Download:
pdf |
pdfPrivacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
PRIVACY THRESHOLD ANALYSIS (PTA)
This form serves as the official determination by the DHS Privacy Office to
identify the privacy compliance requirements for all Departmental uses of
personally identifiable information (PII).
A Privacy Threshold Analysis (PTA) serves as the document used to identify
information technology (IT) systems, information collections/forms, technologies,
rulemakings, programs, information sharing arrangements, or pilot projects that involve
PII and other activities that otherwise impact the privacy of individuals as determined by
the Chief Privacy Officer, pursuant to Section 222 of the Homeland Security Act, and to
assess whether there is a need for additional Privacy Compliance Documentation. A PTA
includes a general description of the IT system, information collection, form, technology,
rulemaking, program, pilot project, information sharing arrangement, or other Department
activity and describes what PII is collected (and from whom) and how that information is
used and managed.
Please complete the attached Privacy Threshold Analysis and submit it to your
component Privacy Office. After review by your component Privacy Officer the PTA is sent
to the Department’s Senior Director for Privacy Compliance for action. If you do not have a
component Privacy Office, please send the PTA to the DHS Privacy Office:
Senior Director, Privacy Compliance
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Tel: 202-343-1717
[email protected]
Upon receipt from your component Privacy Office, the DHS Privacy Office will review this
form and assess whether any privacy compliance documentation is required. If compliance
documentation is required – such as Privacy Impact Assessment (PIA), System of Records
Notice (SORN), Privacy Act Statement, or Computer Matching Agreement (CMA) – the DHS
Privacy Office or component Privacy Office will send you a copy of the relevant compliance
template to complete and return.
Privacy Threshold Analysis – IC/Form
Page 1 of 11
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis (PTA)
Specialized Template for
Information Collections (IC) and Forms
The Forms-PTA is a specialized template for Information Collections and Forms. This
specialized PTA must accompany all Information Collections submitted as part of the
Paperwork Reduction Act process (any instrument for collection (form, survey,
questionnaire, etc.) from ten or more members of the public). Components may use this PTA
to assess internal, component-specific forms as well.
Form Number:
Click here to enter text.
Form Title:
Click here to enter text.
Component:
Transportation Security
Administration (TSA)
Office:
OIA
IF COVERED BY THE PAPERWORK REDUCTION ACT:
Collection Title:
TSA Pre-Check Application Program
OMB Control
1652-0059
OMB Expiration
November 30, 2017
Number:
Date:
Collection status:
Extension
Date of last PTA (if
Click here to enter
applicable):
a date.
Name:
Office:
Phone:
Name:
Office:
PROJECT OR PROGRAM MANAGER
Donald Lombardo
OIA/PMD
Title:
Branch Manager, Surface
Programs
15712271735
Email:
[email protected]
ov
COMPONENT INFORMATION COLLECTION/FORMS CONTACT
Nathan Tsoi
OIA/PMD
Title:
Program Analyst
Privacy Threshold Analysis – IC/Form
Page 2 of 11
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Phone:
15712273225
Email:
[email protected]
SPECIFIC IC/Forms PTA QUESTIONS
1. Purpose of the Information Collection or Form
a. Describe the purpose of the information collection or form. Please provide a
general description of the project and its purpose, including how it supports the DHS
mission, in a way a non-technical person could understand (you may use
information from the Supporting Statement).
If this is an updated PTA, please specifically describe what changes or upgrades are
triggering the update to this PTA.
The TSA Pre✓® Application Program is a voluntary passenger prescreening initiative for
low-risk passengers who are eligible to receive expedited screening at participating U.S.
airport security checkpoints. The TSA Pre✓® Application Program enhances aviation
security by permitting TSA to better focus its limited security resources on passengers
who are more likely to pose a threat to civil aviation, while also facilitating and
improving the commercial aviation travel experience for the public.
TSA uses the information provided by applicants to conduct security threat assessments
(STAs) of the applicants and to conduct screening at airport checkpoints.
b. List the DHS (or component) authorities to collect, store, and use this information.
If this information will be stored and used by a specific DHS component, list the
component-specific authorities.
Section 109(a)(3) of the Aviation and Transportation Security Act (ATSA), Pub. L. 107-71
(Nov. 19, 2001, codified at 49 U.S.C. § 114 note) provides TSA with the authority to
“establish requirements to implement trusted passenger programs and use available
technologies to expedite security screening of passengers who participate in such
programs, thereby allowing security screening personnel to focus on those passengers
who should be subject to more extensive screening.” In addition, TSA has statutory
authority to establish and collect a fee for any registered traveler program by publication
of a notice in the Federal Register, as outlined in the Department of Homeland Security
Appropriations Act, 2006, Pub. L. 109-90 (Oct. 18, 2005).
Privacy Threshold Analysis – IC/Form
Page 3 of 11
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
2. Describe the IC/Form
a. Does this form collect any
Personally Identifiable
Information” (PII1)?
b. From which type(s) of
individuals does this form
collect information?
(Check all that apply.)
☒ Yes
☐ No
☒ Members of the public
☒ U.S. citizens or lawful permanent
residents
☐ Non-U.S. Persons.
☐ DHS Employees
☐ DHS Contractors
☐ Other federal employees or contractors.
c. Who will complete and
submit this form? (Check
all that apply.)
☒ The record subject of the form (e.g., the
individual applicant).
☐ Legal Representative (preparer, attorney,
etc.).
☐ Business entity.
If a business entity, is the only
information collected business contact
information?
☐ Yes
☐ No
☐ Law enforcement.
☐ DHS employee or contractor.
☐ Other individual/entity/organization that is
NOT the record subject. Please describe.
Click here to enter text.
d. How do individuals
complete the form? Check
all that apply.
☐ Paper.
☒ Electronic. (ex: fillable PDF)
☒ Online web form. (available and submitted via
the internet)
Provide link: https://universalenroll.dhs.gov
1
Personally identifiable information means any information that permits the identity of an individual to be directly or indirectly inferred, including
any other information which is linked or linkable to that individual regardless of whether the individual is a U.S. citizen, lawful permanent resident,
visitor to the U.S., or employee or contractor to the Department.
Privacy Threshold Analysis – IC/Form
Page 4 of 11
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
e. What information will DHS collect on the form? List all PII data elements on the
form. If the form will collect information from more than one type of individual,
please break down list of data elements collected by type of individual.
Name (including aliases or variations of spelling).
Gender.
Current and historical contact information (including, but not limited to, address
information, telephone number, and email).
Preferred language
Preferred method of contact
Government-issued licensing or identification information (including, but not limited to,
Social Security Number [optional]);
Employment information and occupation
Criminal history record
Date and place of birth
Country of citizenship
Physical description
Other biometric identifier (fingerprint, iris, and/or photograph)
f. Does this form collect Social Security number (SSN) or other element that is
stand-alone Sensitive Personally Identifiable Information (SPII)? Check all that
apply.
☒ Social Security number
☒ Alien Number (A-Number)
☐ Tax Identification Number
☒ Visa Number
☒ Passport Number
☐ Bank Account, Credit Card, or other
financial account number
☐ Other. Please list:
☐ DHS Electronic Data Interchange
Personal Identifier (EDIPI)
☐ Social Media Handle/ID
☐ Known Traveler Number
☐ Trusted Traveler Number (Global
Entry, Pre-Check, etc.)
☒ Driver’s License Number
☒ Biometrics
g. List the specific authority to collect SSN or these other SPII elements.
Section 109(a)(3) of the Aviation and Transportation Security Act (ATSA), Pub. L. 107-71
(Nov. 19, 2001, codified at 49 U.S.C. § 114 note) provides TSA with the authority to
“establish requirements to implement trusted passenger programs and use available
technologies to expedite security screening of passengers who participate in such
Privacy Threshold Analysis – IC/Form
Page 5 of 11
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
programs, thereby allowing security screening personnel to focus on those passengers
who should be subject to more extensive screening.” SSN is not mandatory, but is helpful
to conduct the security threat assessment.
h. How will this information be used? What is the purpose of the collection?
Describe why this collection of SPII is the minimum amount of information
necessary to accomplish the purpose of the program.
Collection of SPII is used to conduct a Security Threat Assessment prior to TSA
determining an individual applicant’s eligibility to receive expedited screening at airport
checkpoints. It will also be used in the airport screening process.
i.
Are individuals
provided notice at the
time of collection by
DHS (Does the records
subject have notice of
the collection or is
form filled out by
third party)?
☒ Yes. Please describe how notice is provided.
Notice is provided on the form or during the online
enrollment process.
☐ No.
3. How will DHS store the IC/form responses?
a. How will DHS store
☐ Paper. Please describe.
the original,
Click here to enter text.
completed IC/forms?
☒ Electronic. Please describe the IT system that will
store the data from the form.
The Screening Gateway system.
☐ Scanned forms (completed forms are scanned into
an electronic repository). Please describe the
electronic repository.
Click here to enter text.
b. If electronic, how
does DHS input the
Privacy Threshold Analysis – IC/Form
☐ Manually (data elements manually entered). Please
describe.
Page 6 of 11
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
responses into the IT
system?
Click here to enter text.
☒ Automatically. Please describe.
The Screening Gateway system captures applicant
information in XML batches from TSA’s
enrollment contractor.
c. How would a user
search the
information
submitted on the
forms, i.e., how is the
information
retrieved?
☒ By a unique identifier.2 Please describe. If
information is retrieved by personal identifier, please
submit a Privacy Act Statement with this PTA.
Information can be retrieved via name, SSN,
and/or a Known Traveler Number generated by
TSA’s contractor upon an applicant’s enrollment.
☐ By a non-personal identifier. Please describe.
Click here to enter text.
N1-560-06-6: TSA will retain the data it receives in
accordance with record schedules approved by the
National Archives and Records Administration
(NARA). TSA will retain records for individuals who
are not a match or potential match to a watchlist for
one year after the individual no longer has TSA
Pre✓® eligibility. In addition, for those individuals
who may originally have appeared to be a match to a
watch list, but subsequently cleared, TSA will retain
the records for at least seven years, or one year after
TSA Pre✓® eligibility has been terminated,
whichever is later. For individuals who are an actual
match to a watch list or otherwise determined to pose
a threat to transportation security, TSA will retain the
records for 99 years, or seven years after TSA learns
that an individual is deceased, whichever is earlier.
We have automated the Screening Gateway and any
associated systems with the above rules.
d. What is the records
retention
schedule(s)? Include
the records schedule
number.
e. How do you ensure
that records are
disposed of or deleted
in accordance with
2
Generally, a unique identifier is considered any type of “personally identifiable information,” meaning any information that permits the identity
of an individual to be directly or indirectly inferred, including any other information which is linked or linkable to that individual regardless of
whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to the Department.
Privacy Threshold Analysis – IC/Form
Page 7 of 11
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
the retention
schedule?
f. Is any of this information shared outside of the original program/office? If yes,
describe where (other offices or DHS components or external entities) and why.
What are the authorities of the receiving party?
☒ Yes, information is shared with other DHS components or offices. Please describe.
We expect to enroll individuals in DHS OBIM IDENT in November 2017.
☒ Yes, information is shared external to DHS with other federal agencies, state/local
partners, international partners, or non-governmental entities. Please describe.
Fingerprints and associated PII are shared with the FBI to perform a criminal
history records check.
☐ No. Information on this form is not shared outside of the collecting office.
Please include a copy of the referenced form and Privacy Act Statement (if
applicable) with this PTA upon submission.
Privacy Threshold Analysis – IC/Form
Page 8 of 11
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
PRIVACY THRESHOLD REVIEW
(TO BE COMPLETED BY COMPONENT PRIVACY OFFICE)
Component Privacy Office Reviewer:
Peter Pietra
Date submitted to component Privacy
Office:
Date submitted to DHS Privacy Office:
July 7, 2017
Have you approved a Privacy Act
Statement for this form? (Only
applicable if you have received a
waiver from the DHS Chief Privacy
Officer to approve component Privacy
Act Statements.)
July 18, 2017
☒ Yes. Please include it with this PTA
submission.
☐ No. Please describe why not.
Click here to enter text.
Component Privacy Office Recommendation:
Please include recommendation below, including what existing privacy compliance
documentation is available or new privacy compliance documentation is needed.
Privacy Act Statement is attached. PIA coverage is under DHS/TSA/PIA-041 TSA
Precheck Application Program. TSA will submit a PIA update or stand-alone PIA if
biometrics are ever used to verify identity at the checkpoint. SORN coverage is
DHS/TSA-21 TSA Precheck Application Program.
Privacy Threshold Analysis – IC/Form
Page 9 of 11
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
PRIVACY THRESHOLD ADJUDICATION
(TO BE COMPLETED BY THE DHS PRIVACY OFFICE)
DHS Privacy Office Reviewer:
Sean McGuinness
PCTS Workflow Number:
Date approved by DHS Privacy Office:
PTA Expiration Date
1148677
August 16, 2017
August 16, 2020
DESIGNATION
Privacy Sensitive IC or
Form:
Yes If “no” PTA adjudication is complete.
Determination:
☐ PTA sufficient at this time.
☐ Privacy compliance documentation determination in
progress.
☐ New information sharing arrangement is required.
☐ DHS Policy for Computer-Readable Extracts Containing SPII
applies.
☒ Privacy Act Statement required.
☒ Privacy Impact Assessment (PIA) required.
☒ System of Records Notice (SORN) required.
☐ Specialized training required.
☐ Other. Click here to enter text.
DHS IC/Forms Review:
DHS PRIV has not received this ICR/Form.
Date IC/Form Approved Click here to enter a date.
by PRIV:
IC/Form PCTS Number: Click here to enter text.
Privacy Act
Choose an item.
Statement:
Privacy Act Statement approved concurrently with this PTA
PTA:
No system PTA required.
Click here to enter text.
PIA:
System covered by existing PIA
Privacy Threshold Analysis – IC/Form
Page 10 of 11
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
If covered by existing PIA, please list: DHS/TSA/PIA-041 TSA Precheck
Application Program
If a PIA update is required, please list: Click here to enter text.
SORN:
System covered by existing SORN
If covered by existing SORN, please list: DHS/TSA-021 TSA Precheck
Application Program, September 10, 2013, 78 FR 55274
If a SORN update is required, please list: Click here to enter text.
DHS Privacy Office Comments:
Please describe rationale for privacy compliance determination above.
DHS Privacy Office finds that the TSA Pre-Check Application Program is privacy sensitive
as it collects PII from members of the public (U.S. Citizens or lawful permanent residents).
The TSA Pre✓® Application Program is a voluntary passenger prescreening initiative for
low-risk passengers who are eligible to receive expedited screening at participating U.S.
airport security checkpoints.
PRIV agrees with TSA Privacy that PIA coverage is provided under DHS/TSA/PIA-041 TSA
Precheck Application Program. DHS/TSA/PIA-041 outlines the TSA Pre✓® Application
Program and how TSA performs security threat assessments (STA) on individuals who
seek eligibility for expedited screening at participating U.S. airport security checkpoints.
TSA states that they will submit a PIA update or stand-alone PIA if biometrics are ever used
to verify identity at a checkpoint.
PRIV agrees with TSA Privacy that SORN coverage is provided under DHS/TSA-021 TSA
Precheck Application Program. DHS/TSA-021 outlines how TSA collects and maintains
records on individuals who voluntarily submit information to the TSA for use by the agency
to perform a STA. The STA will be used to identify persons who pose a low risk to
transportation security and therefore may be eligible for expedited screening at
participating U.S. airport security checkpoints.
A Privacy Act Statement is required as this form collects PII via personal identifier. The
Privacy Act Statement is being approved concurrently with this PTA.
Privacy Threshold Analysis – IC/Form
Page 11 of 11
Version number: 04-2016
�
| File Type | application/pdf |
| File Modified | 2017-08-16 |
| File Created | 2017-08-16 |