Pia - Sims

 

Privacy Impact Assessment Update
for the

Secure Information Management Service
(SIMS) Pilot with Inter-Country Adoptions
August 13, 2008

Contact Point
Donald Hawkins
U.S. Citizenship and Immigration Services (USCIS)
202-272-8000
Reviewing Official
Hugo Teufel III
Chief Privacy Officer
Department of Homeland Security
(703) 235-0780

Privacy Impact Assessment Update 
United States Citizenship & Immigration Services 
Page 2 

Abstract
United States Citizenship and Immigration Services (USCIS) is publishing this update to the Privacy
Impact Assessment (PIA) for the Secure Information Management Service (SIMS). This update describes the
electronic sharing of case management data with the Department of State (DoS) necessary to expedite and
improve the processing of inter-country adoption cases. Specifically, the Personally Identifiable
Information (PII) will be shared electronically with the DoS to maintain statistics related to inter-country
adoption cases.

Introduction
The Department of Homeland Security (DHS) through United States Citizenship and Immigration
Services (USCIS) implements United States (U.S.) immigration law and policy through the processing and
adjudication of applications and petitions submitted for citizenship, asylum, and other immigration
benefits. USCIS also supports the nation’s security by preventing individuals from fraudulently obtaining
immigration benefits and by denying applications from individuals who pose national security or public
safety threats to the U.S.
USCIS is embarking on an enterprise-wide “Transformation Program” that will transition the
agency from a fragmented, form-centric, and paper-based operational environment to a centralized,
person-centric, consolidated environment utilizing electronic adjudication. A person-centric environment is
USCIS’s proposed method for doing business with customers, because it will enable the agency to focus
more on the individual rather than the type of form they submit. The new operational environment will
employ the types of online customer accounts used in the private sector. This person-centric model will
link information related to an individual in a single account in order to facilitate customer friendly
transactions, track activities, and reduce identity fraud.
To support this effort, USCIS deployed a series of pilots to validate key concepts of the program’s
mission. One of the key functions of the SIMS Pilot deployment is to demonstrate the overall benefits of the
USCIS Transformation Project. Using the inter-country adoption caseload as a “proof-of-concept” of the
SIMS, this pilot demonstrates the case processing capability of the case management system, verifies that an
enumerator (unique identifier based on biometrics) supports the USCIS person-centric business process,
and electronically transfers case information to the Department of State (DoS). USCIS is now updating the
method by which the information is shared with DoS.
The modified data sharing with the DoS will provide better customer service, enhance security,
deter against immigration fraud, and improve electronic interactions among all visa and immigration
benefits.

What is SIMS?
The SIMS is a web-based, information and case management service that enables USCIS to perform
end-to-end processing of applications and the ability to better associate and manage relationships with its

Privacy Impact Assessment Update 
United States Citizenship & Immigration Services 
Page 3 

applicants. The SIMS Pilot enables the collection of adoption case information related to Hague Convention
and Non-Convention (also known as Orphan) applications. 1
The SIMS Pilot utilizes the Enumeration Services of DHS’s US-VISIT Program to establish a unique
identity for each individual interacting with USCIS. Enumeration Services establishes an enterprise-wide
unique personal identifier, known as the enumerator, based on ten-print fingerprints and limited
biographic information of an individual. 2 An enumerator is a randomly generated alphanumeric unique
identifier that is used to link disparate records associated with an individual for the purpose of
identification. Enumeration will allow USCIS to consolidate information on an individual and facilitate
identity verification, risk evaluation, and benefit eligibility.

Reason for the PIA Update
Although the previous SIMS PIA described the sharing of information with DoS, the method by
which the information is shared will be modified in the SIMS Release 3.0. As part of the SIMS Release 3.0,
the SIMS functionality is being expanded to transmit case data electronically to DoS via the USCIS Enterprise
Service Bus (ESB). 3
In addition, the USCIS adoption-related forms/applications approved by the Office of Management
and Budget (OMB) have expanded to include the following forms/applications:
• Form I-800A, Application for Determination of Suitability to Adopt a Child from a
Convention Country
• Form 1-800, Petition to Classify Convention Adoptee as an Immediate Relative
On December 12, 2007, the United States ratified the Hague Convention on the Protection of
Children and Co-Operation in Respect of Inter-Country Adoption. As a result, starting on April 1, 2008,
prospective parents must submit the forms/applications listed above to USCIS when adopting from another
convention country.

Privacy Impact Analysis
The System and the Information Collected and Stored within the System
DHS is not collecting additional PII from individuals and organizations associated with the USCIS
adoption related forms/applications. The set of specific adoption related forms/applications has increased
to include the following:
•
•

Form I-800A, Application for Determination of Suitability to Adopt a Child from a
Convention Country
Form 1-800, Petition to Classify Convention Adoptee as an Immediate Relative

                                                           
1 See  Secure Information Management Service (SIMS) Pilot with Inter‐Country Adoptions, May 24, 2007. 
Available at www.dhs.gov/privacy. 
2 See Enumeration Services of the Automated Biometric Identification System (IDENT), May 25, 2007.  
Available at www.dhs.gov/privacy. 
3 See USCIS Enterprise Service Bus (ESB), June 22, 2007.  Available at www.dhs.gov/privacy. 

Privacy Impact Assessment Update 
United States Citizenship & Immigration Services 
Page 4 

DHS mitigates the privacy risk related to including additional forms/applications by employing
extensive security measures to protect USCIS systems, by providing users additional system education and
training in handling this data, and by implementing policies and procedures to limit the use and access of
all data in SIMS to the purposes for which it was collected.

Uses of the System and the Information
Information shared with the DoS will be used to maintain statistics related to inter-country
adoption cases, Convention/non-Convention and emigrating/immigrating cases, as required by the Hague
Adoption Convention.

Retention
USCIS is working with NARA to develop a retention schedule for data contained within SIMS. The
current proposed retention schedule for SIMS data is 15 years.

Internal Sharing and Disclosure
The internal sharing and disclosure has not changed with this update.

External Sharing and Disclosure
The information collected by SIMS and shared with DoS has expanded to include the following
forms/applications:
• Form I-800A, Application for Determination of Suitability to Adopt a Child from a
Convention Country
• Form 1-800, Petition to Classify Convention Adoptee as an Immediate Relative
In addition, the method by which the information is shared with the DoS has been enhanced. Key
data collected in adoption related applications will be transferred to the DoS via the USCIS ESB, thereby
adding another layer of security and further reducing the risk of unauthorized access and transmission of
PII. The key data includes information about individuals and organizations, such as addresses, phone
number, citizenship status, enumerator, A-Number, social security number, dates of birth, marital status,
places of birth, gender, biometrics, and results of background checks. SIMS transmits the information to the
ESB via secured intranet using Transmission Control Protocol/Internet Protocol (TCP/IP) as the
communication protocol. Subsequently, the ESB utilizes TCP/IP protocols and methods to transmit the
information to DoS. Prior to the enhancement, data sharing was limited to the following:
• DHS personnel could provide information contained in SIMS to external organizations who are colocated with DoS personnel who have access to the system, and
• USCIS could securely transfer encrypted SIMS data by email or other encrypted portable media
(e.g., CD, thumb drive), when there was no direct access to SIMS, to an authorized DHS employee
who then allowed an authorized representative from an outside government organization to view
it.

Privacy Impact Assessment Update 
United States Citizenship & Immigration Services 
Page 5 

USCIS further mitigates the potential for data compromise and misuse by working closely with the
sharing organizations to develop secure standard operating procedures for sharing this data, which are
documented in sharing agreements. In all cases of sharing internal to DHS, all organizations are required to
comply with the Department’s security policies and procedures.

Notice
Notice is provided by this PIA update. A SORN has been published for the Inter-country Adoption
implementation of SIMS Pilot (72 FR 31086). Individuals who submit applications for adoption will be
presented with a Privacy Act Statement (Appendix B) and a signature release authorization on each
application related to adoption which will enable DHS to disclose information to other entities involved in
the adjudication of the adoption application to include those performing home studies. In addition, the
SORNs for the Central Index System (CIS) (72 FR 1755) and Background Check System (BCS) (72 FR
31082) both apply.

Individual Access, Redress, and Correction
The process for requesting access, redress, or correction of information has not changed with this
update.

Technical Access and Security
Access to SIMS is currently limited to authorized DHS employees and contractors. It is expected that
in the future, SIMS may be accessible to authorized DoS personnel. To provide access to DoS personnel, an
addendum to the existing Memorandum of Understanding (MOU) between the Bureau of Consular Affairs
and USCIS for the Exchange of Visa and Immigration Data will be executed. The responsibilities of the
parties with respect to systems, data updates, and coordination are described in the MOU. In addition,
government personnel and contractors must adhere to the OMB guidance provided in OMB Memoranda,
M-06-16 “Protection of Sensitive Agency Information,” dated June 23, 2006 setting forth the standards for
the handling and safeguarding of personally identifying information. Contractors must also sign nondisclosure agreements.
As described above, any sharing of data increases the potential for compromising that data and
creates new opportunities for misuse. USCIS mitigates these vulnerabilities by working closely with the
sharing organizations to develop secure standard operating procedures for sharing this data. These
procedures are documented in sharing agreements. In all cases of sharing internal to DHS, all organizations
are required to comply with the Department’s security policies and procedures and as stated in the MOU.

Privacy Impact Assessment Update 
United States Citizenship & Immigration Services 
Page 6 

Technology
SIMS was implemented using the COTS software with a considerable amount of configuration to
conform to USCIS system requirements. The connection between SIMS and USCIS ESB have been designed
and implemented in a secure USCIS Data Center environment using secure TCP/IP protocol, web services
and Tibco adapter behind the network firewall. These communication mechanisms adhere to the DHS
Sensitive System Policy Directive 4300A and the DHS 4300A Sensitive Systems Handbook.

Responsible Official
Donald Hawkins
USCIS Privacy Officer
Department of Homeland Security

Approval Signature

Original signed and on file with the DHS Privacy Office.
Hugo Teufel III
Chief Privacy Officer
Department of Homeland Security