Download:
pdf |
pdfPrivacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page 1 of 7
PRIVACY THRESHOLD ANALYSIS (PTA)
This form is used to determine whether
a Privacy Impact Assessment is required.
Please use the attached form to determine whether a Privacy Impact Assessment (PIA) is required under
the E-Government Act of 2002 and the Homeland Security Act of 2002.
Please complete this form and send it to your component Privacy Office. If you do not have a component
Privacy Office, please send the PTA to the DHS Privacy Office:
Senior Director, Privacy Compliance
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Tel: 202-343-1717
[email protected]
Upon receipt from your component Privacy Office, the DHS Privacy Office will review this form. If a
PIA is required, the DHS Privacy Office will send you a copy of the Official Privacy Impact Assessment
Guide and accompanying Template to complete and return.
A copy of the Guide and Template is available on the DHS Privacy Office website,
www.dhs.gov/privacy, on DHSConnect and directly from the DHS Privacy Office via email:
[email protected], phone: 202-343-1717.
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page 2 of 7
PRIVACY THRESHOLD ANALYSIS (PTA)
SUMMARY INFORMATION
Project or
Program Name:
Feedback USA Pilot
Component:
U.S. Citizenship and
Immigration Services (USCIS)
Office or
Program:
Field Operations Directorate
Xacta FISMA
Name (if
applicable):
N/A
Xacta FISMA
Number (if
applicable):
N/A
Type of Project or
Program:
Form or other Information
Collection
Project or
program
status:
Pilot
Date first
developed:
Date of last PTA
update
August 1, 2015
Pilot launch
date:
May 1, 2016
April 8, 2016
Pilot end date:
June 30, 2016
ATO Status (if
applicable)
N/A
ATO
expiration date
(if applicable):
N/A
PROJECT OR PROGRAM MANAGER
Name:
Michael C Biggs
Office:
FOD District 22
Title:
Special Assistant
Phone:
202 746 5059
Email:
[email protected]
ov
INFORMATION SYSTEM SECURITY OFFICER (ISSO) (IF APPLICABLE)
Name:
N/A
Phone:
N/A
Email:
N/A
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page 3 of 7
SPECIFIC PTA QUESTIONS
1. Reason for submitting the PTA: New PTA
USCIS is submitting this PTA for the Feedback USA Button – Department of Homeland Security
(DHS)/U.S. Citizenship and Immigration Services (USCIS) Pilot Survey, which is intended to run for two
months beginning in May 2016.
USCIS seeks to participate in an OMB sponsored pilot project managed by the General Services
Administration (GSA). OMB and GSA are partnering with agencies to pilot the Feedback USA Button–
a simple tool to collect customer feedback and:
•
Provide agencies with information needed to improve program delivery;
•
Provide the Executive Branch with insight into best practices and areas to improve; and
•
Provide the public with transparency around the quality of services provided.
USCIS will conduct the survey at 20 participating field offices. USCIS plans to install 2 kiosks at each
field office. When a customer visits the participating field office for the purpose of seeking information
or for an immigration adjudication interview. At the conclusion of the customer’s appointment, an
employee who interacts directly with the customer will inform the customer of the option of providing
feedback on his or her experience. The customer can voluntarily enter feedback by using the onsite kiosk
to answer the question with the additional option to provide free-form text on the website.
The kiosk is a simple electronic device with one question listed at the top of its screen. The respondent’s
response is a series of four smiley-face emoticons ranging from happy to sad. The kiosks will be placed in
20 of our USCIS field offices. We will ask one of two questions at the kiosk. “How did we do today?”
“How would you rate your experience today?”
2. Does this system employ any of the
following technologies:
If you are using any of these technologies and
want coverage under the respective PIA for that
technology please stop here and contact the DHS
Privacy Office for further guidance.
Closed Circuit Television (CCTV)
Social Media
Web portal 1 (e.g., SharePoint)
Contact Lists
None of these
1
Informational and collaboration-based portals in operation at DHS and its components that collect, use, maintain, and share
limited personally identifiable information (PII) about individuals who are “members” of the portal or “potential members” who
seek to gain access to the portal.
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page 4 of 7
3. From whom does the Project or
Program collect, maintain, use, or
disseminate information?
Please check all that apply.
This program does not collect any personally
identifiable information 2
Members of the public
DHS employees/contractors (list components):
Contractors working on behalf of DHS
Employees of other federal agencies
4. What specific information about individuals is collected, generated or retained?
The kiosks retain customer opinions in the form of their response to one question listed at the top of its
screen. The respondent’s response is a series of four smiley-face emoticons. We will ask one of two
questions at the kiosk. “How did we do today?” “How would you rate your experience today?” The
information will be collected in the waiting areas of 20 USCIS Field Offices. All responses are
anonymous and not tied to a specific appointment. The response is uploaded daily to a secured website
accessible only by designated USCIS employees and members of the GSA Feedback USA management
team.
No. Please continue to next question.
4(a) Does the project, program, or system
Yes. If yes, please list all personal identifiers
retrieve information by personal identifier?
used:
4(b) Does the project, program, or system
No.
use Social Security Numbers (SSN)?
Yes.
4(c) If yes, please provide the specific legal
N/A
basis and purpose for the collection of
SSNs:
4(d) If yes, please describe the uses of the
N/A
SSNs within the project, program, or
system:
4(e) If this project, program, or system is
an information technology/system, does it
relate solely to infrastructure?
2
No. Please continue to next question.
Yes. If a log kept of communication traffic,
please answer the following question.
DHS defines personal information as “Personally Identifiable Information” or PII, which is any information that permits the
identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual,
regardless of whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to
the Department. “Sensitive PII” is PII, which if lost, compromised, or disclosed without authorization, could result in substantial
harm, embarrassment, inconvenience, or unfairness to an individual. For the purposes of this PTA, SPII and PII are treated the
same.
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page 5 of 7
For example, is the system a Local Area Network
(LAN) or Wide Area Network (WAN)?
4(f) If header or payload data 3 is stored in the communication traffic log, please detail the data
elements stored.
The system stores the response to the single question about customer service. The question is answered
by choosing from among four smiley faces ranging from happy to unhappy. No language data is stored.
The system also provides the time and location of the response.
5. Does this project, program, or system
connect, receive, or share PII with any
other DHS programs or systems 4?
No.
Yes. If yes, please list:
Click here to enter text.
6. Does this project, program, or system
connect, receive, or share PII with any
external (non-DHS) partners or
systems?
6(a) Is this external sharing pursuant to
new or existing information sharing
access agreement (MOU, MOA, LOI,
etc.)?
7. Does the project, program, or system
provide role-based training for
personnel who have access in addition
to annual privacy training required of
all DHS personnel?
8. Per NIST SP 800-53 Rev. 4, Appendix
J, does the project, program, or system
maintain an accounting of disclosures
of PII to individuals who have
requested access to their PII?
9. Is there a FIPS 199 determination? 4
3
No.
Yes. If yes, please list:
Click here to enter text.
N/A
No.
Yes. If yes, please list:
No. What steps will be taken to develop and
maintain the accounting: N/A
Yes. In what format is the accounting
maintained:
Unknown.
When data is sent over the Internet, each unit transmitted includes both header information and the actual data being sent. The
header identifies the source and destination of the packet, while the actual data is referred to as the payload. Because header
information, or overhead data, is only used in the transmission process, it is stripped from the packet when it reaches its destination.
Therefore, the payload is the only data received by the destination system.
4
PII may be shared, received, or connected to other DHS systems directly, automatically, or by manual processes. Often, these
systems are listed as “interconnected systems” in Xacta.
4 FIPS 199 is the Federal Information Processing Standard Publication 199, Standards for Security Categorization of Federal
Information and Information Systems and is used to establish security categories of information systems.
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page 6 of 7
No.
Yes. Please indicate the determinations for each
of the following:
Confidentiality:
Low
Moderate
High
Undefined
Integrity:
Low
Moderate
High
Undefined
Availability:
Low
Moderate
High
Undefined
PRIVACY THRESHOLD REVIEW
(TO BE COMPLETED BY COMPONENT PRIVACY OFFICE)
Component Privacy Office Reviewer:
Jenny Hoots
Date submitted to Component Privacy
Office:
April 7, 2016
Date submitted to DHS Privacy Office:
April 11, 2016
Component Privacy Office Recommendation:
Please include recommendation below, including what new privacy compliance documentation is needed.
USCIS plans to launch the Feedback USA, the tool will allow customers to express their opinions when
interacting in-person with USCIS field offices by visiting a small kiosk upon their exit. This tool will be
available to USCIS customers for two months beginning in May 2016.
The USCIS Office of Privacy recommendation is to designate this system as non-privacy sensitive. No
further action is required.
(TO BE COMPLETED BY THE DHS PRIVACY OFFICE)
DHS Privacy Office Reviewer:
Max Binstock
PCTS Workflow Number:
1122639
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page 7 of 7
Date approved by DHS Privacy Office:
April 12, 2016
PTA Expiration Date
July 1, 2016
DESIGNATION
No
Privacy Sensitive System:
Form/Information Collection
Category of System:
Determination:
If “no” PTA adjudication is complete.
If “other” is selected, please describe: Click here to enter text.
PTA sufficient at this time.
Privacy compliance documentation determination in progress.
New information sharing arrangement is required.
DHS Policy for Computer-Readable Extracts Containing Sensitive PII
applies.
Privacy Act Statement required.
Privacy Impact Assessment (PIA) required.
System of Records Notice (SORN) required.
Paperwork Reduction Act (PRA) Clearance may be required. Contact
your component PRA Officer.
A Records Schedule may be required. Contact your component Records
Officer.
PIA:
SORN:
Choose an item.
If covered by existing PIA, please list: Click here to enter text.
Choose an item.
If covered by existing SORN, please list: Click here to enter text.
DHS Privacy Office Comments:
Please describe rationale for privacy compliance determination above.
USCIS is submitting this PTA because USA Feedback is a developmental system that is a simple tool to
collecting customer feedback.
USA Feedback is a non-privacy sensitive system since no PII is stored within the system boundary. As
such, a PTA is sufficient at this time.
File Type | application/pdf |
File Title | DHS PRIVACY OFFICE |
Author | marilyn.powell |
File Modified | 2016-04-13 |
File Created | 2016-04-13 |