security Plan, the potential to collect PII through the CFATS Tipline, DHS's intention to share on a “need to know” basis the business contact information of high-risk chemical facility personnel with public officials who have responsibilities related to chemical security and/or infrastructure security, and the ability for Chemical-terrorism Vulnerability Information (CVI) Authorized Users to update their PII.

System: Chemical Facility Anti-Terrorism Standards Update.

Component: National Protection and Programs Directorate.

Date of approval: June 11, 2009.

This PIA update for the CFATS covers the new collection of PII received from high-risk Chemical Facilities. NPPD will now collect PII from federal employees and contractors for the purpose of providing access to Chemical Facility Management System (CHEMS). CHEMS will transfer and secure the information from Chemical Security Assessment Tool (CSAT) to allow Federal employees and contractors the ability to contact an appropriate representative of high-risk chemical facilities, and to very an individual's status as a CVI Authorized User.

System: Department of Homeland Security Web Portals.

Component: DHS-Wide.

Date of approval: June 15, 2009.

Many DHS operations and projects require collaboration and communication amongst affected stakeholders including employees, contractors, Federal, State, local and tribal officials, as well as members of the public. One method of effectuating such collaboration is the establishment of an online “portal” allowing authorized users to obtain, post and exchange information, access common resources, and generally communicate with similarly situated and interested individuals. DHS has written this general PIA to document these informational and collaboration-based portals in operation at DHS and its components which collect, use, maintain, and share limited PII about individuals who are “members” of the portal or who seek to gain access to the portal “potential members.”

System: National Pollution Funds Center—Pollution Response Funding, Liability, and Compensation System.

Component: U.S. Coast Guard.

Date of approval: June 17, 2009.

The USCG National Pollution Funds Center's (NPFC) Pollution Response Funding, Liability, and Compensation System (PRFLACS) support the command's mission to administer the financial responsibility provisions in Title I of the Oil Pollution Act. The purpose of this PIA is to ensure that adequate privacy considerations and protections continue to be applied to the PII maintained in the NPFC PRFLACS system.

System: Personal Identity Verification.

Component: DHS-Wide.

Date of approval: June 18, 2009.

DHS is updating the Personal Identity Verification (PIV) PIA issued on October 13, 2006, to reflect changes in Departmental requirements identified through increased collaboration with the components during implementation planning and to include bringing the components online. Additionally, this update discusses the use of the Integrated Security Management System (ISMS) and a more robust, second-generation Identity Management System, which replaces the PIV ISMS discussed in the previous PIA.

System: Department of Homeland Security General Contact List.

Component: DHS-Wide.

Date of approval: April 14, 2009.

Many DHS operations and projects collect a minimal amount of contact information in order to distribute information and perform various other administrative tasks. Department Headquarters conducted this PIA because contact lists contain PII. The Department added the following systems to this PIA:

• National Protection and Programs Directorate Meridian Conference Web site 2009;
• Transportation Security Administration Pipeline Security Guidelines.