US flag signifying that this is a United States Federal Government website   Official website of the Department of Homeland Security

Homeland Security

Privacy Documents for Department-wide Programs

DHS/ALL/PIA-002(a) - DHS Traveler Redress Inquiry Program (TRIP)

DHS Traveler Redress Inquiry Program Update, June 5, 2013.  DHS TRIP is a customer service web-based initiative developed as a voluntary program to provide a one-stop mechanism for individuals to request redress, who make inquiries, or seek resolution regarding difficulties they experienced during their travel screening at transportation hubs (such as airports and train stations), or crossing U.S. borders.  DHS TRIP provides traveler redress intake and processing support while working with relevant DHS components to review and respond to requests for redress. This PIA update is necessary because the documentation required to resolve a request is now based upon the nature of the traveler’s complaint, rather than the previous requirement of a traveler submitting “at least three” documents for all requests.

Associated SORN(s):

DHS/ALL/PIA-003 - DHScovery

DHS Headquarters DHScovery, January 19, 2007. DHScovery is owned by the Office of the Chief Information Officer (OCIO) in partnership with the Office of the Chief Human Capital Officer (OCHCO). DHScovery will create an e-training environment that supports development of the Department of Homeland Security workforce through simplified one-stop access to high quality e-training products and services. This privacy impact assessment (PIA) is being conducted because DHScovery collects personally identifiable information about department employees and contractors.

Associated SORN(s):

DHS/ALL/PIA-004 - REAL-ID

The Department of Homeland Security REAL-ID, March 1, 2007. The Department of Homeland Security (DHS) Privacy Office is conducting a Privacy Impact Assessment (PIA) on the rule proposed by DHS to implement the REAL ID Act. The authority for this PIA is Subsection 4 of Section 222 of the Homeland Security Act of 2002, as amended, which calls for the Chief Privacy Officer of the Department of Homeland Security (DHS) to conduct a “privacy impact assessment of proposed rules of the Department.” This analysis reflects the framework of the Privacy Office’s Fair Information Principles, which are: Transparency, Individual Participation, Purpose Specification, Minimization, Use Limitation, Data Quality and Integrity, Security, and Accountability and Auditing. The Privacy Office conducts PIAs, whether under Subsection 4 of Section 222 or under Section 208 of the E-Government Act, to ensure that DHS is fully transparent about how its proposed rules, final rules, and intended information technology systems may affect privacy and to review alternative approaches and technologies that may minimize the privacy impact on individuals. This PIA examines the manner and method by which the personal information of American drivers and identification (ID) holders will be collected, used, disseminated, and maintained pursuant to the proposed rule issued under the REAL ID Act. This PIA will be updated, as necessary, when the rule is final.

DHS/ALL/PIA-005 - Automated Continuing Evaluation System (ACES) Pilot

Automated Continuing Evaluation System (ACES) Pilot, April 9, 2007. The Department of Homeland Security (DHS) is working with the Department of Defense to pilot the Automated Continuing Evaluation System (ACES). ACES conducts automated records checks to identify new issues of security concern for DHS personnel and contractors requiring a security clearance. During the ACES pilot, DHS will assess the feasibility of using ACES for initial and continuing evaluation of DHS security clearance holders. This Privacy Impact Assessment (PIA) is for the DHS implementation of the ACES Pilot.

Associated SORN(s):

DHS/ALL/PIA-006 - DHS General Contacts List

Department of Homeland Security General Contact Lists. Many Department of Homeland Security operations and projects collect a minimal amount of contact information in order to distribute information and perform various other administrative tasks. Department Headquarters has conducted this privacy impact assessment because contact lists contain personally identifiable information.

Associated SORN(s):

DHS/ALL/PIA-007 - Enterprise Correspondence Tracking (ECT) System

Enterprise Correspondence Tracking System (ECT), December 3, 2007. The Executive Secretariat of the Department of Homeland Security (DHS) operates the Enterprise Correspondence Tracking (ECT) system. The ECT is a correspondence workflow management system that assists DHS in responding to inquiries from the public, other government agencies, and the private sector. Tens of thousands of pieces of correspondence ranging from official rulings, policy statements, testimony, or even thank you letters are processed annually by DHS. The Executive Secretariat conducted this privacy impact assessment because the ECT collects and uses personally identifiable information (PII).

Associated SORN(s):

DHS/ALL/PIA-009 - DHS Web Time and Attendance (Web T&A) System

The Department of Homeland Security Web Time and Attendance System, May 1, 2008. The Department of Homeland Security (DHS) Office of the Chief Human Capital Officer (OCHO) has procured a COTS application and customized it to meet DHS standard requirements. This system is designed to implement an enterprise system that can efficiently automate the timesheet collection process and provide robust reporting features and a labor distribution capability. This privacy impact assessment was conducted because WebTA utilizes personally identifiable information.

Associated SORN(s):

DHS/ALL/PIA-010 - DHS HR Solutions

The Department of Homeland Security HR Solutions, August 12, 2008. The Department of Homeland Security, Office of the Chief Human Capital Officer (OCHCO) operates the HR Solutions System. HR Solutions is a newly developed system designed to aid in the administration of the Human Capital Processing of human resources operations and services. OCHCO conducted this PIA because HR Solutions collects and maintains personally identifiable information (PII).

Associated SORN(s):

DHS/ALL/PIA-011 - DHS State, Local, and Regional Fusion Center Initiative

Department of Homeland Security State, Local, and Regional Fusion Center Initiative, December 11, 2008. Pursuant to Section 511 of the Implementing Recommendations of the 9/11 Commission Act of 2007 (the “9/11 Commission Act” or “the Act”), Public Law No. 110-53, the Department of Homeland Security (DHS) Privacy Office is conducting a Privacy Impact Assessment (PIA) on the Homeland Security State, Local, and Regional Fusion Center Initiative (the Initiative). Under the Initiative, DHS will facilitate appropriate, bi-directional information sharing between the Department and State, Local, and Regional Fusion Centers. In addition, the Department will assign trained intelligence analysts to fusion centers, provided those centers meet a number of criteria set forth in the text. The Act requires the Department to complete a concept of operations (CONOPS) for the Initiative, including a PIA. The CONOPS also includes a Civil Liberties Impact Assessment, conducted by the DHS Office for Civil Rights and Civil Liberties.

Associated SORN(s):

DHS/ALL/PIA-012(b) - E-Mail Secure Gateway

E-Mail Secure Gateway, February 25, 2013.  DHS manages and operates the E-Mail Secure Gateway (EMSG) used by all DHS e-mail users. This PIA Update clarifies that the directory of user contact information and all e-mail traffic in, out, and between DHS, its components, and the Internet is also available to users on mobile devices.  This update also clarifies the records retention schedule and security of mobile devices; it does not cover the PII that may be contained within the body of an email or attachment.

Associated SORN(s):

DHS/ALL/PIA-013(a) - DHS PRISM

Department of Homeland Security PRISM November 10, 2011.  The Department of Homeland Security (DHS) Management Directorate, Office of the Chief Procurement Officer (OCPO) is the owner of the PRISM contract writing management system. PRISM provides comprehensive, Federal Acquisition Regulation (FAR)-based acquisition support for all DHS headquarters entities. The purpose of this Privacy Impact Assessment (PIA) update is to reflect changes to the collection of information, and the addition of a classified PRISM system.

Associated SORN(s):

DHS/ALL/PIA-014(b) - Personal Identity Verification (PIV) Management System

Personal Identity Verification (PIV) Management System, August 23, 2012. The Department of Homeland Security (DHS) is updating the Personal Identity Verification (PIV) Privacy Impact Assessment (PIA) Update, issued on June 18, 2009, to reflect changes in Departmental requirements and enhanced interoperability with US-VISIT Automated Biometric Identification System (IDENT) and the Federal Bureau of Investigation (FBI) Criminal Justice Information Services (CJIS) Integrated Automated Fingerprint Identification System (IAFIS), DHS Component Physical Access Control Systems (PACS), DHS Component Active Directories, as well as issuance of PIV compatible credentials to visitors to DHS.

Associated SORN(s):

DHS/ALL/PIA-015 - DHS Web Portals

Department of Homeland Security Web Portals June 15, 2009. Many Department of Homeland Security (DHS) operations and projects require collaboration and communication amongst affected stakeholders users to obtain, post and exchange information, access common resources, and generally communicate with similarly situated and interested individuals. DHS has written this general privacy impact assessment (PIA) to document these informational and collaboration-based portals in operation at DHS and its components which collect, usincluding employees, contractors, federal, state, local and tribal officials, as well as members of the public. One method of effectuating such collaboration is the establishment of an online “portal” allowing authorized e, maintain, and share limited personally identifiable information (PII) about individuals who are “members” of the portal or who seek to gain access to the portal “potential members.”

Associated SORN(s):

DHS/ALL/PIA-016(a) - DHS e-Recruitment

Department of Homeland Security eRecruitment Update July 28, 2009. The Department of Homeland Security (DHS), Office of the Chief Human Capital Officer (OCHCO), has implemented an enterprise recruiting system, called eRecruitment. OCHCO conducted a privacy impact assessment (PIA) with the original system deployment because eRecruitment uses and maintains personally identifiable information. The purpose for this update is to expand the scope of the data being addressed within eRecruitment.

Associated SORN(s):

DHS/ALL/PIA-017 - DHS Complaint Tracking System (CTS)

Department of Homeland Security Complaint Tracking System (CTS) June 29, 2009. The Privacy Office of the Department of Homeland Security (DHS) operates the Complaint Tracking System (CTS). CTS is a correspondence workflow management system that assists the DHS Privacy Office (hereinafter referred to as Privacy Office) in responding to complaints, comments, and requests for redress from the public, other government agencies, and the private sector. The Privacy Office conducted this privacy impact assessment because CTS collects and uses personally identifiable information (PII).

Associated SORN(s):

DHS/ALL/PIA-018 - National Dialogue for the Quadrennial Homeland Security Review (QHSR)

Department of Homeland Security National Dialogue for the Quadrennial Homeland Security Review (QHSR) July 31, 2009. The National Dialogue on the Quadrennial Homeland Security Review is a conversation between the Department of Homeland Security and Homeland Security stakeholders on an innovative web-based platform. The National Dialogue is an interactive process, building on the public’s input over the course of three dialogues. The Department conducted this privacy impact assessment because the participant feedback will be collected with limited personally identifiable information.

Associated SORN(s):

DHS/ALL/PIA-019 - DHS Our Border Network

Department of Homeland Security Our Border Network August 10, 2009. The Department of Homeland Security (DHS) Public Affairs, in coordination with the Office of International Affairs plans to use the social networking site Ning.com to facilitate the creation of a “civic network” focused on southwest border issues. To become a member of the DHS network hosted by Ning, individuals must be a member of Ning.com which requires the collection of certain personally identifiable information (PII). Although Ning is not collecting this PII on behalf of DHS, DHS will be able to review PII as part of its participation in the social network; therefore, DHS conducted this privacy impact assessment (PIA) to identify and mitigate privacy issues associated with the administration of a DHS-created social media network hosted on a non-DHS platform.

DHS/ALL/PIA-020(a) - Financial Disclosure Management (FDM)

Financial Disclosure Management (FDM) Update November 24, 2009. The Ethics Division of the Office of General Counsel (OGC) of the Department of Homeland Security (DHS) is publishing this update to the Privacy Impact Assessment (PIA) for the Financial Disclosure Management System (FDMS)1 dated September 30, 2008. FDMS is a web-based initiative developed to provide a mechanism for individuals to complete, sign, review, and file financial disclosure reports, first required by Title I of the Ethics in Government Act of 1978. This update will extend coverage to the personally identifiable information (PII) collected in Executive Branch Confidential Financial Disclosure Reports (OGE Form 450).

Associated SORN(s):

DHS/ALL/PIA-021 - H1N1 Medical Care for DHS Employees

DHS/ALL/PIA-021 H1N1 Medical Care for DHS Employees December 1, 2009 (PDF, 16 pages – 262 KB) The Department of Homeland Security (DHS) Office of Health Affairs (OHA) is issuing Standard Operating Procedures (SOP) to set forth requirements for DHS Components to provide medical care to DHS Mission Critical and Emergency Essential employees located in remote or medically austere environments who either present with influenza-like symptoms, or have been exposed to a probable case of H1N1 Influenza. The SOP will remain in effect for the duration of the Department of Health and Human Services (HHS) -declared public health emergency with respect to H1N1. OHA is conducting this PIA because the SOP involves the collection of personally identifiable information (PII).

Associated SORN(s):

DHS/ALL/PIA-022 - Stakeholder Engagement Initiative: Customer Relationship Management

DHS/ALL/PIA-022 Stakeholder Engagement Initiative: Customer Relationship Management December 10, 2009 (PDF, 14 pages – 224 KB) The Office of the White House Liaison and the Office of Policy, in coordination with the Office of Intergovernmental Affairs, are developing the Customer Relationship Management (CRM), a data management tool being employed by the Stakeholder Engagement Initiative (SEI). The system will be an online database which manages information on external stakeholders and tracks the interactions between these individuals and the Department of Homeland Security. This PIA is being conducted because personally identifiable information (PII) will be collected and maintained on a variety of stakeholders.

Associated SORN(s):

DHS/ALL/PIA-023 - DHS IdeaFactory

DHS/ALL/PIA-023 IdeaFactory January 21, 2010 (PDF, 12 pages – 198 KB) IdeaFactory is an Intranet Web-based tool that uses social media concepts to enable innovation and organizational collaboration within the Department of Homeland Security. IdeaFactory empowers employees to develop, rate, and improve innovative ideas for programs, processes, and technologies. This privacy impact assessment is being conducted because the site will collect limited personally identifiable information (PII) on users submitting ideas.

Associated SORN(s):

DHS/ALL/PIA-024 - Digital Mail Pilot Program

DHS/ALL/PIA-024 Digital Mail Pilot Program June 18, 2010 (PDF, 10 pages – 177 KB) The Department of Homeland Security (DHS) Office of the Chief Administrative Officer (OCAO) plans to implement a Digital Mail Pilot Program for DHS Headquarters (HQ) and Components within the National Capital Region. The Digital Mail Pilot Program will give users the opportunity to receive their mail via email thereby improving DHS business processes and increasing security. The purpose of this Privacy Impact Assessment (PIA) is to demonstrate that the Digital Mail Pilot Program has considered and incorporated privacy protections of personally identifiable information (PII) that may be collected, used, disseminated, and maintained throughout the entire lifecycle of the program.

DHS/ALL/PIA-025 - Accessibility Compliance Management System (ACMS)

DHS/ALL/PIA-025 Accessibility Compliance Management System (ACMS) June 22, 2010 (PDF, 14 pages – 208 KB) The Department of Homeland Security (DHS) Office of Accessible Systems & Technology (OAST) operates the Accessibility Compliance Management System (ACMS). ACMS is intended to bring together a web-based, DHS-wide single point-of-entry reporting system. ACMS will allow documenting and reporting of all Section 508 compliance and accessibility activities and consistently track current status and progress towards meeting Section 508 compliance requirements for OAST and Component Accessible Systems and Technology Programs (ASTP). The PIA is being conducted to determine any privacy issues with customer information.

Associated SORN(s):

DHS/ALL/PIA-026(a) - iComplaints Complaint Enterprise System

DHS/ALL/PIA-026(a) iComplaints July 8, 2010 (PDF, 21 pages - 231 KB) The Office for Civil Rights and Civil Liberties (CRCL) Equal Employment Opportunities (EEO) Program operates the iComplaints Complaint Enterprise System. iComplaints is an electronic records system used to track complaints and supporting documentation relating to individual and class complaints of employment discrimination and retaliation prohibited by Department of Homeland Security (DHS) civil rights statutes. iComplaints will replace EEO Eagle as EEO Eagle is being decommissioned. CRCL EEO has conducted this Privacy Impact Assessment (PIA) because iComplaints collects and stores personally identifiable information (PII).

Associated SORN(s):

DHS/ALL/PIA-027(c) - Watchlist (WLS) Update

Watchlist Service Update, December 1, 2014 (PDF, 8 pages).  DHS currently uses the Terrorist Screening Database (TSDB), the U.S. Government’s consolidated database maintained by the Department of Justice (DOJ) Federal Bureau of Investigation (FBI) Terrorist Screening Center (TSC), for identifying information about those known or reasonably suspected of being involved in terrorist activity, in order to facilitate DHS mission-related functions, such as counterterrorism, law enforcement, border security, and inspection activities. In July 2010, DHS launched an improved method of transmitting TSDB data from TSC to DHS through a service called the DHS Watchlist Service (WLS). WLS maintains a synchronized copy of the TSDB, which contains PII, and disseminates it to authorized DHS components. DHS issued this PIA Update to document a change in the technological infrastructure of the DHS Automated Biometric Identification System’s (IDENT) receipt of TSDB biometric information, and to notify the public that DHS no longer plans to develop the DHS Data Store with Query, previously described in the July 2010 WLS PIA.

Previous PIAs:

Associated SORNs:

DHS/ALL/PIA-028(b) - DHS Freedom of Information Act (FOIA) and Privacy Act (PA) Records Program Update

Freedom of Information Act (FOIA) and Privacy Act Records Program Update February 11, 2013 (PDF, 5 pages – 128KB).  The FOIA and Privacy Act process for DHS is maintained by the DHS Privacy Office.  The process allows individuals to request access to federal agency records.  DHS deployed new software which allows this process to be more efficient and automated.  This PIA Update was conducted to document the new uses, reporting, and internal information sharing of the PII collected in the FOIA and PA process.

Associated SORN:

DHS/ALL/PIA-029(a) - Entellitrak

DHS/ALL/PIA-029(a) Entellitrak August 23, 2010 (PDF,4 pages – 210 KB)  The Offices for Civil Rights and Civil Liberties (CRCL) for the Department of Homeland Security (DHS) and Transportation Security Administration (TSA) have established a new database called Entellitrak which is an enterprise tracking system that has been configured to track, search, and report on complaints data. It is a database developed to respond to allegations of abuses of civil rights, civil liberties, and religious, racial, and ethnic profiling by department employees and officials. Entellitrak will replace the legacy system CRCL Matters with all CRCL Matters data migrating onto Entellitrak in the transition. This Privacy Impact Assessment (PIA) is being conducted because Entellitrak collects and stores personally identifiable information (PII).

Associated SORN

DHS/ALL/PIA-030 - Eversity

DHS/ALL/PIA-030 Eversity Enterprise System September 14, 2010 (PDF, 15 pages – 202 KB) The Office for Civil Rights and Civil Liberties (CRCL) Equal Employment Opportunity (EEO) Program operates the Eversity Enterprise System. Eversity is an electronic records system used in workforce analysis,1 tracking, management, and reporting required under Equal Employment Opportunity Commission (EEOC) Management Directive (MD) 715. CRCL EEO has conducted this Privacy Impact Assessment (PIA) because Eversity collects and stores personally identifiable information (PII). 74 FR 55571 published on October 28, 2009

Associated SORN:

  • OPM/GOVT-7 Applicant Race, Sex, National Origin and Disability Status Records, 71 FR 35356 published on June 19, 2006

DHS/ALL/PIA-031 - Use of Social Networking Interactions and Applications Communications/Outreach/Public Dialogue

DHS/ALL/PIA-031 Use of Social Networking Interactions and Applications Communications/Outreach/Public Dialogue September 16, 2010, (PDF, 21 pages - 283 KB). Social networking interactions and applications includes a sphere of non-government websites and web-based tools that focuses on connecting users, inside and outside of the Department of Homeland Security (DHS or Department), to engage in dialogue, share information and media, and collaborate. Third-parties control and operate these non-governmental websites; however, the Department may use them as alternative channels to provide robust information and engage with the public. The Department may also use these websites to make information and services widely available, while promoting transparency and accountability, as a service for those seeking information about or services from the Department. This Privacy Impact Assessment (PIA) analyzes the Department’s use of social networking and how these interactions and applications could result in the Department receiving personally identifiable information (PII). This PIA describes the information the Department may have access to, how it will use the information, what information is retained and shared, and how individuals can gain access to and correct their information.

DHS/ALL/PIA-032(a) - DHS Information Sharing Environment Suspicious Activity Reporting Initiative Update

DHS/ALL/PIA-032(a) DHS Information Sharing Environment Suspicious Activity Reporting Initiative May 12, 2015. This Privacy Impact Assessment (PIA) updates a previously published PIA describing the Nationwide Suspicious Activity Reporting Initiative, a key aspect of the federal Information Sharing Environment (ISE) created by Congress in the Intelligence Reform and Terrorism Prevention Act of 2004. The NSI supports intergovernmental sharing of “official documentation of observed behavior reasonably indicative of pre-operational planning related to terrorism or other criminal activity [related to terrorism],” known as Suspicious Activity Reports (SAR). As a result of the NSI’s successes, the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) will continue the effort and transition the management to a jointly managed program. DHS is conducting this PIA update because SARs contain personally identifiable information (PII).

Appendix A – Associated PIAs and SORNs

TSA

NPPD

OPS

ICE

USCG

USSS

CBP

FEMA

Appendix B

Associated SORN:

DHS/ALL/PIA-033 - Google Analytics

DHS/ALL/PIA-033 Google Analytics June 9, 2011 (PDF, 16 pages – 216.48 KB) The Department of Homeland Security (DHS or the Department) is planning to utilize Google Analytics (www.google.com/analytics) for viewing and analyzing traffic to the Department’s public-facing website(s), including components (Department’s websites). Google Analytics is a free, external, third-party hosted, website analytics solution that generates robust information about the interactions of public-facing website visitors with the Department. Google Analytics must collect the full IP Address, which Google will then mask prior to use and storage, and proceed with providing the Department non-identifiable aggregated information in the form of custom reports. The Department has implemented the IP Address masking feature1 within Google Analytics to avoid the use and storage of the full IP Address. For example, when the last octet is truncated from the IP address, 192.168.0.1 becomes 192.168.0. This masking will affect the geographic location metric within Google Analytics. Google Analytics uses first-party cookies to track visitor interactions. DHS shall not collect, maintain, or retrieve personally identifiable information (PII) including a visitor’s Internet Protocol (IP) Address during this analytics process operated by Google. Google Analytics shall not provide to DHS, share with Google or any Google product for additional analysis, or use the full or masked IP Address or information to draw any conclusions in the analytics product. The Department has expressly chosen to opt-out of sharing information with Google or any Google product for additional analysis. This privacy impact assessment (PIA) is being conducted to identify and mitigate privacy concerns associated with the use of Google Analytics.

DHS/ALL/PIA-034 - Medical Credentials Management System

DHS/ALL/PIA-034 Medical Credentials Management System February 10, 2011 (PDF 16 pages – 192 KB) The Department of Homeland Security (DHS) Office of Health Affairs (OHA) is instituting a centralized medical credentialing system for DHS employees that provide health care services as part of their job and the Components’ mission or incidental to their ongoing operations. The purpose of the program is to formalize a process for verifying DHS employee (applicant) qualifications, licensure information, and relevant health care provider data. In accordance with the DHS Directive 248-01, Medical Quality Management, the Assistant Secretary for Health Affairs and Chief Medical Officer (ASHA/CMO) is responsible for developing a centralized credentials management system for approving credentials for DHS employee medical care providers. The credentialing process will include the collection of and maintenance of information related to professional education, state license number(s), national registry certification, board certification, training and other pertinent information related to medical care practices. OHA conducted this privacy impact assessment (PIA) because the medical credentials management system will collect and maintain personally identifiable information (PII) on DHS medical care providers.

Associated SORN:

DHS/ALL/PIA-035 - Retired---see below.

DHS/ALL/PIA-036 - Use of Unidirectional Social Media Applications

DHS/ALL/PIA-036 Use of Unidirectional Social Media Applications March 8, 2011 (PDF, 19 pages – 242 KB) Unidirectional social media applications encompass a range of applications, often referred to as applets or widgets, that allow users to view relevant, real-time content from predetermined sources. The Department of Homeland Security (DHS or Department) intends to use unidirectional social media tools including desktop widgets, mobile apps, podcasts, audio and video streams, Short Message Service (SMS) texting, and Really Simple Syndication (RSS) feeds, among others, for external relations (communications and outreach) and to disseminate timely content to the public about DHS initiatives, public safety, and other official activities and one-way notifications. These dynamic communication tools broaden the Department’s ability to disseminate content and provide the public multiple channels to receive and view content. The public will continue to have the option of obtaining comparable content and services through the Department’s official websites and other official means. This Privacy Impact Assessment (PIA) analyzes the Department’s use of unidirectional social media applications. This PIA does not cover users sending content to the Department. Additionally, this PIA will describe the personally identifiable information (PII) and the extremely limited circumstances that the Department will have access to PII, how it will use the PII, what PII is retained and shared, and how individuals can gain access to their PII. Appendix A of this PIA will serve as a listing, to be updated periodically, of DHS unidirectional social media applications, approved by the Chief Privacy Officer, that follow the requirements and analytical understanding outlined in this PIA. The unidirectional social media applications listed in Appendix A are subject to Privacy Compliance Reviews by the DHS Privacy Office.

DHS/ALL/PIA-037 - DHS SharePoint and Collaboration Sites

DHS/ALL/PIA-037 DHS SharePoint and Collaboration Sites March 22, 2011 (PDF, 7 pages – 193 KB) The Department of Homeland Security (DHS) is developing SharePoint as a Service (SharePoint), which will be an enterprise offering available to all organizations within the Department. This platform will serve as an enterprise collaboration and communication solution, eliminating additional investments in duplicative collaborative technologies, leveraging economies of scale, and connecting separate organizations through the use of the same platform in an integrated environment. DHS is conducting this Privacy Impact Assessment (PIA) because personally identifiable information (PII) may be collected and stored in the SharePoint environment. This PIA sets out the minimum standard for SharePoint privacy and security requirements; DHS components may build more detailed controls and technical enhancements into their respective sites.

Associated SORN:

DHS/ALL/PIA-038(a) - Integrated Security Management System (ISMS)

The Integrated Security Management System, September 16, 2014, PDF, 10 pages.  ISMS is a web-based case management enterprise-wide application designed to support the lifecycle of the DHS personnel security, administrative security, and classified visit management programs.  This PIA is being updated to include the migration of personnel security data and users from the United States Coast Guard (USCG), the Transportation Security Administration (TSA), and the United States Secret Service (USSS) to ISMS since the last approved PIA in March 2011.

Previous PIAs:

Associated SORN:

DHS/ALL/PIA-039 - Physical Access Control System (PACS)

DHS/ALL/PIA-039 Physical Access Control System June 9, 2011 (PDF, 15 pages – 232.32 KB) The Department of Homeland Security (DHS), Office of the Chief Security Officer (OCSO), Physical Access Control Division (PHYSD) operates the Physical Access Control System (PACS). PACS is a security technology integration application suite used to control and manage physical access devices, intrusion detection, and video surveillance at DHS Headquarters (HQ) facilities in the National Capital Region (NCR), primarily the Nebraska Avenue Complex (NAC). This PIA will focus exclusively on the physical access control and intrusion detection functions within PACS. The video surveillance function within PACS is covered by a separate PIA and can be found at DHS/ALL/PIA-035 - Nebraska Avenue Complex (NAC) Closed Circuit Television (CCTV) System (Part of PACS). PACS provides advanced access control, alarm monitoring, digital video,1 intrusion detection, and employee, visitor, and parking management. PACS allows authorized security personnel to simultaneously manage and monitor multiple entry points from a single, centralized location. The OCSO has conducted this Privacy Impact Assessment (PIA) to analyze the personally identifiable information (PII) that PACS collects, uses, and maintains. To the extent that other Departmental components use a system(s) that operates in the same way as PACS and will follow the rules outlined in this PIA, that system will be covered by this PIA and listed as part of an update to this PIA appendix.

Associated SORN:

DHS/ALL/PIA-040 – Electronic Patient Care Reporting System

DHS/ALL/PIA-040 Electronic Patient Care Reporting System, August 25, 2011 (PDF, 16 pages - 229 KB) The Department of Homeland Security (DHS) Office of Health Affairs (OHA) is implementing a web-based Commercial off the Shelf (COTS) Internet software service called the Electronic Patient Care Reporting System (ePCR). The ePCR system will establish a standardized approach to document care rendered by DHS Emergency Medical Services (EMS) medical care providers in pre-hospital environments. The system will also enhance OHA’s capability to evaluate quality of care delivery, quality assurance, performance improvement, and risk management activities. OHA conducted this privacy impact assessment because accurate documentation and quality assurance of EMS care provided necessarily includes gathering personally identifiable information (PII) from patient encounters.

Associated SORN(s):

DHS/ALL/PIA-041 – One DHS Overstay Vetting Pilot

DHS/ALL/PIA-041 One DHS Overstay Vetting Pilot, December 29, 2011 (PDF, 20 pages - 238 KB) DHS is conducting the One DHS Overstay Vetting Pilot to improve DHS' ability to identify and vet foreign nationals who have remained in the United States beyond their authorized period of admission (overstays). The pilot will attempt to streamline data sharing between the National Protection and Programs Directorate's United States Visitor and Immigrant Status Indicator Technology (US-VISIT) Program, U.S. Customs and Border Protection (CBP), and U.S. Immigration and Customs Enforcement (ICE). The overstay vetting process is covered by existing PIAs for the CBP Automated Targeting System (ATS), US-VISIT Technical Reconciliation Analysis Classification System (TRACS), and US-VISIT Arrival Departure Information System (ADIS). In addition to this existing coverage, US-VISIT has worked with the DHS Privacy Office to complete this PIA specific to the Overstay Vetting Pilot to add another layer of analysis and transparency to this specific process which can be updated as the program matures. Data sharing conducted through this program allows DHS to better identify which individuals have overstayed their authorized periods of admission, and of those overstays, which are the highest law enforcement or national security priority for enforcement action by ICE. DHS is conducting this PIA because the pilot increases the sharing within DHS of PII about travelers.

Associated SORN(s):

DHS/ALL/PIA-042 Closed Circuit Television (CCTV)

DHS CCTV Systems, July 18, 2012 (PDF, 16 pages - 216KB). The Department of Homeland Security (DHS) and its components deploy a number of Closed-Circuit Television (CCTV) systems throughout the department (See Appendix for detailed list). DHS’ CCTV systems are used to obtain real-time and recorded visual information in and around federal worksites and facilities to aid in crime prevention and criminal prosecution, enhance officer safety, secure physical access, promote cost savings, and assist in terrorism investigation or terrorism prevention. DHS conducted this Privacy Impact Assessment (PIA) because these systems have the ability to capture images of people, license plates, and any other visual information within range of the cameras. This PIA replaces existing CCTV PIAs: those PIAs will be retired with the publication of this PIA and are listed in the appendix.

DHS/ALL/PIA-043 DHS Hiring and On-Boarding Process

DHS Hiring and On-Boarding Process, April 22, 2013, (PDF 30 pages).  DHS is committed to hiring and retaining a qualified and dedicated workforce of almost a quarter million federal employees. To coordinate the hiring and on-boarding process for new and prospective DHS employees, DHS relies on the Chief Human Capital Officer and Component Human Capital Officers throughout the Department to serve as their component hiring authorities. DHS hiring authorities are responsible for posting vacancy announcements, producing certificates of referral for hiring managers, and extending tentative and final job offers to new employees. DHS is conducting this Privacy Impact Assessment (PIA) because these activities require DHS hiring authorities to receive Personally Identifiable Information (PII) from job candidates and new employees during the hiring and on-boarding processes within the DHS-wide organization.

Associated SORNs:

OPM/GOVT-1 - General Personnel Records December 11, 2012 77 FR 73694

OPM/GOVT-5 - Recruiting, Examining, and Placement Records June 19, 2006 71 FR 35351

OPM/GOVT-6 - Personnel Research and Test Validation Records June 19, 2006 71 FR 35354

OPM/GOVT-7 - Applicant Race, Sex, National Origin and Disability Status Records June 19, 2006 71 FR 35356

DHS/ALL-022 - Department of Homeland Security Drug Free Workplace October 31, 2008, 73 FR 64974

DHS/ALL/PIA-044 DHS Single Point of Service Request for Information Management Tool

DHS Single Point of Service Request for Information Management Tool, June 17, 2013 (PDF 17 pages, 232 KB).  The Single Point of Service (SPS) refers to a joint effort between the Office of Operations Coordination and Planning (OPS), National Operations Center (NOC), and the Office of Intelligence and Analysis (I&A) to provide a centralized DHS Headquarters location to receive, facilitate, process, and, in some circumstances, respond to operational or intelligence related “Requests for Information” (RFI) that originate from federal, state, local, tribal, and territorial entities. In order to perform this function, OPS and I&A employ the RFI Management Tool, which standardizes the process by which entities request operational or intelligence-related information. DHS is conducting this PIA because the RFI Management Tool collects, retains, and disseminates PII.

Associated SORNs:

DHS-ALL-PIA-045 Loaned Executive Program

Loaned Executive Program, September 29, 2014, PDF, 16 pagesDHS’s Private Sector Office manages the Department-wide Loaned Executive Program (LEP).  The LEP is a special unpaid opportunity for executive-level private sector, academia, and cyber security experts to share their expertise with DHS. Through the LEP, DHS seeks innovative solutions to its homeland security challenges. DHS conducted this PIA because the LEP collects PII from members of the public.

Associated SORN:

DHS/ALL-021 - Department of Homeland Security Contractors and Consultants October 23, 2008, 73 FR 63179

DHS/ALL/PIA-046(b) DHS Data Framework

DHS Data Framework, February 27, 2015, (PDF, 16 pages).  The DHS Data Framework (“Framework”) is a scalable information technology program with built-in capabilities to support advanced data architecture and governance processes. The Framework is DHS’s “big data” solution to build in privacy protections while enabling more controlled, effective, and efficient use of existing homeland security-related information across the DHS enterprise and with other U.S. Government partners, as appropriate. Currently, the Framework includes the Neptune and Cerberus systems and the Common Entity Index. Beginning in April 2015, DHS intends to mature the Framework during an Initial Operational Capability phase, which will include new DHS data sets, additional DHS users, and new technical capabilities (e.g., data refresh) for use within a controlled operational context. DHS is updating the Framework Privacy Impact Assessment (PIA) to reflect the transition to this Initial Operational Capability phase.

Previous PIAs: 

Associated SORNs:

DHS/ALL/PIA-046-1(b) Neptune

Neptune, February 27, 2015, (PDF, 14 pages).  The DHS Data Framework (“Framework”) is a scalable information technology program with built-in capabilities to support advanced data architecture and governance processes. The Framework is DHS’s “big data” solution to build in privacy protections while enabling more controlled, effective, and efficient use of existing homeland security-related information across the DHS enterprise and with other U.S. Government partners, as appropriate. Currently, the Framework includes the Neptune and Cerberus systems and the Common Entity Index. Beginning in April 2015, DHS intends to mature the Framework during an Initial Operational Capability phase, which will include new DHS data sets, additional DHS users, and new technical capabilities (e.g., data refresh) for use within a controlled operational context. DHS is updating the Framework Privacy Impact Assessment (PIA) to reflect the transition to this Initial Operational Capability phase.

Previous PIAs:

Associated SORNs:

DHS/ALL/PIA-046-2 Common Entity Index Prototype

Common Entity Index Prototype (CEI Prototype), September 26, 2013, PDF, 18 pages.  DHS’ Office of the Chief Information Officer (OCIO) is developing a new system called the CEI Prototype to enable DHS to correlate and consolidate a limited set of identity data from select component-level systems, and organize key identifiers collected about individual members of the public.  The purpose of this prototype is to determine the feasibility of establishing and effectively controlling access to a centralized index of select biographic information, enabling DHS to provide correlated and consolidated identities.  This PIA was conducted because it will use datasets provided by select DHS components containing PII for testing and evaluation purposes.  If the system passes the testing and evaluation stage and DHS moves to an operational system, a new PIA will be published.

Associated SORNs:        

DHS/ALL/PIA-046-3(b) Cerberus

Cerberus, February 27, 2015, (PDF, 15 pages).  The DHS Data Framework (“Framework”) is a scalable information technology program with built-in capabilities to support advanced data architecture and governance processes. The Framework is DHS’s “big data” solution to build in privacy protections while enabling more controlled, effective, and efficient use of existing homeland security-related information across the DHS enterprise and with other U.S. Government partners, as appropriate. Currently, the Framework includes the Neptune and Cerberus systems and the Common Entity Index. Beginning in April 2015, DHS intends to mature the Framework during an Initial Operational Capability phase, which will include new DHS data sets, additional DHS users, and new technical capabilities (e.g., data refresh) for use within a controlled operational context. DHS is updating the Framework Privacy Impact Assessment (PIA) to reflect the transition to this Initial Operational Capability phase.

Previous PIAs: 

Associated SORNs:

DHS/ALL/PIA-047 Workers’ Compensation Program – Medical Case Management Services (WC-MCMS)

WC-MCMS [September 30, 2014, PDF, 20 pages] supports the DHS Office of the Chief Human Capital Officer and Component workers’ compensation staff in the medical review and oversight of all DHS employee workers’ compensation claims. DHS is conducting this Privacy Impact Assessment (PIA) because DHS, including all Components, collects and maintains PII as part of the Workers’ Compensation case management process to ensure injured workers receive timely and appropriate medical care, to enable a successful return to the workforce as soon as medically appropriate, and to share case information with the Department of Labor and third party medical service providers.

Associated SORNs:

DHS-ALL-PIA-048(a) Foreign Access Management System (FAMS)

Foreign Access Management System, December 12, 2014 (PDF, 8 pages, 164 KB). The Department of Homeland Security (DHS) Office of the Chief Security Officer (OCSO) created the Foreign Access Management System (FAMS), formerly known as Foreign National Visitor Management System (FNVMS), to support the OCSO/FAM mission. DHS uses FAMS to vet foreign nationals that seek access to DHS personnel, information, facilities, programs, or systems. DHS is updating this Privacy Impact Assessment (PIA), last published on March 30, 2011, to document the system’s name change, note that the system is now used by all DHS Components, clarify the categories of individuals screened by FAMS, clarify the types of checks done by the system, describe the forms created to support the OCSO/FAM Program, and clarify the information used as part of the screening process.

DHS-ALL-PIA-048 Foreign National Visitor Management System (FNVMS), March 30, 2011 (PDF, 15 pages, 199KB)

Associated SORN:

DHS-ALL-049 Performance and Learning Management System (PALMS)

Performance and Learning Management System, January 23, 2015 (.PDF).  The DHS Office of the Chief Human Capital Officer (OCHCO) procured the DHS Performance and Learning Management System (PALMS) to facilitate the performance management process and consolidate the existing DHS Component learning management environments that support workforce training.  DHS conducted this PIA because, when fully implemented, PALMS will collect, maintain, use, and disseminate PII about all DHS employees and contractors.

Associated SORNs:

DHS-ALL-PIA-050 DHS Trusted Identity Exchange

DHS Trusted Identity Exchange (TIE), April 2, 2015 (PDF, 24 pages).  TIE is a privacy-enhancing DHS Enterprise Service that enables and manages the digital flow of identity, credential, and access-management data for DHS employees and contractors. It does so by establishing connections to various internal authoritative data sources, and provides a secure, digital interface to other internal DHS consuming applications. A consuming application is any DHS system that requires some form of identity, credential, and access-management data in order to grant logical or physical access to a DHS protected resource. DHS is publishing this PIA because TIE accesses and disseminates PII.

DHS-ALL-PIA-051 DHS Data Framework – Interim Process to Address an Emergent Threat

DHS Data Framework – Interim Process to Address an Emergent Threat, April 15, 2015. DHS is publishing this PIA to explain its plan to expedite DHS’s ability to meet a critical mission need through the use of an interim manual data transfer process.  Specifically, DHS has a critical mission need to perform classified queries on its unclassified data in order to identify individuals supporting the terrorist activities of: (1) the Islamic State of Iraq and the Levant (ISIL), (2) al-Qa’ida in the Arabian Peninsula (AQAP), (3) al-Nusrah Front, (4) affiliated offshoots of these groups, or (5) individuals seeking to join the Syria-Iraq conflict.  (These individuals are often referred to as “foreign fighters” by the media and in public discourse.)  The ability to perform classified searches of unclassified data for this uniquely time sensitive purpose will allow DHS to better identify and track foreign fighters who may seek to travel from, to, or through the United States.  This type of comparison is a long-standing mission need; however, the specific threat has shortened the timeframe in which DHS must meet the need.

DHS/ALL/PIA-053 DHS Financial Management Systems

Associated SORNs:

RETIREMENT

Last Published Date: October 1, 2015

Was this page helpful?

Back to Top