I-17 Forms PTA

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

PRIVACY THRESHOLD ANALYSIS (PTA)
This form serves as the official determination by the DHS Privacy Office to
identify the privacy compliance requirements for all Departmental uses of
personally identifiable information (PII).
A Privacy Threshold Analysis (PTA) serves as the document used to identify
information technology (IT) systems, information collections/forms, technologies,
rulemakings, programs, information sharing arrangements, or pilot projects that involve
PII and other activities that otherwise impact the privacy of individuals as determined by
the Chief Privacy Officer, pursuant to Section 222 of the Homeland Security Act, and to
assess whether there is a need for additional Privacy Compliance Documentation. A PTA
includes a general description of the IT system, information collection, form, technology,
rulemaking, program, pilot project, information sharing arrangement, or other Department
activity and describes what PII is collected (and from whom) and how that information is
used and managed.
Please complete the attached Privacy Threshold Analysis and submit it to your
component Privacy Office. After review by your component Privacy Officer the PTA is sent
to the Department’s Senior Director for Privacy Compliance for action. If you do not have a
component Privacy Office, please send the PTA to the DHS Privacy Office:
Senior Director, Privacy Compliance
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Tel: 202-343-1717
[email protected]

Upon receipt from your component Privacy Office, the DHS Privacy Office will review this
form and assess whether any privacy compliance documentation is required. If compliance
documentation is required – such as Privacy Impact Assessment (PIA), System of Records
Notice (SORN), Privacy Act Statement, or Computer Matching Agreement (CMA) – the DHS
Privacy Office or component Privacy Office will send you a copy of the relevant compliance
template to complete and return.
Privacy Threshold Analysis – IC/Form

Page 1 of 14

Version number: 04-2016

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis (PTA)

Specialized Template for
Information Collections (IC) and Forms
The Forms-PTA is a specialized template for Information Collections and Forms. This
specialized PTA must accompany all Information Collections submitted as part of the
Paperwork Reduction Act process (any instrument for collection (form, survey,
questionnaire, etc.) from ten or more members of the public). Components may use this PTA
to assess internal, component-specific forms as well.
Form Number:
Form Title:
Component:

I-17
Petition For Approval of School for Attendance by
Nonimmigrant Student
Immigration and
Office:
Student and Exchange
Customs Enforcement
Visitor Program (SEVP)
(ICE)

IF COVERED BY THE PAPERWORK REDUCTION ACT:
Collection Title:
Petition For Approval of School for Attendance by Nonimmigrant
Student
March 31, 2018
OMB Control
1653-0038
OMB Expiration
Number:
Date:
Collection status:
Revision
Date of last PTA (if
N/A
applicable):
Name:
Office:

Phone:
Name:
Office:
Phone:

PROJECT OR PROGRAM MANAGER
Ezequiel Vasquez
Student and Exchange
Title:
SEVIS Project Lead
Visitor Program (SEVP)
+(703) 603-3469
Email:
[email protected]

COMPONENT INFORMATION COLLECTION/FORMS CONTACT
Scott Elmore
ICE OCIO
Title:
ICE Forms Manager
+2027322601
Email:
[email protected]

Privacy Threshold Analysis – IC/Form

Page 2 of 14

Version number: 04-2016

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

SPECIFIC IC/Forms PTA QUESTIONS
1. Purpose of the Information Collection or Form
a. Describe the purpose of the information collection or form.
DHS Form I-17, “Petition for Approval of School for Attendance by Nonimmigrant
Student,” OMB Control No. 1653-0038, is used by the Student and Exchange Visitor Program
(SEVP) as part of the school certification process. SEVP certification allows institutions to
issue Forms I-20, "Certificate of Eligibility for Nonimmigrant Student Status," to prospective
international students after admitting them for a course of study. Prospective international
students then use the Form I-20 to apply for a visa to enter the United States. SEVP
certification also authorizes the institution to enroll these international students after they enter
the United States on an F or M student visa. SEVP certification is the result of an adjudication
process that includes a review of the Form I-17 application, submission of supporting
documentation, payment of the application fee, site visits, research and federal adjudication.
Schools use the Student and Exchange Visitor Information System (SEVIS) to petition for
initial SEVP certification to enroll nonimmigrant students by completing the Form I-17. Any
updates to the Form I-17 or petitions for recertification (editing the Form I-17) are also
completed via SEVIS.
Form I-17 is being reviewed and revised.
List the DHS (or component) authorities to collect, store, and use this
information. If this information will be stored and used by a specific DHS
component, list the component-specific authorities.
1. Approval of schools for enrollment of F and M nonimmigrant, 8 C.F.R Section
214.3 (2008)
2. Withdrawal of school approval, 8 C.F.R Section 214.4 (2008)
2. Describe the IC/Form
a. Does this form collect any
Personally Identifiable
Information” (PII 1)?

☒ Yes
☐ No

1
Personally identifiable information means any information that permits the identity of an individual to be directly or indirectly inferred, including
any other information which is linked or linkable to that individual regardless of whether the individual is a U.S. citizen, lawful permanent resident,
visitor to the U.S., or employee or contractor to the Department.

Privacy Threshold Analysis – IC/Form

Page 3 of 14

Version number: 04-2016

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

b. From which type(s) of
individuals does this form
collect information?
(Check all that apply.)

c. Who will complete and
submit this form? (Check
all that apply.)

d. How do individuals
complete the form? Check
all that apply.

Privacy Threshold Analysis – IC/Form

☒ Members of the public
☒ U.S. citizens or lawful permanent
residents
☐ Non-U.S. Persons.
☐ DHS Employees
☐ DHS Contractors
☐ Other federal employees or contractors.

☐ The record subject of the form (e.g., the
individual applicant).
☒ Legal Representative (preparer, attorney,
etc.).
☒ Business entity.
If a business entity, is the only
information collected business contact
information?
☐ Yes
☒ No
☐ Law enforcement.
☐ DHS employee or contractor.
☒ Other individual/entity/organization that is
NOT the record subject.
1. Individuals with signatory authority on
behalf of the school; and
2. Primary Designated School Official for the
school

☐ Paper.
☐ Electronic. (ex: fillable PDF)
☒ Online web form. (available and submitted via
the internet)
Provide link:
Only accessible via SEVIS

Page 4 of 14

Version number: 04-2016

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

e. What information will DHS collect on the form? List all PII data elements on the
form. If the form will collect information from more than one type of individual,
please break down list of data elements collected by type of individual.
Below are links that outline all the information collected under Form I-17 via SEVIS.
•
•
•

https://studyinthestates.dhs.gov/sevis-help-hub/school-records/schoolcertification
https://studyinthestates.dhs.gov/sevis-help-hub/school-records/schoolcertification/initial-certification
https://studyinthestates.dhs.gov/sevis-help-hub/school-records/schoolcertification/form-i-17-petition-update

PII collected:
•
Private School Owner Name (school owner is contacted as a last resort when
unable to get response from the primary designated school official)
•
Private School Owner Address
•
School Official Name
•
School Official Title
•
School Official Address
•
School Official Telephone Number
•
School Official Email address
•
School Official status – U.S. Citizen or Legal Permanent Resident (LPR)
See Appendix B for screenshots of the PII collected under Form I-17 via SEVIS.
f. Does this form collect Social Security number (SSN) or other element that is
stand-alone Sensitive Personally Identifiable Information (SPII)? Check all that
apply.
☐ Social Security number
☐ DHS Electronic Data Interchange
Personal Identifier (EDIPI)
☐ Alien Number (A-Number)
☐ Social Media Handle/ID
☐ Tax Identification Number
☐ Known Traveler Number
☐ Visa Number
☐ Trusted Traveler Number (Global
☐ Passport Number
Entry, Pre-Check, etc.)
☐ Bank Account, Credit Card, or other
☐ Driver’s License Number
financial account number
☐ Biometrics
☐ Other. Please list:
Privacy Threshold Analysis – IC/Form

Page 5 of 14

Version number: 04-2016

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

g. List the specific authority to collect SSN or these other SPII elements.
N/A
h. How will this information be used? What is the purpose of the collection?
Describe why this collection of SPII is the minimum amount of information
necessary to accomplish the purpose of the program.
N/A
i.

Are individuals
provided notice at the
time of collection by
DHS (Does the records
subject have notice of
the collection or is
form filled out by
third party)?

☐ Yes. Please describe how notice is provided.
Click here to enter text.
☒ No.
Notice may not be provided to all parties whose PII is
collected via the form. However, the individual
completing the form would have notice that his/her
information is being collected.

3. How will DHS store the IC/form responses?
a. How will DHS store
☐ Paper. Please describe.
the original,
Click here to enter text.
completed IC/forms?
☒ Electronic. Please describe the IT system that will
store the data from the form.
The information collected will be stored and
maintained in the Student and Exchange Visitor
Information System (SEVIS).
☐ Scanned forms (completed forms are scanned into
an electronic repository). Please describe the
electronic repository.
Click here to enter text.
b. If electronic, how
does DHS input the
responses into the IT
system?
Privacy Threshold Analysis – IC/Form

☐ Manually (data elements manually entered). Please
describe.
Click here to enter text.
☒ Automatically. Please describe.
Page 6 of 14

Version number: 04-2016

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

c. How would a user
search the
information
submitted on the
forms, i.e., how is the
information
retrieved?

The information collected occurs directly and
automatically through the SEVIS interface.

☒ By a unique identifier. 2 Please describe. If
information is retrieved by personal identifier, please
submit a Privacy Act Statement with this PTA.

Although retrieval is primarily done on the school
name or school code, it is possible that school owner
name could be used to retrieve information related to
retrieve multiple schools owned by a single
individual. This would be done for investigative
purposes.
See Appendix A for a copy of the Privacy Statement.

☒ By a non-personal identifier. Please describe.
School name, school code, SEVIS ID for school
The SEVIS records retention schedule is in draft. Until
the schedule is approved by NARA, SEVIS records are
maintained permanently.

d. What is the records
retention
schedule(s)? Include
the records schedule
number.
e. How do you ensure
See above.
that records are
disposed of or deleted
in accordance with
the retention
schedule?
f. Is any of this information shared outside of the original program/office? If yes,
describe where (other offices or DHS components or external entities) and why.
What are the authorities of the receiving party?
☒ Yes, information is shared with other DHS components or offices. Please describe.
2

Generally, a unique identifier is considered any type of “personally identifiable information,” meaning any information that permits the identity
of an individual to be directly or indirectly inferred, including any other information which is linked or linkable to that individual regardless of
whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to the Department.

Privacy Threshold Analysis – IC/Form

Page 7 of 14

Version number: 04-2016

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

For investigative purposes, information may be shared to such offices as ICE/HSI
Counterterrorism and Criminal Exploitation Unit (CTCEU).

☒ Yes, information is shared external to DHS with other federal agencies, state/local
partners, international partners, or non-governmental entities. Please describe.
For investigative purposes, information may be shared to external agencies per
SORN routine uses or other Privacy Act exemptions.
☐ No. Information on this form is not shared outside of the collecting office.

Please include a copy of the referenced form and Privacy Act Statement (if
applicable) with this PTA upon submission.

Privacy Threshold Analysis – IC/Form

Page 8 of 14

Version number: 04-2016

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

PRIVACY THRESHOLD REVIEW
(TO BE COMPLETED BY COMPONENT PRIVACY OFFICE)
Component Privacy Office Reviewer:

Date submitted to component Privacy
Office:
Date submitted to DHS Privacy Office:
Have you approved a Privacy Act
Statement for this form? (Only
applicable if you have received a
waiver from the DHS Chief Privacy
Officer to approve component Privacy
Act Statements.)

Michelle Escobar

November 3, 2017
December 8, 2017

☒ Yes. Please include it with this PTA
submission.
☐ No. Please describe why not.
Third party is providing information
related to school and its officials.

Component Privacy Office Recommendation:
Please include recommendation below, including what existing privacy compliance
documentation is available or new privacy compliance documentation is needed.
ICE Privacy recommends that the PTA is sufficient at this time. The information collected
by the Form I-17 is covered under DHS/ICE/PIA-001 Student and Exchange and Visitor
Information System (SEVIS) PIA and the DHS/ICE-001 SEVIS SORN.

Privacy Threshold Analysis – IC/Form

Page 9 of 14

Version number: 04-2016

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

PRIVACY THRESHOLD ADJUDICATION
(TO BE COMPLETED BY THE DHS PRIVACY OFFICE)
DHS Privacy Office Reviewer:

Max Binstock

PCTS Workflow Number:
Date approved by DHS Privacy Office:
PTA Expiration Date

1154892
December 18, 2017
December 18, 2020

DESIGNATION

Privacy Sensitive IC or
Form:

Yes If “no” PTA adjudication is complete.

DHS IC/Forms Review:

DHS PRIV has commented on this ICR/Form.

Determination:

☐ PTA sufficient at this time.
☐ Privacy compliance documentation determination in
progress.
☐ New information sharing arrangement is required.
☐ DHS Policy for Computer-Readable Extracts Containing SPII
applies.
☒ Privacy Act Statement required.
☒ Privacy Impact Assessment (PIA) required.
☒ System of Records Notice (SORN) required.
☐ Specialized training required.
☐ Other. Click here to enter text.

Date IC/Form Approved Click here to enter a date.
by PRIV:
IC/Form PCTS Number: Click here to enter text.
Privacy Act
New e(3) statement is required.
Statement:
e(3) statement found in PIA Appendix is approved
PTA:
Updated system PTA required.
SEVIS Information Sharing module PTA submitted and approved
with this PTA.
PIA:
System covered by existing PIA

Privacy Threshold Analysis – IC/Form

Page 10 of 14

Version number: 04-2016

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

If covered by existing PIA, please list: DHS/ICE/PIA-001 Student And
Exchange Visitor Information System (SEVIS)
If a PIA update is required, please list: Click here to enter text.
SORN:
System covered by existing SORN
If covered by existing SORN, please list: DHS/ICE 001 Student and
Exchange Visitor Information System, January 5, 2010, 75 FR 412
If a SORN update is required, please list: Click here to enter text.
DHS Privacy Office Comments:
Please describe rationale for privacy compliance determination above.

ICE Privacy is submitting this PTA because DHS Form I-17 is used by SEVP as part of
the school certification process. SEVP certification is the result of an adjudication
process that includes a review of the Form I-17 application, submission of
supporting documentation, payment of the application fee, site visits, research and
federal adjudication. Form I-17 collects Private School Owner name and address,
school officials name, title, address, telephone number, and email address, and
school official status – whether or not U.S. Citizen or LPR.
PRIV finds that is a privacy sensitive system and a PIA is required because the Form
I-17 collects PII from members of the public. PRIV agrees with ICE Privacy that the
SEVIS PIA provides coverage. DHS/ICE/PIA-001 discusses the privacy risks
associated with submitting the Form I-17 for initial certification, recertification, and
update petitions, as well as appeals.
PRIV finds that a SORN is required because Form I-17 retrieves information by a
unique identifier. PRIV agrees with ICE Privacy that DHS/ICE-001 SEVIS SORN covers
the collection of SEVIS data.
PRIV finds that an e(3) statement is required because it is DHS policy is to provide a
Privacy Act Statement to all persons asked to provide personal information about
themselves. PRIV approves the e(3) statement in the Appendix.

Privacy Threshold Analysis – IC/Form

Page 11 of 14

Version number: 04-2016

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Appendix A – Privacy Statement
SEVIS – School Certification & Recertification
Form I-17: Petition for Approval of School for Attendance by Nonimmigrant Student
Privacy Statement
Authority: U.S. Immigration and Customs Enforcement (ICE) Student and Exchange Visitor
Program (SEVP) is authorized to collect information by Section 641 of the Illegal Immigration
Reform and Immigrant Responsibility Act (IIRIRA) of 1996 (codified at 8 U.S.C. 1372), Public
Law 104-208; Public Law 107-56, U.S.A. PATRIOT Act; Homeland Security Presidential
Directive-2 (HSPD 2, Combating Terrorism Through Immigration Policies), as amended by
HSPD-5, Management of Domestic Incidents, Compilation of HSPDs); 8 CFR 214.2(f); 8 CFR
214.2(m); 8 CFR 214.3; and 8 CFR 214.4.
Purpose: Your information collected through the ICE Student and Exchange Visitor Information
System (SEVIS) is used to either nominate you as a designated school official (DSO), certify that
you as a DSO are familiar with relevant regulations of admission and maintenance of status for F
and M students and school certification, and affirm your compliance with these regulations,
including the requirement to update and maintain school records and nonimmigrant student
records in SEVIS. If you are a private school owner, your information is also collected for
contact purposes by SEVP when the primary DSO is unavailable. SEVP uses your information to
review and certify a school’s certification or recertification in order to participate in the Student
and Exchange Visitor Program.
Agency Disclosure of Information: Your information may be shared internally within the DHS,
as well as with federal, state, local, tribal, territorial, and foreign law enforcement; other
government agencies; and other parties for audit, enforcement, investigatory, litigation, or other
purposes permitted by law and policy. This disclosure is in accordance with the Privacy Act of
1974, 5 U.S.C. § 552a(b), including pursuant to the routine uses published in the DHS/ICE-001
Student and Exchange Visitor Information System (SEVIS) System of Records, which can be
viewed at www.dhs.gov/privacy.
For private school owners who are not currently a United States Citizen or Lawful Permanent
Resident, your information may be shared internally within the U.S. Department of Homeland
Security (DHS), as well as with federal, state, local, tribal, territorial, and foreign law
enforcement; other government agencies; and other parties for audit, enforcement, investigatory,
litigation, or other purposes permitted by law and policy.
Providing Information to DHS: The information you provide is voluntary. However, failure to
provide the information requested may lead to a withdrawal of approval of your school’s
certification or a denial of your school’s recertification of eligibility to participate in the Student
and Exchange Visitor Program.
Privacy Threshold Analysis – IC/Form

Page 12 of 14

Version number: 04-2016

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Appendix B – PII Collected
Private School Owner Information:

Screenshots and instructions to complete the Form I-17 via SEVIS are available at
https://studyinthestates.dhs.gov/sevis-help-hub/school-records/schoolcertification/form-i-17-initial-certification#prepare_the_petition
Privacy Threshold Analysis – IC/Form

Page 13 of 14

Version number: 04-2016

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

School Official Information:

Privacy Threshold Analysis – IC/Form

Page 14 of 14

Version number: 04-2016