Sorn Iis

9111-14
DEPARTMENT OF HOMELAND SECURITY
Office of the Secretary
[Docket No. DHS-2016-0048]
Privacy Act of 1974; Department of Homeland Security, U.S. Customs and Border
Protection, DHS/CBP-001, Import Information System, System of Records
AGENCY: Department of Homeland Security, Privacy Office.
ACTION: Notice of Privacy Act system of records.
SUMMARY: In accordance with the Privacy Act of 1974, the Department of Homeland
Security (DHS) proposes to update an existing systems of records titled, “DHS/U.S.
Customs and Border Protection (CBP)-001 Import Information System (IIS) System of
Records” (August 17, 2015, 80 FR 49256). This system of records will continue to permit
DHS/CBP to collect and maintain records on all commercial goods imported into the
United States, as well as information pertaining to the carrier, broker, importer, and other
persons associated with the manifest, import, or commercial entry transactions for the
goods.
DHS/CBP is updating this system of records notice to provide notice that IIS
records may be stored on both DHS unclassified and classified networks to allow for
analysis and vetting consistent with existing DHS/CBP authorities and purposes and this
published notice. Furthermore, this notice includes non-substantive changes to simplify
the formatting and text of the previously published notice.

1

This system of records notice was previously published in the Federal Register on
August 17, 2015 (80 FR 49256). DHS/CBP previously published a Final Rule for the IIS
system of records in the Federal Register on March 17, 2016 (81 FR 14369), which
remains in effect. This updated system will be included in the Department of Homeland
Security’s inventory of record systems.
DATES: Submit comments on or before [INSERT DATE 30 DAYS AFTER DATE
OF PUBLICATION IN THE FEDERAL REGISTER].This updated system will be
effective [INSERT DATE 30 DAYS AFTER DATE OF PUBLICATION IN THE
FEDERAL REGISTER].
ADDRESSES: You may submit comments, identified by docket number DHS-20160048 by one of the following methods:
•

Federal e-Rulemaking Portal: http://www.regulations.gov. Follow the instructions
for submitting comments.

•

Fax: (202) 343-4010.

•

Mail: Jonathan R. Cantor, Acting Chief Privacy Officer, Privacy Office,
Department of Homeland Security, Washington, D.C. 20528-0655.

INSTRUCTIONS: All submissions received must include the agency name and docket
number for this rulemaking. All comments received will be posted without change to
http://www.regulations.gov, including any personal information provided.
DOCKET: For access to the docket to read background documents or comments
received, please visit http://www.regulations.gov.

2

FOR FURTHER INFORMATION CONTACT: For general questions, please contact:
Debra L. Danisek (202) 344-1610, Acting CBP Privacy Officer, Office of the
Commissioner, U.S. Customs and Border Protection, Washington, D.C. 20229. For
privacy questions, please contact: Jonathan R. Cantor, (202) 343-1717, Acting Chief
Privacy Officer, Privacy Office, Department of Homeland Security, Washington, D.C.
20528-0655.
SUPPLEMENTARY INFORMATION:
I. Background
In accordance with the Privacy Act of 1974, 5 U.S.C. sec. 552a, the Department
of Homeland Security (DHS), U.S. Customs and Border Protection (CBP) proposes to
update an existing systems of records titled, “DHS/CBP-001 Import Information System
(IIS) System of Records” (August 17, 2015, 80 FR 49256). This system of records will
continue to collect and maintain records on all commercial goods imported into the
United States, as well as information pertaining to the carrier, broker, importer, and other
persons associated with the manifest, import, or commercial entry transactions for the
goods.
DHS/CBP is updating this system of records notice (SORN) to provide notice that
IIS records may be stored on both DHS unclassified and classified networks to allow for
analysis and vetting consistent with existing DHS/CBP authorities and purposes and this
published notice. Furthermore, this notice includes non-substantive changes to simplify
the formatting and text of the previously published notice.
DHS/CBP-001 IIS, issued on August 17, 2015 (80 FR 49256), consolidated,

3

updated, and renamed as one SORN the information previously contained in two DHS
SORNs titled, “DHS/CBP-001 Automated Commercial Environment/International Trade
Data System (ACE/ITDS) System of Records” (71 FR 3109, January 19, 2006) and
“DHS/CBP-015 Automated Commercial System (ACS) System of Records” (73 FR
77759, December 19, 2008). The Automated Commercial System, a decades old trade
information database and information technology (IT) system, was deployed to track,
control, and process all commercial goods imported into the United States. ACE, part of a
multi-year modernization effort since 2001 to replace ACS, continues to be designed to
manage CBP’s import trade data and related transaction information. ACE/ITDS serves
three sets of core stakeholders: the internal DHS/CBP users, Partner Government
Agencies (PGA), and the trade community. ACE is the IT backbone for the ITDS, an
interagency initiative formalized under the SAFE Port Act of 2006 to create a single
window for the trade community and PGAs involved in importing and exporting.
DHS/CBP has provided notice to the public and trade community that in the future, the
ACS IT system will be fully phased out and replaced by ACE. DHS/CBP published the
IIS system of records to identify a single repository for import trade information and
allow DHS/CBP to collect and maintain records on all commercial goods imported into
the United States, along with related information about persons associated with those
transactions, and manifest information.
DHS/CBP is updating the system location to inform the public that certain IIS
information may be replicated from the operational IT system, ACE/ITDS, and
maintained on unclassified and classified systems and networks to allow for analysis and

4

vetting consistent with existing DHS/CBP authorities and purposes and this published
notice. Furthermore, this notice includes non-substantive changes to simplify the
formatting and text of the previously published notice.
Consistent with DHS’s information-sharing mission, information stored in the
DHS/CBP-001 IIS system of records may be shared with other DHS Components that
have a need to know the information to carry out their national security, law enforcement,
immigration, or other homeland security functions. In addition, information may be
shared with appropriate federal, state, local, tribal, territorial, foreign, or international
government agencies consistent with the routine uses set forth in this SORN and as
otherwise authorized under the Privacy Act.
DHS/CBP will not assert any exemptions with regard to information provided by
or on behalf of an individual. However, this data may be shared with law enforcement
and/or intelligence agencies pursuant to the routine uses identified in the IIS SORN and
as otherwise authorized under the Privacy Act. The Privacy Act requires that DHS
maintain an accounting of such disclosures. Disclosing the fact that a law enforcement
and/or intelligence agency has sought particular records may interfere with or disclose
techniques and procedures related to ongoing law enforcement investigations. As such,
DHS has issued a Final Rule for the IIS system of records in the Federal Register on
March 17, 2016 (81 FR 14369), which remains in effect. This updated system will be
included in the Department of Homeland Security’s inventory of record systems.
II. Privacy Act
The Privacy Act embodies fair information practice principles in a statutory
5

framework governing the means by which Federal Government agencies collect,
maintain, use, and disseminate individuals’ records. The Privacy Act applies to
information that is maintained in a “system of records.” A “system of records” is a group
of any records under the control of an agency from which information is retrieved by the
name of an individual or by some identifying number, symbol, or other identifying
particular assigned to the individual. In the Privacy Act, an individual is defined to
encompass U.S. citizens and lawful permanent residents. As a matter of policy, DHS
extends administrative Privacy Act protections to all persons when systems of records
maintain information on U.S. citizens, lawful permanent residents, and non-immigrant
aliens.
Below is the description of the DHS/CBP-001 Import Information System (IIS)
System of Records.
In accordance with 5 U.S.C. sec. 552a(r), DHS has provided a report of these
systems of records to the Office of Management and Budget and to Congress.
System of Records:
Department of Homeland Security (DHS)/U.S. Customs and Border Protection (CBP)001
System name:
DHS/CBP-001 Import Information System (IIS).
Security classification:
Unclassified. The data may be retained on the classified networks but this does
not change the nature and character of the data until it is combined with classified
6

information.
System location:
DHS/CBP maintains records in the operational information technology (IT)
system at the DHS/CBP Headquarters in Washington, D.C. and field offices. DHS/CBP
also replicates records from the operational system and maintains them on other
unclassified and classified systems and networks.
Categories of individuals covered by the system:
Categories of individuals in this system include members of the public involved in
the importation of merchandise and international trade, such as importers, brokers,
carriers, manufacturers, shippers, consignees, cartmen/lightermen, filers, sureties, facility
operators, foreign trade zone operators, drivers/crew, attorneys/consultants, and agents, in
addition to persons required to file Customs Declarations for international mail
transactions (including sender and recipient).
Categories of records in the system:
Information maintained by ACE as part of the user account creation process
includes:
•

Account Information – Including Name of Company, Name of Company Officer,
Title of Company Officer, Company Organization Structure, and Officer’s Date of
Birth (optional). For Operators, this information must match the name on the
company’s bond.
o Account Owner Information – Name, Application Data, E-mail, Date of
Birth, Country, Address, and Business Phone Number.
7

o Legal Entity Information – Name, Application Data, E-mail, Country,
Address, and Business Phone Number.
o Point of Contact Information – Name, Application Data, E-mail, Country,
Date of Birth, Address, and Business Phone Number.
•

Business Activity Information – Depending on the account type being established,
CBP requires the following identifying information to set up an ACE portal
account. Users are limited to a single identification number for the portal account
being requested with the exception of: importer, broker, filer, software vendor,
service bureau, port authority, preparer, or surety agent, which can use up to three
identifying numbers for each portal view:
o Importer/Broker/Filer/Surety – Importer Record Number; Filer Code;
Taxpayer Identification Number (TIN) [e.g., Internal Revenue Service
(IRS) Employer Identification Number (EIN)/Social Security number
(SSN)]; Surety Code.
o Service Provider – Standard Carrier Alpha Code (SCAC) or Filer Code;
EIN/SSN.
o Operator – EIN/SSN; Bond Number; Facilities Information and Resources
Management System (FIRMS) Code; Zone Number; Site Number.
Operators must also note whether their background investigation has been
completed by CBP, and whether their fingerprints are on file with CBP.

8

o Cartman/Lighterman – Cartman/Lighterman Identification Number;
Customhouse License (CHL) Number; Passport Number; Country of
Issuance; Date of Expiration; U.S. Visa Number; Birth Certification
Number; Permanent Resident Card Number; Certificate of Naturalization;
Certificate of U.S. Citizenship; Re-entry Permit Number (I-327); Refugee
Permit Number; Other Identification (such as Military Dependent’s Card,
Temporary

Resident

Card,

Voter

Registration

Card).

A

Cartman/Lighterman must also note whether his or her background
investigation has been completed by CBP, and whether his or her
fingerprints are on file with CBP.
o Carriers – SCAC; Bond Numbers; Importer Record for Type 2 Bond (if
applicable).
o Drivers/Crew – Commercial Driver License (CDL) Number; State/Province
of Issuance; Country; whether the Driver has an Enhanced CDL or is
HAZMAT endorsed; Full Name; Date of Birth; Gender; Citizenship; Travel
Documentation (and Country of Issuance) such as: Passport Number or
Permanent Resident Card; or other type of identification including:
SENTRI Card; NEXUS 1; U.S. Visa (non-immigrant or immigrant);
Permanent Resident Card; U.S. Alien Registration Card; U.S. Passport

1

SENTRI and NEXUS are Trusted Traveler Cards used for expedited border crossing along the southern
and northern borders, respectively. See, http://www.cbp.gov/travel/trusted-traveler-programs.

9

Card; DHS Refugee Travel Document; DHS Re-Entry Permit; U.S. Military
ID Document; or U.S. Merchant Mariner Document.
Information maintained by ACE as part of the trade facilitation process includes:
•

Filer Information
o Importer of Record Name and Address – The name and address, including
the standard postal two-letter state or territory abbreviation, of the importer
of record. The importer of record is defined as the owner or purchaser of
the goods, or when designated by the owner, purchaser, or consignee, a
licensed customs broker. The importer of record is the individual or firm
liable for payment of all duties and meeting all statutory and regulatory
requirements incurred as a result of importation, as described in 19 CFR.
sec. 141.1(b).
o Consignee Number – IRS EIN, SSN, or CBP-assigned number of the
consignee. This number must reflect a valid identification number filed
with CBP via the CBP Form 5106 or its electronic equivalent.
o Importer Number – The IRS EIN, SSN, or CBP-assigned number of the
importer of record.
o Reference Number – The IRS EIN, SSN, or CBP-assigned number of the
individual or firm to whom refunds, bills, or notices of extension or
suspension of liquidation are to be sent (if other than the importer of
record and only when a CBP Form 4811 is on file).
10

o Ultimate Consignee Name and Address – The name and address of the
individual or firm purchasing the merchandise or, if a consigned
shipment, to whom the merchandise is consigned.
o Broker/Filer Information – A broker or filer name, address, and phone
number.
o Broker/Importer File Number – A broker or importer internal file or
reference number.
o Bond Agent Information – Bond agent name, SSN or a surety-created
identification, and surety name.
o Declarant Name, Title, Signature, and Date – The name, job title, and
signature of the owner, purchaser, or agent who signs the declaration. The
month, day, and year when the declaration was signed.
o Importer Business Description – Including the Importer Dun & Bradstreet
(DUNS) Number and the North American Industry Classification System
(NAICS) number for Importer Business.
o Senior Officers of the Importing Company – Information pertaining to
Senior Officers of the Importing Company with an importing or financial
role in trade transactions: Position title; Name (First, Middle, Last);
Business Phone; SSN (Optional); Passport Number (Optional); Passport
Country of Issuance (Optional).
o Additional Data Elements – Filers may, on their own initiative, provide
11

additional or clarifying information on the form provided such additional
information does not interfere with the reporting of those required data
elements.
•

Supply Chain Information
o Manufacturer Information:


Manufacturer (or supplier) name;



Manufacturer (or supplier) address;



Foreign manufacturer identification code and/or shipper identification
code;



Foreign manufacturer name and/or shipper name; and



Foreign manufacturer address and/or shipper address.

o Carrier Information:


Importing Carrier – For merchandise arriving in the United States by
vessel, CBP records the name of the vessel that transported the
merchandise from the foreign port of lading to the first U.S. port of
unlading.
•

Vessel Identifier Code;

•

Vessel Name;

•

Carrier Name;

•

Carrier Address;
12

•

Carrier codes (non-SSN) (Standard Carrier Agent Code (SCAC)
for vessel carriers, International Air Transport Association
(IATA) for air carriers);

•

Department of Transportation (DOT) number,

•

Tax Identification Number;

•

DUNS;

•

Organizational structure; and

•

Insurance information including name of insurer, policy
number, date of issuance, and amount.

•

The carrier can create users and points of contact, and may also
choose to store details associated with the driver and crew,
conveyance, and equipment for purposes of expediting the
creation of manifests.



Mode of Transport – The mode of transportation by which the
imported merchandise entered the U.S. port of arrival from the last
foreign country. The mode of transport may include vessel, rail, truck,
air, or mail.



Export Date – The month, day, and year on which the carrier departed
the last port (or airport, for merchandise exported by air) in the
exporting country.

13

o Liquidator identification (non-SSN);
o Seller (full name and address or a widely accepted industry number such as
a DUNS number);
o Buyer (full name and address or a widely accepted industry number such as
a DUNS number);
o Ship to party name;
o Consolidator (stuffer);
o Foreign trade zone applicant identification number;
o Country of origin;
o Commodity Harmonized Tariff Schedule of the United States (HTSUS)
number;
o Booking party; and
o Other identification information regarding the party to the transaction.
•

Crewmember/Passenger Information
o Carrier Information (including vessel flag and vessel name, date of
arrival, and port of arrival (CBP Form 5129));
o Person on arriving conveyance who is in charge;
o Names of all crew members and passengers;
o Date of birth of each crew member and passenger;
14

o Commercial driver license (CDL)/driver license number for each crew
member;
o CDL state or province of issuance for each crew member;
o CDL country of issuance for each crew member;
o Travel document number for each crew member and passenger;
o Travel document country of issuance for each crew member and passenger;
o Travel document for state/province of issuance for each crew member and
passenger;
o Travel document type for each crew member and passenger;
o Address for each crew member and passenger;
o Gender of each crew member and passenger;
o Nationality/citizenship of each crew member and passenger; and
o HAZMAT endorsement for each crew member.
•

Federal Employee Information (including CBP and PGA employees)
o CBP employee names;
o CBP employee hash identification, SSN, or other employee identification
number; and
o Federal Government employee names, work addresses, work phone
numbers, and ACE identification if already an ACE-ITDS user.
15

•

Manifest Information
o Bill of Lading (B/L) or Air Waybill (AWB) Number – The number
assigned on the manifest by the international carrier delivering the goods
to the United States.
o Immediate Transportation Number – The Immediate Transportation
number obtained from the CBP Form 7512, the AWB number from the
Transit Air Cargo Manifest (TACM), or Automated Manifest System
(AMS) master in-bond (MIB) movement number.
o Immediate Transportation Date – The month, day, and year obtained from
the CBP Form 7512, TACM, or AMS MIB record. Note that Immediate
Transportation date cannot be prior to import date.
o Missing Documents – Codes that indicate which documents are not
available at the time of filing the entry summary.
o Foreign Port of Lading – The five digit numeric code listed in the
“Schedule K” (Classification of Foreign Ports by Geographic Trade Area
and Country) for the foreign port at which the merchandise was actually
laden on the vessel that carried the merchandise to the United States. 2
o U.S. Port of Unlading – The U.S. port code where the merchandise was
unladen (or, delivered) from the importing vessel, aircraft, or train.

2

The “Schedule K” may be retrieved at:
http://www.iwr.usace.army.mil/ndc/wcsc/scheduleK/schedulek.htm.

16

o Location of Goods/General Order (GO) Number – Also known as a
“container stuffing location,” the pier or site where the goods are available
for examination. For air shipments, this is the flight number.
•

CBP Generated Records
o Entry Number – The entry number is a CBP-assigned number that is
unique to each Entry Summary (CBP Form 7501).
o Entry Type – Entry type denotes which type of entry summary is being
filed (i.e., consumption, information, and warehouse). The sub-entry
type further defines the specific processing type within the entry
category (i.e., free and dutiable, quota/visa, anti-dumping/countervailing
duty, and appraisement). 3
o Summary Date – The month, day, and year on which the entry summary
is filed with CBP. The record copy of the entry summary will be time
stamped by the filer at the time of presentation of the entry summary.
Use of this field is optional for ABI statement entries. The time stamp
will serve as the entry summary date. The filer will record the proper
team number designation in the upper right portion of the form above
this block (three-character team number code). 4
o Port Code – The port is where the merchandise was entered under an entry

3

Automated Broker Interface (ABI) processing requires an ABI status indicator. This indicator must be
recorded in the entry type code block. It is to be shown for those entry summaries with ABI status only.
4
For ABI entry summaries, the team number is supplied by CBP’s automated system in the summary
processing output message.

17

or released under an immediate delivery permit. CBP relies on the U.S.
port codes from Schedule D, Customs District and Port Codes, listed in
Annex C of the Harmonized Tariff Schedule (HTS).
o Entry Date – The month, day, and year on which the goods are released,
except for immediate delivery, quota goods, or when the filer requests
another date prior to release.5 It is the responsibility of the filer to ensure
that the entry date shown for entry/entry summaries is the date of
presentation (i.e., the time stamp date). The entry date for a warehouse
withdrawal is the date of withdrawal.
o Manufacturer ID – This code identifies the manufacture/shipper of the
merchandise by a CBP-constructed code. The manufacturer/shipper
identification code is required for all entry summaries and entry/entry
summaries, including informal entries, filed on the CBP Form 7501.
o Notes – Notations and results of examinations and document review for
cleared merchandise.
o Trade violation statistics.
o Protest and appeal decision case information.
•

Surety and Bond Information
o Surety Information – Full legal name of entity, address.

5

19 CFR § 141.68.

18

o Surety Number – A three-digit numeric code that identifies the surety
company on the Customs Bond. This code can be found in block 7 of the
CBP Form 301, or is available through CBP’s automated system to ABI
filers, via the importer bond query transaction.
o Bond Type – A three-digit numeric code identifying the following type
of bond: U.S. Government or entry types not requiring a bond;
Continuous; or Single Transaction.
o Additional Bond Information – All authorized users of bond, bond
expiration date.
•

Merchandise-Specific Information
o Line Number – A commodity from one country, covered by a line which
includes a net quantity, entered value, HTS number, charges, rate of duty
and tax.
o Description of Merchandise – A description of the articles in sufficient
detail (i.e., gross weight, manifest quantity, net quantity in HTS units, U.S.
dollar value, all other charges, costs, and expenses incurred while bringing
the merchandise from alongside the carrier at the port of exportation in the
country of exportation and placing it alongside the carrier at the first U.S.
port of entry).
o License Numbers – For merchandise subject to agriculture licensing.
o Country of Origin – The country of origin is the country of manufacture,
19

production, or growth of any article. When merchandise is invoiced in or
exported from a country other than that in which it originated, the actual
country of origin shall be specified rather than the country of invoice or
exportation.
o Import Date – The month, day, and year on which the importing vessel
transporting the merchandise from the foreign country arrived within the
limits of the U.S. port with the intent to unlade.
o Exporting Country – The country of which the merchandise was last part
of the commerce and from which the merchandise was shipped to the
United States.
Authority for maintenance of the system:
19 U.S.C. secs. 66, 1431, 1448, 1481, 1484, 1505, 1514, 1624, and 2071 note; 26
U.S.C. sec. 6109(d); 31 U.S.C. sec. 7701(c); sec. 203 of the Security and Accountability
for Every (SAFE) Port Act of 2006 and sec. 343(a) of the Trade Act of 2002, as amended
by the Maritime Transportation Security Act of 2002; title 19 of the Code of Federal
Regulations, including 19 CFR 24.5, 149.3, 101.9, and 103.31(e).
Purpose(s):
This system of records allows DHS/CBP to collect and maintain records on all
commercial goods imported into the United States, along with carrier, broker, importer,
and other ACE-ITDS Portal user account and manifest information. The purpose of this
system of records is to track, control, and process all commercial goods imported into the
United States. This facilitates the flow of legitimate shipments, and assists DHS/CBP in
20

securing U.S. borders and targeting illicit goods. The IIS covers two principle
information technology systems: the Automated Commercial System (ACS) and ACEITDS. The Automated Commercial System employs multiple modules to receive data
transmissions from a variety of parties involved in international commercial transactions
and provides DHS/CBP with the capability to track both the transport transactions and
the financial transactions associated with the movement of merchandise through
international commerce. The ACE-ITDS modernizes and enhances trade processing with
features that will consolidate and automate border processing. The ACE-ITDS serves
three sets of core stakeholders: the internal DHS/CBP users, PGAs, and the trade
community in the movement of merchandise through international commerce.
DHS/CBP maintains a replica of some or all of the data in the operating system
on other unclassified and classified systems and networks to allow for analysis and
vetting consistent with the above stated purposes and this published notice.
Routine uses of records maintained in the system, including categories of users and
the purposes of such uses:
In addition to those disclosures generally permitted under 5 U.S.C. sec. 552a(b) of
the Privacy Act, all or a portion of the records or information contained in this system
may be disclosed outside DHS as a routine use pursuant to 5 U.S.C. sec. 552a(b)(3) as
follows:
A. To the Department of Justice (DOJ), including Offices of the United States
Attorneys, or other federal agency conducting litigation or in proceedings before any
court, adjudicative, or administrative body, when it is relevant or necessary to the

21

litigation and one of the following is a party to the litigation or has an interest in such
litigation:
1. DHS or any Component thereof;
2. Any employee or former employee of DHS in his or her official capacity;
3. Any employee or former employee of DHS in his or her individual capacity
when DOJ or DHS has agreed to represent the employee; or
4. The United States or any agency thereof.
B. To a congressional office from the record of an individual in response to an
inquiry from that congressional office made at the request of the individual to whom the
record pertains.
C. To the National Archives and Records Administration (NARA) or General
Services Administration pursuant to records management inspections being conducted
under the authority of 44 U.S.C. sec. 2904 and 2906.
D. To an agency or organization for the purpose of performing audit or oversight
operations as authorized by law, but only such information as is necessary and relevant to
such audit or oversight function.
E. To appropriate agencies, entities, and persons when:
1. DHS suspects or has confirmed that the security or confidentiality of
information in the system of records has been compromised;
2. DHS has determined that as a result of the suspected or confirmed
compromise, there is a risk of identity theft or fraud, harm to economic or property
interests, harm to an individual, or harm to the security or integrity of this system or other

22

systems or programs (whether maintained by DHS or another agency or entity) that rely
upon the compromised information; and
3. The disclosure made to such agencies, entities, and persons is reasonably
necessary to assist in connection with DHS’s efforts to respond to the suspected or
confirmed compromise and prevent, minimize, or remedy such harm.
F. To contractors and their agents, grantees, experts, consultants, and others
performing or working on a contract, service, grant, cooperative agreement, or other
assignment for DHS, when necessary to accomplish an agency function related to this
system of records. Individuals provided information under this routine use are subject to
the same Privacy Act requirements and limitations on disclosure as are applicable to DHS
officers and employees.
G. To appropriate federal, state, local, tribal, or foreign governmental agencies or
multilateral governmental organizations responsible for investigating or prosecuting the
violations of, or for enforcing or implementing, a statute, rule, regulation, order, license,
or treaty when DHS determines that the information would assist in the enforcement of
civil or criminal laws.
H. To a federal, state, or local agency, or other appropriate entity or individual, or
through established liaison channels to selected foreign governments, in order to provide
intelligence, counterintelligence, or other information for the purposes of intelligence,
counterintelligence, or antiterrorism activities authorized by U.S. law, Executive Order,
or other applicable national security directive.

23

I. To the Department of Commerce, United States Census Bureau for statistical
analysis of foreign trade data.
J. To a federal agency, pursuant to an International Trade Data System
Memorandum of Understanding, consistent with the receiving agency’s legal authority to
collect information pertaining to and/or regulate transactions in international trade.
K. To a federal, state, local, tribal, territorial, foreign, or international agency,
maintaining civil, criminal, or other relevant enforcement information or other pertinent
information, which has requested information relevant or necessary to the requesting
agency’s hiring or retention of an individual, or issuance of a security clearance, license,
contract, grant, or other benefit;
L. To a court, magistrate, or administrative tribunal in the course of presenting
evidence, including disclosures to opposing counsel or witnesses in the course of civil
discovery, litigation, or settlement negotiations, in response to a subpoena, or in
connection with criminal law proceedings;
M. To third parties during the course of an investigation to the extent necessary to
obtain information pertinent to the investigation;
N. To the Department of Justice, Offices of the United States Attorneys or a
consumer reporting agency as defined by the Fair Credit Reporting Act, address or
physical location information concerning the debtor, for further collection action on any
delinquent debt when circumstances warrant;
O. To appropriate federal, state, local, tribal, or foreign governmental agencies or
multilateral governmental organizations when DHS is aware of a need to use relevant

24

data for purposes of testing new technology and systems designed to enhance national
security or identify other violations of law;
P. To a former employee of DHS, in accordance with applicable regulations, for
purposes of responding to an official inquiry by a federal, state, or local government
entity or professional licensing authority; or facilitating communications with a former
employee that may be necessary for personnel-related or other official purposes when the
Department requires information or consultation assistance from the former employee
regarding a matter within that person’s former area of responsibility;
Q. To an organization or individual in either the public or private sector, either
foreign or domestic, when there is a reason to believe that the recipient is or could
become the target of a particular terrorist activity or conspiracy, to the extent the
information is relevant to the protection of life or property;
R. To paid subscribers, in accordance with applicable regulations, for the purpose
of providing access to manifest information as set forth in 19 U.S.C. sec. 1431;
S. To the news media and the public, with the approval of the Chief Privacy
Officer in consultation with counsel, when there exists a legitimate public interest in the
disclosure of the information or when disclosure is necessary to preserve confidence in
the integrity of DHS or is necessary to demonstrate the accountability of DHS’s officers,
employees, or individuals covered by the system, except to the extent it is determined that
release of the specific information in the context of a particular case would constitute an
unwarranted invasion of personal privacy.
Disclosure to consumer reporting agencies:
25

CBP may disclose, pursuant to 5 U.S.C. sec. 552a(b)(12), to consumer reporting
agencies in accordance with the provision of 15 U.S.C. sec. 1681, et seq. or the Federal
Claims Collection Act of 1966 as amended (31 U.S.C. sec. 3701, et seq.). The purpose of
this disclosure is to aid in the collection of outstanding debts owed to the Federal
Government, typically, to provide an incentive for debtors to repay delinquent Federal
Government debts by making these part of their credit records.
Disclosure of records is limited to the individual’s name, address, EIN/SSN, and
other information necessary to establish the individual’s identity; the amount, status, and
history of the claim; and the agency or program under which the claim arose. The
disclosure will be made only after the procedural requirements of 31 U.S.C. sec. 3711(e)
have been followed.
Policies and practices for storing, retrieving, accessing, retaining, and disposing of
records in the system:
Storage:
DHS/CBP stores records in this system, as well as on other unclassified and
classified systems and networks, electronically, or on paper in secure facilities in a locked
drawer behind a locked door. The records may be stored on magnetic disc, tape, digital
media, and CD-ROM.
Retrievability:
DHS/CBP retrieves records by file identification codes, name, or other personal
identifier.
Safeguards:
26

DHS/CBP safeguards records in this system in accordance with applicable rules
and policies, including all applicable DHS automated systems security and access
policies. DHS/CBP imposes strict controls to minimize the risk of compromising the
information that is being stored. Access to the computer system containing the records in
this system is limited to those individuals who have a need to know the information for
the performance of their official duties and who have appropriate clearances or
permissions. The systems maintain a real-time auditing function of individuals who
access them. Additional safeguards may vary by Component and program.
Retention and disposal:
The Importer Security Filing form is retained for fifteen years from date of
submission unless it becomes linked to law enforcement action. All other import records
contained within IIS are maintained for a period of six years from the date of entry.
Some records are retained online in a system database, while others may be
retained in hard copy in ports of entry, as appropriate. Personally identifiable information
collected in IIS as part of the regulation of incoming cargo will be retained in accordance
with the U.S. Customs Records Schedules approved by the National Archive and Records
Administration for the forms on which the data is submitted. This means that cargo, crew,
driver, and passenger information collected from a manifest presented in connection with
the arrival of a vessel, vehicle, or aircraft will be retained for six years.
Information collected in connection with the submission of a Postal Declaration
for a mail importation will be retained for a maximum of six years and three months (as
set forth pursuant to NARA Authority N1-36-86-1, U.S. Customs Records Schedule,

27

Schedule 9 Entry Processing, Items 4 and 5).
Records replicated on other DHS or CBP unclassified and classified systems and
networks will follow the same retention schedule.
System Manager and address:
Director, Integrated Logistic Support, Cargo Systems Program Office, Office of
Information Technology, U.S. Customs and Border Protection, 1801 North Beauregard
Street, Alexandria, Virginia 22311.
Notification procedure:
ACE-ITDS portal users may log in to ACE-ITDS to change their profile
information and make permissible amendments or corrections to their records.
Individuals seeking notification of and access to any record contained in this system of
records, or seeking to contest its content, may submit a request in writing to the
DHS/CBP Freedom of Information Act (FOIA) Officer, whose contact information can
be found at http://www.dhs.gov/foia under “Contacts.” If an individual believes more
than one Component maintains Privacy Act records concerning him or her, the individual
may submit the request to the Chief Privacy Officer and Chief FOIA Officer, Department
of Homeland Security, 245 Murray Drive, S.W., Building 410, STOP-0655, Washington,
D.C. 20528.
An individual seeking records about him or herself from this system of records or
any other Departmental system of records, must submit a request that conforms with the
Privacy Act regulations set forth in 6 CFR part 5. You must first verify your identity,
meaning that you must provide your full name, current address, and date and place of
28

birth. You must sign your request, and your signature must either be notarized or
submitted under 28 U.S.C. sec. 1746, a law that permits statements to be made under
penalty of perjury as a substitute for notarization. Although no specific form is required,
you may obtain forms for this purpose from the Chief Privacy Officer and Chief FOIA
Officer, http://www.dhs.gov/foia or 1-866-431-0486. In addition, you should:
•

Explain why you believe the Department would have information on you;

•

Identify which Component(s) of the Department you believe may have the
information about you;

•

Specify when you believe the records would have been created; and

•

Provide any other information that will help the FOIA staff determine which DHS
Component agency may have responsive records; and

If your request is seeking records pertaining to another living individual, you must
include a statement from that individual certifying his or her agreement for you to access
his or her records.
Without the above information, the Component(s) may not be able to conduct an
effective search, and your request may be denied due to lack of specificity or lack of
compliance with applicable regulations.
In processing Privacy Act requests for related to information in this system, CBP
will review the records in the operational system, and coordinate review of records that
were replicated on other unclassified and classified systems and networks.
Record access procedures:
See “Notification procedure” above.
29

Contesting record procedures:
See “Notification procedure” above.
Record source categories:
DHS/CBP collects information from authorized DHS/CBP or other Federal
agency forms, related documents, or electronic submissions from individuals and/or
companies incidental to the conduct of foreign trade and required to administer the
transportation and trade laws and regulations of the United States.
Exemptions claimed for the system:
DHS/CBP will not assert any exemptions with regard to information provided by
or on behalf of an individual, when requested by or on behalf of the data subject.
However, this data may be shared with law enforcement and/or intelligence agencies
pursuant to the routine uses identified in the IIS SORN. The Privacy Act requires DHS to
maintain an accounting of such disclosures made pursuant to all routine uses. Disclosing
the fact that a law enforcement and/or intelligence agency has sought particular records
may affect ongoing law enforcement activity. As such, DHS will claim exemption
pursuant to 5 U.S.C. sec. 552a(j)(2) from secs. (c)(3), (e)(8), and (g)(1) of the Privacy
Act, and pursuant to 5 U.S.C. sec. 552a(k)(2) from sec. (c)(3) of the Privacy Act, from
providing an individual the accounting of disclosures, as necessary and appropriate to
protect this information.
Dated:

Jonathan R. Cantor,
Acting Chief Privacy Officer,
Department of Homeland Security.
30