Download:
pdf |
pdfPrivacy Impact Assessment
for the
Ammonium Nitrate Security Program
DHS/NPPD/PIA-019
July 25, 2011
Contact Point
Todd Klessman
Infrastructure Security Compliance Division
National Protection and Programs Directorate
(703) 603-4614
Reviewing Official
Mary Ellen Callahan
Chief Privacy Officer
Department of Homeland Security
(703) 235-0780
�Privacy Impact Assessment
NPPD, Ammonium Nitrate Security Program
July 25, 2011
Page 1
Abstract
The Department of Homeland Security (DHS or the Department), National Protection
and Programs Directorate (NPPD), is publishing this Privacy Impact Assessment (PIA) to
provide a comprehensive analysis of the proposed Ammonium Nitrate Security Program. The
proposed Ammonium Nitrate Security Program seeks to prevent the misappropriation or use of
ammonium nitrate in an act of terrorism by regulating the sale and transfer of ammonium nitrate
by ammonium nitrate facilities (AN Facilities). This PIA provides transparency into how the
proposed Ammonium Nitrate Security Program will support the homeland security and
infrastructure protection missions of DHS/NPPD through the collection of personally identifiable
information (PII), and describes reasonable mitigation solutions proposed to be implemented to
address privacy and security risks. This PIA will be updated with any changes to the program
concurrently with the rulemaking process.
This PIA is made available concurrently with the Department’s publication in the Federal
Register of a Notice of Proposed Rulemaking for the Ammonium Nitrate Security Program, see
76 FR 46908 (August 3, 2011) at http://federalregister.gov/a/2011-19313.
Overview
Section 563 of the Homeland Security Appropriations Act of 2008 provides DHS/NPPD
with authority to regulate the purchase and sale of ammonium nitrate to prevent the
misappropriation or use of ammonium nitrate in an act of terrorism. Section 563 specifically
amends the Homeland Security Act of 2002 (6 U.S.C. § 361 et. seq.) by adding in a new Subtitle
J – Secure Handling of Ammonium Nitrate (Subtitle J).
Subtitle J prohibits the sale of ammonium nitrate to any individual who does not possess
a registration number (AN Registered User Number) issued by DHS, and requires the following:
•
Certain ammonium nitrate sellers (AN Sellers) and ammonium nitrate purchasers
(AN Purchasers) to apply for AN Registered User Numbers from DHS/NPPD in
order to sell, transfer, and/or purchase ammonium nitrate.
•
AN Sellers to verify each AN Purchaser’s identity and registration to purchase
ammonium nitrate pursuant to procedures established by DHS/NPPD.
•
AN Facilities and certain AN Sellers to maintain records pertaining to sales and
transfers of ammonium nitrate, and authorizes DHS to inspect and audit those
records.
•
AN Facilities and certain AN Sellers to report theft or loss of ammonium nitrate
to the federal government.
�Privacy Impact Assessment
NPPD, Ammonium Nitrate Security Program
July 25, 2011
Page 2
In order to support this program, DHS/NPPD will establish an AN Helpdesk to 1)
provide a DHS/NPPD point of contact for individuals seeking support related to the Ammonium
Nitrate Security Program, and 2) answer general questions about the Ammonium Nitrate
Security Program. The AN Helpdesk will collect information necessary to adequately respond to
each caller’s request (e.g., phone numbers/e-mail addresses used to respond to callers’ requests
for information or to call back in the event a call is disrupted). DHS/NPPD intends to use the
same phone number for the AN Helpdesk, the Purchaser Verification Call Center, and the
Ammonium Nitrate Security Program Tip-line (both described below). When contacting that
number, callers will be prompted to select which of the three they would like to access.
Below is a description of five major aspects of the program, based on the Notice of
Proposed Rulemaking being published in the Federal Register concomitant with this PIA.
I.
I.
Registration of AN Sellers and AN Purchasers;
II.
Point of Sale Verification Requirements;
III.
Recordkeeping and Inspection/Audit Requirements;
IV.
Reporting Requirements; and
V.
Adjudication or Appeal of an Order Assessing Civil Penalty.
Registration of AN Sellers and AN Purchasers
Individuals wishing to purchase or sell ammonium nitrate would be required, under the
Department’s proposed program, to apply for AN Registered User Numbers, either as AN
Purchasers or AN Sellers. Individuals would apply for AN Registered User Numbers through a
web-based portal (the AN User Registration Portal). Individuals that apply for AN Registered
User Numbers would be vetted against the Terrorist Screening Database (TSDB) prior to
issuance of AN Registered User Numbers to those individuals. For more information on the
TSDB, see DOJ/FBI – 019 Terrorist Screening Records System, 72 FR 47073 (August 22, 2007).
Based upon the results of the vetting, and based on completeness and accuracy of the application
information submitted through the AN User Registration Portal, DHS/NPPD would approve or
deny each application. DHS/NPPD expects to complete processing of each application, and
expects to respond to each applicant, within 72 hours of application submission.
A. Information Collected in Support of Providing an AN Registered User Number
Each applicant must submit the following information:
•
Full name;
•
Home or work address(es);
•
Personal or work e-mail address(es);
�Privacy Impact Assessment
NPPD, Ammonium Nitrate Security Program
July 25, 2011
Page 3
•
Personal or work telephone number(s);
•
Photo identification information (e.g., type of photo identification document,
issuing entity, unique document number) to support the identity verification
process.
•
Whether the individual is applying as AN Seller or AN Purchaser or both;
•
Affiliation with any AN Facilities (if applicant registers as an AN Seller); and
•
Each applicant who is a U.S. Citizen or Lawful Permanent Resident (LPR) must
also submit the following information:
o Aliases (if applicable);
o Date of birth;
o Place of birth;
o Gender;
o Citizenship; and
o DHS Redress Number (if applicable).
•
In addition to all of the above, each applicant who is a non-U.S. person must
also submit the following information:
o Passport information, to include country of issuance, date of expiration,
and passport number; and
o Alien registration number, if available, and/or visa number.
Upon receipt of an application for an AN Registered User Number, DHS/NPPD will
electronically submit the information necessary for TSDB vetting to the DHS Transportation
Security Administration (TSA). TSA’s Office of Transportation Threat Assessment and
Credentialing (TTAC), which conducts vetting of information against the TSDB for several DHS
programs, will conduct TSDB vetting as part of the Ammonium Nitrate Security Program.
TTAC will compare the information pertaining to applicants to information listed in the
TSDB. TTAC will determine whether each individual's information: 1) does not match a TSDB
record; or 2) is a potential match to a TSDB record. Each potential match to the TSDB will then
be manually vetted to determine whether a match has occurred.
TTAC will forward results of all positive matches to the Federal Bureau of
Investigation’s Terrorist Screening Center (TSC), which will make final match determinations
and coordinate any necessary law enforcement response. TTAC will also notify DHS/NPPD of
any positive match.
�Privacy Impact Assessment
NPPD, Ammonium Nitrate Security Program
July 25, 2011
Page 4
As part of this process, TTAC or the TSC may request that DHS/NPPD obtain additional
information about individual applicants in order to clarify data errors or to resolve potential
matches (e.g., in situations where an applicant has a common name). Such requests will not
imply, and should not be construed to indicate, that the applicant has been confirmed as a match
to an identity listed in the TSDB.
Based upon the completeness and accuracy of a registration application, and based on
review of TSDB vetting results and national security interests (if applicable), the Department
will issue or deny an AN Registered User Number to the applicant.
B. Comparability with Other DHS Vetting Programs
In lieu of conducting new TSDB vetting of an applicant, DHS/NPPD may collect
information to verify that the applicant is currently enrolled in a DHS program that also requires
a TSDB check equivalent to the TSDB vetting performed as part of the Ammonium Nitrate
Security Program. Those DHS programs could include:
1) The Transportation Worker Identification Credential program (TWIC);
2) The Hazardous Material Endorsement program (HME); 1
3) The Trusted Traveler programs, 2 including:
a) The NEXUS program;
b) The Free and Secure Trade program (FAST); and
c) The Secure Electronic Network for Travelers Rapid Inspection program
(SENTRI).
To verify an affected individual’s enrollment, DHS/NPPD may collect the following PII
on the affected individual:
1
•
Full Name;
•
Date of Birth;
•
Place of Birth (optional);
•
Gender;
•
Citizenship; and
The TWIC and HME Programs are covered under the Transportation Security Threat Assessment System System
of Records Notice. See DHS/TSA-002–Transportation Security Threat Assessment System, 75 FR 28046 (May 19,
2010).
2
The Trusted Traveler programs are covered under the Global Enrollment System System of Records Notice. See
DHS/CBP-002 – Global Enrollment System (GES), 71 FR 20708 (April 21, 2006).
�Privacy Impact Assessment
NPPD, Ammonium Nitrate Security Program
July 25, 2011
Page 5
•
Program-specific information or credential information, such as unique number, or
issuing entity (e.g., State for Commercial Driver’s License with an HME).
The table below outlines the information that would be required, and the information that
would be optional, to verify enrollment in other DHS programs. This information would be used
to verify enrollment in lieu of using the information listed above, which is required for
individuals who are not presently enrolled in one these programs, in order to conduct new TSDB
vetting.
TABLE 1: Data Used To Verify Enrollment In Other DHS Programs In Lieu Of
Performing New TSDB Vetting As Part Of Ammonium Nitrate Security Program Registration.
TWIC
HME
NEXUS
SENTRI
FAST
Required
Required
Required
Required
Required
Required
Required
Required
Required
Required
Optional
Optional
Optional
Optional
Optional
Gender
Required
Required
Required
Required
Required
Citizenship
Required
Required
Required
Required
Required
Name
Date of
Birth
Place of
Birth
- TWIC
Unique
Credential Serial
Information Number:
Required
- Expiration
Date:
Required
- Commercial
Drivers License
(CDL) Issuing
State(s):
Required
- CDL Number:
Required
- PASS
Number:
Required
- PASS
Number:
Required
- PASS
Number:
Required
- Expiration
Date:
Required
Expiration
Date:
Required
- Expiration
Date:
Required
- Expiration
Date: Required
Leveraging a previous equivalent TSDB background check will limit the number of
instances in which different DHS programs are required to vet the same affected individual
against the TSDB.
�Privacy Impact Assessment
NPPD, Ammonium Nitrate Security Program
July 25, 2011
Page 6
Applicants whose enrollments cannot be verified will be provided the opportunity to
update their information or provide information necessary to compare their information against
the TSDB.
C. Designation of Agents by AN Purchasers
The Ammonium Nitrate Security Program allows each AN Purchaser to designate
individuals as his/her agents. Any person who obtains possession of ammonium nitrate on behalf
of an AN Purchaser is an agent (AN Agent). AN Purchasers may choose to provide the names of
designated agents to DHS/NPPD while applying for AN Registered User Numbers. After
registration, an AN Purchaser may subsequently add the names of newly designated agents to the
list provided to DHS/NPPD, or may remove the names of former agents from the list provided to
DHS/NPPD, through a web-based portal. DHS will not vet agents’ information against the
TSDB. 3
D. Appeals for Denial or Revocation of AN Registered User Numbers
If DHS/NPPD denies an individual’s application for an AN Registered User Number or
revokes an individual’s AN Registered User Number, DHS/NPPD will provide the individual an
opportunity to appeal. DHS/NPPD will provide notification of the denial or revocation to the
individual in writing, along with instructions on the process for appealing DHS’s decision.
When an individual appeals denial or revocation, DHS/NPPD will collect PII necessary to
process the appeal.
E. Redress
Applicants for AN Registered User Numbers, and individuals who have been issued AN
Registered User Numbers, will be able to update and/or correct inaccurate or erroneous
information they have submitted to DHS/NPPD by accessing a web-based portal.
Individuals that believe that they have been negatively impacted by the Ammonium
Nitrate Security Program may seek redress from the Department. The Department may collect
information necessary to process each request for redress. Please see Section 7 of this PIA for
additional information on this process.
II.
Point of Sale Verification Requirements
Prior to each sale or transfer of ammonium nitrate, DHS/NPPD must A) verify that the
AN Seller has a valid AN Registered User Number, and B) verify that the AN Purchaser has a
valid AN Registered User Number.
3
Subtitle J limits Ammonium Nitrate Security Program registration and vetting requirements to AN Purchasers and
AN Sellers, and does not extend registration and vetting requirements to the agents of AN Purchasers. See 6 U.S.C.
§ 488a(d) and 6 U.S.C. § 488a(e).
�Privacy Impact Assessment
NPPD, Ammonium Nitrate Security Program
July 25, 2011
Page 7
A. AN Seller Verification Requirements
DHS/NPPD will verify an AN Seller’s AN Registered User Number when the AN Seller
provides his/her name and AN Registered User Number, along with information identifying the
AN Facility at which the sale or transfer of ammonium nitrate is taking place, to DHS/NPPD.
DHS/NPPD will provide the AN Seller with a confirmation that his/her AN Registered User
Number is valid, and that it is appropriately linked to the AN Facility at which the sale or
transfer of ammonium nitrate is taking place.
This verification will be completed electronically through a web portal designed by the
Department (the “Purchaser Verification Portal”) or telephonically through a call center
maintained by the Department (the “Purchaser Verification Call Center” 4). The AN Seller’s AN
Registered User Number must be verified by DHS/NPPD before the AN Seller can further access
the Purchaser Verification Portal or Purchaser Verification Call Center to conduct AN Purchaser
verification requirements.
B. AN Purchaser Verification Requirements
Once the Department has verified that the AN Seller has an AN Registered User Number,
the AN Seller may sell or transfer ammonium nitrate only after the following:
1) Verification of an AN Purchaser’s AN Registered User Number
Verification of an AN Purchaser’s AN Registered User Number requires the AN
Purchaser to provide his/her name and AN Registered User Number to the AN Seller. The AN
Seller will submit this information to DHS/NPPD through either the Purchaser Verification
Portal or the Purchaser Verification Call Center. DHS/NPPD will verify that the individual
listed matches the AN Registered User Number. DHS/NPPD will provide the AN Seller with a
confirmation that the AN Registered User Number is valid. If DHS/NPPD is unable to verify the
AN Purchaser’s AN Registered User Number, the AN Seller may not sell or transfer the
ammonium nitrate.
2) Verification of an AN Purchaser’s Identity
a) When the AN Purchaser Opts Not to Use an Agent
If an AN Purchaser chooses not to use an agent, the AN Seller is required to
visually inspect the AN Purchaser’s photo identification for obvious fraud and
compare the identity presented in the photo identification against its bearer. No
information is provided to DHS/NPPD in order to verify an AN Purchaser’s identity
when an AN Purchaser opts not to use an agent. If the AN Seller is unable to verify
4
The Purchaser Verification Call Center is a specific function that will be housed within the AN Helpdesk
(discussed further in this PIA).
�Privacy Impact Assessment
NPPD, Ammonium Nitrate Security Program
July 25, 2011
Page 8
the AN Purchaser’s identity, the AN Seller may not sell or transfer the ammonium
nitrate.
b) When the AN Purchaser Opts to Use an Agent
When the AN Purchaser opts to use an agent, the AN Seller must complete three
verifications. These three verifications can be completed in any order, although all
three must be completed prior to transfer of ammonium nitrate to an agent.
Verification 1. Under the Department’s proposed Ammonium Nitrate Security
Program, the AN Seller will be required to verify the prospective AN Purchaser’s
identity with DHS/NPPD when the prospective AN Purchaser chooses to use an agent
to take possession of ammonium nitrate. For the purpose of this program, an AN
Purchaser’s identity is verified in this situation by comparing the information
contained in the Department’s registration database against the information provided
by the AN Purchaser. Specifically, before completing a sale or transfer of ammonium
nitrate the AN Seller would have to provide certain prospective AN Purchaser
information (e.g., name, photo identification document information, AN Registered
User Number) to DHS/NPPD either electronically through the Purchaser Verification
Portal or telephonically through the Purchaser Verification Call Center. The
Department proposes to compare this information, which a prospective AN Purchaser
would be required to provide to an AN Seller for submission to the Department, to
information contained in the Department’s AN Registered User Database. If
DHS/NPPD is unable to verify the AN Purchaser’s identity by comparing this
information to the information already contained in the Department’s database, the
AN Seller may not sell or transfer the ammonium nitrate. This approach would
enable use of an agent when it is not possible to verify the identity of the AN
Purchaser in person (i.e., by conducting a visual inspection of the photo identification
of the AN Purchaser and comparing the photo identification with the AN Purchaser
physically present). The Department seeks comments on this approach, including
comments addressing whether AN Purchasers would be likely to provide identity
verification information to AN Sellers themselves (e.g., by providing this information
to AN Sellers over the telephone), or whether AN Purchasers would be likely to ask
their agents to provide this information to AN Sellers in person. DHS also seeks
comments on the advisability, costs, and benefits of enabling agents to provide AN
Purchasers’ identity verification information directly to AN Sellers, and seeks
comments on possible alternative methods that could be employed to verify AN
Purchasers’ identities in sales or transfers involving AN Agents. For instructions on
how to submit comments to DHS on these issues, see 76 FR 46908 (August 3, 2011)
at http://federalregister.gov/a/2011-19313.
Verification 2. The AN Seller must verify that the agent is authorized to obtain
ammonium nitrate on behalf of the AN Purchaser. To verify that an agent is
authorized to obtain ammonium nitrate on behalf of the AN Purchaser, an AN Seller
may either 1) submit the agent’s name to DHS/NPPD concurrently with submission
�Privacy Impact Assessment
NPPD, Ammonium Nitrate Security Program
July 25, 2011
Page 9
of the AN Purchaser’s AN Registered User Number, or 2) contact the AN Purchaser
directly. Under option 1, DHS/NPPD will verify that the agent is authorized to obtain
ammonium nitrate on behalf of the AN Purchaser if the AN Purchaser has previously
listed the agent’s name with DHS/NPPD. Under option 2, the AN Seller must contact
the AN Purchaser in order to verify that agent is indeed authorized to obtain
ammonium nitrate in his behalf. Verifications under option 2 must be conducted
orally – e.g., over the telephone. If the AN Seller is unable to verify that the agent is
authorized to obtain ammonium nitrate on behalf of an AN Purchaser, the AN Seller
may not sell or transfer the ammonium nitrate.
Verification 3. The AN Seller must verify the agent’s identity. To verify the
agent’s identity, an AN Seller must visually inspect the agent’s photo identification
for obvious fraud and compare the identity presented in the identity document against
its bearer. No PII is provided to DHS/NPPD when verifying an agent’s identity. If
the AN Seller is unable to verify the agent’s identity, the AN Seller may not sell or
transfer the ammonium nitrate.
III.
Recordkeeping and Inspection/Audit Requirements
A. Facility Recordkeeping Requirements
DHS/NPPD will require each AN Facility to maintain records pertaining to each sale or
transfer of ammonium nitrate. The AN Facility must log the sale of the ammonium nitrate either
in paper or electronic form with the following information:
•
Date of sale or transfer;
•
Form and amount of payment, if any;
•
Quantity of ammonium nitrate sold or transferred;
•
Type of packaging of the ammonium nitrate sold or transferred;
•
Location where the AN Purchaser, or if applicable agent, will take possession of
the ammonium nitrate sold or transferred;
•
Name, home or work address, personal or work telephone number, AN Registered
User Number, photo identification document type, photo identification document
issuing entity, and photo identification document number of the AN Purchaser
purchasing or taking possession of the ammonium nitrate sold or transferred;
•
If an agent takes possession of ammonium nitrate, name, home or work address,
personal or work telephone number, photo identification document type, photo
identification document issuing entity, and photo identification document number
of the agent taking possession of the ammonium nitrate sold or transferred;
�Privacy Impact Assessment
NPPD, Ammonium Nitrate Security Program
July 25, 2011
Page 10
•
If an agent takes possession of ammonium nitrate, a record of the date and means
by which confirmation of that agent’s authority to act as an agent of a particular
AN Purchaser was received; and
•
Confirmation numbers or confirmation records, if any, received from DHS/NPPD
as part of the verification processes required for each sale or transfer of
ammonium nitrate.
Each AN Facility will be required to take reasonable actions to ensure that the AN Facility
secures these records from damage, theft, and loss.
B. DHS/NPPD Ammonium Nitrate Electronic Recordkeeping Database
DHS/NPPD will make an electronic recordkeeping database available to AN Facilities
which will provide the ability for those facilities to maintain records of ammonium nitrate sales
and transfers as required by the regulation. While AN Facilities must maintain records of all
sales and transfers of ammonium nitrate, use of the electronic recordkeeping database is
voluntary. If an AN Facility elects to use the electronic recordkeeping database, the database
will, at a minimum, maintain that information required by the regulation as to each sale or
transfer of ammonium nitrate. In the electronic recordkeeping database, an AN Facility may also
indicate why a particular verification did not result in the sale or transfer of ammonium nitrate
(e.g., if an AN Seller could not verify an AN Purchaser’s AN Registered User Number, or if an
AN Seller could not verify an AN Purchaser’s identity).
DHS/NPPD proposes that all AN Sellers associated with a particular AN Facility will
have access to the information entered into the electronic recordkeeping database for that facility.
DHS/NPPD is considering using the electronic database to enable remote records
inspections and audits under the Ammonium Nitrate Security Program. (See the “Inspections
and Audits” section of this document, below, for discussion of the records inspections and audits
proposed to be carried out under the Ammonium Nitrate Security Program.) DHS/NPPD is also
considering collecting and analyzing data entered into the electronic database in order to identify
suspicious activities and suspicious trends in ammonium nitrate transactions. DHS/NPPD
intends to share information about suspicious activities and suspicious trends with federal, state,
and local law enforcement, and with other governmental entities, as appropriate in order to
prevent the misappropriation or use of ammonium nitrate in acts of terrorism.
In the NPRM proposing the Ammonium Nitrate Security Program, the Department seeks
comments on this proposed electronic recordkeeping database. For instructions on how to
submit comments to DHS on the proposed electronic recordkeeping database, see 76 FR 46908
(August 3, 2011) at http://federalregister.gov/a/2011-19313.
C. Inspections and Audits
�Privacy Impact Assessment
NPPD, Ammonium Nitrate Security Program
July 25, 2011
Page 11
Pursuant to 6 U.S.C. § 488b, DHS/NPPD is authorized to enter AN Facilities, or other
locations where records are stored, to inspect and audit the records required to be maintained
under the Ammonium Nitrate Security Program. DHS/NPPD may also inspect and audit records
that pertain to misappropriation or preventing misappropriation of ammonium nitrate, and
inspect and audit records required to be maintained pursuant to Subtitle J. These records may
contain PII. During an inspection or audit, the Department may copy such records. In some
cases, DHS/NPPD may also take original copies of pertinent records out of the subject AN
Facilities for duplication and prompt return. DHS/NPPD may also perform remote inspections
or audits, and require AN Facilities to make records available to the Department by facsimile,
mail, or e-mail.
IV.
Reporting Requirements
A. Ammonium Nitrate Tip-line
The Ammonium Nitrate Security Program will also maintain a Tip-line, which members
of the public may voluntarily use to provide DHS/NPPD information regarding regulatory
violations, suspicious ammonium nitrate sales or transfers, and other matters. Callers accessing
the Tip-line will be able to listen to a recorded message, and then will be able to leave messages
for DHS/NPPD. Callers will be informed that they may leave messages anonymously, but if
they would like return calls, to leave their contact information. In the event that a caller chooses
not to leave an anonymous message about regulatory violations or suspicious ammonium nitrate
sales or transfers, the PII left by the caller would be collected. Tip-line messages will be
reviewed by DHS/NPPD and responded to as appropriate.
B. Reporting Theft and Loss
DHS/NPPD is proposing to leverage the existing infrastructure established by the
Department of Justice’s Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATF) to require
reporting of ammonium nitrate theft and loss under the Ammonium Nitrate Security Program.
Individuals required to report the theft or loss of ammonium nitrate will contact ATF directly.
The PII collected will be similar to the PII collected by ATF as part of other explosives theft/loss
reporting efforts, 5 with the addition of identifying information associated with the Ammonium
Nitrate Security Program (e.g., AN Registered User Numbers).
Interagency discussions between DHS and ATF regarding potential theft and loss
reporting are ongoing. Additional information on theft and loss reporting requirements will be
published in the final rule implementing the Ammonium Nitrate Security Program. DHS will
work with ATF to ensure that appropriate privacy requirements are met by the theft and loss
5
See, e.g., ATF Form 5400.5 (http://www.atf.gov/forms/download/atf-f-5400-5.pdf).
�Privacy Impact Assessment
NPPD, Ammonium Nitrate Security Program
July 25, 2011
Page 12
reporting mechanisms published in the final rule implementing the Ammonium Nitrate Security
Program.
V. Adjudication or Appeal of an Order Assessing Civil Penalty
DHS/NPPD is authorized to assess civil penalties against persons or entities violating the
rules promulgated as part of the Ammonium Nitrate Security Program. Subject persons or
entities shall have the option of initiating adjudicatory proceedings to challenge the propriety of
DHS/NPPD’s civil penalty determinations. Such a person or entity must initiate adjudicatory
proceedings by filing a Notice for Application for Review specifying that such person or entity
requests a hearing and adjudication. The individual or entity must also submit all appropriate
legal memoranda, declarations, affidavits, other documents and other evidence supporting the
position asserted by the person or entity requesting a hearing and adjudication.
A person or entity, individually or through counsel, may offer relevant and material
information including written direct testimony which that person or entity believes should be
considered in opposition to the Order Assessing Civil Penalty at issue. DHS may collect PII or
other information necessary to process, conduct, respond to, or participate in an adjudication
contesting an Order Assessing Civil Penalty.
Additionally, a person or entity may appeal adverse adjudication decisions issued by
DHS. The appellant must file a Notice of Appeal and Brief with the DHS Office of the General
Counsel. DHS will collect PII necessary to process each appeal.
Section 1.0 Authorities and Other Requirements
1.1
What specific legal authorities and/or agreements permit and
define the collection of information by the project in question?
Section 563 of the Homeland Security Appropriations Act of 2008 provides DHS with
authority to regulate the purchase, sale, and transfer of ammonium nitrate to prevent the
misappropriation or use of ammonium nitrate in an act of terrorism. See P.L. 110-161, Division
E (2007). Section 563 specifically amends the Homeland Security Act of 2002 (6 U.S.C. 361 et
seq.) by adding in a new Subtitle J – Secure Handling of Ammonium Nitrate.
This PIA is published concurrently with the publication of the Ammonium Nitrate
Security Program Notice of Proposed Rulemaking, proposing to add Part 31 to Title 6 of the
Code of Federal Regulations. The Ammonium Nitrate Security Program Notice of Proposed
Rulemaking provides further definition of the required collection of information related to the
sale or transfer of ammonium nitrate.
�Privacy Impact Assessment
NPPD, Ammonium Nitrate Security Program
July 25, 2011
Page 13
1.2
What Privacy Act System of Records Notice(s) (SORN(s)) apply
to the information?
A program-specific SORN(s) and a rulemaking(s) to exempt portions of the SORN(s)
from certain provisions of the Privacy Act will be published prior to implementation of the
program.
1.3
Has a system security plan been completed for the information
system(s) supporting the project?
The information system that will support the Ammonium Nitrate Security Program does
not have a completed system security plan. Prior to implementation of the Ammonium Nitrate
Security Program, all information systems will be Certified & Accredited by DHS/NPPD’s Chief
Information Officer.
1.4
Does a records retention schedule approved by the National
Archives and Records Administration (NARA) exist?
A proposed schedule for the retention and disposal of records collected under the
Ammonium Nitrate Security Program is being developed with DHS/NPPD Records Management
for approval by NARA after a Final Rule implementing the Ammonium Nitrate Security
Program has been published.
1.5
If the information is covered by the Paperwork Reduction Act
(PRA), provide the OMB Control number and the agency number
for the collection. If there are multiple forms, include a list in an
appendix.
An information collection request was submitted to the Office of Management and
Budget concurrent with the Ammonium Nitrate Security Program Notice of Proposed
Rulemaking.
Section 2.0 Characterization of the Information
The following questions are intended to define the scope of the information requested and/or
collected, as well as reasons for its collection.
2.1
Identify the information the project collects, uses, disseminates, or
maintains.
Helpdesk
DHS/NPPD may collect information to support the AN Helpdesk’s ability to: 1) operate
the Purchaser Verification Call Center to perform verifications required under the Ammonium
�Privacy Impact Assessment
NPPD, Ammonium Nitrate Security Program
July 25, 2011
Page 14
Nitrate Security Program; 2) provide a DHS/NPPD point of contact for individuals seeking
support related to the Ammonium Nitrate Security Program; 3) maintain a Tip-line, and; 4)
answer general questions.
I. Registration of AN Sellers and AN Purchasers:
a) DHS/NPPD will collect the following information in support of the registration of AN
Sellers and AN Purchasers:
Each applicant must submit the following information:
•
Full name;
•
Home or work address(es);
•
Personal or work e-mail address(es);
•
Personal or work telephone number(s);
•
Photo identification information (e.g., type of photo identification document,
issuing entity, unique document number) to support the identity verification
process.
•
Whether the individual is applying as AN Seller or AN Purchaser or both;
•
Affiliation with any AN Facilities (if applicant registers as an AN Seller); and
• Each applicant who is a U.S. Citizen or Lawful Permanent Resident (LPR) must
also submit the following information:
o Aliases (if applicable);
o Date of birth;
o Place of birth;
o Gender;
o Citizenship; and
o DHS Redress Number (if applicable);
•
In addition to all of the above, each applicant who is a non-U.S. person must also
submit the following information:
o Passport information, to include country of issuance, date of expiration,
and passport number; and
o Alien registration number, if available, and/or visa number.
�Privacy Impact Assessment
NPPD, Ammonium Nitrate Security Program
July 25, 2011
Page 15
b) In lieu of conducting new TSDB vetting of an applicant, DHS/NPPD may collect
information to verify that the applicant is currently enrolled in another DHS program that also
requires a TSDB check equivalent to the TSDB vetting performed as part of the Ammonium
Nitrate Security Program.
c) Information may be collected to clarify data errors or to resolve potential matches
(e.g., in situations where an applicant has a common name). Such requests will not imply, and
should not be construed to indicate, that the applicant has been confirmed as a match to an
identity listed in the TSDB.
d) DHS/NPPD may collect information from other sources (including, but not limited to,
law enforcement sources, and the TSDB) in the event that a match to the TSDB is identified as
part of the Ammonium Nitrate Security Program.
e) DHS/NPPD may collect information to support appeals for denial or revocation of AN
Registered User Numbers. The information collected will be that information necessary for
DHS/NPPD to process each appeal.
f) DHS/NPPD may collect information from applicants for AN Registered User
Numbers, from AN Sellers, from AN Purchasers, and AN Agents to enable DHS/NPPD to
provide redress for individuals who believe they have been improperly impacted by the
Ammonium Nitrate Security Program.
II. Point of Sale Verification Requirements
DHS/NPPD may collect information about AN Sellers, AN Purchasers, and AN Agents
in order to conduct the necessary verifications related to the sale and transfer of ammonium
nitrate each time AN Sellers and AN Purchasers or AN Agents are involved in sales or transfers
of ammonium nitrate.
DHS/NPPD may also collect from each AN Purchaser (and from each applicant applying
as an AN Purchaser) the full names of his/her agents.
III. Recordkeeping and Inspection/Audit Requirements
DHS/NPPD may also collect facility records and recordkeeping information as part of the
requirement that facilities keep certain records under the Ammonium Nitrate Security Program,
and as part of the requirement that DHS inspect and audit facility records.
The electronic recordkeeping database will collect both personally identifiable and nonpersonally identifiable information related to the sale or transfer of ammonium nitrate.
Specifically, for each transaction entered into the system, DHS/NPPD will collect the following
PII: name, home or work address, personal or work telephone number, AN Registered User
Number, and photo identification document type, photo identification document issuing entity,
�Privacy Impact Assessment
NPPD, Ammonium Nitrate Security Program
July 25, 2011
Page 16
and photo identification document number of the AN Purchaser purchasing or taking possession
of the ammonium nitrate sold or transferred.
If an agent takes possession of ammonium nitrate, the instrument will also collect the
name, home or work address, personal or work telephone number, photo identification document
type, photo identification document issuing entity, and photo identification document number of
the agent taking possession of the ammonium nitrate sold or transferred.
In the NPRM proposing the Ammonium Nitrate Security Program the Department seeks
comments on this proposed electronic recordkeeping database. For instructions on how to
submit comments to DHS on the proposed electronic recordkeeping database, see 76 FR 46908
(August 3, 2011) at http://federalregister.gov/a/2011-19313.
IV. Reporting Requirements
ATF may collect information as part of the reporting of theft or loss of ammonium
nitrate. The information collected will be similar to the information required by ATF as part of
other explosives theft/loss reporting regulations (see, e.g., 27 CFR 555.30), with the addition of
identifying information associated with the Ammonium Nitrate Security Program (e.g., AN
Registered User Numbers).
V. Adjudication or Appeal of an Order Assessing Civil Penalty
DHS/NPPD may collect information to support adjudication or appeals of Orders
Assessing Civil Penalties. The information collected will be that information necessary for DHS
to process each adjudication or appeal.
2.2
What are the sources of the information and how is the
information collected for the project?
Helpdesk
Information will be collected directly from the individual who contacts the Helpdesk will
be collected via phone. Additional information collection may be conducted via e-mail, fax or
web-portal.
I. Registration of AN Sellers and AN Purchasers
Information will be collected directly from individuals when they to register (through a
web-based portal) for AN Seller and AN Purchaser AN Registered User Numbers through a
web-based portal.
Additional information may also be collected in order to verify an applicant’s enrollment
in another DHS program in lieu of performing new TSDB vetting as part of Ammonium Nitrate
Security Program registration.
�Privacy Impact Assessment
NPPD, Ammonium Nitrate Security Program
July 25, 2011
Page 17
Information may also be collected from other sources (including, but not limited to, law
enforcement sources, and the TSDB) when a match to the TSDB is identified as part of the
Ammonium Nitrate Security Program.
Information will be collected directly from individuals related to redress or to appeals of
the denial or revocation of AN Registered User Numbers via mail, email, phone, or fax.
II. Point of Sale Verification Requirements
Information will be collected from the AN Seller or the AN Agent for Point of Sale
Verification requirements.
Information collected from AN Sellers to conduct verifications prior to sale or transfer of
ammonium nitrate will be collected either through a web-based portal or through the Purchaser
Verification Call Center.
III. Recordkeeping and Inspection/Audit Requirements;
Information will be collected from AN Sellers via the electronic recordkeeping database,
and via inspection or audit.
Information is collected from AN Sellers or other AN Facility personnel who enter
information into the electronic recordkeeping database. Information is also collected when
DHS/NPPD inspects or audits an AN Facility’s records.
AN Facility records and recordkeeping information may be collected by DHS/NPPD
inspectors, transcribed from AN Facility records, or collected via e-mail, facsimile, telephone, or
web-based portal.
IV. Reporting Requirements
Information collected from individuals who contact the Tip-line will be collected via
phone. Additional information collection may be conducted via e-mail, fax or web-portal.
Information may be collected from individuals who report theft or loss of ammonium
nitrate. This information may be collected by ATF via mail, e-mail, facsimile, or telephone.
V. Adjudication or Appeal of an Order Assessing Civil Penalty
Information may be collected directly from individuals related to adjudications or appeals
of Orders Assessing Civil Penalties. This information may be collected via mail, email, phone,
or fax.
�Privacy Impact Assessment
NPPD, Ammonium Nitrate Security Program
July 25, 2011
Page 18
2.3
Does the project use information from commercial sources or
publicly available data? If so, explain why and how this
information is used.
DHS/NPPD may rely on commercial or publically available data to detect business
situations outside the course of normal business operations, such as bankruptcy, which may
affect AN Facilities. This commercial or publically available data may contain some PII about
officers of a company or corporation.
2.4
Discuss how accuracy of the data is ensured.
Information collected directly from an individual will be assumed to be accurate.
Information collected from AN Sellers as part of verifications related to the sale and
transfer of ammonium nitrate, or as part of recordkeeping activities, will also be assumed to be
accurate. This information will be inspected and audited as required by statute.
2.5
Privacy Impact Analysis: Related to Characterization of the
Information
Privacy Risk: Collecting inaccurate or false information is a privacy risk which could
result in a determination which harms an applicant’s ability to receive an AN Registered User
Number. Collecting and maintaining more information than is necessary is another privacy risk.
Finally, vetting of an applicant’s information against the TSDB presents the privacy risk that a
check against the TSDB could produce information which could inappropriately result in a
determination which harms an applicant’s ability to receive an AN Registered User Number, buy
or transfer ammonium nitrate, or conduct other activities related to the Ammonium Nitrate
Security Program.
Mitigation: To reduce this risk the Department will: 1) display to each AN Registered
User Number applicant in the AN User Registration Portal his/her application prior to
submission; 2) require the applicant to review the displayed application; and 3) require the
applicant to affirm that the information contained therein is true and correct.
To reduce the risk of collecting more information than necessary, the Department has,
where possible, limited the information being collected to that information explicitly listed in
Subtitle J and to that information necessary to conduct the activities required by the statute.
To reduce the risk of harm to applicants who may be incorrectly identified as posing
threats to national security and subsequently denied AN Registered User Numbers, the
Ammonium Nitrate Security Program will collect sufficient PII to conduct vetting against the
TSDB such that that TSDB vetting is accurate, and such that the Department has a high degree of
confidence in the results of that TSDB vetting. Additional PII may be collected in instances
�Privacy Impact Assessment
NPPD, Ammonium Nitrate Security Program
July 25, 2011
Page 19
where additional PII is needed to best distinguish an applicant from other individuals who have
similar names and/or biographic details.
Section 3.0 Uses of the Information
The following questions require a clear description of the project’s use of information.
3.1
Describe how and why the project uses the information.
Helpdesk
DHS/NPPD may collect information to support the AN Helpdesk’s ability to: 1) operate
the Purchaser Verification Call Center to perform verifications required under the Ammonium
Nitrate Security Program; 2) provide a DHS/NPPD point of contact for individuals seeking
support related to the Ammonium Nitrate Security Program; 3) maintain a Tip-line, and; 4)
answer general questions.
I. Registration of AN Sellers and AN Purchasers
DHS/NPPD will use PII collected to issue AN Registered User Numbers and to identify
individuals with terrorist ties by comparing PII against information maintained in the TSDB.
The PII collected by DHS/NPPD may be used to facilitate operational, law enforcement, or
intelligence responses, if appropriate, when vetted individuals’ identities match identities
contained in the TSDB.
DHS/NPPD may use information collected to verify that an individual is currently
enrolled in a DHS program which relies on a TSDB check equivalent to the TSDB vetting
performed as part of the Ammonium Nitrate Security Program.
DHS/NPPD may collect information on individuals as necessary to enable it to provide
redress for individuals who believe that they have been improperly impacted by the Ammonium
Nitrate Security Program.
DHS/NPPD may collect information to conduct appeals for denial or revocation of AN
Registered User Numbers.
II. Point of Sale Verification Requirements
DHS/NPPD will use information collected to conduct the necessary registration, identity,
and agency verifications required for the sale or transfer of ammonium nitrate.
III. Reporting Requirements
ATF may receive, and ATF, DHS, or other government entities may follow up on reports
of theft or loss of ammonium nitrate.
�Privacy Impact Assessment
NPPD, Ammonium Nitrate Security Program
July 25, 2011
Page 20
IV. Recordkeeping and Inspection/Audit Requirements
DHS/NPPD may use the PII collected to ensure that AN Facilities and certain AN Sellers
are in compliance with the Ammonium Nitrate Security Program’s recordkeeping requirements.
Compliance assurance activities may involve the use of PII to conduct inspections or audits as
required by statute.
V. Adjudication or Appeal of an Order Assessing Civil Penalty
DHS may collect information to conduct adjudications or appeals of Orders Assessing
Civil Penalties.
3.2
Does the project use technology to conduct electronic searches,
queries, or analyses in an electronic database to discover or locate
a predictive pattern or an anomaly? If so, state how DHS plans to
use such results.
DHS proposes to analyze recordkeeping information maintained by AN Facilities,
including information entered into the electronic recordkeeping database in order to identify
trends and/or suspicious activities, and also in order to assess regulatory compliance.
Information about trends and/or potentially suspicious activities may be shared with federal law
enforcement and federal, state, local, tribal, territorial, or other government entities, as
appropriate. In the NPRM proposing the Ammonium Nitrate Security Program, the Department
seeks comments on the proposed electronic recordkeeping database.
3.3
Are there other components with assigned roles and
responsibilities within the system?
Yes. TSA will conduct vetting against the TSDB. TSA and U.S. Customs and Border
Protection may participate in verifying previous TSDB vetting results under other DHS
programs. In lieu of conducting new TSDB vetting of an applicant, DHS/NPPD may collect
information to verify that the applicant is currently enrolled in a DHS program that also requires
a TSDB check equivalent to the TSDB vetting performed as part of the Ammonium Nitrate
Security Program. Those DHS Programs could include:
1) The Transportation Worker Identification Credential program (TWIC);
2) The Hazardous Material Endorsement program (HME);
3) The Trust Traveler Programs, including:
a) The Nexus program;
b) The Free and Secure Trade program (FAST); and
�Privacy Impact Assessment
NPPD, Ammonium Nitrate Security Program
July 25, 2011
Page 21
c) The Secure Electronic Network for Travelers Rapid Inspection program
(SENTRI).
Leveraging a previous equivalent TSDB background check will limit the number of
instances in which different programs are required to vet the same affected individual against the
TSDB.
3.4
Privacy Impact Analysis: Related to the Uses of Information
Sharing of information both internally and externally will be compatible with the
Ammonium Nitrate Security Program’s SORN(s). The Ammonium Nitrate Security Program’s
SORN(s) will cover sharing of PII by DHS with external entities (e.g., sharing information with
the TSC to determine if an applicant’s PII matches PII contained in the TSDB).
Privacy Risk: There is a privacy risk that the information will be improperly used.
Mitigation: To mitigate the potential privacy risk of unauthorized disclosure of PII,
DHS/NPPD will implement the necessary security controls to ensure that all personnel granted
access to the information have a confirmed need to know the information to perform their duties
and are authorized to handle information collected by DHS/NPPD under the Ammonium Nitrate
Security Program. These individuals will be required to complete DHS privacy training on at
least an annual basis.
Additionally, DHS has well-established and comprehensive information handling
processes to enhance information security and eliminate possibilities for inappropriate sharing,
misuse and/or loss, including the information handling processes described in the Department’s
Handbook for Safeguarding Sensitive Personally Identifiable Information. 6 Ammonium Nitrate
Security Program personnel will adhere to established internal information security policies, as
well as those outlined in DHS information technology security documents. Periodic audits and
evaluations will ensure continued compliance with DHS security and privacy requirements,
including those that cover the internal sharing of PII.
Finally, any internal or external organization to which information will routinely be
transmitted must have a documented interagency security agreement on file with DHS, approved
by both parties, that outlines security and privacy controls in place to protect the confidentiality,
integrity, and availability of PII being shared or processed. Internal components with whom PII
is shared must agree to maintain reasonable physical, electronic, and procedural safeguards to
appropriately protect the shared information. DHS is also required to handle PII in accordance
with the requirements of the Privacy Act, 7 E-Government Act of 2002, 8 and FISMA, 9 as
appropriate.
6
7
Available at http://www.dhs.gov/xlibrary/assets/privacy/privacy_guide_spii_handbook.pdf.
See 5 U.S.C. § 552a.
�Privacy Impact Assessment
NPPD, Ammonium Nitrate Security Program
July 25, 2011
Page 22
Section 4.0 Notice
The following questions seek information about the project’s notice to the individual about the
information collected, the right to consent to uses of said information, and the right to decline to provide
information.
4.1
How does the project provide individuals notice prior to the
collection of information? If notice is not provided, explain why
not.
DHS/NPPD will provide notice in the form of a Privacy Act Statement to each applicant
for an AN Registered User Number at the point of collection.
DHS/NPPD is considering how to provide adequate notice to each agent that his/her
name will be provided to DHS/NPPD prior to submitting the agent’s information to DHS/NPPD.
The Department is seeking comment on this issue in the NPRM proposing the Ammonium
Nitrate Security Program, and any updates to this PIA addressing this issue will be published
prior to program implementation.
DHS/NPPD is considering how to provide notice regarding information collection to AN
Purchasers and to AN Purchasers’ agents prior to submission of their PII to DHS/NPPD as part
of sales or transfers of ammonium nitrate. The Department is seeking comment on this issue in
the NPRM proposing the Ammonium Nitrate Security Program, and any updates to this PIA
addressing this issue will be published prior to program implementation.
DHS/NPPD will notify individuals that their information may be collected for all services
provided in support of the Ammonium Nitrate Security Program when contacting the AN
Helpdesk or Tip-line.
4.2
What opportunities are available for individuals to consent to
uses, decline to provide information, or opt out of the project?
Individuals will be provided notice prior to or at the point of collection about their rights
not to provide certain information and the consequences as a result of that decision (e.g., inability
to obtain an AN Registered User Number; inability to obtain ammonium nitrate as part of a sale
or transfer of ammonium nitrate; etc.). Individuals do not have the right to consent to particular
uses of their information, other than to decline to obtain, purchase, sell, or transfer ammonium
nitrate.
8
9
See 44 U.S.C. Ch. 36.
See 44 U.S.C. § 3541 et seq.
�Privacy Impact Assessment
NPPD, Ammonium Nitrate Security Program
July 25, 2011
Page 23
4.3
Privacy Impact Analysis: Related to Notice
Privacy Risk: There is a privacy risk that inadequate notice will be provided.
Mitigation: In addition to receiving a Privacy Act Statement at the point of collection,
prior to submitting his/her application for an AN Registered User Number, each applicant will be
required to affirm his/her understanding that: 1) his/her PII is submitted to DHS/NPPD for the
purposes of vetting against the TSDB; 2) he/she is aware of steps for correcting inaccurate PII;
and 3) additional PII may be requested by DHS/NPPD, and will be submitted to DHS/NPPD for
the completion of the vetting process if requested.
A Privacy Act Notice will also be provided (via a recording) when an individual contacts
the Helpdesk or tipline for any Ammonium Nitrate Security Program related services.
DHS/NPPD is also seeking comments through the NPRM proposing the Ammonium
Nitrate Security Program on how to provide Notice to AN Purchasers and their agents when they
are required to provide PII to purchase or obtain ammonium nitrate. Any privacy risks and
mitigation strategies associated with the process to be implemented will be provided in an
updated PIA prior to program implementation.
By providing notice when collecting information, DHS/NPPD mitigates the privacy risks
associated with notice including, but not limited to, the lack of understanding on the part of
individuals regarding the collection and use of their PII, their rights to refuse to participate in the
Ammonium Nitrate Security Program, and their ability to correct inaccurate information.
Section 5.0 Data Retention by the project
The following questions are intended to outline how long the project retains the information after
the initial collection.
5.1
Explain how long and for what reason the information is retained.
I. Registration of AN Sellers and AN Purchasers
The length of time DHS/NPPD will retain information on individuals will be dependent
on individual TSDB vetting results. Specifically, individuals’ information will be retained as
described below, based on individuals’ placements into three categories:
a) Information pertaining to an individual who is not a potential match to a TSDB
record will be retained for one year after the individual’s AN Registered User
Number is denied, revoked, or no longer valid;
b) Information pertaining to an individual who may originally have appeared to be a
match to a TSDB record, but who was subsequently determined not to be a match,
will be retained for seven years after completion of TSDB matching, or one year
�Privacy Impact Assessment
NPPD, Ammonium Nitrate Security Program
July 25, 2011
Page 24
after the individual’s AN Registered User Number is denied, revoked, or no longer
valid, whichever is later; and
c) Information pertaining to an individual who is determined to be a positive match to
a TSDB record will be retained for 99 years after completion of matching activity,
or 7 years after DHS/NPPD learns that the individual is deceased, whichever is
earlier.
TTAC will maintain records within its possession in accordance with the DHS/TSA-002
Transportation Security Threat Assessment System System of Records, 75 FR 28046 (May 19,
2010) (notice to amend SORN). CBP will maintain records in its possession in accordance with
the DHS/CBP-002 Global Enrollment System System of Records, 71 FR 20708 (April 21, 2006).
II. Point of Sale Verification Requirements
DHS will maintain as part of this program a list of every time DHS/NPPD conducts a
verification, who participated in the verification, and the information verified. This information
will be maintained for whichever is longer: (1) two years past the date the Department no longer
regulates the AN Facility at which the verification took place; or (2) the period of time the
Department retains information on the individuals involved in the verification (see the
description of record retention based on TSDB vetting results, above).
III. Recordkeeping and Inspection/Audit Requirements
Information collected by the Department during an inspection or audit will be retained for
the duration the Department regulates the AN Facility.
5.2
Privacy Impact Analysis: Related to Retention
Privacy Risk: There is a privacy risk that records containing PII collected under this
program pertaining to an individual who may originally have appeared to be a match to a TSDB
record, but who was subsequently determined not to be a match, will be retained in the system
longer than needed.
Mitigation: PII will be retained for only the minimum amount of time necessary and in
accordance with the retention schedule listed above. Audits and ongoing vigilance will be
applied to verify adherence to applicable records retention schedules.
Section 6.0 Information Sharing
The following questions are intended to describe the scope of the project information sharing
external to the Department. External sharing encompasses sharing with other federal, state, and local
government entities, and with private sector entities.
�Privacy Impact Assessment
NPPD, Ammonium Nitrate Security Program
July 25, 2011
Page 25
6.1
Is information shared outside of DHS as part of the normal
agency operations? If so, identify the organization(s) and how the
information is accessed and how it is to be used.
Information collected by DHS/NPPD through the registration process and the verification
process will be shared externally in accordance with the routine uses listed in the SORN(s) to be
published for the Ammonium Nitrate Security Program.
DHS may externally share information, TSDB matching analyses, and vetting results in
order to ensure appropriate federal law enforcement agency responses, and other appropriate
government responses. DHS will also share information with the TSC, which maintains the
federal government’s TSDB. 10
DHS may also share information about AN Purchasers (and their agents) with AN
Facility personnel who have been issued AN Registered User Numbers. This external sharing
will enable AN Facility personnel to conduct required registration and identity verifications prior
to the sale or transfer of ammonium nitrate.
DHS may also share information about AN Sellers with other AN Sellers (e.g.,
Designated AN Facility POCs) to allow each AN Facility to manage which AN Sellers are
associated with it.
6.2
Describe how the external sharing noted in 6.1 is compatible with
the SORN noted in 1.2.
The Ammonium Nitrate Security Program Records SORN(s) will be written explicitly to
accommodate the Ammonium Nitrate Security Program. External sharing of information will be
compatible with this SORN(s).
6.3
Does the project place limitations on re-dissemination?
NPPD will share information pursuant to the Privacy Act and the routine uses in the
SORN(s) for the Ammonium Nitrate Security Program. When information is shared, the
receiving agency will be notified of the fact that records received are covered by the Privacy Act.
6.4
Describe how the project maintains a record of any disclosures
outside of the Department.
The Ammonium Nitrate Security Program will follow standard operating procedures
when sharing information outside the Department related to vetting applicant information against
10
The TSC will share information in accordance with the routine uses set forth in the Terrorist Screening Records
System SORN. See 72 FR 47073 (Aug. 22, 2007) (notice to amend SORN).
�Privacy Impact Assessment
NPPD, Ammonium Nitrate Security Program
July 25, 2011
Page 26
the TSDB. The standard operating procedures require retaining appropriate accounting of what
records are disclosed, and to whom they are disclosed.
The Ammonium Nitrate Security Program SORN(s) will be written explicitly to
accommodate the Ammonium Nitrate Security Program. External sharing and accounting of
disclosures of information will be compatible with this SORN(s).
6.5
Privacy Impact Analysis: Related to Information Sharing
Privacy Risk: Privacy risks identified include the risk of unauthorized access to the
information collected, the risk of unauthorized use/disclosure of the information collected, and
the risk of loss of information.
Mitigation: To mitigate the potential privacy risk of unauthorized access to the
information collected, the risk of unauthorized use/disclosure of the information collected, and
the risk of loss of information, each external organization that transmits information to or from
DHS/NPPD must have a documented interagency security agreement on file with DHS/NPPD,
approved by signatories representing both parties, that outlines security and privacy controls in
place to protect the confidentiality, integrity, and availability of information being shared or
processed. External organizations with which DHS shares information must agree to maintain
physical, electronic, and procedural safeguards to protect the shared information. Federal
agencies receiving Ammonium Nitrate Security Program-related information are also required to
handle it in accordance with federal data protection requirements including the Privacy Act, the
E-Government Act, and FISMA, as appropriate.
Section 7.0 Redress
The following questions seek information about processes in place for individuals to seek redress
which may include access to records about themselves, ensuring the accuracy of the information collected
about them, and/or filing complaints.
7.1
What are the procedures that allow individuals to access their
information?
Applicants who apply for AN Registered User Numbers will be able to access their
information they have previously submitted to DHS/NPPD via a web-based portal.
An individual seeking to appeal a denial or revocation of an AN Registered User Number
may gain access to his/her information by filing a written Request for Materials with
�Privacy Impact Assessment
NPPD, Ammonium Nitrate Security Program
July 25, 2011
Page 27
DHS/NPPD, requesting copies of the materials on which denial or revocation was based. 11 Such
materials will include the individual’s information.
Each applicant may also request a copy of his/her PII from DHS/NPPD by submitting a
Freedom of Information Act/Privacy Act (FOIA/PA) request to the DHS/NPPD FOIA Officer at
245 Murray Lane SW, Washington, D.C. 20528-0380. Applicants may obtain directions on how
to submit a FOIA/PA request at http://www.dhs.gov/xfoia/editorial_0316.shtm.
7.2
What procedures are in place to allow the subject individual to
correct inaccurate or erroneous information?
Applicants for AN Registered User Numbers, and individuals who have been issued AN
Registered User Numbers, will be able to update and/or correct inaccurate or erroneous
information they have submitted to DHS/NPPD by accessing a web-based portal.
Applicants and individuals who have been issued AN Registered User Numbers may also
write to the DHS/NPPD FOIA Officer at 245 Murray Lane SW, Washington, D.C. 20528-0380,
to have inaccurate or erroneous PII corrected.
7.3
How does the project notify individuals about the procedures for
correcting their information?
Each applicant for an AN Registered User Number is notified of the procedures to correct
his/her information as a part of the electronic notification he/she receives regarding the approval
or denial of his/her AN Registered User Number.
Redress will be provided as described above in sections 7.1-7.2. Notice of redress
procedures will be provided in the published SORN(s) and through the appropriate Privacy Act
Statement (see section 4.0).
7.4
Privacy Impact Analysis: Related to Redress
Privacy Risk: Individuals may be unaware of or not understand their redress options.
Mitigation: These risks are mitigated because the Ammonium Nitrate Security Program
will provide individuals with clear notice of their ability to access and correct their information,
as well as to seek redress. Redress will be provided as described above in sections 7.1-7.2.
Notice of redress procedures will be provided in the published SORN(s) and through the
appropriate Privacy Act Statement (see section 4.0).
11
See the Ammonium Nitrate Security Program Notice of Proposed Rulemaking for further discussion regarding
denials, revocations, and Requests for Materials.
�Privacy Impact Assessment
NPPD, Ammonium Nitrate Security Program
July 25, 2011
Page 28
Section 8.0 Auditing and Accountability
The following questions are intended to describe technical and policy based safeguards and
security measures.
8.1
How does the project ensure that the information is used in
accordance with stated practices in this PIA?
DHS policy requires that systems implement auditing at the user level and regularly
analyze audit logs to determine misuse or abuse. The likelihood of unauthorized access is
mitigated through technical controls including firewalls, intrusion detection, encryption, access
control lists, system hardening techniques, and other security measures. All implemented
controls meet federal and DHS requirements governing information assurance.
8.2
Describe what privacy training is provided to users either
generally or specifically relevant to the project.
All DHS personnel and contractor personnel with access to the IT system will undergo
DHS privacy training, which includes a discussion of the DHS Fair Information Practice
Principles (FIPPs) and instructions on handling PII in accordance with FIPPs and DHS privacy
policy. Additionally, all DHS and contractor personnel must complete annual privacy refresher
training to retain system access. In addition, security training is provided to DHS personnel on
an annual basis, which helps to maintain the level of awareness for protecting PII. DHS reports
on employees, including contractors, who receive IT security and privacy training as required by
FISMA.
8.3
What procedures are in place to determine which users may
access the information and how does the project determine who
has access?
DHS has well-established and comprehensive processes to enhance information security
and minimize possibilities for unauthorized access. DHS personnel adhere to internal
information security policies. In addition, robust auditing measures and technical safeguards will
monitor for unauthorized access or attempted access. To reduce the risk of a data breach,
proactive monitoring of logs will identify potential incidents as early as possible, and audit trails
will be maintained to facilitate investigation of incidents in accordance with DHS Privacy
Incident Handling Guidance. Regularly scheduled risk assessments will be performed on the
security controls for security vulnerabilities, including technical, managerial, and physical
security access.
Established security controls will be in place to limit access based on user roles and
responsibility, need to know, least privilege, and separation of duties. Rules governing a user’s
�Privacy Impact Assessment
NPPD, Ammonium Nitrate Security Program
July 25, 2011
Page 29
access to the system will be applied by the system automatically, based on the user’s assigned
role. Categories of users will be approved by a DHS Information Systems Security Officer
(ISSO) and any changes in roles will need approval prior to access.
�Privacy Impact Assessment
NPPD, Ammonium Nitrate Security Program
July 25, 2011
Page 30
8.4
How does the project review and approve information sharing
agreements, MOUs, new uses of the information, new access to the
system by organizations within DHS and outside?
Information sharing agreements are formally reviewed by the program manager,
DHS/NPPD Privacy Officer, and counsel.
Responsible Officials
Todd Klessman
Infrastructure Security Compliance Division
National Protection and Programs Directorate
Approval Signature
Original signed copy on file with the DHS Privacy Office
Mary Ellen Callahan
Chief Privacy Officer
Department of Homeland Security
�
| File Type | application/pdf |
| File Title | privacy_pia_nppd_ansp |
| Author | U.S. Department of Homeland Security |
| File Modified | 2011-08-03 |
| File Created | 2011-08-03 |