PIA (Privacy Impact Assessment) for Affidavit of Relationship

Worldwide Refugee Admissions Processing System (WRAPS) PIA (7-2012).docx

Affidavit of Relationship

PIA (Privacy Impact Assessment) for Affidavit of Relationship

OMB: 1405-0206

Document [docx]
Download: docx | pdf

PRIVACY IMPACT ASSESSMENT

1. Contact Information

PIA Completed By:

Name: Kelly Gauger

Title: Program Officer

Organization: PRM

Phone: Ext. 3-1055

Email: [email protected]

System Owner:

Name: Amy Nelson

Title: RPC Director

Organization: PRM/A

Phone: (703) 907-7201

E-mail: [email protected]

Program Manager:

Name: Amy Nelson

Title: RPC Director

Organization: PRM/A

Phone: (703) 907-7210

E-mail: [email protected]

IT Security Manager:

Name: Bruce Anderson

Title: Production Support Manager

Organization: RPC

Phone: 703-907-7208

E-mail: [email protected]

Department of State Privacy Coordinator

Margaret P. Grafeld

Bureau of Administration

Global Information Services

Office of Information Programs and Services

2. System Information

  1. Date PIA was completed: November 2011

  2. Name of system: Worldwide Refugee Admissions Processing System

  3. System acronym: WRAPS

  4. IT Asset Baseline (ITAB) number: 671

  5. System description:

The Worldwide Refugee Admissions Processing System (WRAPS) is an electronic refugee resettlement case management system that links the Department of State Bureau of Population, Refugees and Migration (PRM) and its worldwide partners to facilitate the refugee resettlement process. WRAPS contains case information and tracks the processing of refugee applicants as they move through the required administrative steps up to arrival in the U.S.

  1. Reason for performing PIA:

    New system

    Significant modification to an existing system.

    To update existing PIA for a triennial security re-certification

  2. Explanation of modification:

Because of evidence of a high incidence of fraud within claimed biological relationships of applicants from several countries, DNA testing is required to confirm biological relationships between some claimed qualifying family members (parents and children) located overseas and their counterpart “anchor” persons in the U.S. The personally identifiable information (PII) now collected in WRAPS includes the results of a DNA test to prove or disprove kinship, including the date and number of the test, the name of the laboratory, and the test result sheet with genetic marker (allele) information redacted.

  1. Date of previous PIA (if applicable): January 3, 2008



3. Characterization of the Information

The system:

does NOT contain PII.

does contain PII.

a. What elements of PII are collected and maintained by the system?

WRAPS contains PII about the refugee applicant from other countries and anchor relatives already located in the U.S.

WRAPS contains and maintains the following PII about refugee applicants:

  • biographic information:name, gender, date of birth, place of birth;

  • nationality, ethnicity, and religion;

  • family relationships;

  • Alien Number;

  • biometrics such as height, weight, color of eyes and hair, and facial marks,

  • information about significant medical conditions,

  • persecution claim and information about the situation in the country of first asylum, and.

  • results of DNA testing;



WRAPS may contain the following information from anchor relatives:

  • biographic information: name, date of birth, gender, place of birth, marital status, ,

  • contact information: telephone numbers, email address, ;

  • citizenship and immigration status;

  • overseas case number;

  • alien number;

  • social security number

  • immigration or refugee processing numbers;

  • family relationships; and

  • results of DNA testing.

WRAPS may contain PII from other family members listed by an anchor relative. Such family members may include parents, step parents, foster parents, spouses, children, brothers, and sisters. The PII of these other family members may include biographic information such as name, gender, date of birth, place of birth, marital status, place and date of marriage, and date of the termination of a marriage.

Information may be provided directly by the refugee applicant, from anchor relatives located in the U.S., from the United Nations High Commissioner for Refugees (UNHCR), from non-governmental organizations (NGOs), or from U.S. embassies abroad.

b. How is the information collected?

Paper Forms

Refugee applicants are referred by UNHCR, NGOs, and U.S. embassies that file applications with PRM. In some cases, refugee applicants may apply directly to the program.

For cases under the Priority 3 family reunification program (P-3 Program) of the U.S. Refugee Admission Program (USRAP), anchor relatives in the U.S. file the Affidavit of Relationship (AOR), Form DS‑7656, on behalf of their prospective Qualifying Family Members (QFMs) abroad to initiate their application to the USRAP for refugee resettlement to the U.S.. AOR information is collected in person by resettlement agencies in the U.S., which work under cooperative agreements with the Department to assist refugees and asylees in applying for their prospective QFMs to join them in the U.S. under the P-3 category.

On the AOR, the anchor relative is required to include information about him or herself and information about relatives in order to assist the Department in determining whether a prospective QFM is qualified to apply for access to the USRAP for family reunification purposes. Anchors also must sign an acknowledgment that they understand they and prospective QFMs may be requested to submit DNA evidence to verify the claimed biological relationships; that they will submit DNA evidence at the time it is requested; and that they will pay all necessary fees associated with that expense and the expenses associated with the submittal of DNA evidence of a prospective QFM. The voluntary agencies then forward the completed AORs by mail to the Refugee Processing Center (RPC) for data entry, scanning, and case processing.

After the RPC creates a case in WRAPS the Resettlement Support Center (RSC) responsible for the case commences pre-screening. Once pre-screening is completed, the RSC sends a letter to the anchor advising them that DNA testing is required, along with a fact sheet about DNA testing and a list of laboratories approved by the American Association of Blood Banks (AABB) in the U.S. where the testing must be done. Testing must be conducted in accordance with joint AMA-ABA Guidelines set forth by the AABB. Prior to conducting the DNA test, the RSC provides notice to prospective QFMs explaining that the DNA sample will only be used for the purpose of establishing a claimed biological relationship, that the DNA samples will be sent to the laboratory for analysis, and that the samples will not be kept by the U.S. Government. The prospective QFMs will sign the form acknowledging that the RSC has explained the purpose of the DNA testing.

DNA testing is done using cells from inside the mouth, which are collected with a cotton swab (buccal swab). DNA testing of anchor relatives is conducted in the U.S. at an approved lab. The testing of the QFM is conducted by an embassy-appointed panel physician or by the International Organization for Migration (IOM). A panel physician is a medically trained, licensed, and experienced doctor practicing overseas who is appointed by the local U.S. embassy or consulate. The IOM serves as the panel physician in many locations overseas.


Panel physicians receive U.S. immigration-focused training in order to provide examinations as required by the Centers for Disease Control and Prevention (CDC) and the Department of Homeland Security (DHS) U.S. Customs and Immigration Service (USCIS). An approved laboratory will provide tubes, packing materials, and instructions, which are forwarded to the RSC responsible for the case. The RSC works with the panel physician or IOM to arrange for the testing of the QFM, in accordance with laboratory instructions, and for shipment of the samples to the laboratory.

Persons who undergo DNA testing direct the laboratory conducting the test to send a paper report directly to the Refugee Processing Center (RPC). Different laboratories may have different reporting formats, but DNA testing results are typically issued by the lab as a one‑page summary that list the names of the persons tested, their dates of birth, test numbers, a comparison of “alleles” (genetic markers represented as a series of numbers), and a conclusion as to the probability that the anchor and applicant are biologically related. No other information about the applicant or anchor DNA is typically reported, and the DNA sample itself is not sent to the RPC.

An RPC staff member reviews the result, checks the appropriate box in the WRAPS electronic record to the effect that a biological relationship is confirmed or not confirmed, and enters the test number, report date, and the name of the lab. The report is scanned into the WRAPS record, with the genetic marker (allele) information redacted, and is then destroyed. DNA samples taken overseas are in the possession of a designated RSC staff member in accordance with the chain-of-custody requirements of the laboratory until they are mailed to the U.S. by the RSC. No DNA samples are in the possession of PRM or the RPC. No genetic information about applicants is compiled or maintained in WRAPS.

The AOR and the results of the DNA test is sent to DHS USCIS for an initial review of claimed relationships by the Refugee Access Verification Unit (RAVU). Following completion of the RAVU review, RPC notifies the RSC that case processing can continue.

Electronic Forms

Since 2006, some UNHCR offices electronically submit refugee applicants’ information to WRAPS. The submissions are handled through a secure transmission between UNHCR and the RPC.

c. Why is the information collected and maintained?

The information is collected and maintained to determine eligibility for access to the USRAP; to process refugees for admission to the U.S.; and to assist with resettlement of refugees in the U.S. DNA testing is used specifically to determine whether QFMs are qualified to apply for access to the USRAP under the P‑3 Program.

d. How will the information be checked for accuracy?

Standard operating procedures are in place both overseas and domestically to ensure the accuracy of refugee applicants’ records. Caseworkers in the U.S. work with anchor relatives to ensure that information supplied on the AOR is correct. Whenever possible, anchor family members in the U.S. and refugee applicants overseas are requested to provide documentation that corroborates the information they provide verbally. Form I-94, Arrival-Departure Records, green card or citizenship records, marriage certificates, birth certificates, passports, baptismal certificates, and similar documents are kinds that are reviewed both domestically and overseas. Each refugee applicant overseas has a face-to-face meeting with an RSC caseworker and DHS USCIS officers to verify that the information on their record is correct. DNA test results will only be accepted from approved laboratories in the U.S. For traceability, information entered in WRAPS includes the result of the testing, the test number, the date of the report, and the name of the laboratory that conducted the test.

e. What specific legal authorities, arrangements, and/or agreements define the collection of information?

8 U.S.C. 1157, Annual admission of refugees and admission of emergency situation refugees. 8 U.S.C. 1522(b), authorization for programs for initial domestic resettlement of and assistance to refugees.

f. Privacy Impact Analysis: Given the amount and type of data collected, discuss the privacy risks identified and how they were mitigated.

Because of the frequent absence of documentary evidence establishing biological relationships in refugee populations and indications of a high incidence of fraud within claimed biological relationships in several countries involving the P-3 Program, PRM determined that DNA testing is necessary worldwide to establish biological relationships between claimed QFMs overseas and anchors in the U.S. in order to establish eligibility for access to the Program. Additionally, all of the other PII collected and mentioned in section 3(a) is necessary to establish identities.

The RPC only receives paper reports of the results of DNA testing. An RPC staff member reads the result and checks the appropriate box in WRAPS that a relationship is either confirmed or not confirmed. No genetic marker (allele) information is retained by the Department.

Only authorized users directly involved in refugee processing or in technical support roles have access to WRAPS. These include U.S. Government employees, contractors, system administrators, and other authorized technical staff granted privileged access.



4. Uses of the Information

a. Describe all uses of the information.

The information gathered is used to determine the eligibility of individuals for admission to the U.S. under the USRAP. This information includes the status determination made by the Department of Homeland Security, United States Citizenship and Immigration Services (DHS/USCIS), records of the applicant’s clearance for medical or security reasons, and pertinent biographical information necessary for placement and resettlement in the U.S.

b. What types of methods are used to analyze the data? What new information may be produced?

Statistical methods are used to generate standard and ad hoc reports for U.S. Government and partner agencies. New statistical reports may show numbers of refugee applicants with confirmed or non‑confirmed relationships based on the DNA results; however, these will be aggregate results without PII that distinguish individuals.

c. If the system uses commercial information, publicly available information, or information from other Federal agency databases, explain how it is used.

As part of the refugee adjudication, in relation to the security interests of the U.S., PRM obtains security check results for applicants from a number of intelligence and law enforcement agencies. These results are received via the Department’s Consolidated Consular Database (CCD) or other conduit and then entered into WRAPS. WRAPS does not use commercial or publicly available information.

d. Is the system a contractor used and owned system?

WRAPS is a U.S. Government-owned system. Contractor personnel are the primary authorized users of WRAPS and are also involved in the design and development of WRAPS. All users are required to pass annual computer security and privacy training, and to sign non-disclosure and rules of behavior agreements.

e. Privacy Impact Analysis: Describe the types of controls that may be in place to ensure that information is handled in accordance with the above uses.

PII is compiled for three purposes. The first is to confirm eligibility for the P-3 Program based on confirmation of biological relationships. Once a biological relationship is confirmed, the application advances under normal processing procedures, including a subsequent adjudication by DHS/USCIS that access to the Program is proper. The second purpose is to capture a record of the DNA result so that reference can be made to it if questions arise about test validity. Finally, it is anticipated that PRM and DHS/USCIS may want statistical reports about the number of DNA tests that resulted in confirmed or non-confirmed relationships. WRAPS does not perform internal analytical functions using DNA information. Use of DNA is limited to the purposes above. DNA is only kept at the RPC and is non-modifiable by the overseas RSC. The risk for any other kind of unauthorized use is low. Standard operating procedures are in place to ensure that the information is handled in accordance with U.S. Government practices. Procedures are reviewed regularly to ensure compliance.



5. Retention

a. How long is information retained?

Once a DNA test result is entered in WRAPS, and a copy of the DNA test result sheet with genetic marker (allele) information redacted is scanned into WRAPS, the actual laboratory test result sheet is shredded. According to the WRAPS retention schedule (A-25-003), the DNA information and all other records are kept online 5 years after the refugee arrives in the U.S. or until the case is closed. After 5 years, records are archived to an off-line system and kept another 10 years, then destroyed.

b. Privacy Impact Analysis: Discuss the risks associated with the duration that data is retained and how those risks are mitigated.

Active and non-active records are subject to the same security and privacy safeguards. The risk is mitigated by the fact that very few people at the RPC have access to DNA-related record fields. All other WRAPS users, overseas and domestic, have read only access. No genetic marker (allele) information is stored in WRAPS. Except in cases where DNA results are subsequently challenged, results are only used at the time of determination that the refugee applicant is eligible to apply to the Program and in the subsequent DHS adjudication. It is also conceivable that DHS could refer back to an individual’s case file when adjudicating a future benefit for a family member in order to check if the file contains DNA testing results (negative or positive) between the individual and that family member.



6. Internal Sharing and Disclosure

a. With which internal organizations is the information shared? What information is shared? For what purpose is the information shared?

Biographic information on all applicants is checked against the Bureau of Consular Affairs’ Consular Lookout and Support System (CLASS) to determine whether there is certain “hit” information associated with it. Information about a denied applicant (i.e., name, date of birth, citizenship, country of birth, aliases, and reason for denial) is stored in CLASS. No DNA information is exchanged with, or stored in, CA systems.

b. How is the information transmitted or disclosed? What safeguards are in place for each sharing arrangement?

Information is shared by secure transmission methods permitted by internal DoS policy for the handling and transmission of sensitive but unclassified (SBU) information. An Interface Control Document (ICD) and Memorandum of Understanding (MOU) govern required safeguards.

c. Privacy Impact Analysis: Describe risks to privacy from internal sharing and disclosure and describe how the risks are mitigated.

Risk is negligible because authorized users of CLASS are subject to administrative and physical controls commensurate with system security categorization. Refugee refusal information may be used by consular officers to adjudicate visa applications in accordance with the stated authority and purpose for the information.



7. External Sharing and Disclosure

a. With which external organizations is the information shared? What information is shared? For what purpose is the information shared?

The most common reasons for disclosure include the following:

  • DHS/USCIS officers have access to WRAPS records for adjudication of refugee cases, for fraud prevention, and to conduct relationship and family tree research related to granting “following-to-join” applications or adjudication of other immigration benefits.

  • NGO and international organization partners working under cooperative agreements with the Department have access to refugee information to facilitate the arrival and resettlement of refugees. Pursuant to these cooperative agreements, NGOs must handle the information in accordance with applicable U.S. law and PRM policy.

  • The IOM has access to basic biographical information and limited medical information needed to arrange transportation to the U.S., including departure and transit formalities.

  • For cases it has referred to USRAP, UNHCR is provided with adjudication results to coordinate resettlement and protection activities.

Records may occasionally be disclosed for the following reasons:

  • Limited case status information may be provided to Members of Congress if requested in writing.

  • Information from WRAPS is provided to other Federal, State, and local government agencies having statutory or other lawful authority as needed for the formulation, amendment, administration, or enforcement of immigration, nationality, and other laws.

  • Biographic, educational, employment, and medical information may be disclosed to voluntary agency sponsors to ensure appropriate resettlement in the U.S.

  • Statistical and demographic information from these records may be disclosed to state refugee coordinators, health officials, and interested community organizations.

  • Arrival and address information may be disclosed to consumer reporting agencies, debt collection contractors, and the Department of the Treasury to assist in the collection of indebtedness reassigned to the U.S. Government under the refugee travel loan program administered by IOM.

b. How is the information shared outside the Department? What safeguards are in place for each sharing arrangement?

DHS/USCIS partner offices have online inquiry access to WRAPS by means of a secure remote access services. Other partners receive, upon request, WRAPS information by secure email.

c. Privacy Impact Analysis: Describe risks to privacy from external sharing and disclosure and describe how the risks are mitigated.

Risk is negligible because authorized users of CLASS are subject to administrative and physical controls commensurate with system security categorization. Refugee refusal information may be used by external agencies to review visa applications in accordance with the stated authority and purpose for the information.



8. Notice

The system:

contains information covered by the Privacy Act.

Department of State system of records titled State-59, Refugee Case Records

does NOT contain information covered by the Privacy Act.

a. Is notice provided to the individual prior to collection of their information?

Each applicant to the USRAP is asked to sign a notice of confidentiality. This notice informs applicants of entities or persons with whom information will be shared and for what purposes. Anchors who seek admission of family members under the USRAP P-3 Program file the AOR, which includes a Privacy Act statement outlining the purposes of the information collected and with whom it may be shared. General notice to the public is provided through publication of Privacy Act notices in the Federal Register.

Anchors also must sign an acknowledgment that they understand that they and QFMs may be requested to submit DNA evidence to verify claimed biological relationships; that they will submit DNA evidence at such time it is requested; and that they will pay all necessary fees associated with that expense and the expenses associated with the submission of DNA evidence of QFMs.

Prior to collecting a DNA sample, the RSC will provide notice to QFMs explaining that DNA will only be used for the purpose of establishing a claimed biological relationship, and that DNA will be sent to the laboratory for analysis and not kept by the U.S. Government. The QFMs sign the form acknowledging that the RSC has explained the purpose of DNA testing.

b. Do individuals have the opportunity and/or right to decline to provide information?

Information is voluntarily provided by anchor relatives, refugee applicants, and, with their consent, by family members and other designated agents. Failure to provide the information may result in denial of refugee admission.

c. Do individuals have the right to consent to limited, special, and/or specific uses of the information? If so, how does the individual exercise the right?

If individuals provide information, they have no right to consent to limits on its use.

d. Privacy Impact Analysis: Describe how notice is provided to individuals and how the risks associated with individuals being unaware of the collection are mitigated.

PRM policy for overseas processing partners about confidentiality of refugee records is based on Section 222(f) of the Immigration and Nationality Act, which states that these records “shall be considered confidential and shall be used only for the formulation, amendment, administration, or enforcement of immigration, nationality, and other laws of the United States.” The policy further requires that, in general, no information regarding specific refugee cases may be released to anyone other than the applicant himself or herself, except as needed for processing of cases or for use by Members of Congress who have need of the information given their role in the “formulation, amendment, administration or enforcement of immigration, nationality, and other laws of the United States.” Applicants for refugee admission are provided notice as to the limited manner in which the personal information they provide may be used.



9. Notification and Redress

a. What are the procedures to allow individuals to gain access to their information and to amend information they believe to be incorrect?

Individual refugee applicants are able to verify information via forms that are printed from the system and signed. Record notice and amendment procedures are published in Privacy Act notices published in the Federal Register and in agency rules published at 22 CFR 171.36.

b. Privacy Impact Analysis: Discuss the privacy risks associated with notification and redress and how those risks are mitigated.

To the extent that a WRAPS record pertains to individuals who have rights under the Privacy Act, the notification and redress mechanisms offered to individuals are reasonable and adequate in relation to the system’s stated purposes and uses and its applicable legal requirements. Therefore this category of privacy risk is appropriately mitigated.

10. Controls and Access

a. What procedures are in place to determine which users may access the system and the extent of their access? What monitoring, recording, and auditing safeguards are in place to prevent misuse of data?

Access to WRAPS is granted on a case by case basis. Only authorized users directly involved in refugee processing or in technical support roles have access to WRAPS. These include U.S. Government employees, contractors, system administrators, and other authorized technical staff granted privileged access.

Access to WRAPS records is governed by the Department’s data sharing policy, in which user access is determined and approved by the system owner only after careful evaluation of the user and the need to access WRAPS. Once the PII is in WRAPS, the system tracks changes made to a refugee record to ensure both accuracy and privacy protection. Managers periodically run audit reports to ensure that users are not performing unauthorized functions. WRAPS contains a warning banner that is compliant with Federal policy.

b. What privacy orientation or training for the system is provided authorized users?

All users must pass computer security and privacy awareness training prior to receiving access to the system and must complete annual refresher training to retain access.

c. Privacy Impact Analysis: Given the sensitivity of PII in the system, manner of use, and established access safeguards, describe the expected residual risk related to access.

User access controls and system audit trails are utilized to deter and detect any unauthorized activity.



11. Technologies

a. What technologies are used in the system that involve privacy risk?

The WRAPS application uses a SQL-compliant relational database solution to store and maintain electronic records of refugee applicants. WRAPS implements role-based access controls to implement the principles of least privilege, separation of duties, and need to know.

b. Privacy Impact Analysis: Describe how any technologies used may cause privacy risk, and describe the safeguards implemented to mitigate the risk.

Technologies employed by WRAPS are considered to have negligible privacy risk.



12. Security

What is the security certification and accreditation (C&A) status of the system?

The Department of State operates WRAPS in accordance with information security requirements and procedures required by federal law and policy to ensure that information is appropriately secured. The Department has conducted a risk assessment of the system, identified appropriate security controls to protect against that risk, and implemented those controls. The Department performs monitoring, testing, and evaluation of security controls on a regular basis to ensure that the controls continue to work properly. In accordance with the Federal Information Security Management Act (FISMA) provision for the triennial recertification of this system, its most recent date of authorization to operate was February 29, 2008, but a new C&A was in process at the time of publication of this document.



13. Certifying Officials’ Signature



________________________________

System Owner



________________________________

Program Manager



________________________________

Information Security Manager



Email the completed PIA in MSWord format to “PIA Team”. Upon signing, please send this signature page to the same group email box in the form of a scanned PDF, or send as paper via interoffice mail to “A/GIS/IPS/PRV”.



____________________________________________________________________

TO BE COMPLETED BY A/GIS/IPS/PRV



Reviewer: _________________________

Approver: _______________________




9



File Typeapplication/vnd.openxmlformats-officedocument.wordprocessingml.document
File TitleDEPARTMENT OF STATE
Authorfosterkl
File Modified0000-00-00
File Created2021-01-31

© 2024 OMB.report | Privacy Policy