Download:
pdf |
pdf
Privacy Impact Assessment
for the
DHS Traveler Redress Inquiry Program
(DHS TRIP)
January 18, 2007
Contact Point
James Kennedy
Director, Office of Transportation Security Redress
Transportation Security Administration
[email protected]
Reviewing Official
Hugo Teufel III
Chief Privacy Officer
Department of Homeland Security
[email protected]
�Privacy Impact Assessment
Rice-Chertoff Initiative Traveler Redress Inquiry Program
January 18, 2007
Page 2
Abstract
The Department of Homeland Security Traveler Redress Inquiry Program (DHS TRIP) is a customer
service web-based initiative developed as a voluntary program to provide a one-stop mechanism for
individuals to request redress who believe they have been (1) denied or delayed boarding transportation
due to DHS screening programs, (2) denied or delayed entry into or departure from the United States at a
port of entry, or (3) identified for additional (secondary) screening at our Nation’s transportation facilities,
including airports, and seaports. DHS TRIP will provide traveler redress intake and processing support
while working with relevant DHS components to review and respond to requests for redress.
Components operating within this system include the following: Transportation Security
Administration (TSA); U.S. Customs and Border Protection (CBP); U.S. Citizenship and Immigration
Services (USCIS); U.S. Immigration and Customs Enforcement (ICE); U.S. Visitor and Immigrant Status
Indicator Technology Program (US-VISIT); DHS Office for Civil Rights and Civil Liberties (CRCL); and the
DHS Privacy Office.
Some of the programs within these components that will participate in DHS TRIP include TSA’s
aviation passenger screening programs and CBP’s processing of international travelers.
DHS TRIP will use and maintain the information collected from the individual requesting redress in
order to resolve, where possible and appropriate, the underlying issue regarding the request for redress.
The information collected will be used to determine which DHS component or other agency is best able to
address the redress request. DHS TRIP will serve as a mechanism to share redress-related information across
DHS components, to facilitate efficient handling of redress requests, and to facilitate communication of
redress results across DHS components. DHS TRIP will share the information provided by individuals
seeking redress with DHS components and other Federal departments and programs such as the Department
of State’s (DoS) visa issuance and passport programs and the Federal Bureau of Investigation’s Terrorist
Screening Center (TSC), as appropriate, in order to facilitate the appropriate response to the redress request.
Introduction
On January 17, 2006, DHS Secretary Chertoff and DoS Secretary Rice announced the Rice-Chertoff
Initiative. One objective of this initiative is to “accelerate efforts to establish a government-wide traveler
screening redress process to resolve questions if travelers are incorrectly selected for additional screening.”
DHS TRIP was created to provide a web-based central gateway for individuals who seek to submit an
inquiry regarding difficulties they have experienced during travel and to petition to have erroneous
information corrected. DHS TRIP will coordinate and process the intake and close-out requests for redress
or assistance, while DHS components will continue to maintain responsibility for resolving the requests. 1
DHS TRIP will share information provided by individuals seeking redress with the appropriate DHS
component as well as with other federal agencies such as the DoS and TSC, when necessary to process the
redress request.
To facilitate the handling of redress requests, visitors to the DHS TRIP website will have the
opportunity to review a series of Frequently Asked Questions (FAQs) that are designed to address those
questions that do not require individualized responses, such as “Why does DHS screen travelers?” or “How
1
The component redress processes are described in the PIAs for the various operational programs.
�Privacy Impact Assessment
Rice-Chertoff Initiative Traveler Redress Inquiry Program
January 18, 2007
Page 3
can travelers obtain access to information held about them?” For those individuals who do not find a
response to their question or who wish to file a redress request, they can complete an electronic,
customized “smart” form that collects the personal information necessary to process and address their
request. Appendix A of the Privacy Impact Assessment (PIA) contains a copy of the web pages containing
the information collection screens that individuals will see upon visiting DHS TRIP. Each individual filing a
request will receive an acknowledgement by email, unless his or her request identifies a preference for a
different method of communication. This communication will include a unique control number that the
individual can use to learn the status of his or her request.
Using the smart form, DHS TRIP will review the request and forward it to the appropriate DHS
component or federal agency to address the request. The DHS Transportation Security Administration
(TSA) is charged with operating and managing the program for all of DHS. DHS TRIP will be managed by
staff of the TSA, assisted by staff from the various participating components. The system will maintain (1)
the intake information collected from individuals in support of their redress requests (whether submitted
on the redress request form or in supporting documentation submitted by mail or fax), (2) the current
status of each redress request received, and (3) information about the response to the request. Each
participating component will continue to conduct and control the resolution process for redress requests
forwarded to them by DHS TRIP.
Section 1.0
Information collected and maintained
1.1
What information is to be collected?
Individuals with general questions, such as “What is DHS TRIP” or “Why do some travelers receive
additional screening,” will be referred to the FAQs section of the website. If the response to a question is
not provided in the FAQs, the individual will have the opportunity to log in a redress request, as described
below. In addition, an individual may send an email to the DHS TRIP email box which is noted in the
FAQs and on the website. In this last instance, the information collected about the individual will be limited
to the email address as well as the information contained in the email, so that DHS TRIP may respond to the
question.
When an individual chooses to file a redress request at DHS TRIP, the individual will be asked to
review a series of traveler experience screening statements to help DHS TRIP identify and assess the nature
of the redress issue. For example, does the request concern denied or delayed boarding, denied or delayed
entry or exit to the United States, secondary or additional screening, etc. (See Appendix A for a copy of the
web page listing the experience screening options.) Based on the individual’s response to the set of
screening statements, the individual will view a customized or “smart” Traveler Inquiry Form (TIF)
designed to electronically collect only the personally identifiable information necessary to process and
address the individual’s request. (See Appendix A for the web pages depicting the smart form for the
specific data elements for each type of request.) Individuals will also have the option of mailing or faxing
their information to initiate their redress request. The data elements collected fall into three categories: (1)
contact information to enable DHS TRIP to communicate with the individual, such as name, address,
telephone number, and email address; (2) information about the individual’s experience to assist DHS TRIP
in identifying which component is best able to address the request; and (3) information and/or
�Privacy Impact Assessment
Rice-Chertoff Initiative Traveler Redress Inquiry Program
January 18, 2007
Page 4
documentation to verify the identity of the individual if necessary to authenticate the individual or to
address a redress request involving misidentification.
While no fields will be considered mandatory, the electronic smart form will highlight those fields
that are suggested as most important for purposes of processing and addressing the redress request. As
indicated in Appendix A, the personally identifiable information (PII) collected will be based upon the type
of redress request. In all instances, it will include the contact information that the individual wishes to use
as the preferred method of contact. Additional data elements may include the following: individual’s full
name; current address; email address; home and work telephone numbers; date of birth; gender; U.S. or
non-U.S. passport number as applicable; as well as basic information about the event, such as the mode of
travel; location where the experience occurred; number of travelers impacted; contact name and address, if
different from the individual’s name and address; departure date, return date, name of the airline, flight
number, and a brief narrative which describes the situation.
To assist in addressing instances of misidentification and to authenticate the redress inquiry, the
individual may be asked to submit to DHS TRIP supporting documentation by mail or fax. This
documentation may be either a copy of a U.S. or non-U.S. Passport or copies of at least three of the
following: a birth certificate, driver’s license, immigrant/nonimmigrant visa, naturalization certificate,
certificate of citizenship, voter registration card, certificate of release or discharge from active duty,
government identification card or military identification card. The documentation must be submitted
within 30 days of filing the redress request. If the individual submits a birth certificate, it must be a
certified copy of the original. Depending upon the redress request, supplemental information may be
requested later during the processing, in order to help the appropriate component effectively respond to
the request. This supplemental information may be shared with a DHS component or other federal agency
as needed to process the redress request.
The smart form will include a notice explaining the basis of the PII collection as required by the
Privacy Act of 1974 and an OMB burden statement as required by the Paperwork Reduction Act, as well as
an acknowledgment that the information the individual provides is true and correct, that he or she is
providing the personal information voluntarily, and how the information may be shared. These notices
appear in Appendix A and B of this PIA. DHS TRIP will maintain the following categories of information:
(1) the information collected via the smart form; (2) the component(s) handling the inquiry; (3) the
“status” of the redress request; and (4) information about the DHS TRIP response to the request. Upon
submitting a TIF, an individual will receive a communication from DHS TRIP that includes an assigned
control number to enable the individual to access his or her application “status” online. The “status”
options may include pending paperwork, in process, closed, or reopened.
1.2
From whom is information collected?
DHS TRIP may collect PII directly from the individual submitting a request for assistance, or
through the individual’s representative, regarding difficulties the individual experienced during travel
screening at transportation facilities, such as airports or across U.S. borders. PII may be provided directly by
the individual or through a representative. If the information is provided through a representative, the
individual will be required to sign and submit an authorization letter providing the representative with the
authority to file on his or her behalf. In addition, information related to the final disposition of the request
will be collected from the component or program handling the request.
�Privacy Impact Assessment
Rice-Chertoff Initiative Traveler Redress Inquiry Program
January 18, 2007
Page 5
1.3
Why is the information being collected?
The information is being collected from the individual in order to conduct redress and
communicate the response back to the redress requestor. The collection of PII is necessary to identify the
specific circumstances surrounding his or her request for redress and to address the request. Information
provided about the event will assist DHS in coordinating among its components and with other federal
agencies where appropriate in order to respond to the inquiry. DHS TRIP collects and maintains the final
disposition of the request in order to assist the component or program in communicating with the
individual and to enable DHS TRIP to audit the effectiveness of the DHS TRIP program. In addition,
aggregate metrics about the program will be obtained to help DHS identify issues in need of improvement
within its screening and redress procedures.
1.4
How is the information collected?
The information is collected online directly from individuals seeking redress or from their
representatives. Individuals are also given the option of mailing or faxing their TIF to DHS TRIP.
1.5
What specific legal authorities/arrangements/ agreements define
the collection of information?
Subsection (d) of the Privacy Act of 1974 (5 U.S.C. 552a, as amended) provides authority to
enable individuals to access and request to amend their records. Title IV of the Intelligence Reform and
Terrorism Prevention Act of 2004 provides for security measures to be taken to protect travel as well as the
ability for airline passengers who are delayed or prohibited from boarding as a result of a screening
program determination that they might pose a security threat to appeal the determination and correct
erroneous information which may have resulted in delay or misidentification. See Section 4012 (a)(1) and
(2); 49 U.S.C. §§44903(j) (2) (G) and 44909(c)(6)(B).
1.6
Privacy Impact Analysis
DHS TRIP has limited information collection to the minimum necessary to conduct the redress
program. First, by providing FAQs, the program will reduce the number of requests in the first instance
and the need to collect PII. Second, DHS TRIP will collect only as much information as needed to process
and resolve the request. Specifically, the information collection is limited to information used to identify
and contact the individual, identify the experience triggering the request, and to assist the agency in
distinguishing him or her from someone with a name similarity, or otherwise to resolve a redress request.
DHS TRIP will also collect PII from the individual’s representative, if applicable, in order to enable the
agency to contact the representative. This information will include name, address, e-mail address, and
telephone contact information. DHS TRIP has developed a secure web-based application intake portal that
will enable the individual to submit his or her request for redress in a secure manner.
�Privacy Impact Assessment
Rice-Chertoff Initiative Traveler Redress Inquiry Program
January 18, 2007
Page 6
Section 2.0
Uses of the system and the information
2.1
Describe all the uses of information.
DHS TRIP will use the PII to coordinate the DHS redress process as described above, and simplify
the process for travelers wishing to submit a redress request. Information collected through the website
will be used to identify the DHS component or other federal entity most likely to be able to address the
redress request. DHS TRIP will maintain a case management system of traveler requests that will include
the component responsible for handling the request. DHS TRIP will also track case progress and final
resolution to provide metrics of success in responding to requests, identify areas in need of additional
support, and to develop lessons learned regarding the DHS redress process. Once intake information is
complete, DHS TRIP will transfer this information to the appropriate component which will follow its own
process to address the inquiry using the information the individual submitted.
2.2
Does the system analyze data to assist users in identifying
previously unknown areas of note, concern, or pattern?
No. The information provided will only be used to help respond to the individual’s request for
redress, to provide aggregate metrics about the program, and to help DHS identify issues in need of
improvement within its screening and redress procedures as described above.
2.3
How will the information collected from individuals or derived from
the system be checked for accuracy?
DHS TRIP will collect PII directly from the individual seeking redress or his or her representative.
Because the individual provides the information about him or herself directly, the likelihood of erroneous
PII is greatly reduced. Information will be limited to the minimum necessary to facilitate the redress
process. In addition, DHS TRIP may require the individual to submit proof of identity consisting of
photocopies of a U.S. Passport or copies of at least three government-approved or issued documents, as
described above. Such documentation will help identify the individual and facilitate the redress process,
particularly in instances of misidentification.
2.4
Privacy Impact Analysis
Information collected is for purposes of assisting the individual to address his or her inquiry. The
collection of information will be limited to that which is necessary to identify the individual and determine
if a misidentification has occurred. The documentation requested to confirm the identity is necessary to
ensure that the person requesting redress is who they say they are and is not providing fraudulent or
incorrect information through the TIF. Verification of the identity and supporting documentation will help
substantiate where there is a need to correct the information held by DHS or one of the participating
agencies.
�Privacy Impact Assessment
Rice-Chertoff Initiative Traveler Redress Inquiry Program
January 18, 2007
Page 7
Section 3.0
Retention
3.1
What is the retention period for the data in the system?
DHS TRIP is currently working with the National Archives and Records Administration (NARA) to
develop a records retention schedule to cover the information collected from individuals who avail
themselves of the redress process. The information contained in DHS TRIP system includes the information
collected from individuals in support of their redress requests, the current status of redress requests
received, and information about the resolution of the request. DHS TRIP expects to retain these records for
a period of up to seven years. The information that is shared with DHS components and other agencies in
order to resolve the redress request may be retained in the recipient systems subject to those systems record
retention schedules. For example, TSA expects to retain redress information for up to seven years.
3.2
Has the retention schedule been approved by the National
Archives and Records Administration (NARA)?
No. DHS TRIP is working to develop a schedule to cover records about individuals utilizing the
redress process, which it will submit to NARA for review and approval. Until a retention schedule is
submitted and approved by NARA, no records collected for the redress process will be destroyed.
3.3
Privacy Impact Analysis
Information collected through this program will be maintained in accordance with NARAapproved record retention schedule. DHS TRIP expects that records collected from applicants will be kept
for up to seven years to enable DHS TRIP to assist a traveler who may have repeated experiences or to
reduce the likelihood of repeated experiences.
Section 4.0
Internal sharing and disclosure
4.1
With which internal organizations is the information shared?
In the ordinary course of administering DHS TRIP, it is expected that the information will be
shared with relevant components and programs within DHS where it is necessary to process and address a
redress request. Components operating within this system include the following: Transportation Security
Administration (TSA); U.S. Customs and Border Protection (CBP); U.S. Citizen and Immigration Services
(USCIS); U.S. Immigration and Customs Enforcement (ICE); U.S. Visitor and Immigrant Status Indicator
Technology Program (US-VISIT); DHS Office for Civil Rights and Civil Liberties (CRCL); DHS Screening
Coordination Office; and the DHS Privacy Office.
Some of the programs within these components that will participate in DHS TRIP include TSA’s
aviation passenger screening programs and CBP’s processing of international travelers. DHS TRIP will use
�Privacy Impact Assessment
Rice-Chertoff Initiative Traveler Redress Inquiry Program
January 18, 2007
Page 8
this information to attempt to help those individuals who have been: (1) denied or delayed boarding
transportation due to DHS screening programs; (2) denied or delayed entry into or departure from the
United States at a port of entry; or (3) identified for additional (secondary) screening at our Nation’s
transportation facilities, including airports, and seaports. .
The information DHS TRIP receives from individuals may be shared with DHS employees and
contractors who have a need for the information in the performance of their duties as it relates to
processing and responding to the redress request.
4.2
For each organization, what information is shared and for what
purpose?
All of the information supplied to DHS TRIP during the intake process will be shared with the lead
DHS component responsible for reviewing and addressing the request. For a general request, such as a
question not discussed in the Frequently Asked Questions section, either DHS TRIP will respond directly to
the requestor or it will route the name, contact information, and question to the appropriate DHS
component for response. For a formal redress request, which requires the TIF form, DHS TRIP will assess
the information provided and identify the most appropriate DHS component to address the request. For
example, if the issue is related to traveling across U.S. borders, DHS TRIP may submit the requester’s name,
contact information, and TIF to CBP. If the issue is related to being delayed or denied boarding when
traveling domestically by air, DHS TRIP may submit the requestor’s name, contact information, and TIF to
TSA. If the inquiry raises a question related to civil rights or privacy regarding the requestor’s information,
the inquiry will be sent to the DHS Office for Civil Rights and Civil Liberties or the DHS Privacy Office.
DHS TRIP has worked with each component to develop criteria for disseminating the requests. It is
anticipated that DHS TRIP will reduce delays in processing redress requests because the requests can be
channeled to the most appropriate component quickly. If the component is incorrectly identified, the
recipient component will work with DHS TRIP to determine the most appropriate component to handle the
request. If the case is the responsibility of more than one component, DHS TRIP will maintain the lead and
coordinate with relevant components.
Once the request is addressed, the component will notify DHS TRIP, which will enter the
disposition into DHS TRIP’s database, thus making it available to the other participating components and
agencies.
4.3
How is the information transmitted or disclosed?
Depending on the specific situation and need, DHS TRIP staff may transmit this data in person,
paper format, via a secure data network, via a secure facsimile or telephonically only to those who have a
need for the information in the performance of their duties. The method of transmission may vary
according to specific circumstances, but in all cases must meet DHS requirements for the secure transfer of
PII. See Section 8 of the PIA for more information.
4.4
Privacy Impact Analysis
Internal information sharing is limited to DHS employees and contractors who have a need for the
information, as identified above in 4.2, in the performance of their duties in accordance with the Privacy
�Privacy Impact Assessment
Rice-Chertoff Initiative Traveler Redress Inquiry Program
January 18, 2007
Page 9
Act. Privacy protections will include strict access controls, (passwords and role-based access), tracking
features, and mandated training for all employees and contractors. See Section 8 of the PIA for more
information.
Section 5.0
External sharing and disclosure
5.1
With which external organizations is the information shared?
The information collected and retained in DHS TRIP may need to be shared under certain
circumstances with other federal agencies when necessary to address an individual’s redress request. DHS
TRIP may share information provided by an individual seeking redress with other federal departments and
programs such as the Department of State (DoS) or the TSC, in order to determine the appropriate response
to the redress request.
For example, DHS TRIP may exchange information with DoS where the redress request pertains to
visa issuance or a passport program. Likewise, information may be shared with the TSC, where the
information may be used to distinguish the identity of the individual seeking redress from that of another
individual included on a watchlist or determine whether the traveler’s experience was based on incorrect
information.
Additionally, limited information may be shared with non-governmental entities where necessary
for the sole purpose of effectuating an individual’s redress request. For example, if an individual has been
cleared and distinguished from an individual who is known or suspected to be a threat to aviation security,
TSA will share that individual’s name and appropriate associated information with the airlines to prevent
future delays and disruptions for that individual while traveling.
Other types of information sharing that may result from the routine uses outlined in the system of
records notice that covers DHS TRIP (DHS-ALL-005, Published January 18, 2007, Volume 72) includes:
(1) Disclosure of information to contractors, interns, or service providers, who are not DHS
employees, but have an agency relationship with DHS to accomplish DHS responsibilities. This routine use
permits DHS to contract for services to augment that which is accomplished by DHS employees. This
disclosure occurs only in the context of the operation of DHS TRIP or the DHS component redress
programs;
(2) Sharing of information when there appears to be a specific violation or potential violation of
law, or identified threat or potential threat to national or international security, such as criminal or terrorist
activities, based on individual records in this system. This routine use operates only in the situation when
the information indicates some sort of violation of law or threat, such as when someone would provide
false or fraudulent documents;
(3) Sharing of information with the National Archives and Records Administration for proper
handling of government records;
(4) Sharing of information when relevant to litigation associated with the Federal government; and
�Privacy Impact Assessment
Rice-Chertoff Initiative Traveler Redress Inquiry Program
January 18, 2007
Page 10
(5) Sharing of information to protect the individual who is the subject of the record from the harm
of identity theft in the case of a data breach affecting this system.
5.2
What information is shared and for what purpose?
As stated in Section 4.0 above, processing and addressing redress inquiries may require DHS TRIP
to share information with other federal agencies. First, for a general request to the DHS TRIP email box,
such as a request for information that was not resolved by the FAQs, either DHS TRIP will respond directly
to the requestor, or it will route the contact information and the question to the appropriate federal
department or agency. For a formal redress request using the smart TIF form, DHS TRIP will review the
request, and if it is related to DoS, for example, it will forward all of the intake information to DoS for
processing. If the request involves an issue involving the U.S. Government’s consolidated terrorist
watchlist, DHS TRIP may share the intake information with TSC, which maintains the terrorist watchlist in
order to address the request.
5.3
How is the information transmitted or disclosed?
Depending on the agency involved, DHS TRIP will transmit this information in a secure manner,
whether by person, paper format, or via a secure data network. See Section 8 of the PIA for more
information. Certain federal agencies, such as TSC and DoS, may have read-only access to DHS TRIP to
assist in reviewing redress requests.
5.4
Is a Memorandum of Understanding (MOU), contract, or any
agreement in place with any external organizations with whom
information is shared, and does the agreement reflect the scope of
the information currently shared?
DHS and individual components enter into MOUs when sharing PII with other federal agencies. In
addition, TSA will share with airlines only that information necessary to assist in the implementation of an
individual’s redress resolution. Such sharing will be in accordance with TSA’s existing mechanisms and
security directives in order to implement a redress resolution.
5.5
How is the shared information secured by the recipient?
Any federal agency receiving this information is required to handle it in accordance with the
Privacy Act and Federal information security requirements. Agencies are required to take appropriate action
to protect PII to ensure the means of transmission are secured by encryption or equivalent protections. In
addition, private entities such as airlines, with which TSA may share redress resolution information in order
to implement a redress resolution, are required to secure information about individuals and limit disclosure
to those who have a need for the information for official purposes.
�Privacy Impact Assessment
Rice-Chertoff Initiative Traveler Redress Inquiry Program
January 18, 2007
Page 11
5.6
What type of training is required for users from agencies outside
DHS prior to receiving access to the information?
No specific training is required of users from outside agencies; however, any federal agency
receiving this information is required to handle it in accordance with the Privacy Act and their applicable
System of Records Notices (SORNs). In addition, federal agencies and their contactors are subject to
information security requirements of the Federal Information Security Management Act (FISMA), Title III if
the E-Government Act, Pub. L. 107-347.
5.7
Privacy Impact Analysis
DHS TRIP will only share this information under the applicable provisions of the DHS Redress
SORN and the Privacy Act. DHS TRIP will share information only with those entities that have a need to
know the information in order to address the request of the individual.
Section 6.0
Notice
6.1
Was notice provided to the individual prior to collection of
information? If yes, please provide a copy of the notice as an
appendix. A notice may include a posted privacy policy, a Privacy
Act notice on forms, or a system of records notice published in the
Federal Register Notice. If notice was not provided, why not?
Yes. Consistent with 5 U.S.C. §552a(e)(3), all forms requesting data will provide a Privacy Act
Statement and will also require that the individual seeking redress acknowledge that he or she is voluntarily
submitting personally identifiable information for redress purposes and that the information provided is
accurate. The publication of this PIA and the SORN also serve to provide public notice of the collection,
use, and maintenance of this information. The SORN and Privacy Act Statement are found in Appendix B.
6.2
Do individuals have an opportunity and/or right to decline to
provide information?
Yes. The redress process is voluntary, so individuals have the right to decline to engage in the
process or to limit the information he or she provides for review. Providing less information than
requested, however, may make resolution of the matter more difficult. For example, it may be difficult to
distinguish the individual from someone with an identical or similar name on the watchlist, or the
information may help determine whether an individual should be included on the watchlist, or to address
other border enforcement issues.
�Privacy Impact Assessment
Rice-Chertoff Initiative Traveler Redress Inquiry Program
January 18, 2007
Page 12
6.3
Do individuals have the right to consent to particular uses of the
information, and if so, how does the individual exercise the right?
The individual does not have the right to direct particular uses of the information. DHS TRIP,
however, will limit its use under the Privacy Act and applicable SORN, which is published in the Federal
Register and available for review by interested individuals and the PIA, which is published on the DHS
Privacy Office website and is available via a link in the DHS TRIP FAQs.
6.4
Privacy Impact Analysis
Individuals are provided a Privacy Act Statement on the TIF prior to providing information and
may therefore determine if he/she would like to submit the information. Only the minimum information
necessary to identify the individual is required to process the inquiry. Those who do not wish to provide
all of the information requested may choose to provide less information, although this may delay or
prevent a response or resolution of their inquiry.
Section 7.0
Individual Access, Redress and Correction
7.1
What are the procedures which allow individuals to gain access to
their own information?
Requests for access to the information submitted during the redress process may be made by
submitting a request to the DHS TRIP email link [email protected] posted on the DHS TRIP website
www.dhs.gov/trip. DHS TRIP will provide access to the intake information provided by the individual and
resolution information, as well as the status of the request. Information regarding access will also be
provided to the individual in the letter which states the disposition of the inquiry. Individuals seeking
access may need to provide identity documentation in order to ensure the request is legitimate. Requests
may also be submitted by mail or by fax. This information will be posted on the website. The request
should include the contact information as well as the control number of the redress request, if known.
Individuals may obtain the status of their request by simply going to the DHS TRIP website and entering
the control number issued by DHS TRIP when they submitted their request.
7.2
What are the procedures for correcting erroneous information?
After submitting a redress request through the DHS TRIP website, an individual may request to
modify or correct the information he or she originally submitted to DHS TRIP by either sending an email to
the DHS TRIP email box or by resubmitting the smart form with the updated information. For an
individual using the web-based application and completing a form online, identity verification information
may be sent via hard copy, e-mail, or facsimile. For a minor, only a custodial parent or guardian may
submit the information on behalf of the minor. For anyone using a representative to submit the form, an
authorization letter will be made available and must be submitted.
•
Upon submission of the revised form, the individual will receive notification of receipt.
�Privacy Impact Assessment
Rice-Chertoff Initiative Traveler Redress Inquiry Program
January 18, 2007
Page 13
•
DHS TRIP will review the revised form and determine which component/agency will most effectively
be able to respond to the submission.
•
DHS TRIP will coordinate with the appropriate DHS component or federal agency in the processing of
the submission.
7.3
How are individuals notified of the procedures for correcting their
information?
Individuals are notified of DHS TRIP procedures by accessing the DHS public website at
www.dhs.gov/trip. Transportation facilities will also have posters and pamphlets available to provide to
passengers. The FAQs posted on the website will provide this information as well.
7.4
If no redress is provided, are alternatives available?
An individual who is dissatisfied with the results of DHS TRIP may have the opportunity to submit
supplementary information based upon the redress procedures, if any, of the component/agency
responsible for handling the request. Additionally, upon closing the matter, an individual will be notified
in the disposition letter sent by DHS TRIP or the DHS component/agency whether he or she may request to
have the resolution reconsidered.
7.5
Privacy Impact Analysis
DHS TRIP will provide a redress process that furthers the privacy interest of the individual by
providing an easy-to-use website that facilitates the submission and processing of redress requests. Since
DHS TRIP will collect PII directly from the individual, the risk of collecting inaccurate information should
be minimized. In addition, individuals may request access to or correction of their personally identifiable
information pursuant to the Privacy Act.
Section 8.0
Technical Access and Security
8.1
Which user group(s) will have access to the system? (For example,
program managers, IT specialists, and analysts will have general
access to the system and registered users from the public will
have limited access.)
In order to perform their duties in managing, upgrading, and using the DHS TRIP system, system
administrators, security administrators, IT specialists, redress analysts, intelligence analysts, call center
employees, and any other DHS TRIP and component redress office employees, detailees, or contractors, and
personnel from participating federal agencies with a need for the information to perform their duties
associated with this program may have access to the system. Automated role-based access controls are
employed to limit the access of information by different users based on the need to know. The DHS TRIP
system is used for data collection and reporting purposes. No unauthorized users are permitted access to
�Privacy Impact Assessment
Rice-Chertoff Initiative Traveler Redress Inquiry Program
January 18, 2007
Page 14
system resources. Strict adherence to access control policies is automatically enforced by the system in
coordination with and through oversight by the system administrator.
8.2
Will contractors to DHS have access to the system? If so, please
submit a copy of the contract describing their role to the Privacy
Office with this PIA.
Contractors who are hired to perform many of the IT maintenance and security monitoring tasks
have access to the DHS TRIP system in order to perform their official duties. Strict adherence to access
control policies is automatically enforced by the system in coordination with and through oversight by the
system administrator. All contractors performing this work are subjected to Homeland Security Acquisition
Regulation (HSAR) requirements for suitability and a background investigation (see 48 CFR 3037.11070(a)). All contractor personnel are required to be favorably investigated and adjudicated for suitability
before they may be permitted to work on the DHS TRIP system.
8.3
Does the system use “roles” to assign privileges to users of the
system?
Role-based access controls are used for controlling access to the system using the policy of Least
Privilege, which states that the system will enforce the most restrictive set of rights/privileges or access
needed by users based on their roles.
8.4
What procedures are in place to determine which users may
access the system and are they documented?
The DHS TRIP system is secured against unauthorized use through the use of a layered, defense-indepth security approach involving procedural and information security safeguards. Only DHS personnel
and personnel of participating federal agencies with responsibilities related to processing and responding to
redress requests will be able to access the data stored on the system .
All federal entities with which DHS TRIP interacts, including the DoS and TSC, as well as DHS
employees and assigned contractor staff, receive federally mandatory privacy and/or security training and
have any necessary background investigations and/or security clearances for access to sensitive information
or secured facilities based on DHS or other federal agency security policies and procedures.
All government and contractor personnel are vetted and approved for access to the facility where
the system is housed, issued picture badges with integrated proximity devices imbedded, and given specific
access to areas necessary to perform their job function. All personnel working in or accessing the facility
are required to wear a security office issued control badge with picture and name. The badges provide the
electronic access control cards used to gain entrance to the secure area for the computer operations room.
Badges must be worn and displayed at all times while on the premises.
�Privacy Impact Assessment
Rice-Chertoff Initiative Traveler Redress Inquiry Program
January 18, 2007
Page 15
8.5
How are the actual assignments of roles and rules verified
according to established security and auditing procedures?
Employees or contractors are assigned roles for accessing the system based on their function. The
system administrator will grant access on a need to know basis. The facility security officer ensures
compliance to policy and manages the activation or deactivation of accounts and privileges as required or
when expired. DHS TRIP ensures personnel accessing the DHS TRIP system have security training
commensurate with their duties and responsibilities.
8.6
What auditing measures and technical safeguards are in place to
prevent misuse of data?
The DHS TRIP system has an audit trail feature to track any changes to the data and to track access
to the system. The system has the capability to track individual record access and modifications by user
name as well as time/date stamp. The system administrator will regularly review the audit system logs.
8.7
Describe what privacy training is provided to users either generally
or specifically relevant to the functionality of the program or
system?
DHS government and contractor personnel associated with DHS TRIP are required to complete
privacy training. Compliance with this requirement can be audited. In addition, security training is
provided regularly, which helps to raise the level of awareness for protecting personal information being
processed.
8.8
Is the data secured in accordance with FISMA requirements? If
yes, when was Certification & Accreditation last completed?
Information contained in the DHS TRIP system is safeguarded in accordance with the Federal
Information Security Management Act of 2002 (Pub.L.107-347) (FISMA), which establishes governmentwide computer security and training standards for all persons associated with the management and
operation of Federal computer systems.
The system is currently undergoing a full Certification and Accreditation process and DHS TRIP
expects to complete this process before the system is launched.
8.9
Privacy Impact Analysis
Data on the system is secured in accordance with applicable Federal standards. Security controls are
in place to protect the confidentiality, availability, and integrity of personal data, including role-based
access controls that enforce a strict need to know policy. Physical access to the system is strictly controlled
with the use of proximity badges and biometrics. The system is housed in a controlled computer center
within a secure facility. In addition, administrative controls, such as periodic monitoring of logs and
accounts, help to prevent and/or discover unauthorized access. Audit trails are maintained and monitored
to track user access and unauthorized access attempts.
�Privacy Impact Assessment
Rice-Chertoff Initiative Traveler Redress Inquiry Program
January 18, 2007
Page 16
Section 9.0
Technology
9.1
Was the system built from the ground up or purchased and
installed?
The system is primarily built as a modification of the current TSA Redress System using additional
Commercial Off-the-Shelf (COTS) products. System components include modified COTS software, COTS
hardware and operating systems.
9.2
Describe how data integrity, privacy, and security were analyzed as
part of the decisions made for your system.
Security and privacy requirements were derived based on the sensitivity category of the system,
which is considered to be moderate or high sensitivity, depending on the type and context of the
information. The moderate baseline requirements reflect that stringent controls are needed for protecting
the confidentiality, availability, and integrity of data of this system. The system is designed to support the
moderate baseline requirements and protects the integrity and privacy of personal information.
The DHS TRIP system is designed to allow for collection of only those data elements necessary to
allow DHS TRIP to complete its tasks. Additional information is only requested as needed and in the vast
majority of cases, a limited initial set of information may be sufficient to process a redress request.
9.3
What design choices were made to enhance privacy?
In order to support privacy protections, DHS TRIP will only collect the minimum of personally
identifiable information needed to process the redress inquiry. In addition, DHS TRIP uses an information
technology infrastructure that will protect against inadvertent use of personally identifiable information not
required by the government. Access to the system containing information collected for this program will
be strictly controlled. Only DHS TRIP and component redress employees, detailees, and contractors with
proper security credentials and passwords will have permission to access this system. Certain TSC and DoS
personnel will also have access in order to facilitate responding to the redress request. Additionally, the
record system will track access to electronic information. Access logs will be periodically reviewed. All
DHS employees and assigned contractor staff receive privacy training on the use and disclosure of personal
data. The procedures and policies in place are intended to ensure that no unauthorized access to records
occurs and that operational safeguards are firmly in place to prevent system abuses.
9.4
Privacy Impact Analysis
These conscious design choices will limit access to the personal information, thereby mitigating
any possible privacy risks associated with this program.
�Privacy Impact Assessment
Rice-Chertoff Initiative Traveler Redress Inquiry Program
January 18, 2007
Page 17
Conclusion
DHS TRIP provides individuals who have experienced difficulties during travel screening at
transportation facilities, such as airports and seaports or across U.S. borders at points of entry, the
opportunity to seek redress. DHS TRIP is publishing this Privacy Impact Assessment to detail how it collects
and maintains PII about individuals who are affected by these redress procedures. Privacy impacts have
been mitigated by collecting only information that assists in processing and addressing identification and
related redress concerns. DHS TRIP will use this limited information to help those passengers who have
been delayed or prevented from traveling as a result of heightened security measures.
Responsible Officials
James Kennedy, Director, Office of Transportation Security Redress, Transportation Security
Administration, [email protected]
�Privacy Impact Assessment
Rice-Chertoff Initiative Traveler Redress Inquiry Program
January 18, 2007
Page 18
Approval Signature Page
________________________________ January 18, 2007
Hugo Teufel III
Chief Privacy Officer
Department of Homeland Security
�Privacy Impact Assessment
Rice-Chertoff Initiative Traveler Redress Inquiry Program
January 18, 2007
Page 19
Appendix A:
DHS TRIP Web Pages
Web Questions: DHS TRIP
�Privacy Impact Assessment
Rice-Chertoff Initiative Traveler Redress Inquiry Program
January 18, 2007
Page 20
Smart Form – TSA
�Privacy Impact Assessment
Rice-Chertoff Initiative Traveler Redress Inquiry Program
January 18, 2007
Page 21
Smart Form - CBP/ICE/CIS
�Privacy Impact Assessment
Rice-Chertoff Initiative Traveler Redress Inquiry Program
January 18, 2007
Page 22
Smart Form - US-VISIT
�Privacy Impact Assessment
Rice-Chertoff Initiative Traveler Redress Inquiry Program
January 18, 2007
Page 23
Smart Form – CRCL
�Privacy Impact Assessment
Rice-Chertoff Initiative Traveler Redress Inquiry Program
January 18, 2007
Page 24
Smart Form - Privacy
�Privacy Impact Assessment
Rice-Chertoff Initiative Traveler Redress Inquiry Program
January 18, 2007
Page 25
Appendix B:
Privacy Act Statement
Authority: Title IV of the Intelligence Reform and Terrorism Prevention Act of 2004 authorizes
DHS to take security measures to protect travel, and under Subtitle B, Section 4012(1)(G), the Act directs
DHS to provide appeal and correction opportunities for travelers whose information may be incorrect.
Principal Purposes: DHS will use this information in order to assist you with seeking redress in
connection with travel.
Routine Uses: DHS will use and disclose this information to appropriate governmental agencies to
verify your identity, distinguish your identity from that of another individual, such as someone included
on a watchlist, and/or address your redress request. Additionally, limited information may be shared with
non-governmental entities, such as air carriers, where necessary for the sole purpose of carrying out your
redress request.
Disclosure: Furnishing this information is voluntary; however, the Department of Homeland
Security may not be able to process your redress inquiry without the information requested.
�
| File Type | application/pdf |
| File Title | Department of Homeland Security Privacy Impact Assessment DHS Traveler Redress Inquiry Program |
| Author | Department of Homeland Security Privacy Impact Assessment DHS Tr |
| File Modified | 2007-01-19 |
| File Created | 2007-01-19 |