Download:
pdf |
pdfThe Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
703-235-0780, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version date: June 10th, 2009
Page 1 of 9
PRIVACY THRESHOLD ANALYSIS (PTA)
This form is used to determine whether
a Privacy Impact Assessment is required.
Please use the attached form to determine whether a Privacy Impact Assessment (PIA) is required under
the E‐Government Act of 2002 and the Homeland Security Act of 2002.
Please complete this form and send it to your component Privacy Office. If you do not have a component
Privacy Office, please send the PTA to the DHS Privacy Office:
Rebecca J. Richards
Director of Privacy Compliance
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Tel: 703‐235‐0780
[email protected]
Upon receipt, the DHS Privacy Office will review this form. If a PIA is required, the DHS Privacy Office
will send you a copy of the Official Privacy Impact Assessment Guide and accompanying Template to
complete and return.
A copy of the Guide and Template is available on the DHS Privacy Office website, www.dhs.gov/privacy,
on DHSOnline and directly from the DHS Privacy Office via email: [email protected], phone: 703‐235‐0780.
�The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
703-235-0780, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version date: June 10th, 2009
Page 2 of 9
PRIVACY THRESHOLD ANALYSIS (PTA)
Please complete this form and send it to the DHS Privacy Office.
Upon receipt, the DHS Privacy Office will review this form
and may request additional information.
SUMMARY INFORMATION
DATE submitted for review: October 28, 2009
NAME of Project: IMAGE Information Request & Membership Application Form
Name of Component: Immigration and Customs Enforcement
Name of Project Manager: Kurt Fitz‐Randolph
Email for Project Manager: [email protected]
Phone number for Project Manager: 202‐732‐5868
TYPE of Project:
Information Technology and/or System ∗
A Notice of Proposed Rule Making or a Final Rule.
Other: Process workflow and management of information requests and application form
submissions leveraging DHS Network email and existing DHS systems.
∗
The E‐Government Act of 2002 defines these terms by reference to the definition sections of Titles 40 and
44 of the United States Code. The following is a summary of those definitions:
•“Information Technology” means any equipment or interconnected system or subsystem of
equipment, used in the automatic acquisition, storage, manipulation, management, movement,
control, display, switching, interchange, transmission, or reception of data or information. See 40
U.S.C. § 11101(6).
•“Information System” means a discrete set of information resources organized for the collection,
processing, maintenance, use, sharing, dissemination, or disposition of information. See: 44. U.S.C. §
3502(8).
Note, for purposes of this form, there is no distinction made between national security systems or
technologies/systems managed by contractors. All technologies/systems should be initially reviewed
for potential privacy impact.
�The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
703-235-0780, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version date: June 10th, 2009
Page 3 of 9
SPECIFIC QUESTIONS
1.
Describe the project and its purpose:
The ICE Mutual Agreement between Government and Employers (IMAGE) program is the
outreach and education component of the Office of Investigations (OI) worksite enforcement
(WSE) program. IMAGE is designed to build cooperative relationships with the private
sector to enhance compliance with the immigration laws and reduce the number of
unauthorized aliens within the American workforce. Under this program, ICE will partner
with businesses representing a broad cross‐section of industries. Businesses must adhere to a
series of best practices, enroll in E‐Verify, and complete an IMAGE Membership Application
form.
ICE has developed a developed an electronic Information Packet Request form to be
completed by businesses interested in requesting additional information about the IMAGE
program. This electronic form is available on ICEʹs public Internet website at
http://www.ice.gov/partners/opaimage/index.htm. The data requested includes generic
information such as the companyʹs name, industry, mailing address, email address, name of
the point of contact, and telephone number of the companyʹs point of contact. When a
business completes and submits the Information Packet Request form, ICE personnel receive
an email via the DHS Network with the information provided. Upon receipt of the request,
ICE will use the email provided to send the business additional information about the
IMAGE program. ICE also creates a Case Management Investigative Referral (CMIR) in the
Treasury Enforcement Communications Systems (TECS) using the general company
information provided and assigns it to the appropriate Special Agent in Charge (SAC) Field
Office for further follow‐up and outreach coordination.
For those businesses interested in participating in the IMAGE program, ICE has also
developed a Membership Application form for prospective businesses to complete, outlining
their corporate structure and current hiring practices. The application form will be available
via the ICE public Internet for downloading, and can be submitted to ICE via email or mailed
to the SAC Office. Examples of information requested in the application include providing
an organizational chart identifying the organizational make‐up of the business by position
title, description of internal controls on hiring and processes used in the event unauthorized
alien workers have been identified. Businesses are also asked how they administer the I‐9
forms (Employment Eligibility Verification Forms) and to identify employment and
immigration related topics of importance to them, such as the use of contract employees, the
availability of informational brochures, onsite training on the review of documentation
presented by foreign nationals in pursuit of gaining employment, and safeguards against
discrimination. ICE has included a statement on the Membership Application form explicitly
requesting the no information about individual employees be provided as part of the
application.
�The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
703-235-0780, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version date: June 10th, 2009
Page 4 of 9
If businesses indicate participation with other government employment verification
programs such as E‐Verify, they are requested to submit summary reports demonstrating
their participation along with their application. Examples include an E‐Verify Summary
Report or Social Security Number Verification Service Results Page, which provide
participating employers mechanisms for verifying the employment eligibility of their
employees. Businesses do not submit information relating to individual employees in the
application form.
Once a business has submitted a Membership Application form, ICE reviews the form and
makes a determination as to the suitability of the business to become an IMAGE program
participant. Reasons a company may not be suitable for participation in the IMAGE program
include but are not limited to an on‐going criminal investigation of the company or prior
violations of law (administrative and/or criminal) with no good‐faith effort to correct the
deficiencies. After ICE performs its evaluation and determines that a business is suitable to
become an IMAGE participant, ICE enters into a formal written agreement with the business,
pursuant to which the business is recognized as a participant, and receives cooperation and
assistance from ICE in the area of immigration work site enforcement. As part of the IMAGE
program, the participating businesses enroll in the E‐Verify program administered by U.S.
Citizenship and Immigration Services, to verify the status of new employees, but ICE does
not collect any information regarding any of the businessesʹ employees as part of the
application process. The only information collected will be the name of the companyʹs point
of contact (name, business telephone number, email address, and address) for IMAGE. ICE
also requests that participating businesses submit annual reports describing the results of
their businessesʹ partnering with ICE. These annual reports will not include personally
identifiable information (PII) relating to individual employees.
The Membership Application form will be maintained either in hard copy or electronically
consistent with the format in which it is received, and a duplicate file maintained by ICE HQ
for management purposes and to generate the IMAGE participant agreements. Annotations
will also be made in TECS reflecting any ICE Field Office communications with the business
as well as any Membership Application forms received. Additionally, any attachments
supplied by the company when submitting their Membership Application will be maintained
in the paper file and not uploaded in TECS.
2.
Status of Project:
This is a new development effort.
This is an existing project.
Date first developed:
Date last updated:
�The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
703-235-0780, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version date: June 10th, 2009
Page 5 of 9
3.
Could the project relate in any way to an individual? 1
No. Please skip ahead to the next question.
Yes. Please provide a general description, below.
The project will maintain points of contact (company name, individual point of contact name
name(s), company or job title, company email addresses, and company telephone number)
for each company that submits an Information Packet Request form or completes an IMAGE
Membership Application.
4.
Do you collect, process, or retain information on: (Please check all that apply)
DHS Employees
Contractors working on behalf of DHS
The Public
The System does not contain any such information.
5.
Do you use or collect Social Security Numbers (SSNs)? (This includes truncated SSNs)
No.
Yes. Why does the program collect SSNs? Provide the function of the SSN and the
legal authority to do so:
6.
What information about individuals could be collected, generated or retained?
The project will maintain points of contact (individualʹs name(s), company title, company
email addresses and company telephone number) for each company that completes an
IMAGE Information Packet Request or Membership Application form. Using the general
information provided by the business in the Information Packet Request, ICE generates a
CMIR in TECS and assigns it to the appropriate SAC Field Office for continued follow‐up
1
Projects can relate to individuals in a number of ways. For example, a project may include a camera for
the purpose of watching a physical location. Individuals may walk past the camera and images of those
individuals may be recorded. Projects could also relate to individuals in more subtle ways. For example, a
project that is focused on detecting radioactivity levels may be sensitive enough to detect whether an
individual received chemotherapy.
�The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
703-235-0780, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version date: June 10th, 2009
Page 6 of 9
and outreach coordination. The information provided in the Membership Application form
is used to develop training, employment policies, and other employment related materials to
assist the businesses in complying with immigration laws.
7.
If this project is a technology/system, does it relate solely to infrastructure? [For example, is
the system a Local Area Network (LAN) or Wide Area Network (WAN)]?
No. Please continue to the next question.
Yes. Is there a log kept of communication traffic?
No. Please continue to the next question.
Yes. What type of data is recorded in the log? (Please choose all that apply.)
Header
Payload Please describe the data that is logged.
8.
Can the system be accessed remotely?
No.
Yes. When remote access is allowed, is the access accomplished by a virtual private network
(VPN)?
No.
Yes.
9.
Is Personally Identifiable Information 2 physically transported outside of the LAN? (This can
include mobile devices, flash drives, laptops, etc.)
No.
Yes.
10.
2
Does the system connect, receive, or share Personally Identifiable Information with any other
DHS systems 3 ?
Personally Identifiable Information is information that can identify a person. This includes; name, address, phone
number, social security number, as well as health information or a physical description.
�The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
703-235-0780, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version date: June 10th, 2009
Page 7 of 9
No
Yes. Please list:
The business points of contact information (company name, individual point of contact name
name(s), company or job title, company email addresses, and company telephone number) will
be input into TECS in a CMIR for routing to the local ICE Field Office for follow‐up coordination
and outreach. No PII of individual employees is collected or shared with other DHS systems.
11.
Are there regular (ie. periodic, recurring, etc.) data extractions from the system?
No.
Yes. Are these extractions included as part of the Certification and Accreditation 4 ?
Yes.
No.
12.
Is there a Certification & Accreditation record within OCIO’s FISMA tracking system?
Unknown.
No.
Yes. Please indicate the determinations for each of the following:
Confidentiality:
Integrity:
Availability:
3
Low
Moderate
High
Undefined
Low
Moderate
High
Undefined
Low
Moderate
High
Undefined
PII may be shared, received, or connected to other DHS systems directly, automatically, or by manual processes.
Often, these systems are listed as “interconnected systems” in TAFISMA.
4
This could include the Standard Operation Procedures (SOP) or a Memorandum of Understanding (MOU)
�The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
703-235-0780, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version date: June 10th, 2009
Page 8 of 9
PRIVACY THRESHOLD REVIEW
(To be Completed by the DHS Privacy Office)
DATE reviewed by the DHS Privacy Office: January 8, 2010
NAME of the DHS Privacy Office Reviewer: Rebecca J. Richards
DESIGNATION
This is NOT a Privacy Sensitive System – the system contains no Personally Identifiable
Information.
This IS a Privacy Sensitive System
Category of System
IT System
National Security System
Legacy System
HR System
Rule
Other:
Determination
PTA sufficient at this time
Privacy compliance documentation determination in progress
PIA is not required at this time
A PIA is required
System covered by existing PIA: DHS Contact Lists
A new PIA is required.
A PIA Update is required.
A SORN is required
System covered by existing SORN: DHS/ALL‐002
A new SORN is required.
DHS PRIVACY OFFICE COMMENTS
�The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
703-235-0780, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version date: June 10th, 2009
Page 9 of 9
Please ensure that the IMAGE application has a valid OMB control number. System
name added to PIA appendix.
�
| File Type | application/pdf |
| File Title | DHS PRIVACY OFFICE |
| Author | pia |
| File Modified | 2010-05-26 |
| File Created | 2010-01-08 |