Pia

Privacy Impact Assessment
for the

USCIS Alien Change of Address Card
(AR-11)
October 21, 2008
Contact Point
Donald Hawkins
USCIS Privacy Officer
United States Citizenship and Immigration Services
202-272-1400
Reviewing Official
Hugo Teufel III
Chief Privacy Officer
Department of Homeland Security
(703) 235-0780

Abstract
United States Citizenship and Immigration Service (USCIS) is publishing this Privacy
Impact Assessment (PIA) for the Alien Change of Address Card (AR-11) System. The AR-11 tracks
the address changes submitted to the Department of Homeland Security (DHS) in paper and
electronic form as required by Section 265 of the Immigration and Nationality Act (INA), 8 U.S.C.
1305. USCIS has conducted this PIA because AR-11 contains personally identifiable information
(PII).

Overview
USCIS is responsible for the administration of immigration and naturalization adjudication
functions, and for establishing immigration services policies and priorities. In executing its
mission, USCIS performs functions that include adjudications of:
(1)
(2)
(3)
(4)

immigrant visa petitions;
non-immigrant visa petitions (petitions filed by persons staying in the US
temporarily for a limited purpose [e.g., to work]);
asylum and refugee applications; and
naturalization applications.

AR-11 is a computerized system that supports the information management needs of
USCIS in carrying out its mission. Specifically, it tracks address changes submitted to USCIS on the
paper Form AR-11 and online through the Customer Relationship Interface System’s (CRIS)
Change of Address (CoA) component. AR-11 contains current addresses on all non-U.S. citizens
(hereafter referred to as “customers”) who are currently in the United States who have submitted
an electronic or paper Form AR-11 as required by Section 265 of the Immigration and Nationality
Act (INA), (8 U.S.C. 1305). AR-11 interfaces with CoA to accept address changes submitted via the
Internet.
There are two processes by which a customer can change his address:
(1) Transcribed Paper AR-11 Address Changes: The customer submits a completed Form
AR-11 in paper format. The completed form is then sent to a USCIS contractor for data entry. The
information on the form is then input into the AR-11 system according to specific standard
operating procedures contained in the USCIS Change of Address Form Data Capture Manual
(hereafter “SOP Manual”). This manual provides a system of double-checks to ensure accurate data
entry and proper handling and appropriate use of information. See Section 1.5. USCIS also
deploys user logs to ensure users are only accessing information related to their job functions. A
USCIS contractor daily transmits these files to a DHS facility in Dallas, Texas.
(2) Web AR-11 Address Changes: CRIS was created to accept AR-11 address changes
submitted via the Internet. A customer electronically submits the Form AR-11 via the CRIS
component, CoA. CRIS daily transmits these files to the AR-11 system.
DHS employees and contractors access AR-11 information through the AR-11 on-line
system. The AR-11 on-line system is available at DHS/USCIS offices throughout the United States
and in numerous foreign countries. This allows DHS users to search AR-11. The only access
available for AR-11 is read-only query: DHS users may not make changes to the information.
Changes can only be made by submitting a new paper or on-line Form AR-11.

Read-Only access to information contained in the AR-11 system is provided to Immigration
and Customs Enforcement (ICE) and Customs and Border Protection (CBP) for investigatory,
deportation, and immigration court functions, enabling them to perform their mission
requirements.

Section 1.0 Characterization of the Information
The following questions are intended to define the scope of the information requested
and/or collected as well as reasons for its collection as part of the program, system, rule, or
technology being developed.

1.1

What information is collected, used, disseminated, or
maintained in the system?

AR-11 contains data submitted by customers whose address has changed during their stay
in the United States. AR-11 contains the following PII:
Name: USCIS collects customer’s full name (First, Last and Middle).
Home Address: USCIS collects the current and former home addresses of customers.
Birth Date: USCIS collects birth dates.
Citizenship/Nationality Information: USCIS collects citizenship information (country of
nationality, country of citizenship, country of birth).
Information Regarding Immigration Status: USCIS collects information regarding immigration (ANumber and/or I-94 Number) and entry to the U.S. (dates of entry, point of entry, admission
number, visa expiration dates).
Federal Bureau of Investigation (FBI) Fingerprint Identification Number System (FINS) Number:
FINS is the identifying number assigned to a set o fingerprints by the FBI.
Current Employer/School Information: USCIS collects the current employer and/or school and the
employer’s and/or school’s address.

1.2

What are the sources of the information in the
system?

The customer provides the address change information through the online submission or
through the paper Form AR-11.

1.3

Why is the information being collected, used,
disseminated, or maintained?

USCIS collects change of address information as required by Section 265 of the INA (8
U.S.C. 1305) which requires all customers to report a change of address to USCIS within ten days
of the change. The information is used to verify the identity of the customer as well as for
statistical, recordkeeping, and law enforcement purposes.

1.4

How is the information collected?

Customers may provide the change of address information via the Internet through the
CRIS CoA component or via U.S. Postal or express mail services on the paper Form AR-11.

1.5

How will the information be checked for accuracy?

For data from the paper Form AR-11 entered into the system manually, USCIS has an SOP
Manual in place to ensure accuracy. The SOP Manual requires that once a contractor transcribes the
data into an electronic record, a different contractor verifies that the data transcribed is accurate
before the electronic record is downloaded to the AR-11 On-line System.
Change of address information obtained from the CRIS CoA online system is input directly
by the customer or their representative and is unaltered before its daily transfer to the AR-11
system.

1.6

What specific legal authorities, arrangements, and/or
agreements defined the collection of information?

Pursuant to Section 265 of the INA, 8 U.S.C. 1305, nearly all non-U.S. citizens 1 are
required to report a change of address within 10 days of moving by completing a Form AR-11 and
submitting it to USCIS.
Additionally, 8 United States Code (U.S.C.) Section 1101 et seq, specifically, 8 U.S.C. 1103,
charges the Secretary of DHS, in part, with the duty of administering and enforcing all laws relating
to the immigration and naturalization of aliens.

1.7

Privacy Impact Analysis: Given the amount and type
of data collected, discuss the privacy risks identified
and how they were mitigated.

Privacy Risk: The AR-11 form is paper-based. Therefore, even though the data is collected
directly from the customer, the possibility of transcription errors exists when the data is transferred
from paper to the information system.
Mitigation: USCIS has mitigated this potential risk by requiring data verification pursuant
to SOPs as discussed in Section 1.5, more specifically by implementing a system of dual verification
of all transcriptions.
Privacy Risk: With the on-line CRIS system, there is a risk that the customer will input the
change of address information incorrectly.
Mitigation: This potential risk is mitigated by requesting that the customer review and
verify the accuracy of the updated information prior to electronic submission.

The only persons exempt from this requirement are nonimmigrants currently in A or G status (e.g., foreign
government officials and international organization aliens) and certain nonimmigrants who do not possess a
visa and whose current stay in the U.S. has not exceeded or will not exceed 29 days.

1

Section 2.0 Uses of the Information
The following questions are intended to delineate clearly the use of information and the
accuracy of the data being used.

2.1

Describe all the uses of information.

USCIS uses the PII to ensure it has an accurate record of where customers reside, as
required by Section 265 of the INA, 8 U.S.C. 1305. The data is used for statistical and
recordkeeping purposes, and may also be furnished to Federal, state, local and foreign law
enforcement officials for law enforcement purposes.

2.2

What types of tools are used to analyze data and what
type of data may be produced?

No tools are used to analyze the data and no additional data is produced by the system
beyond that which is provided in the paper or online forms. The AR-11 form is used to simply
update existing non-U.S. citizen addresses as required by law.

2.3

If the system uses commercial or publicly available
data please explain why and how it is used.

The system does not use commercial or publicly available data.

2.4

Privacy Impact Analysis: Describe any types of
controls that may be in place to ensure that
information is handled in accordance with the above
described uses.

Privacy Risk: Individuals who have been provided access to the system based upon
mission need could exceed their authority and use the data for unofficial purposes.
Mitigation: DHS Management Directive System (MD) Number: 11042, Safeguarding Sensitive
But Unclassified (For Official Use Only) Information, May 11, 2004, provides guidance for the manner in
which DHS employees and contractors must handle Sensitive but Unclassified/For Official Use
Only Information in both paper and electronic records (including AR-11). Additionally, all DHS
employees are required to take annual computer security training, which addresses this issue. DHS
also maintains rules of behavior for employees who use DHS systems.
As previously mentioned, USCIS also employs an SOP Manual at the service center to
ensure accurate data entry and proper handling and appropriate use of information. USCIS also
deploys user logs to ensure users are only accessing information related to their job functions. In
addition, USCIS stores audit logs in the event that an audit is necessary.

Section 3.0 Retention
The following questions are intended to outline how long information will be retained
after the initial collection.

3.1

How long is information retained?

Information located in AR-11 is maintained and disposed of in accordance with the criteria
approved by NARA. The NARA Data Retention Schedule states that the last Form AR-11 received,
including in the electronic form, from a registrant is destroyed 5 years after the date of receipt
unless destroyed upon naturalization, departure, or the registrant’s death. The data retention
periods identified in the NARA schedules are consistent with the concept of retaining data only for
as long as necessary to support the agency’s mission.

3.2

Has the retention schedule been approved by the
component records officer and the National Archives
and Records Administration (NARA)?

Yes, NARA approved the retention schedule, NM-162-71, for the Form AR-11 on June 8,
1962. USCIS is updating the NARA schedule to include the electronic form.

3.3

Privacy Impact Analysis: Please discuss the risks
associated with the length of time data is retained
and how those risks are mitigated.

Privacy Risk: There is a risk that AR-11 PII could be maintained for a period longer than
necessary to achieve agency’s mission.
Mitigation: Although there is always risk inherent in retaining personal data for any
length of time, the AR-11 data retention periods identified in the NARA schedule are consistent
with the concept of retaining personal data only for as long as necessary to support the agency’s
mission. NARA has agreed by approving USCIS’ longstanding schedule.

Section 4.0 Internal Sharing and Disclosure
The following questions are intended to define the scope of sharing within DHS.

4.1

With which internal organization(s) is the information
shared, what information is shared and for what
purpose?

AR-11 receives data from the CRIS CoA interface, which provides the input from the webbased change of address function.
Read-Only query access to information contained in the AR-11 system is provided to ICE
and CBP for investigatory, deportation, and immigration court functions, enabling them to
perform their mission requirements.

4.2

How is the information transmitted or disclosed?

The information in the AR-11 system is accessed through the mainframe and disclosed to
ICE and CBP as read-only.

4.3

Privacy Impact Analysis: Considering the extent of
internal information sharing, discuss the privacy
risks associated with the sharing and how they were
mitigated.

Privacy Risk: The main risk associated with internal information sharing with ICE and CBP
is that unauthorized access to, or disclosure of, information contained within the system.
Mitigation: USCIS is careful to only share data with other DHS components who need to
know the information. USCIS trains analysts examining immigration data in how to understand,
interpret, and use the data and trusts that other DHS components provide similar training to
analysts with similar immigration experience.
Furthermore, information in this system is safeguarded in accordance with applicable laws,
rules, and policies. All records are protected from unauthorized access through appropriate
administrative, physical, and technical safeguards that include restricting access to authorized
personnel who have a need-to-know. This adheres to requirements of the DHS Information
Technology Security Programs Handbook to include the issuance and use of password protection
identification features. All internal components are mandated by DHS to comply with DHS’
Sensitive System Security guidelines.
Additionally, USCIS stores audit logs of all user information.

Section 5.0 External Sharing and Disclosure
The following questions are intended to define the content, scope, and authority for
information sharing external to DHS which includes Federal, state and local government, and the
private sector.

5.1

With which external organization(s) is the information
shared, what information is shared, and for what
purpose?

While AR-11 does not initially share address change information with external
organizations, it may ultimately be shared with external organizations via CLAIMS 3 and CLAIMS 4.

5.2

Is the sharing of personally identifiable information
outside the Department compatible with the original
collection? If so, is it covered by an appropriate
routine use in a SORN? If so, please describe. If not,
please describe under what legal mechanism the
program or system is allowed to share the personally
identifiable information outside of DHS.

AR-11 does not share address change information directly with external organizations.
However, if information is provided through CLAIMS 3/CLAIMS 4, the disclosure is covered by the
Benefits Information System SORN (73 FR 56596).

5.3

How is the information shared outside the
Department and what security measures safeguard
its transmission?

AR-11 does not share address change information directly with external organizations.

5.4 Privacy Impact Analysis: Given the external sharing,
explain the privacy risks identified and describe how
they were mitigated.
For information provided through CLAIMS 3/CLAIMS 4, all external sharing arrangements
are consistent with existing published routine uses (in the SORN for this system of records) or
performed with the consent of the individual whose information is being shared.

Section 6.0 Notice
The following questions are directed at notice to the individual of the scope of information
collected, the right to consent to uses of said information, and the right to decline to provide
information.

6.1

Was notice provided to the individual prior to
collection of information?

Form AR-11 contains a privacy statement detailing the authority to collect the information
requested and how USCIS uses and shares the information collected.
Individuals are also provided general notice through the Benefits Information System
SORN published in the Federal Register (73 FR 56596).

6.2

Do individuals have the opportunity and/or right to
decline to provide information?

When change of address information is provided online or in the paper Form AR-11, the
customer has the right to decline to provide PII; however, the customer is informed at the point of

collection that a change of address cannot be completed without providing this information. In
addition, failure to provide the change of address information could result in the denial of a
pending immigration benefit. According to Section 265 of the INA (8 U.S.C. 1305), all customers
are required by law to provide a change of address within ten days of the date of that change.

6.3

Do individuals have the right to consent to particular
uses of the information? If so, how does the
individual exercise the right?

Individuals do have the right to consent to particular uses of the information; however,
refusing to consent could result in denial of the benefit sought. USCIS’ use of the information will
conform to the appropriate policies of the Benefits Information System SORN (73 FR 56596).

6.4

Privacy Impact Analysis: Describe how notice is
provided to individuals, and how the risks associated
with individuals being unaware of the collection are
mitigated.

Customers are advised by a statement on Form AR-11 that the information provided can be
shared with other Federal, state, local and foreign law enforcement officials. In the USCIS website
Privacy Notice, 2 individuals are also notified that electronically submitted information is
maintained and destroyed according to Federal Records Act requirements, NARA regulations and
records schedules, and in some cases may be covered by the Privacy Act and subject to disclosure
under the Freedom of Information Act (FOIA). OMB approved all Privacy Act Statements used
when collecting data. See the response to Section 1.1 for a discussion of the manner in which
USCIS uses AR-11 data.

Section 7.0 Access, Redress and Correction
The following questions are directed at an individual’s ability to ensure the accuracy of the
information collected about them.

7.1

What are the procedures that allow individuals to gain
access to their information?

Information contained within this system may be obtained by individuals to whom the
information pertains provided that they are made in writing. Such requests may be submitted by
mail or in person at a District or Field Office. If a request for access is made by mail, the envelope
and letter must be clearly marked “Privacy Access Request” to ensure proper and expeditious
processing. The requester should provide his or her full name, date and place of birth, and
verification of identity (full name, current address, and date and place of birth) in accordance with
DHS regulations governing Privacy Act requests (found at 6 Code of Federal Regulations, Section
5.21), and any other identifying information that may be of assistance in locating the record. Any
individual seeking to access information maintained in AR-11 should direct his or her request to
the USCIS FOIA / Privacy Act (PA) Officer at USCIS FOIA/PA, 70 Kimball Avenue, South

2

Available at http://149.101.23.2/graphics/privnote.htm

Burlington, Vermont 05403-6813 (Human resources and procurement records) or USCIS National
Records Center (NRC), P. O. Box 648010, Lee's Summit, MO 64064-8010 (all other USCIS
records). The process for requesting records can be found at 6 Code of Federal Regulations, Section
5.21.

7.2

What are the procedures for correcting inaccurate or
erroneous information?

Because the AR-11 process is designed to ensure the accuracy of address information,
customers need only submit another AR-11 form or complete a CRIS CoA online form if they
discover that their address information is incorrectly stated in the AR-11 system. The customer
would simply repeat the original process and submit the correction.
Additionally, USCIS treats all requests for amendment of information in a system of
records as Privacy Act amendment requests. Requests for records amendments may be submitted to
the address listed in Section 7.1 or to the service center where the application was originally
submitted. The request should state clearly the information that is being contested, the reasons for
contesting it, and the proposed amendment to the information. If USCIS intends to use information
that is not contained in the application or supporting documentation (e.g., criminal history
received from law enforcement), it will provide formal notice to the customer and provide them
an opportunity to refute the information prior to rendering a final decision regarding the
application. This provides yet another mechanism for erroneous information to be corrected.

7.3

How are individuals notified of the procedures for
correcting their information?

The Benefits Information System SORN for this system provides individuals with guidance
regarding the procedures for correcting information. This PIA provides similar notice. Privacy Act
Statements, including notice of an individual’s right to correct information, are also contained in
immigration forms published by USCIS. In addition, individuals can access USCIS’ website at
https://egov.uscis.gov/crisgwi/go?action=coa to obtain guidance on submitting an address
change through CoA.

7.4

If no formal redress is provided, what alternatives are
available to the individual?

Customers are provided opportunity for redress as discussed above.

7.5

Privacy Impact Analysis: Please discuss the privacy
risks associated with the redress available to
individuals and how those risks are mitigated.

Because the AR-11 system is actually a form of redress for customers who believe their
address information is incorrectly stated in the AR-11 system, there is no additional privacy risk
associated with redress. The accuracy and quality of the data is improved as a result of the AR-11
system.

Section 8.0 Technical Access and Security
The following questions are intended to describe technical safeguards and security
measures.

8.1 What procedures are in place to determine which
users may access the system and are they
documented?
The AR-11 security processes are handled by the Password Issuance and Control System
(PICS). PICS is a DHS/ICE security function that can be used to control user access to the AR-11
query screens.
The DHS PICS Office controls user authorizations and authentication controls for all DHS
system users. Officers that have read-only access include adjudications officers who review
applications and assign benefits. All users must access the system formally through terminal
emulation software and TCP/IP access, as documented in the system’s security documents. All
users have cleared access to system resources granted through the DHS PICS Office.

8.2

Will Department contractors have access to the
system?

Yes, contractors have access to AR-11. USCIS establishes personnel security requirements
for contractors. USCIS requires an approved Interconnectivity Security Agreement (ISA) be
established prior to contractor staff being granted access to the AR-11. All contractor staff is
required to undergo a security clearance prior to being granted an account online. Once granted a
clearance, contractor staff are further restricted within AR-11 by role-based security to restrict data
access for collection only.

8.3

Describe what privacy training is provided to users
either generally or specifically relevant to the
program or system?

The USCIS personnel are required to receive annual security awareness training. The
security awareness training covers how to handle privacy data. Refresher training is required prior
to May 31st of each year.

8.4

Has Certification & Accreditation been completed for
the system or systems supporting the program?

The AR-11 has an Authorization to Operate (ATO) valid through July 30, 2011.

8.5

What auditing measures and technical safeguards are
in place to prevent misuse of data?

AR-11 process requirements dictate that no users may edit or update records. Customers

may edit their records by submitting an address change through CoA or the paper Form AR-11.
Any change to a customer’s record must be initiated by completing the online CoA request or
paper Form AR-11. The information is then uploaded into AR-11. In addition, USCIS stores audit
logs in case an audit is necessary.

8.6

Privacy Impact Analysis: Given the sensitivity and
scope of the information collected, as well as any
information sharing conducted on the system, what
privacy risks were identified and how do the security
controls mitigate them?

Privacy Risk: The primary risk for AR-11 is unauthorized access to or disclosure of
information contained within AR-11.
Mitigation: To mitigate this risk, a number of business and system rules have been
implemented. Access to the database is given only to users that need it to perform their official
duties. All authorized users must authenticate using a User Id and password.
USCIS offices are located in buildings with controlled access by security guards or
authorized contractors for the government. Access to premises is by official identification.
Information in this system is also safeguarded in accordance with applicable laws, rules, and
policies. All records are protected from unauthorized access through appropriate administrative,
physical, and technical safeguards including restricting access to authorized personnel who have a
need-to-know including DHS Information Technology Security Program Handbooks using
password protection identification features. AR-11 is maintained at the Department of Justice
(DOJ) Data Center (Dallas). Physical controls of the facility (e.g., guards, locks, etc.) apply and
prevent entry by unauthorized entities. The system does not contain classified information.

Section 9.0 Technology
The following questions are directed at critically analyzing the selection process for any
technologies utilized by the system, including system hardware, RFID, biometrics and other
technology.

9.1

What type of project is the program or system?

AR-11 is an operational customer service system.

9.2 What stage of development is the system in and what
project development lifecycle was used?
Cycle.

AR-11 is in the Operations and Maintenance phase of the DHS System Development Life

9.3

Does the project employ technology which may raise
privacy concerns? If so please discuss their
implementation.

AR-11 only contains information needed to reflect the customer’s address change. The
system does not have the technology or the ability to monitor the activities of individuals or groups
beyond that required to accept address changes.

Approval Signature

Original signed and on file with the DHS Privacy Office.
Hugo Teufel III
Chief Privacy Officer
Department of Homeland Security