Download:
pdf |
pdfPrivacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page 1 of 11
PRIVACY THRESHOLD ANALYSIS (PTA)
This form is used to determine whether
a Privacy Impact Assessment is required.
Please use the attached form to determine whether a Privacy Impact Assessment (PIA) is required under
the E-Government Act of 2002 and the Homeland Security Act of 2002.
Please complete this form and send it to your component Privacy Office. If you do not have a component
Privacy Office, please send the PTA to the DHS Privacy Office:
Senior Director, Privacy Compliance
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Tel: 202-343-1717
[email protected]
Upon receipt from your component Privacy Office, the DHS Privacy Office will review this form. If a
PIA is required, the DHS Privacy Office will send you a copy of the Official Privacy Impact Assessment
Guide and accompanying Template to complete and return.
A copy of the Guide and Template is available on the DHS Privacy Office website,
www.dhs.gov/privacy, on DHSConnect and directly from the DHS Privacy Office via email:
[email protected], phone: 202-343-1717.
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page 2 of 11
PRIVACY THRESHOLD ANALYSIS (PTA)
SUMMARY INFORMATION
Project or
Program Name:
Proposed Regulatory Changes: Improving and Expanding Training Opportunities
for F-1 Nonimmigrant Students with Science, Technology, Engineering or Math
(STEM) Degrees from Accredited Schools and Strengthening Curricular Practical
Training and Mentoring and Training Plan Form
Component:
Immigration and Customs
Enforcement (ICE)
Office or
Program:
NSID/HSI/SEVP
Xacta FISMA
Name (if
applicable):
N/A
Xacta FISMA
Number (if
applicable):
N/A
Type of Project or
Program:
Notice of Proposed
Rulemaking/Final Rule
Project or
program
status:
Non-Operational
Date first
developed:
Date of last PTA
update
May 15, 2015
Pilot launch
date:
N/A
N/A
Pilot end date:
N/A
ATO Status (if
applicable)
Choose an item.
ATO
expiration date
(if applicable):
N/A
PROJECT OR PROGRAM MANAGER
Name:
Katherine Westerlund
Office:
SEVP/Policy
Title:
Acting Unit Chief
Phone:
703-603-3414
Email:
Katherine.H.Westerlund@ice.
dhs.gov
INFORMATION SYSTEM SECURITY OFFICER (ISSO) (IF APPLICABLE)
Name:
Martha Mhlanga
Phone:
703-603-3527
Email:
[email protected]
ce.dhs.gov
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page 3 of 11
SPECIFIC PTA QUESTIONS
1. Reason for submitting the PTA: New PTA
Introduction
This PTA is being submitted to document the implementation of proposed regulatory changes resulting
from President Barack Obama’s “Immigration Accountability Executive Action” and DHS Secretary Jeh
Johnson’s memorandum “Policies Supporting U.S. High Skilled Businesses and Workers” allowing
international students in the United States in F-1 nonimmigrant status to extend the period in which they
can participate in Optional Practical Training (OPT) if they received or are pursuing a degree in science,
technology, engineering or mathematics (STEM) from a Student and Exchange Visitor Program (SEVP)
certified school. OPT currently allows international students to remain legally in the United States for up
to 12 months after they complete their degree programs for the sake of gaining practical training directly
related to the degree program they just completed. International students in the STEM fields are currently
allowed a 17-month extension of OPT once their initial 12 months of training are finished. This new rule
will allow OPT participants in STEM-related disciplines to extend their OPT from 17 months to 24
months after the completion of the initial 12-month OPT period.
The proposed regulatory changes also affect international students participating in Curricular Practical
Training (CPT), which allows international students in the United States in F-1 nonimmigrant status to
complete practical training that is required for their degree programs, such as internships and practicums.
The authority for this proposed regulatory change can be found in section 101(a)(15)(F) of the
Immigration and Nationality Act of 1952, as amended (INA), 8 U.S.C. 1101(a)(15)(F), which established
the F nonimmigrant alien class.
Additional authority for this proposed changed is derived from:
•
Section 641 of the Illegal Immigration Reform and Immigrant Responsibility Act of 1996
(IIRIRA), Pub. L. 104-208, Div. C, 110 Stat. 3009-546 (codified at 8 U.S.C. 1372), which
authorized the creation of a program to collect current and ongoing information provided by
schools and exchange visitor programs regarding F and other nonimmigrants during the course
of their stays in the United States;
•
Homeland Security Presidential Directive No. 2 (HSPD-2), which requires the Secretary of
Homeland Security to conduct periodic, ongoing reviews of schools certified to accept F
nonimmigrants to include checks for compliance with recordkeeping and reporting requirements.
See 37 Weekly Comp. Pres. Docs. 1570, 1571-72 (Oct. 29, 2001); and
•
Section 502 of the Enhanced Border Security and Visa Entry Reform Act of 2002, Pub. L. 107173, 116 Stat. 543 (codified at 8 U.S.C. 1762), which directed the Secretary to review the
compliance with recordkeeping and reporting requirements under 8 U.S.C. 1372 and INA section
101(a)(15)(F), 8 U.S.C. 1101(a)(15)(F), of all schools approved for attendance by F students
within two years of enactment, and every two years thereafter.
Process Under Existing Regulations
Under the existing program, an international student’s Designated School Official (DSO) is responsible
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page 4 of 11
for authorizing participation in CPT or OPT. The DSO or school assumes responsibility of the student’s
Student and Exchange Visitor Information Systems (SEVIS) record for the duration of the training
experience and is required to maintain the student’s SEVIS records for at least 3 years after the student
ceases to be enrolled full-time. Under the proposed regulatory changes, the DSO and the schools they
represent will be required to maintain these records for the full duration of the student’s OPT program,
including the 24-month extension for STEM students, and for at least three years after the OPT
experience is complete.
The existing program requires that all students eligible for OPT file a Form I-765 Application for
Employment Authorization no sooner than 90 days prior to their program end date and no later than 60
days after their program end date. OPT participants must also report any changes in their name, mailing
address, residential address, employer name, employer address, or employment status to their DSO within
10 days. These reporting requirements do not change with the proposed regulatory changes.
Process Under Proposed Regulatory Changes
President Obama’s executive action and Secretary Johnson’s memorandum seek to strengthen safeguards
for international student and U.S. workers alike by increasing the reporting requirements associated with
applying for CPT/OPT and sponsoring a student on CPT/OPT. The proposed regulatory changes would
require employers 1) to provide OPT participants in STEM-related disciplines and CPT participants in
any discipline with a mentorship, 2) to document the nature and details of the mentorship, and 3) to
provide periodic feedback or appraisals of the student’s progress and work performance throughout the
OPT experience. These requirements will ensure that any mentorship or training experience is relevant to
the international student’s degree program and that the training experience does not serve as a means of
circumventing laws concerning employment and hiring practices.
As a result of the proposed regulatory changes, students who participate in CPT or an OPT STEM
extension program will be required to complete a new Mentoring and Training Plan (MTP). Part of this
MTP includes evaluation forms that OPT participants must have their supervisors complete and submit to
the participant’s DSO every 6 months. The MTP also requires employers to furnish information regarding
the training experiences they will provide. This information is necessary so that SEVP officials can keep
track of where students are completing these mentorships, whether the mentorships are legitimate, what
these mentorships entail, and how these mentorships are compensated. Both student and organizational
information requested on the MTP is identified in question 4 below.
While the proposed regulatory changes do involve a new collection form (MTP), they do not involve a
new program. The MTP improves on the previous CPT/OPT program by increasing employer
accountability and introducing safeguards for international students and the employers who train them.
This MTP will be retained by DSOs and employers, not the Government.
The ICE Privacy Office is working with the SEVP program office to create an (e)(3) statement to
accompany the MTP form pursuant to the Privacy Act of 1974.
Privacy Impact
Although the MTP asks students to provide information that was not previously required, the MTP will be
retained by the DSO, not the Government, and the new categories of information collected pose minimal
privacy risk if exposed. In addition, it is presumed that the collection and retention of additional
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page 5 of 11
information by the DSO is governed by the educational institutions’ own privacy and retention policies.
2. Does this system employ any of the
following technologies:
If you are using any of these technologies and
want coverage under the respective PIA for that
technology please stop here and contact the DHS
Privacy Office for further guidance.
Closed Circuit Television (CCTV)
Social Media
Web portal 1 (e.g., SharePoint)
Contact Lists
None of these
3. From whom does the Project or
Program collect, maintain, use, or
disseminate information?
Please check all that apply.
This program does not collect any personally
identifiable information 2
Members of the public
DHS employees/contractors (list components):
Contractors working on behalf of DHS
Employees of other federal agencies
4. What specific information about individuals is collected, generated or retained?
The MTP form was created to capture the required information needed to support the proposed regulatory
changes. Certain data fields listed on the form are already collected and captured by the existing program.
There are new data fields listed on the form that will be collected. Below is a break out of the current data
fields and new data fields.
Current Data Elements Collected:
Items in Section 1: Student Information
• Student Name (Surname/Primary Name, Given Name)
1
Informational and collaboration-based portals in operation at DHS and its components that collect, use, maintain, and share
limited personally identifiable information (PII) about individuals who are “members” of the portal or “potential members” who
seek to gain access to the portal.
2
DHS defines personal information as “Personally Identifiable Information” or PII, which is any information that permits the
identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual,
regardless of whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to
the Department. “Sensitive PII” is PII, which if lost, compromised, or disclosed without authorization, could result in substantial
harm, embarrassment, inconvenience, or unfairness to an individual. For the purposes of this PTA, SPII and PII are treated the
same.
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page 6 of 11
• School Name and Campus Name
• Designated School Official (DSO) Name
• School Code (including 3-digit suffix
• Student SEVIS ID #
• Student e-mail (optional)
Items in Section 1a: CPT Student Information
• Qualifying Degree (CIP Code)
• Level/type of Degree Earning
• Qualifying Major
Items in Section 1b: STEM OPT Student Information
• Qualifying Degree (CIP Code)
• Level/type of Degree Earning
• Qualifying Major (other descriptor suggested: Current Field of Study or Major)
Items in Section 4: Mentoring and Training Plan
• Student Name (Surname/Primary Name, Given Name)
New Data Elements to be Collected:
Items in heading: check boxes
• Curricular Practical Training (CPT)
• STEM Optional Practical Training (OPT)
Items in Section 1: Student Information
• Student’s Email address
• Practical Training Opportunity dates
Items in Section 1a: CPT Student Information
• Date (degree) expected
Items in Section 1b: STEM OPT Student Information
• Based on Previously Obtained Degree (yes/no)
• Employment Authorization Number
• Date (degree) expected
Items in Section 2: Practical Training Employer Organization
• Employer Name
• (Employer) Address
• (Employer) Suite
• (Employer) City
• (Employer) State
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page 7 of 11
• (Employer) Zip Code
• (Employer) Website URL
• Employer ID Number (EIN)
• Employer E-Verify Number
• (Employer) Number of Full-Time Employees
• Entrepreneur (yes/no)
• NAICS Code
• Employer is Classified as a Small Entity (yes/no)
• Training Hours Per Week
• Compensation: Salary/Stipend (yes/no)
• (Compensation) If yes, how much?
• (Compensation Interval) Per?
Items in Section 3: Certifications
• Student name
• Student Signature
• Date signed
• Management Official w/Signatory Authority, name
• Management Official w/Signatory Authority, signature
• Employing Organization
• Date signed
Items in Section 4: Mentoring and Training Plan
• Employer Name
Items in Section 4: Mentoring and Training Plan: Employer Training Site Information
• Site Name
• Training Field
• Site Address
• Supervisor (name) [who provides continuous supervision]
• Supervisor Title
• Supervisor Email
• Supervisor Phone Number
• Description of Student’s role for this program
• Specific goals and objectives for this program
• List the names and titles of those who, in addition to the supervisor, will provide continuous (for
example, daily) supervision of the Student. What are these persons' qualifications to teach the
planned learning?
• What specific knowledge, skills, or techniques will the Student learn or apply? Include specific
tasks and activities and/or methodology of training, and chronology/syllabus.
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page 8 of 11
• How will the Student’s acquisition of new skills and competencies be measured?
• Additional Remarks (optional)
Items in Section 4: Certifications
• Supervisor name
• Supervisor signature
• Date signed
Items in Section 4: Six-Month Evaluation/Feedback on Student Progress – total of 6 instances
• Evaluation range/date span
• Detailed evaluation of student activity/accomplishments compared to PLAN
• Student name
• Student signature
• Date signed
• Supervisor name
• Supervisor signature
• Date signed
No. Please continue to next question.
4(a) Does the project, program, or system
Yes.
retrieve information by personal identifier?
4(b) Does the project, program, or system
No.
use Social Security Numbers (SSN)?
Yes.
4(c) If yes, please provide the specific legal
N/A
basis and purpose for the collection of
SSNs:
4(d) If yes, please describe the uses of the
N/A
SSNs within the project, program, or
system:
4(e) If this project, program, or system is
No. Please continue to next question.
an information technology/system, does it
relate solely to infrastructure?
Yes. If a log kept of communication traffic,
please answer the following question.
For example, is the system a Local Area Network
(LAN) or Wide Area Network (WAN)?
4(f) If header or payload data 3 is stored in the communication traffic log, please detail the data
elements stored.
N/A
3
When data is sent over the Internet, each unit transmitted includes both header information and the actual data being sent. The
header identifies the source and destination of the packet, while the actual data is referred to as the payload. Because header
information, or overhead data, is only used in the transmission process, it is stripped from the packet when it reaches its
destination. Therefore, the payload is the only data received by the destination system.
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page 9 of 11
5. Does this project, program, or system
connect, receive, or share PII with any
other DHS programs or systems 4?
6. Does this project, program, or system
connect, receive, or share PII with any
external (non-DHS) partners or
systems?
6(a) Is this external sharing pursuant to
new or existing information sharing
access agreement (MOU, MOA, LOI,
etc.)?
7. Does the project, program, or system
provide role-based training for
personnel who have access in addition
to annual privacy training required of
all DHS personnel?
8. Per NIST SP 800-53 Rev. 4, Appendix
J, does the project, program, or system
maintain an accounting of disclosures
of PII to individuals who have
requested access to their PII?
5. Is there a FIPS 199 determination?5
No.
Yes. If yes, please list:
No.
Yes. If yes, please list:
DSOs will maintain copies of the Mentoring and
Training Form. This form will not be filed with the
Government.
Choose an item.
N/A
No.
Yes. If yes, please list:
No. What steps will be taken to develop and
maintain the accounting:
N/A
Yes. In what format is the accounting
maintained:
Unknown.
No.
Yes. Please indicate the determinations for each
of the following:
Confidentiality:
Low
Moderate
High
Undefined
4
PII may be shared, received, or connected to other DHS systems directly, automatically, or by manual processes. Often, these
systems are listed as “interconnected systems” in Xacta.
5
FIPS 199 is the Federal Information Processing Standard Publication 199, Standards for Security Categorization of Federal
Information and Information Systems and is used to establish security categories of information systems
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page 10 of 11
Integrity:
Low
Moderate
High
Undefined
Availability:
Low
Moderate
High
Undefined
PRIVACY THRESHOLD REVIEW
(TO BE COMPLETED BY COMPONENT PRIVACY OFFICE)
Component Privacy Office Reviewer:
Anthony Palmer
Date submitted to Component Privacy
Office:
May 15, 2015
Date submitted to DHS Privacy Office:
June 12, 2015
Component Privacy Office Recommendation:
Please include recommendation below, including what new privacy compliance documentation is needed.
No PIA or SORN update is required at this time. No new PII is being retained by the Government, input
into SEVIS, or input into a Government system of records. PTA is sufficient at this time.
(TO BE COMPLETED BY THE DHS PRIVACY OFFICE)
DHS Privacy Office Reviewer:
Lindsay Lennon
PCTS Workflow Number:
1092128
Date approved by DHS Privacy Office:
June 19, 2015
PTA Expiration Date
June 19, 2018
DESIGNATION
Privacy Sensitive System:
Category of System:
Determination:
Yes
If “no” PTA adjudication is complete.
Rule
If “other” is selected, please describe: Click here to enter text.
PTA sufficient at this time.
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page 11 of 11
Privacy compliance documentation determination in progress.
New information sharing arrangement is required.
DHS Policy for Computer-Readable Extracts Containing Sensitive PII
applies.
Privacy Act Statement required.
Privacy Impact Assessment (PIA) required.
System of Records Notice (SORN) required.
Paperwork Reduction Act (PRA) Clearance may be required. Contact
your component PRA Officer.
A Records Schedule may be required. Contact your component Records
Officer.
System covered by existing PIA
PIA:
SORN:
If covered by existing PIA, please list: DHS/ICE/PIA-001 Student and Exchange Visitor
Information System, (SEVIS)
Choose an item.
If covered by existing SORN, please list: Click here to enter text.
DHS Privacy Office Comments:
ICE submits this PTA to correspond with a new rulemaking. This rulemaking will not result in additional
information being collected by DHS because DSO retains the information on the MTP. PRIV finds that
this rulemaking is privacy sensitive because it does result in additional information being collected from
members of the public.
This rulemaking is broadly covered under the existing SEVIS PIA. When ICE updates the SEVIS PIA,
PRIV recommends ICE consider more specifically discussing this information collection. No additional
privacy compliance documentation is required at this time.
File Type | application/pdf |
File Title | DHS PRIVACY OFFICE |
Author | Rochester, Robert C |
File Modified | 2015-10-05 |
File Created | 2015-06-19 |