Download:
pdf |
pdfPrivacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
PRIVACY THRESHOLD ANALYSIS (PTA)
This form serves as the official determination by the DHS Privacy Office to
identify the privacy compliance requirements for all Departmental uses of
personally identifiable information (PII).
A Privacy Threshold Analysis (PTA) serves as the document used to identify
information technology (IT) systems, information collections/forms, technologies,
rulemakings, programs, information sharing arrangements, or pilot projects that involve
PII and other activities that otherwise impact the privacy of individuals as determined by
the Chief Privacy Officer, pursuant to Section 222 of the Homeland Security Act, and to
assess whether there is a need for additional Privacy Compliance Documentation. A PTA
includes a general description of the IT system, information collection, form, technology,
rulemaking, program, pilot project, information sharing arrangement, or other Department
activity and describes what PII is collected (and from whom) and how that information is
used and managed.
Please complete the attached Privacy Threshold Analysis and submit it to your
component Privacy Office. After review by your component Privacy Officer the PTA is sent
to the Department’s Senior Director for Privacy Compliance for action. If you do not have a
component Privacy Office, please send the PTA to the DHS Privacy Office:
Senior Director, Privacy Compliance
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Tel: 202-343-1717
[email protected]
Upon receipt from your component Privacy Office, the DHS Privacy Office will review this
form and assess whether any privacy compliance documentation is required. If compliance
documentation is required – such as Privacy Impact Assessment (PIA), System of Records
Notice (SORN), Privacy Act Statement, or Computer Matching Agreement (CMA) – the DHS
Privacy Office or component Privacy Office will send you a copy of the relevant compliance
template to complete and return.
Privacy Threshold Analysis – IC/Form
Page 1 of 11
Version number: 04-2016
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis (PTA)
Specialized Template for
Information Collections (IC) and Forms
The Forms-PTA is a specialized template for Information Collections and Forms. This
specialized PTA must accompany all Information Collections submitted as part of the
Paperwork Reduction Act process (any instrument for collection (form, survey,
questionnaire, etc.) from ten or more members of the public). Components may use this PTA
to assess internal, component-specific forms as well.
Form Number:
Form Title:
CBP Form 3229
Certificate of Origin
Component:
Customs and Border
Protection (CBP)
Office:
Trade Agreements
Branch
IF COVERED BY THE PAPERWORK REDUCTION ACT:
Collection Title:
Certificate of Origin
OMB Control
Number:
Collection status:
Name:
Office:
Phone:
Name:
OMB 1650-0016
Revision
OMB Expiration
Date:
Date of last PTA (if
applicable):
September 30, 2018
Click here to enter
a date.
PROJECT OR PROGRAM MANAGER
Seth Mazze
Trade Agreements Branch
Title:
Field Operations Program
Specialist
(202) 863-6567
Email:
[email protected]
COMPONENT INFORMATION COLLECTION/FORMS CONTACT
Seth Mazze
Privacy Threshold Analysis – IC/Form
Page 2 of 11
Version number: 04-2016
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Office:
Phone:
Trade Agreements Branch
Title:
Field Operations Program
Specialist
(202) 863-6567
Email:
[email protected]
SPECIFIC IC/Forms PTA QUESTIONS
1. Purpose of the Information Collection or Form
a. Describe the purpose of the information collection or form. Please provide a
general description of the project and its purpose, including how it supports the DHS
mission, in a way a non-technical person could understand (you may use
information from the Supporting Statement).
If this is an updated PTA, please specifically describe what changes or upgrades are
triggering the update to this PTA.
CBP Form 3229, Certificate of Origin, is used by shippers and importers to declare
that goods being imported into the United States are produced or manufactured in a
U.S. insular possession (which are American territories outside the customs territory
of the United States and includes the U.S. Virgin Islands, Guam, American Samoa,
Wake Island, Midway Islands, and Johnston Atoll) from materials grown, produced or
manufactured in these territories. This form includes a list of the foreign materials in
the goods, including their description and value. CBP Form 3229 is used as
documentation for goods entitled to enter the U.S. free of duty.
CBP Form 3229 helps CBP determine whether or not imported merchandise is
exempt from duty under the applicable statutory provisions. The information is
automated through the Automated Commercial Environment (ACE).
b. List the DHS (or component) authorities to collect, store, and use this information.
If this information will be stored and used by a specific DHS component, list the
component-specific authorities.
This form is authorized by General Note 3(a)(iv) of the Harmonized Tariff Schedule of
the United States (19 U.S.C. 1202) and is provided for by 19 CFR Part 7.3.
2. Describe the IC/Form
Privacy Threshold Analysis – IC/Form
Page 3 of 11
Version number: 04-2016
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
a. Does this form collect any
Personally Identifiable
Information” (PII 1)?
b. From which type(s) of
individuals does this form
collect information?
(Check all that apply.)
☒ Yes
☐No
☒ Members of the public
☒ U.S. citizens or lawful permanent
residents
☒ Non-U.S. Persons.
☐DHS Employees
☐DHS Contractors
c. Who will complete and
submit this form? (Check
all that apply.)
☐Other federal employees or contractors.
☐The record subject of the form (e.g., the
individual applicant).
☐Legal Representative (preparer, attorney, etc.).
☒ Business entity.
If a business entity, is the only
information collected business contact
information?
☒ Yes
☐No
☐Law enforcement.
☐DHS employee or contractor.
☐Other individual/entity/organization that is
d. How do individuals
complete the form? Check
all that apply.
NOT the record subject. Please describe.
Click here to enter text.
☒ Paper.
☒ Electronic. (ex: fillable PDF)
☐Online web form. (available and submitted via
the internet)
1
Personally identifiable information means any information that permits the identity of an individual to be directly or indirectly inferred, including
any other information which is linked or linkable to that individual regardless of whether the individual is a U.S. citizen, lawful permanent resident,
visitor to the U.S., or employee or contractor to the Department.
Privacy Threshold Analysis – IC/Form
Page 4 of 11
Version number: 04-2016
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Provide link:
e. What information will DHS collect on the form? List all PII data elements on the
form. If the form will collect information from more than one type of individual,
please break down list of data elements collected by type of individual.
Name of person completing certificate
Name of Firm
Shippers Export DEC No.
Carrier Name (Vessel or Airline)
Consignee information
Location of Consignee (City and State)
Address of Shipper
Email of Shipper
Signature of Shipper
f. Does this form collect Social Security number (SSN) or other element that is
stand-alone Sensitive Personally Identifiable Information (SPII)? Check all that
apply.
☐ Social Security number
☐ DHS Electronic Data Interchange
Personal Identifier (EDIPI)
☐ Alien Number (A-Number)
☐ Social Media Handle/ID
☐ Tax Identification Number
☐ Known Traveler Number
☐ Visa Number
☐ Trusted Traveler Number (Global
☐ Passport Number
Entry, Pre-Check, etc.)
☐ Bank Account, Credit Card, or other
☐ Driver’s License Number
financial account number
☐ Biometrics
x Other. Please list: Certificate #
g. List the specific authority to collect SSN or these other SPII elements.
N/A
h. How will this information be used? What is the purpose of the collection?
Describe why this collection of SPII is the minimum amount of information
necessary to accomplish the purpose of the program.
CBP Form 3229 is used as documentation for goods entitled to enter the U.S. free of duty.
Privacy Threshold Analysis – IC/Form
Page 5 of 11
Version number: 04-2016
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
CBP Form 3229 helps CBP determine whether or not imported merchandise is exempt
from duty under the applicable statutory provisions.. The shipper of the merchandise
will sign the CBP Form 3229 upon submission.
i.
Are individuals
provided notice at the
time of collection by
DHS (Does the records
subject have notice of
the collection or is
form filled out by
third party)?
☒ Yes. Please describe how notice is provided.
PA statement will be developed for this form.
☐No.
3. How will DHS store the IC/form responses?
a. How will DHS store
☐Paper. Please describe.
the original,
Click here to enter text.
completed IC/forms?
☐Electronic. Please describe the IT system that will
b. If electronic, how
does DHS input the
responses into the IT
system?
Privacy Threshold Analysis – IC/Form
store the data from the form.
Click here to enter text.
☒ Scanned forms (completed forms are scanned into
an electronic repository). Please describe the
electronic repository.
Scanned by shipper and submitted via Automated
Broker Interface upon request by CBP.
☐Manually (data elements manually entered). Please
describe.
Click here to enter text.
☒ Automatically. Please describe.
Scanned by shipper.
Page 6 of 11
Version number: 04-2016
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
c. How would a user
search the
information
submitted on the
forms, i.e., how is the
information
retrieved?
d. What is the records
retention
schedule(s)? Include
the records schedule
number.
e. How do you ensure
that records are
disposed of or deleted
in accordance with
the retention
schedule?
☐ By a unique identifier. 2 Please describe. If
information is retrieved by personal identifier, please
submit a Privacy Act Statement with this PTA.
☒ By a non-personal identifier. Please describe.
By entry number
(The entry number is a CBP-assigned number that is unique to
each Entry Summary (CBP Form 7501)).
CBP retains import records are maintained for a
period of six years from the date of entry.
Per the ACE PIA, CBP retains information pertaining to
import records for a period of six years from the date of
entry. Personal information collected in connection with
the creation of a carrier, broker, or importer account is
retained for up to three years following the closing of the
account either through withdrawal by the individual or
denial of access by CBP.
f. Is any of this information shared outside of the original program/office? If yes,
describe where (other offices or DHS components or external entities) and why.
What are the authorities of the receiving party?
☐Yes, information is shared with other DHS components or offices. Please describe.
Click here to enter text.
☐Yes, information is shared external to DHS with other federal agencies, state/local
partners, international partners, or non-governmental entities. Please describe.
Click here to enter text.
☒ No. Information on this form is not shared outside of the collecting office.
2
Generally, a unique identifier is considered any type of “personally identifiable information,” meaning any information that permits the identity
of an individual to be directly or indirectly inferred, including any other information which is linked or linkable to that individual regardless of
whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to the Department.
Privacy Threshold Analysis – IC/Form
Page 7 of 11
Version number: 04-2016
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Please include a copy of the referenced form and Privacy Act Statement (if
applicable) with this PTA upon submission.
Privacy Threshold Analysis – IC/Form
Page 8 of 11
Version number: 04-2016
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
PRIVACY THRESHOLD REVIEW
(TO BE COMPLETED BY COMPONENT PRIVACY OFFICE)
Component Privacy Office Reviewer:
Date submitted to component Privacy
Office:
Date submitted to DHS Privacy Office:
Have you approved a Privacy Act
Statement for this form? (Only
applicable if you have received a
waiver from the DHS Chief Privacy
Officer to approve component Privacy
Act Statements.)
Kimberly P. Morton
Click here to enter a date.
May 2, 2018
☒ Yes. Please include it with this PTA
submission.
☐No. Please describe why not.
Click here to enter text.
Component Privacy Office Recommendation:
Please include recommendation below, including what existing privacy compliance
documentation is available or new privacy compliance documentation is needed.
CBP Privacy finds this collection to be privacy sensitive, since CBP form 3229 contains
PII (name and address). PIA coverage is required and provided for by
DHS/CBP/PIA-003(b) Automated Commercial Environment (ACE), July 31, 2015, which
provides notice of CBP’s collection of importer information for compliance and
inspection purposes.
SORN coverage is provided for by DHS/CBP-001 Import Information Systems (IIS),
August 25, 2016, which describes CBP’s collection of information from Importers and
shippers for the purpose of facilitating trade.
Privacy Threshold Analysis – IC/Form
Page 9 of 11
Version number: 04-2016
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
PRIVACY THRESHOLD ADJUDICATION
(TO BE COMPLETED BY THE DHS PRIVACY OFFICE)
DHS Privacy Office Reviewer:
Max Binstock
PCTS Workflow Number:
Date approved by DHS Privacy Office:
PTA Expiration Date
1162684
May 3, 2018
May 3, 2021
DESIGNATION
Privacy Sensitive IC or
Form:
Determination:
Yes If “no” PTA adjudication is complete.
☐PTA sufficient at this time.
☐Privacy compliance documentation determination in progress.
☐New information sharing arrangement is required.
☐DHS Policy for Computer-Readable Extracts Containing SPII
applies.
☒ Privacy Act Statement required.
☒ Privacy Impact Assessment (PIA) required.
☒ System of Records Notice (SORN) required.
☐Specialized training required.
DHS IC/Forms Review:
☐Other. Click here to enter text.
DHS PRIV has commented on this ICR/Form.
Privacy Act Statement required
Date IC/Form Approved Click here to enter a date.
by PRIV:
IC/Form PCTS Number: Click here to enter text.
Privacy Act
New e(3) statement is required.
Statement:
Privacy Act Statement submitted with PTA is approved.
PTA:
No system PTA required.
Click here to enter text.
Privacy Threshold Analysis – IC/Form
Page 10 of 11
Version number: 04-2016
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
System covered by existing PIA
If covered by existing PIA, please list: DHS/CBP/PIA-003 Automated
Commercial Environment (ACE)
If a PIA update is required, please list: Click here to enter text.
SORN:
System covered by existing SORN
If covered by existing SORN, please list: DHS/CBP-001 Import
Information System, July 26, 2016, 81 FR 48826
If a SORN update is required, please list: Click here to enter text.
DHS Privacy Office Comments:
Please describe rationale for privacy compliance determination above.
PIA:
CBP Privacy is submitting this Forms-PTA to discuss CBP Form 3229, Certificate of
Origin, which is associated with OMB Number 1651-0016. CBP Form 3229 is used to
by shippers and importers to declare that goods being imported into the United
States are produced or manufactured in a U.S. insular possession from materials
grown, produced or manufactured in these territories. This form includes a list of
the foreign materials in the goods, including their description and value. CBP Form
3229 helps CBP determine whether or not imported merchandise is exempt from
duty under the applicable statutory provisions.
CBP Form 3229 is completed by the shipper of the merchandise, who will sign upon
submission. In addition, consignee information is collected as well as business
information.
The DHS Privacy Office finds that this is a privacy-sensitive system form that
requires PIA coverage. SORN coverage is required because information is retrieved
by unique identifier.
PIA coverage is provided by DHS/CBP/PIA-003 ACE which outlines the risks of
collecting PII related to import information from the trade community. SORN
coverage is provided by DHS/CBP-001 IIS, which describes CBP’s collection of
information from Importers and shippers for the purpose of facilitating trade.
The Privacy Act Statement submitted in coordination with this PTA is approved and
should be added to CBP Form 3229.
Privacy Threshold Analysis – IC/Form
Page 11 of 11
Version number: 04-2016
File Type | application/pdf |
File Title | DHS PRIVACY OFFICE |
Author | marilyn.powell |
File Modified | 2018-05-03 |
File Created | 2018-05-03 |