Download:
pdf |
pdfPrivacy Impact Assessment
for the
Automated Commercial Environment (ACE)
DHS/CBP/PIA-003(b)
July 31, 2015
Contact Point
Deborah Augustin
Acting Executive Director
ACE Business Office, Office of International Trade
(571) 468-8362
Reviewing Official
Karen L. Neuman
Chief Privacy Officer
Department of Homeland Security
(202) 343-1717
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 1
Abstract
The Automated Commercial Environment (ACE) is the backbone of the U.S. Customs
and Border Protection’s (CBP) trade information processing and risk management activities and
is the key to implementing many of the agency’s trade transformation initiatives. ACE allows
efficient facilitation of imports and exports and serves as the primary system used by U.S.
Government agencies to process cargo. ACE will serve as the “Single Window” for trade
facilitation as mandated by Executive Order 13659, Streamlining the Export/Import Process for
America’s Businesses. CBP published this Privacy Impact Assessment (PIA) for ACE because
ACE collects, maintains, uses, and disseminates import and export information from the trade
community that contains personally identifiable information (PII).
Overview
Before September 11, 2001, the major responsibility of the former U.S. Customs Service
(“Customs”) was to administer the Tariff Act of 1930, as amended. When Customs subsequently
merged with other border enforcement agencies to become U.S. Customs and Border Protection,
CBP’s priority mission became homeland security: detecting, deterring, and preventing terrorists
and their weapons from entering the United States. This mission fits ideally with CBP’s longestablished responsibilities for protecting and facilitating international trade. CBP retains its
traditional enterprise of protecting the nation’s revenue by assessing and collecting duties, taxes,
and fees incident to international traffic and trade. Further, by providing procedural guidance to
the import community, CBP enhances and increases compliance with domestic and international
customs laws and regulations. CBP thus helps importers ensure that their shipments are free from
terrorist or other malicious interference, tampering, or corruption of containers or commodities.
CBP executes the responsibilities for which it has always been known: controlling,
regulating, and facilitating the movement of carriers, people, and commodities between the
United States and other nations; protecting the U.S. consumer and the environment against the
introduction of hazardous, toxic, or noxious products into the United States; protecting domestic
industry and labor against unfair foreign competition; and detecting, interdicting, and
investigating smuggling and other illegal practices aimed at illegally entering narcotics, drugs,
contraband, or other prohibited articles into the United States. CBP is also responsible for
detecting, interdicting, and investigating fraudulent activities intended to avoid the payment of
duties, taxes and fees, or activities meant to evade the legal requirements of international traffic
and trade; and for detecting, interdicting, and investigating illegal international trafficking in
arms, munitions, currency, and acts of terrorism at U.S. ports of entry.
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 2
CBP Entry Process
When a shipment reaches the United States, the importer of record (i.e., the owner,
purchaser, or licensed customs broker designated by the owner, purchaser, or consignee) will file
the necessary paper or electronic documents with CBP to facilitate the entry of the merchandise. 1
The importer of record files the entry with the CBP port director at the port where the
merchandise arrived in the United States. The information filed as part of the entry must be
sufficient to enable CBP to determine whether the imported merchandise may be released from
CBP custody. Imported goods are not legally entered until after the shipment has arrived within
the port of entry, delivery of the merchandise has been authorized by CBP, and estimated duties
have been paid. It is the importer of record’s responsibility to arrange for examination and
release of the goods.
Entry by Importer
Merchandise arriving in the United States by commercial carrier must be entered by the
owner, purchaser, his or her authorized regular employee, or by the licensed customs broker
designated by the owner, purchaser, or consignee. Customs brokers are the only persons who are
authorized by the tariff laws of the United States to act as agents for importers in the transaction
of their customs business. 2
Entries Made by Others
Entry of goods may be made by a nonresident individual or partnership, or by a foreign
corporation through a U.S. agent or representative of the foreign shipper, a member of the
partnership, or an officer of the corporation. 3
A licensed customs broker named in a CBP power of attorney 4 may make entry on behalf
of the foreign shipper or his representative. The owner’s declaration made by a nonresident
1
“Entry” means that documentation required by 19 CFR § 142.3 to be filed with the appropriate CBP officer to
secure the release of imported merchandise from CBP custody, or the act of filing that documentation. “Entry” also
means that documentation required by 19 CFR §181.53 to be filed with CBP to withdraw merchandise from a dutydeferral program in the United States for exportation to Canada or Mexico or for entry into a duty-deferral program
in Canada or Mexico (19 CFR § 141.0a(a)).
2
Customs brokers are private individuals or firms licensed by CBP to prepare and file the necessary customs entries,
arrange for the payment of duties found due, take steps to effect the release of the goods in CBP custody, and
otherwise represent their principals in customs matters.
3
The surety on any CBP bond required from a nonresident individual or organization must be incorporated in the
United States. In addition, a foreign corporation in whose name merchandise is entered must have a resident agent in
the state where the port of entry is located who is authorized to accept service of process on the foreign
corporation’s behalf.
4
A nonresident individual, partnership, or foreign corporation may issue a power of attorney to a regular employee,
customs broker, partner, or corporation officer to act in the United States for the nonresident employer. Any person
named in a power of attorney must be a resident of the United States who has been authorized to accept service of
process on behalf of the person or organization issuing the power of attorney. The power of attorney to accept
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 3
individual or organization, which the customs broker may request, must be supported by a surety
bond providing for the payment of increased or additional duties found due.
A nonresident, individual or partnership, or a foreign corporation may issue a power of
attorney to authorize the persons or firms named in the power of attorney to issue like powers of
attorney to other qualified residents of the United States and to empower the residents to whom
such powers of attorney are issued to accept service of process on behalf of the nonresident
individual or organizations.
1. Entry of Merchandise
Goods may be entered for consumption, 5 entered for warehouse at the port of arrival, 6 or
they may be transported in-bond 7 to another port of entry and entered there under the same
conditions as at the port of arrival. Arrangements for transporting the merchandise in-bond to an
inland port may be made by the consignee, by a customs broker, or by any other person with an
interest in the goods for that purpose.
“Entering” merchandise into the United States is a two-part process consisting of (1)
admissibility and (2) characterization and value. For admissibility determinations, importers of
record must file the documents necessary to determine whether merchandise may be released
from CBP custody. For characterization and value determinations, importers of record must file
the documents that contain information for duty assessment and statistical purposes. Both of
these processes can be accomplished electronically via the Automated Broker Interface (ABI)
program. ABI is a voluntary program available to brokers, importers, carriers, port authorities,
and independent service centers. ABI allows brokers who have established accounts to
electronically file required import data with CBP.
Entry documents may include but are not limited to:
•
Application and Special Permit for Immediate Delivery (CBP Form 3461) or other
form of merchandise release required by the port director;
service of process becomes irrevocable with respect to customs transactions duly undertaken. Either the applicable
CBP form (see Appendix) or a document using the same language as the form is acceptable. References to acts that
the issuer has not authorized the agent to perform may be deleted from the form or omitted from the document.
5
“Entered for consumption” means that an entry summary for consumption has been filed with CBP in proper form,
with estimated duties attached. “Entered for consumption” also means the necessary documentation has been filed
with CBP to withdraw merchandise from a duty-deferral program in the United States for exportation to Canada or
Mexico or for entry into a duty-deferral program in Canada or Mexico (19 CFR § 141.0a(f)).
6
“Entered for warehouse” means that an entry summary for warehouse has been filed with Customs in proper form
(19 CFR § 141.0a(g)).
7
“Entered temporarily under bond” means that an entry summary supporting a temporary importation under bond
has been filed with Customs in proper form (19 CFR § 141.0a(h)).
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 4
•
Evidence of “right to make entry;” 8
•
Commercial invoice or a pro forma invoice when the commercial invoice cannot be
produced;
•
Packing lists, if appropriate; and
•
Other documents necessary to determine merchandise admissibility, including
documents required by other federal agencies.
The entry must be accompanied by evidence that a bond has been posted with CBP to
cover any potential duties, taxes, and charges that may accrue. Bonds may be secured through a
resident U.S. surety company, and may be posted in the form of U.S. currency or certain U.S.
Government obligations. In the event that a customs broker is employed for the purpose of
making entry, the broker may permit the use of his bond to provide the required coverage.
2. Right to Make Entry
Goods may only be entered into the United States by their owner, purchaser, or a licensed
customs broker. A bill of lading, 9 properly endorsed by the consignor, may serve as evidence of
the right to make entry. An air waybill may be used for merchandise arriving by air. In most
instances, entry is made by a person or firm certified by the carrier bringing the goods to the port
of entry. This entity (i.e., the person or firm certified) is considered the “owner” of the goods for
customs purposes. In certain circumstances, entry may be made by means of a duplicate bill of
lading or a shipping receipt. When the goods are not imported by a common carrier, possession
of the goods by the importer at the time of arrival shall be deemed sufficient evidence of the right
to make entry.
Importer Security Filing
On January 26, 2009, a new rule titled Importer Security Filing and Additional Carrier
Requirements (commonly known as “10+2” or ISF) 10 went into effect. The ISF requires
importers to submit 10 select data elements from the manifest and entry documents and two data
elements (the “vessel stow plan” and the “container status message” from the shipper or carrier
of the merchandise). The information submitted on the ISF improves CBP’s ability to identify
high-risk shipments in order to prevent smuggling and ensure cargo safety and security.
8
All merchandise imported into the United States is required to be entered, unless specifically excepted (19 CFR §
141.4).
9
A Bill of Lading is a commercially available document issued by a carrier to a shipper, signed by the captain,
agent, or owner of a vessel, furnishing written evidence regarding receipt of the goods, the conditions on which
transportation is made (contract of carriage), and the engagement to deliver goods at the prescribed port of
destination to the lawful holder of the Bill of Lading. CBP regulates cargo declaration (CBP Form 1302) data in
accordance with the Customs Regulations at 19 CFR, Part 4.
10
73 FR 71730 (November 25, 2008).
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 5
Importers submit ISF data to CBP via the Automated Commercial Environment (ACE)
Secure Portal or the Electronic Data Interchange (EDI). However, ISF data is stored within
CBP’s Automated Targeting System (ATS). 11 For a full list of data elements required for the
ISF, please see Appendix B of the ATS PIA. 12
3. Examination of Goods and Entry Documents
Following presentation of the entry, the shipment may be examined or examination may
be waived. The shipment is then released if no legal or regulatory violations have occurred.
Examination of goods and documents is necessary to determine, among other things:
•
The value of the goods for customs purposes and their dutiable status;
•
Whether the goods must be marked with their country of origin or require special
marking or labeling. If so, whether they are marked in the manner required;
•
Whether the shipment contains prohibited articles;
•
Whether the goods are correctly invoiced;
•
Whether the goods are in excess of the invoiced quantities or a shortage exists; and
•
Whether the shipment contains illegal narcotics.
Prior to the goods’ release, the port director will designate representative quantities for
examination by CBP under conditions that will safeguard the goods. Additionally, examinations
may also be conducted by Partner Government Agencies (PGA) for merchandise that falls within
those agencies area of responsibility, e.g., Food and Drug Administration (FDA). Some kinds of
goods must be examined to determine whether they meet special requirements of the law. For
example, food and beverages unfit for human consumption would not meet the requirements of
the FDA.
Importers of record, or their agents, must file entry summary documentation 13 and
deposit any estimated duties within 10 working days of the entry of the merchandise at a
designated customhouse. Entry summary documentation consists of:
11
•
Return of the entry package to the importer, broker, or his authorized agent after CBP
permits the release of the merchandise;
•
Entry summary (CBP Form 7501); and
DHS/CBP/PIA-006(b) Automated Targeting System (June 1, 2012), available at
http://www.dhs.gov/publication/automated-targeting-system-ats-update.
12
Id.
13
“Entry summary” means any other documentation necessary to enable Customs to assess duties, collect statistics
on imported merchandise, and determine whether other requirements of law or regulation are met. (19 CFR §
141.0a(b)).
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 6
•
Other invoices and documents necessary to assess duties, collect statistics, or
determine that all import requirements have been satisfied.
ACE Modernization
As a part of CBP’s mission to facilitate trade and enforce the nation’s import and export
laws, CBP is engaged in an ongoing effort to modernize its business practices and information
technology (IT) assets. These IT assets are essential to securing U.S. borders, speeding the flow
of legitimate shipments, and targeting illicit goods that require scrutiny. 15 The key IT component
of these initiatives is ACE, an upgraded and modernized version of several legacy IT systems.
ACE is the main IT component within the International Trade Data System (ITDS), an
interagency initiative formalized under the Security and Accountability for Every Port Act of
2006 (the SAFE Port Act). 16
14
On February 19, 2014, the President signed Executive Order (E.O.) 13659, Streamlining
the Export/Import Process for America’s Businesses, which establishes a deadline for completion
of CBP’s modernization of ACE, requires PGAs to transition from paper-based forms to
electronic data collection, and calls for enhanced transparency requiring CBP to publicly post
ACE modernization implementation plans and schedules. 17 To comply with E.O. 13659, CBP
will complete the development of core trade processing capabilities in ACE and decommission
legacy system capabilities by December 31, 2016. At that time, ACE will become the “single
window” 18 for trade processing and the primary system through which the international trade
community will submit import and export data to various federal agencies. To meet this deadline,
CBP will decommission two major legacy IT systems: the Automated Manifest System (AMS)
and the Automated Commercial System (ACS). ABI (which was an integral part of legacy ACS)
will remain the method by which electronic information is transmitted to ACE. ABI allows
14
In 2014, CBP Officers processed more than $2.46 trillion in trade and nearly 25.6 million cargo containers
through the nation’s Ports of Entry (POE).
15
On December 8, 1993, Title VI of the North American Free Trade Agreement Implementation Act (Pub. L. 103182, 197 Stat. 2057), also known as the Customs Modernization Act or “Mod” Act, became effective. These
provisions amended many section of the Tariff Act of 1930 and related laws. In support of the Mod Act, Customs
began the ongoing process of modernizing its core trade processing functions and systems.
16
The ITDS, as described in section 405 of the Security and Accountability for Every Port Act of 2006 (the “SAFE
Port Act”) (Public Law 109-347), is an electronic information exchange capability, or “single window,” through
which businesses will transmit data required by participating agencies for the importation or exportation of cargo.
17
Executive Order No. 13659, Streamlining the Export/Import Process for America’s Businesses (February 19,
2014), available at https://www.whitehouse.gov/the-press-office/2014/02/19/executive-order-streamliningexportimport-process-america-s-businesses.
18
Executive Order No. 13659, Streamlining the Export/Import Process for America’s Businesses (February 19,
2014), available at https://www.whitehouse.gov/the-press-office/2014/02/19/executive-order-streamliningexportimport-process-america-s-businesses.
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 7
qualified trade participants to electronically file required import data with CBP thus expediting
the release of merchandise for the trade community.
Since trade requirements will continue to evolve, CBP anticipates further development to
ensure trade automation capabilities in ACE. ACE will continue to adapt to meet changing needs
with state-of-the-art automation that speeds legitimate trade and continually improves CBP’s
ability to assess risk and identify unsafe shipments. As CBP continues to develop capabilities to
streamline trade processes, this PIA will be updated.
Single Window
E.O. 13659 mandates the implementation of a “single window” for trade. 19 A single
window is an “electronic information exchange capability through which businesses will
transmit data required by participating agencies for the importation or exportation of cargo.”20
CBP is upgrading and modernizing ACE to serve as the U.S. Government single window by
providing a single, centralized access point to connect CBP, PGAs, and the trade community. 21
Forty-seven PGAs 22 are involved in the trade process and among these PGAs nearly 200
forms are required for importers and exporters to complete. The current processes are largely
paper-based and require importers and exporters to manually input information into multiple
Government-owned electronic systems. As a result, importers and exporters are often required to
submit the same data to multiple agencies at multiple times. The single window initiative is the
effort to create a single system to eliminate multiple paper processes and ensure importers and
exporters only have to submit information once.
Participating in ACE
There are two primary methods of interacting with ACE:
1. Filing transactions via Electronic Data Interchange (EDI) Interface: With the
exception of filing an electronic truck manifest and the ISF for low volume filers, EDI
is the only mechanism through which transactions (entries, entry summaries, and
ocean and rail manifests) can be filed in ACE.
19
Executive Order No. 13659, Streamlining the Export/Import Process for America’s Businesses (February 19,
2014), available at https://www.whitehouse.gov/the-press-office/2014/02/19/executive-order-streamliningexportimport-process-america-s-businesses.
20
Id.
21
See Appendix A for current list of PGAs with a signed Memorandum of Understanding with CBP.
22
From ensuring motor carrier safety to safeguarding against hoof and mouth disease, the 47 ITDS partner
government agencies currently slated for ACE integration are as diverse as international trade is complex. The PGAs
represent ten cabinet level and four independent departments/agencies. For additional information about PGAs,
please visit http://www.itds.gov/xp/itds/toolbox/organization/pgas/.
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 8
2. Filing transactions via the ACE Secure Data Portal: The ACE portal is an online tool
that allows users to file Importer Security Filing (ISF), electronic truck manifests,
access financial data, and run reports. ACE reports can be used to monitor compliance
and daily operations.
Electronic Data Interchange (EDI)
EDI is an electronic communication framework that provides standards for exchanging
data via any available electronic means. Trade filers are able to electronically transmit import
and export data to CBP through EDI. Filings transmitted through EDI link to all CBP systems,
including ACE. Electronic communication through EDI allows trade filers to receive faster
decision responses for the movement of cargo. Business entities that wish to communicate via
EDI to CBP may use a certified software provider, become a self-filer, or contract a service
center.
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 9
EDI allows the trade community to file:
•
Importer Security Filing Data;
•
Import Ocean, Rail, or Truck Manifests;
•
Entries;
•
Entry Summaries;
•
Export commodity data; and
•
Supporting documentation.
Members of the trade community may opt-in to receive automated status notices from
EDI.
ACE Secure Data Portal
The ACE Secure Data Portal is a web-based interface for ACE available at
www.cbp.gov/trade/automated that provides a centralized online access point to connect CBP,
trade representatives, and PGAs involved in importing goods into the United States. The portal
provides account holders the ability to identify and evaluate compliance issues, monitor daily
operations, set up payment options, review filings, access a reports tool, compile data, and
perform national trend analysis.
ACE Secure Data Portal allows the trade community to:
•
File Importer Security Filing Data;
•
File Import Truck Manifests;
•
File Responses to CBP Forms 28, 29, and 4647;
•
Run reports;
•
Manage account and Periodic Monthly Statement Information;
•
Create blanket declarations; and
•
File Import or Export Bonds.
With respect to accounts, the portal provides access to transaction and financial data and
permits users to download large quantities of account data and transfer that data to their own
reporting system. The portal enables users to enroll in Periodic Monthly Statement and
customize payment schedules. Within the portal, the portal updates Account Revenue data
hourly; Multi-Modal Manifest data every two hours; and compliance data monthly. All other
reporting data is updated nightly.
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 10
The ACE Secure Data Portal helps improve compliance with trade laws by allowing
users to run targeted reports to conduct in-house audits, identify systemic errors, and be provided
with insight into entries under review by CBP. The portal also facilitates identification of
unauthorized filers and allows the monitoring of cargo carrier activity by driver, conveyance, or
equipment. Users may also monitor rail and sea in-bond movements, bills of lading manifest, and
equipment data.
ACE Account Access
In order to participate in ACE, requesting participants must submit a letter of intent (LOI)
requesting access to a specific system and an Interconnection Security Agreement (ISA) 23 to
connect to a CBP IT system. The LOI should be submitted to [email protected] on
company letterhead.
Account types within ACE can be categorized into three broad groups. The access groups
currently available within ACE include:
•
Filers – Broker, Filer, and Surety;
•
Service Providers – Software Vendor; Service Bureau; Port Authority; Preparer; and
Surety Agent; and
•
Operators – Facility Operator (Warehouse, Container Freight Station, Container
Examination Station), Foreign Trade Zone Operator, Cartman/Lighterman, 24 Air
Carrier, Rail Carrier, Sea Carrier, Truck Carrier, and Driver/Crew.
Data elements required by CBP for ACE account access vary for each of these groups,
and each data element is discussed in turn in Section 2.1.
ACE Modules and Functionality
Once participants have filed an LOI or ISA as required, and completed the user account
registration process, ACE users can access several modules within ACE to conduct their trade
business:
1. Manifest
23
CBP Information Systems Security Policy requires all participants that transmit electronic data directly to CBP’s
automated systems to file a signed Interconnection Security Agreement (ISA). If an entity is using a connection
already established through a Service Center or VPN, an ISA may not be required. For additional information and
required forms see http://www.cbp.gov/trade/automated/getting-started/transmitting-data-cbp-electronic-datainterchange-edi.
24
A “cartman” is one who undertakes to transport goods or merchandise within the limits of the port (19 CFR §
112.1). A “lighterman” is one who transports goods or merchandise on a barge, scow, or other small vessel to or
from a vessel within the port, or from place to place within a port (19 CFR § 112.1).
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 11
ACE e-Manifest
ACE currently supports the processing of rail, sea, and truck electronic manifests.
Electronic manifests allow the Government to more quickly determine if incoming cargo poses a
risk or can proceed into the country. CBP will expand ACE to include air electronic manifests in
2015.
ACE e-Manifest accepts manifest data electronically submitted by importers, carriers,
and brokers. Truck carriers are able to file manifests via EDI or the ACE Secure Data Portal;
however, ocean, rail, and air carriers 25 transmit their manifest data solely by EDI. ACE manifest
functionality also allows for enhanced capabilities such as managing the financial details related
to importation of merchandise for authorized users. CBP sends status messages and replies via
EDI.
2. Cargo Release
Cargo Release
The first requirement to enter merchandise into the United States is a successful finding
of admissibility by CBP. For admissibility determinations, importers of record must file the
documents necessary to determine whether merchandise may be released from CBP custody.
This is known as “cargo release.”
After importers of record file manifest and informal entry information 26 via EDI or the
ACE Secure Portal, cargo can be released from the port and the importer has up to 10 days to file
entry summary information (including any duty payments). ACE Cargo Release module allows
importers to file the entry information electronically. This data fulfills merchandise entry
requirements and allows CBP to make earlier cargo release decisions. This, in turn, provides
more certainty for the importer in determining how long the cargo will take to be released from
CBP custody. Cargo may be released in-bond pending the completed entry summary.
3. Post Release
ACE participants can file entry summaries in ACE for Antidumping/Countervailing Duty
(AD/CVD), Consumption, Formal, and Informal entry types (Types 01, 03, 11). ACE Periodic
Monthly Statements also allow participants to pay duties and fees on a monthly basis rather than
transaction by transaction.
25
CBP provided a free method of submitting data, given the very large number of North American truck carriers. At
last tally, there were 400,000 registered, many of which are typically small business owners. While not all are
international crossers, the cost associated with buying a software solution to communicate with ACE would not have
been practical for many of the carriers.
26
Importers that wish to file informal entry in advance of the formal entry summary (CBP Form 7501) may file a
CBP Form 3461.
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 12
Entry Summary
ACE participants may submit their entry summary (the formal, legal submission of an
imported commodity’s description, quantity, value, country of origin, customs duty obligation,
and the commodity’s satisfaction of any other PGA requirements that affect admission into U.S.
commerce) for their imported commodity. ACE fully replaces the former paper processes, which
helps to decrease courier and administrative costs for the importing community.
ACE provides the functionality to process “edits” or checks, which validate the accuracy
of the data on the entry summary. ACE provides automated validation calculations for such
items as the harbor maintenance fee, commodity classification, simple and complex duty
calculations, the merchandise processing fee, entry restrictions, taxes, and other associated fees.
Electronic Bond Filing (eBond)
In January 2015, CBP launched capabilities in ACE that enable electronic bond filing
(eBond). eBond allows the importer to identify the bond being used to guarantee her or his
promise to pay a financial obligation associated with the importation of the commodity. A bond
is a form contract between the importer, a surety (insurer), and CBP that states that if the
importer is unable to satisfy a financial obligation to CBP, then the surety will step in and pay
the obligation. This requires the importer to provide certain identity and financial information to
the surety to facilitate this process of Single Transaction Bonds (STB) and Continuous Bonds
and Bond Riders from a surety, surety agent, or via the ACE Portal. CBP is able to provide
electronic bond status update messages back to a surety, the surety’s agent, and other parties with
a financial interest in the merchandise via EDI. Bond validations are required for ACE Cargo
Release and ACE Entry Summary.
CBP launched eBond in response to a June 2011 Department of Homeland Security
(DHS) Office of Inspector General (OIG) report citing bond execution errors, deficiencies in
bond retention, and other issues that challenge CBP’s ability to collect on STB. eBond also
enhances CBP’s ability to report to Congress or the Department of the Treasury (“Treasury”) on
key inquiries regarding bonds, and protects CBP by informing CBP officers that a valid bond has
been secured before cargo is released into commerce.
eBond is an electronic mechanism for the submission of Customs Bonds from a Surety or
Surety Agent to ACE via EDI to be stored and used for various downstream processes for which
a bond is required. eBond accepts Single Transaction Bonds and Continuous Bonds
electronically and eliminates the mandatory paper requirement when a Single Transaction Bond
is used to secure Cargo Release.
Periodic Monthly Statement
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 13
Periodic Monthly Statements enable trade users to streamline accounting and payment of
duties and fees. By signing up, users can adopt an interest-free periodic payment schedule and
delay the payment of duties, fees, and taxes until they are deposited on a monthly basis. Filers
may mark entry summaries they wish to be paid on the statement and then submit payments
through Automated Clearing House (ACH) processing. ACE account holders have the ability to
pay for shipments entered or released during the previous calendar month by the 15th business
day of the following month. Filers must establish an ACE Secure Data Portal Account and select
either a national or a port statement. Brokers may pay on behalf of importers. The use of the
Periodic Monthly Statement functionality allows the user to track activity with customized
account views through the ACE Secure Data Portal.
4. Exports
Exports
Pursuant to Executive Order 13659, the export process is being brought under the ACE
umbrella so that ACE may serve as the single window for both imports and exports. CBP
discusses the export process in the Export Information Systems (EIS) PIA. 27
In April 2014, CBP deployed full export processing capabilities in ACE and
decommissioned corresponding processing capabilities in the Automated Export System (AES).
CBP will begin a pilot in 2015 to electronically collect air, rail, and ocean export manifest
information. 28 AES will eventually be integrated into ACE; CBP will deploy functionality to
allow for AES filings via the ACE Secure Portal starting in October 2015. CBP will conduct a
PIA update to the ACE or EIS PIA to describe this expanded functionality for the export process.
5. Document Image System (DIS)
Document Image System
Document Image System (DIS) allows trade users to electronically submit images of
documentation required by CBP or PGAs during the import and export process. This
documentation includes general forms such as commercial invoices, packing lists, invoice
working sheets, as well as forms to support cargo release (e.g., government issued identification,
vehicle titles, and certificates). Trade users may also use DIS to submit agency specific forms
such as licenses, permits, or regulatory certificates.
Through DIS, the trade community has the ability to send electronic images of specific
CBP and PGA forms and supporting information to CBP via EDI in lieu of conventional paper
methods. DIS stores these images and makes them available for CBP and PGA users for review
27
See, Privacy Impact Assessment for the Export Information System (EIS), DHS/CBP/PIA-020 (January 31,
2014).
28
80 Fed. Reg. 32971 (June 10, 2015).
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 14
for acceptance or rejection. DIS provides storage of all submitted images in a secure centralized
location in order to link to the appropriate ACE entry summaries.
Finally, DIS allows trade partners to supply supporting documentation electronically as
image files to CBP and PGAs. DIS integrates with the ACE Secure Data Portal, allowing
authorized personnel access to images of submitted documents to perform coordinated reviews.
6. PGA Integration
ACE is working closely with PGAs to implement the single window, which is part of the
ITDS initiative. Key single window capabilities have been deployed, including the DIS, PGA
Interoperability, and the PGA Message Set.
PGA Message Set
The PGA Message Set is a single, harmonized data set to be collected electronically from
trade members by CBP on behalf of the PGAs. This capability allows federal agencies to receive
trade data in a common format to facilitate making decisions about what cargo can come into the
United States without the myriad paper forms currently required. This capability will ultimately
provide the trade community with a “one stop shop” to electronically transmit all required import
data to the U.S. government.
Interoperability Web Service (IWS)
IWS is the pipeline through which data is transmitted between CBP and the PGAs. This
capability enables improved information sharing and faster decision making by CBP and the
PGAs.
Section 1.0 Authorities and Other Requirements
1.1 What specific legal authorities and/or agreements permit and
define the collection of information by the project in question?
CBP’s law enforcement jurisdiction is highly complex and derives authority from a wide
spectrum of federal statutes. CBP enforces customs laws related to tariff and revenue protection
pursuant to The Tariff Act of 1930, as amended. 29 The following are additional legal authorities
or agreements related to ACE:
•
29
30
CBP has the authority to board vessels or vehicles and conduct searches of cargo
pursuant to the SAFE Port Act of 2006; 30
19 U.S.C. §§ 66, 1431, 1448, 1484, 1505, 1514, 1624, and 2071; 26 U.S.C. § 6109(d); 31 U.S.C. § 7701I.
19 U.S.C. §§ 482, 1467, 1581(a) and Pub. L. 109-347, 120 Stat. 1884 (Oct. 13, 2006).
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 15
1.2
•
Section 203 of the SAFE Port Act of 2006 and section 343(a) of the Trade Act of
2002, as amended by the Maritime Transportation Security Act of 2002;
•
Title 19 of the Code of Federal Regulations; 31
•
CBP has the authority to collect Social Security numbers (SSN) under Executive
Order (E.O.) 9397, as amended by E.O. 13478. 32 SSN is used because some
individuals who do not have an employer identification number (EIN) or a tax
identification number (TIN) choose to instead submit their SSN.
What Privacy Act System of Records Notice(s) (SORN(s)) apply
to the information?
Concurrent with this PIA, CBP is publishing the new Import Information System (IIS)
SORN to cover ACE and general import trade data. IIS combines the former SORNs for
ACE/ITDS and ACS into one privacy act system of records.
1.3
Has a system security plan been completed for the information
system(s) supporting the project?
Yes. ACE is presently undergoing the Security Authorization process in accordance with
DHS and CBP policy, which complies with federal statutes, policies, and guidelines. The system
will certify its Authority to Operate (ATO) upon publication of this PIA.
1.4
Does a records retention schedule approved by the National
Archives and Records Administration (NARA) exist?
Yes. CBP retains the ISF for 15 years from the date of submission. However, if it
becomes linked to an active law enforcement lookout record (i.e., specific and credible threats;
individuals and routes of concern; or other defined sets of circumstances), it remains accessible
for the life of the law enforcement matter and other related enforcement activities. All other
import records are maintained for a period of six years from the date of entry.
CBP retains information collected in connection with the submission of a Postal
Declaration for a mail importation for a maximum of six years and three months (as set forth
pursuant to NARA Authority N1-36-86-1, U.S. Customs Records Schedule, Schedule 9 Entry
Processing, Items 4 and 5).
31
32
19 C.F.R. §§24.5, 149.3, 101.9, and 103.31(e).
Pursuant to 31 U.S.C. §7701(c), 26 U.S.C. §6109(d), 19 C.F.R. §§24.5 and 149.3.
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 16
Personal information collected in connection with the creation of a carrier, broker, or
importer account is retained for up to three years following the closing of the account either
through withdrawal by the individual or denial of access by CBP.
Lastly, CBP retains information pertaining to CBP and PGA employees regarding that
individual’s access to ACE for as long as the individual maintains his or her portal access to
ACE and authorization to access the information.
1.5
If the information is covered by the Paperwork Reduction Act
(PRA), provide the OMB Control number and the agency number
for the collection. If there are multiple forms, include a list in an
appendix.
ACE collects a number of forms relating to different commodities or trade transactions. A
list of these control numbers and forms is attached at Appendix B. The ACE Secure Data Portal
is covered by OMB Control number 1651-0105 and is the primary means of importers and other
trade filers to submit information to ACE and establish their user accounts.
Section 2.0 Characterization of the Information
The following questions are intended to define the scope of the information requested and/or collected, as
well as reasons for its collection.
2.1
Identify the information the project collects, uses, disseminates, or
maintains.
ACE collects personally identifiable information (PII) from members of the public
involved in the importation of merchandise and international trade. ACE collects PII for two
purposes: 1) to permit participants to create ACE accounts 33 and 2) to permit participants to
electronically file trade documentation.
Information maintained by ACE as part of the user account creation process includes:
1. Account Information – Including Name of Company, Name of Company Officer, Title of
Company Officer, Company Organization Structure, and Officer’s Date of Birth
(optional). For Operators, this information must match the name on the company’s bond.
33
PII contained in ACE for user account creation is collected from Filers (i.e., Importers, Brokers, Consignees,
Filers, and Sureties); Service Providers (i.e., Carriers, Manufacturers, Shippers, Software Vendors, Service Bureaus,
Port Authorities, Preparers, Surety Agents, Attorneys/Consultants, and Agents); and Operators (i.e.,
Cartmen/Lightermen, Facility Operators, Foreign Trade Zone Operators, and Drivers/Crew). ACE also collects
information about to persons required to file Customs Declarations for international mail transactions (including
sender and recipient).
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 17
a. Account Owner Information – Name, Application Data, E-mail, Date of Birth,
Country, Address, and Business Phone Number.
b. Legal Entity Information 34 – Name, Application Data, E-mail, Country, Address,
and Business Phone Number.
c. Point of Contact Information – Name, Application Data, E-mail, Country, Date of
Birth, Address, and Business Phone Number.
2. Business Activity Information – Depending on the account type being established, the
following identifying information is required to set up an ACE portal account. Users are
limited to a single identification number for the portal account being requested with the
exception of: importer, broker, filer, software vendor, service bureau, port authority,
preparer, or surety agent, which can use up to three identifying numbers for each portal
view:
a. Importer/Broker/Filer/Surety: Importer Record Number; Filer Code; Taxpayer
Identification Number (TIN) [e.g., Internal Revenue Service (IRS) Employer
Identification Number (EIN)/SSN]; Surety Code.
b. Service Provider: 35 Standard Carrier Alpha Code (SCAC) or Filer Code;
EIN/SSN.
c. Operator: EIN/SSN, Bond Number, Facilities Information and Resources
Management System (FIRMS) Code, Zone Number, Site Number. Operators must
also note whether their background investigation has been completed by CBP and
whether their fingerprints are on file with CBP. 36
d. Cartman/Lighterman: Cartman/Lighterman Identification Number, Customhouse
License (CHL) Number, Passport Number, Country of Issuance, Date of
Expiration, U.S. Visa Number, Birth Certification Number, Permanent Resident
Card Number, Certificate of Naturalization, Certificate of U.S. Citizenship, Reentry Permit Number (I-327), Refugee Permit Number, Other Identification (such
as Military Dependent’s Card, Temporary Resident Card, Voter Registration
Card). Cartman/Lighterman must also note whether his or her background
34
An Account Owner for a U.S. based truck carrier or truck driver must supply a U.S. business address. A foreignbased truck carrier or truck driver must provide their foreign business address and is not required to provide a U.S.
business address. If applying for a Broker, Importer, or Filer Account, a U.S. address is required. Importers that are
self-filers should apply for both their importer and their filer view on one ACE application.
35
Software Vendor, Service Bureau/Ctr., Port Authority, Preparer, or Surety Agent.
36
Background investigation information is not stored in ACE. Background investigation information is stored in
DHS Integrated System for Security Management (ISMS); fingerprints are maintained by OPM..
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 18
investigation has been completed by CBP and whether his or her fingerprints are
on file with CBP.
e. Carriers: Standard Carrier Alpha Code (SCAC), Bond Numbers, Importer Record
for Type 2 Bond (if applicable).
f. Drivers/Crew: Commercial Driver License (CDL) Number, State/Province of
Issuance, Country, whether the Driver has an Enhanced CDL or is HAZMAT
endorsed, Full Name, Date of Birth, Gender, Citizenship, Travel Documentation
(and Country of Issuance) such as: Passport Number, Permanent Resident Card,
or other type of identification including: SENTRI Card, NEXUS 37, U.S. Visa
(non-immigrant or immigrant), Permanent Resident Card, U.S. Alien Registration
Card, U.S. Passport Card, DHS Refugee Travel Document, DHS Re-Entry Permit,
U.S. Military ID Document, or U.S. Merchant Mariner Document.
Information maintained by ACE as part of the trade facilitation process includes:
Filer Information
1. Importer of Record Name and Address – The name and address, including the standard
postal two-letter state or territory abbreviation, of the importer of record. 38 The importer
37
Available at, http://www.cbp.gov/travel/trusted-traveler-programs.
Importers are required to file a CBP Form 5106 (Create/Update Importer Identity Form) at the time of their first
entry and other occasions. New and established users may use this form. For example, an established importer may
wish to launch a new division or subsidiary, change its name, or change its address. Under these circumstances an
established importer is required to file a CBP Form 5106.
In October 2014, CBP proposed to amend CBP Form 5106. In addition to renaming CBP Form 5106 from
“Importer ID Input Record” to “Create/Update Importer Identity,” the proposed changes include new data
collection. Specifically, CBP would require an SSN, Passport Number, and Passport Country of Issuance for those
officers who have importing and financial business knowledge of the importer and the legal authority to make
decisions on its behalf. Other new information that would be required includes the importer’s DUNS number, its
primary banking institution, the state or country in which it is incorporated, and a unique identifying number for the
appropriate Certificate of Incorporation.
CBP’s goal in requesting additional data is to “enhance [its] ability to make an informative assessment of
risk prior to the initial importation, and [to] provide CBP with improved awareness regarding the company and its
officers who have chosen to conduct business with CBP.” In other words, in order to carry out its mission to ensure
the safety of our nation’s borders as well as that of our global supply chain, CBP believes these additional data
elements are necessary to make an informed risk assessment of an importer prior to an initial importation. The 60day comment period for the proposed changes ended December 8, 2014. CBP received and reviewed one-hundred
and eighty-eight (188) public comments. Many of the comments were related to concern about providing SSNs and
Passport Information on corporate officers. In response, CBP modified the Agency’s position and made SSNs and
Passport Information optional, except in the scenario in which an individual is requesting to use a CBP-assigned
number for all entry documentation. In the event that the individual is requesting to use a CBP-assigned number she
or he must provide an SSN for CBP vetting purposes. CBP is publishing an Information Collection Request Notice
allowing for an additional 30 days for public comments.
38
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 19
of record is defined as the owner, purchaser, or consignee of the goods or their agent
(e.g., a licensed customs broker). The importer of record is the individual or firm liable
for payment of all duties and meeting all statutory and regulatory requirements incurred
as a result of importation, as described in 19 C.F.R. § 141.1(b).
2. Consignee Number – IRS EIN, SSN, or CBP assigned number of the consignee. This
number must reflect a valid identification number filed with CBP via the CBP Form
5106 or its electronic equivalent.
3. Importer Number – The IRS EIN, SSN, or CBP assigned number of the importer of
record.
4. Reference Number – The IRS EIN, SSN, or CBP assigned number of the individual or
firm to whom refunds, bills, or notices of extension or suspension of liquidation are to
be sent (if other than the importer of record and only when a CBP Form 4811 is on
file).
5. Ultimate Consignee Name and Address – The name and address of the individual or
firm purchasing the merchandise or, if a consigned shipment, to whom the
merchandise is consigned.
6. Broker/Filer Information – A broker or filer name, address, and phone number.
7. Broker/Importer File Number – A broker or importer internal file or reference number.
8. Bond Agent Information – Bond agent name, SSN or a surety created identification, and
surety name.
9. Declarant Name, Title, Signature and Date – The name, job title, and signature of the
owner, purchaser, or agent who signs the declaration. The month, day, and year when the
declaration was signed.
10. Importer Business Description – Including the Importer Dun & Bradstreet (DUNS)
Number and the North American Industry Classification System (NAICS) number for
Importer Business.
11. Senior Officers of the Importing Company – Information pertaining to Senior Officers of
the Importing Company with an importing or financial role in trade transactions: Position
title; Name (First, Middle, Last); Business Phone; SSN (Optional); Passport Number
(Optional); Passport Country of Issuance (Optional).
12. Additional Data Elements – Filers may, on their own initiative, provide additional or
clarifying information on the form, provided such additional information does not
interfere with the reporting of those required data elements.
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 20
Supply Chain Information
1. Manufacturer Information:
o Manufacturer (or supplier) name;
o Manufacturer (or supplier) address;
o Foreign manufacturer identification code and/or shipper identification code;
o Foreign manufacturer name and/or shipper name; and
o Foreign manufacturer address and/or shipper address.
2. Carrier Information:
o Importing Carrier - For merchandise arriving in the United States by vessel,
CBP records the name of the vessel that transported the merchandise from the
foreign port of lading to the first U.S. port of unlading.
Vessel Identifier Code;
Vessel Name;
Carrier Name;
Carrier Address;
Carrier codes (non-SSN) SCAC for vessel carriers, International Air
Transport Association (IATA) for air carriers);
Department of Transportation (DOT) number,
Tax Identification Number;
DUNS;
Organizational structure; and
Insurance information including name of insurer, policy number, date of
issuance and amount.
The carrier can create users and points of contact, and may also choose to
store details associated with the driver and crew, conveyance, and
equipment for purposes of expediting the creation of manifests.
o Mode of Transport - The mode of transportation by which the imported
merchandise entered the U.S. port of arrival from the last foreign country. The
mode of transport may include vessel, rail, truck, air, or mail.
o Export Date – The month, day, and year on which the carrier departed the last
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 21
port (or airport, for merchandise exported by air) in the exporting country.
3. Liquidator identification (non-SSN);
4. Seller (full name and address or a widely accepted industry number such as a DUNS
number);
5. Buyer (full name and address or a widely accepted industry number such as a DUNS
number);
6. Ship to party name;
7. Consolidator (stuffer);
8. Foreign trade zone applicant identification number;
9. Country of origin;
10. Commodity Harmonized Tariff Schedule of the United States (HTSUS) number;
11. Booking party; and
12. Other identification information regarding the party to the transaction.
Crewmember/Passenger Information
1. Carrier Information – Including vessel flag and vessel name, date of arrival and port of
arrival (CBP Form 5129);
2. Person on arriving conveyance who is in charge;
3. Names of all crew members and passengers;
4. Date of birth of each crew member and passenger;
5. Commercial driver license (CDL)/driver license number for each crew member;
6. CDL state or province of issuance for each crew member;
7. CDL country of issuance for each crew member;
8. Travel document number for each crew member and passenger;
9. Travel document country of issuance for each crew member and passenger;
10. Travel document for state/province of issuance for each crew member and passenger;
11. Travel document type for each crew member and passenger;
12. Address for each crew member and passenger;
13. Gender of each crew member and passenger;
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 22
14. Nationality/citizenship of each crew member and passenger; and
15. HAZMAT endorsement for each crew member.
Federal Employee Information (including CBP and PGA employees)
1. CBP employee names;
2. CBP employee hash identification, SSN, or other employee identification number; and
3. Federal Government employee names, work addresses, work phone numbers, and ACE
identification if already an ACE-ITDS user.
Manifest Information
1. Bill of Lading (B/L) or Air Waybill (AWB) Number – The number assigned on the
manifest by the international carrier delivering the goods to the United States.
2. Immediate Transportation Number – The Immediate Transportation number obtained
from the CBP Form 7512, the AWB number from the Transit Air Cargo Manifest
(TACM), or Automated Manifest System (AMS) master in-bond (MIB) movement
number.
3. Immediate Transportation Date – The month, day, and year obtained from the CBP
Form 7512, TACM, or AMS MIB record. Note that Immediate Transportation date
cannot be prior to import date.
4. Missing Documents – Codes that indicate which documents are not available at the time
of filing the entry summary.
5. Foreign Port of Lading – The five digit numeric code listed in the “Schedule K”
(Classification of Foreign Ports by Geographic Trade Area and Country) for the foreign
port at which the merchandise was actually laden on the vessel that carried the
merchandise to the United States. 39
6. U.S. Port of Unlading – The U.S. port code where the merchandise was unladen (or
delivered) from the importing vessel, aircraft, or train.
7. Location of Goods/General Order (GO) Number – Also known as a “container stuffing
location,” the pier or site where the goods are available for examination. For air
shipments, this is the flight number.
39
The “Schedule K” may be retrieved at: http://www.iwr.usace.army.mil/ndc/wcsc/scheduleK/schedulek.htm.
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 23
CBP Generated Records
1. Entry Number – The entry number is a CBP-assigned number that is unique to each
Entry Summary (CBP Form 7501).
2. Entry Type – Entry type denotes which type of entry summary is being filed (i.e.,
consumption, information, warehouse). The sub-entry type further defines the specific
processing type within the entry category (i.e., free and dutiable, quota/visa, antidumping/countervailing duty, and appraisement).40
3. Summary Date – The month, day, and year on which the entry summary is filed with
CBP. The record copy of the entry summary will be time stamped by the filer at the
time of presentation of the entry summary. Use of this field is optional for ABI
statement entries. The time stamp will serve as the entry summary date. The filer will
record the proper team number designation in the upper right portion of the form above
this block (three-character team number code). 41
4. Port Code – The port is where the merchandise was entered under an entry or released
under an immediate delivery permit. CBP relies on the U.S. port codes from Schedule
D, Customs District and Port Codes, listed in Annex C of the Harmonized Tariff
Schedule (HTS).
5. Entry Date – The month, day, and year on which the goods are released, except for
immediate delivery, quota goods, or when the filer requests another date prior to
release. 42 It is the responsibility of the filer to ensure that the entry date shown for
entry/entry summaries is the date of presentation (i.e., the time stamp date). The entry
date for a warehouse withdrawal is the date of withdrawal.
6. Manufacturer ID – This code identifies the manufacture/shipper of the merchandise by a
CBP-constructed code. The manufacturer/shipper identification code is required for all
entry summaries and entry/entry summaries, including informal entries, filed on the
CBP Form 7501.
7. Notes – Notations and results of examinations and document review for cleared
merchandise.
40
Automated Broker Interface (ABI) processing requires an ABI status indicator. This indicator must be recorded in
the entry type code block. It is to be shown for those entry summaries with ABI status only.
41
For ABI entry summaries, the team number is supplied by CBP’s automated system in the summary processing
output message.
42
19 CFR § 141.68.
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 24
Surety and Bond Information
1. Surety Information – Full legal name of entity, address.
2. Surety Number – A three-digit numeric code that identifies the surety company on the
Customs Bond. This code can be found in block 7 of the CBP Form 301, or is available
through CBP’s automated system to ABI filers via the importer bond query transaction.
3. Bond Type – A three-digit numeric code identifying the following type of bond: U.S.
Government or entry types not requiring a bond; Continuous; or Single Transaction.
4.
Additional Bond Information – All authorized users of bond, bond expiration date.
Merchandise-Specific Information
1. Line Number – A commodity from one country, covered by a line that includes a net
quantity, entered value, HTS number, charges, rate of duty, and tax.
2. Description of Merchandise – A description of the articles in sufficient detail (i.e., gross
weight, manifest quantity, net quantity in HTS units, U.S. dollar value, all other charges,
costs, and expenses incurred while bringing the merchandise from alongside the carrier at
the port of exportation in the country of exportation and placing it alongside the carrier at
the first U.S. port of entry).
3. License Numbers – For merchandise subject to agriculture licensing.
4. Country of Origin – The country of origin is the country of manufacture, production, or
growth of any article. When merchandise is invoiced in or exported from a country other
than that in which it originated, the actual country of origin shall be specified rather than
the country of invoice or exportation.
5. Import Date – The month, day, and year on which the importing vessel transporting the
merchandise from the foreign country arrived within the limits of the U.S. port with the
intent to unlade.
6. Exporting Country – The country of which the merchandise was last part of the commerce
and from which the merchandise was shipped to the United States.
2.2
What are the sources of the information and how is the
information collected for the project?
ACE collects information primarily from importers, authorized brokers or agents,
carriers, custodians of imported merchandise such as customs bonded warehouses and foreign
trade zones, and freight forwarders. These parties may submit data electronically using their EDI
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 25
or ACE Secure Portal Accounts, through third parties or services, or through a direct connection
to CBP. Other filers submit paper documents directly to the cargo arrival port.
ACE receives information from ATS and reports screening results. ACE also interfaces
with the Seized Assets and Case Tracking System (SEACATS) 43 and TECS 44 and connects
enforcement files to the trade data that forms a basis for the penalty or seizure.
2.3
Does the project use information from commercial sources or
publicly available data? If so, explain why and how this
information is used.
Yes. ACE uses the importer’s DUNS numbers, which are used to verify information
already provided about the individual or her or his business.
2.4
Discuss how accuracy of the data is ensured.
To ensure accuracy, CBP officials collect data directly from the importers or their
authorized representatives. CBP officials review the data in ACE and verify it by inspecting the
cargo and accompanying documentation. Filers must use CBP-certified software for electronic
information, receive training from CBP, and obtain a certification from CBP before transmitting
data. The system validates each data transmission when the filer is authorized to transmit data.
After certification, CBP requires the filer to maintain an acceptable level of performance filing
timely and accurate information into ACE. ACE generates and returns an Internal Transaction
Number (ITN) as confirmation of successful electronic filing once electronic data has been
accepted in ACE.
2.5
Privacy Impact Analysis: Related to Characterization of the
Information
Privacy Risk: Generally, there is a risk that ACE collects more personal information than
is necessary to track, control, and process commercial goods imported into the United States.
Mitigation: This risk is partially mitigated. CBP indicates which data elements are
optional or voluntary; however, these elements remain on the forms. Two specific examples
include:
Privacy Risk: There is a privacy risk that individuals will submit their date of birth as
part of the user account registration process despite the field noted as “optional” on the user
account registration form.
43
44
See SEACATS System of Records Notice at, http://edocket.access.gpo.gov/2008/E8-29802.htm
See, TECS System of Records Notice at, http://edocket.access.gpo.gov/2008/E8-29807.htm
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 26
Mitigation: This risk is not mitigated. CBP will work with DHS Privacy to amend the
description of this data field so that it accurately describes what date is acceptable.
Privacy Risk: There is a privacy risk of over-collection because ACE requires
cartmen/lightermen, drivers, and carriers to submit unnecessary PII (including travel documents)
as part of the ACE user account request form.
Mitigation: This risk is partially mitigated. CBP explains in the instructions which
elements are optional . For example, the form states that only one set of identification documents
is required. 45
Privacy Risk: There is a risk that ACE may contain inaccurate information.
Mitigation: ACE mitigates this risk by collecting information directly from applicants
through Trade Portal Accounts. All importers, or individuals acting on their behalf, must
complete training and a CBP certification before they transmit information into ACE. ACE
contains parameters that alert the submitter about inaccurate or otherwise inadequate data.
Individuals may enter the information themselves and have the ability to amend all submissions.
All brokers or other authorized third-party submitters must obtain an ACE certification and
receive written authorization from the importer.
Section 3.0 Uses of the Information
3.1
Describe how and why the project uses the information.
CBP uses ACE to collect, use, and maintain electronic records required to track, control,
and process commercial goods imported into the United States. ACE enhances national security
by enabling CBP to enforce U.S. law, facilitate legitimate international trade, and detect illegal
merchandise attempting to be imported into the United States or violations of import laws. ACE
automates and consolidates border processing and is the centralized access point that connects
CBP, the trade community, and other government agencies. ACE provides CBP personnel with
data to use within Automated Targeting System (ATS). 46 ATS uses enhanced automated tools
and additional information (e.g., lookouts and watchlists) to perform risk-based assessments and
decide what cargo to target and investigate before a shipment reaches the U.S. border. It also
allows CBP to expedite certain cargo or shipments because it complies with U.S. laws.
ACE connects, receives, or shares records with the following CBP systems:
45
A copy of the current application is available at,
http://www.cbp.gov/sites/default/files/documents/ace_portal_app_2013114.pdf
46
DHS/CBP-006 Automated Targeting System May 22, 2012, 77 Fed. Reg. 30297.
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 27
1.
Automated Commercial System (ACS) 47 – until it is fully transferred into ACE.
2. Automated Targeting System (ATS) 48 – ACE enhances CBP enforcement
processes by implementing significant screening, targeting, and border security
capabilities by interfacing with ATS, which is a decision support tool that
compares traveler, cargo, and conveyance information against law enforcement,
intelligence, and other enforcement data using risk-based targeting scenarios and
assessments. ACE facilitates identification of high-risk cargo and associated
people and businesses based on advance information by leveraging the services
provided by ATS.
3. TECS 49 – import records related to a violation are shared with TECS to create and
maintain records related to the violation.
4. Seized Asset and Case Tracking System (SEACATS) 50 – seizures recorded in
SEACATS draw upon the related records in ACE.
5. Credit/Debit Card Data System (CDCDS) 51 – ACE provides payment information
to CDCDS for payment processing.
3.2
Does the project use technology to conduct electronic searches,
queries, or analyses in an electronic database to discover or locate
a predictive pattern or an anomaly? If so, state how DHS plans to
use such results.
ACE does not perform targeting or locate predictive patterns. ACE provides data to ATS
for conducting queries or locating a predictive pattern or anomaly. ATS uses ACE information to
conduct targeting and screening for high risk cargo. This targeting and screening assists CBP
officers in identifying imports with transportation safety and security risks, such as weapons of
mass destruction. ACE information is also used by U.S. Immigration and Customs
Enforcement’s (ICE) FALCON-DARTTS 52 to identify anomalous transactions that may indicate
violations of U.S. trade laws. However, the results of any analysis conducted by other DHS
systems do not appear in ACE.
47
DHS/CBP-001 Automated Commercial Environment/International Trade Data System (ACE/ITDS) January, 19,
2006, 71 FR 3109.
48
DHS/CBP-006 Automated Targeting System May 22, 2012, 77 Fed. Reg. 30297.
49
DHS/CBP-011 U.S. Customs and Border Protection TECS December 19, 2008, 73 Fed. Reg. 77778.
50
DHS/CBP-014 Regulatory Audit Archive System (RAAS) December 19, 2008, 73 Fed. Reg. 77807.
51
DHS/CBP-003 Credit/Debit Card Data System November 2, 2011, 76 Fed. Reg. 67755.
52
DHS/ICE/PIA-038 – FALCON Data Analysis & research for Trade Transparency System, January 16, 2014, at
http://www.dhs.gov/publication/dhsicepia-038-%E2%80%93-falcon-data-analysis-research-trade-transparencysystem-falcon-dartts
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 28
3.3
Are there other components
responsibilities within the system?
with
assigned
roles
and
CBP has granted ACE access to ICE users via the ICE FALCON-DARTTS system to
facilitate Homeland Security Investigation (HSI) investigations of trade fraud, mismarking,
counterfeiting, or other trade related violations.
3.4
Privacy Impact Analysis: Related to the Uses of Information
Privacy Risk: There is a risk of unauthorized use of information in ACE by authorized
users.
Mitigation: Although certified ACE filers may transmit data to ACE, these users do not
have access to query ACE. Additionally, CBP and PGA officials are required to complete
privacy training and obtain approval from their supervisors to access ACE. CBP maintains the
paper documents and records and the electronic information in ACE in controlled spaces
protected by security personnel. CBP tracks the electronic information search activities of its
users and provides audit logs, which CBP security officials review and in the context of PGA
users share with the appropriate security officials of the PGA. Any inappropriate use of ACE
results in an investigation and suspension of a user’s access to ACE, and may result in further
disciplinary action or criminal investigation.
To further mitigate this risk, ACE employs passwords and restrictive role-based rules to
access internal data. Users are limited to the roles that define their authorized use of the system.
CBP uses procedural accountability and physical safeguards, including audit logs and receipt
records. Management oversight ensures appropriate assignment of roles and access to
information.
In order to become an authorized user, a CBP employee must have passed a full field
background investigation. In addition, authorized users must have a “need to know” the
information for the performance of their official duties.
Section 4.0 Notice
4.1
How does the project provide individuals notice prior to the
collection of information? If notice is not provided, explain why
not.
CBP provides notice of the scope of information collected in ACE through publications
in the Federal Register, information on the public CBP website, and this PIA. The Trade Account
Portal application form contains a Privacy Act Statement regarding the authority of CBP to
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 29
collect the requested information and how the Agency uses the information. CBP also provides
notice through the ACE PIA and the forthcoming Import Information System (IIS) SORN.
4.2
What opportunities are available for individuals to consent to
uses, decline to provide information, or opt out of the project?
U.S. law requires importers to provide CBP information that contains PII in conjunction
with commercial entry documents submission that support importing commodities or
merchandise in to or transit through the United States. Importer identity, manufacturer or
supplier, and other parties involved in the import transaction and supply chain are necessary for
commercial entry acceptance. Failure to provide required information will result in rejection of
the commercial entry and the issuance of an order by CBP to remove the commodity from the
territory of the United States. When importers submit the required information to ACE they
fulfill their legal requirements and they consent to how CBP will properly use this data.
4.3
Privacy Impact Analysis: Related to Notice
Privacy Risk: There is a risk that individuals may not know that their information is
collected in ACE because many CBP forms do not have a Privacy Act Statement.
Mitigation: This risk is partially mitigated. Although approved by OMB, CBP forms do
not have a Privacy Act Statement as required, CBP provides notice to the trade community on its
website about ACE modernization. CBP provides notice of the scope of information collected in
ACE through notices and rulemakings in the Federal Register, information posted on the public
CBP website, the new IIS SORN, and this PIA. In addition, E.O. 13659 requires CBP to publicly
post ACE modernization implementation plans and schedules. 53
Section 5.0 Data Retention by the project
5.1
Explain how long and for what reason the information is retained.
CBP retains ACE records for six years. ACE information shared with ATS for screening
and targeting purposes will be retained for fifteen years or for the duration of a law investigation
or proceeding continues beyond fifteen years.
5.2
Privacy Impact Analysis: Related to Retention
There is no risk to retention of ACE records. CBP retains ACE data (both paper and
electronic) for six years to support various legal requirements and so that businesses will be able
53
Executive Order No. 13659, Streamlining the Export/Import Process for America’s Businesses (February 19,
2014), available at https://www.whitehouse.gov/the-press-office/2014/02/19/executive-order-streamliningexportimport-process-america-s-businesses.
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 30
to retrieve their information for commercial taxation purposes. For example, duty payments are
tax deductible and the retention of these records may assist businesses for cross-reference.
Section 6.0 Information Sharing
6.1
Is information shared outside of DHS as part of the normal
agency operations? If so, identify the organization(s) and how the
information is accessed and how it is to be used.
CBP shares ACE data external to DHS with PGAs that have entered into a Memorandum
of Understanding (MOU) with CBP. ACE data sharing MOUs with PGAs define and limit the
scope and use of information shared pursuant to the PGA’s respective authorities. (See Appendix
A for current list of PGAs with a signed MOU with CBP.) Each MOU with a PGA describes the
ACE data sets the PGA is permitted to access.
As required by 19 U.S.C. § 1431, 46 U.S.C. § 60105, and 19 CFR § 103.31, certain
inbound and outbound manifest data in ACE may be made available for publication. Importers
and shippers may request confidential treatment of their name and address pursuant to 19 CFR §
103.31(d). When CBP grants confidentiality, six data elements are withheld from disclosure:
importer name and address, consignee name and address, and shipper name and address.
As required by the Debt Collection Act of 1982, 54 CBP will disclose information
concerning bad debt (i.e., obligations owed for the payment of duties, taxes and fees) to the
Department of Justice, collection agencies, credit bureaus, and consumer reporting agencies.
In addition, CBP may disclose ACE information on a case-by-case basis consistent with
the routine uses explained the IIS SORN, which CBP is publishing concurrent with this PIA.
54
5 U.S.C. § 5514, and Pub L. 97-365 (Oct. 25, 1982), as amended by the Debt Collection Improvement Act of
1996, 31 U.S.C. § 3701, and Pub L. 104-134 (Apr. 26, 1996). See also 5 U.S.C. § 552a(b)(12).
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 31
6.2
Describe how the external sharing noted in 6.1 is compatible with
the SORN noted in 1.2.
Pursuant to the IIS SORN, Routine Use J allows CBP to transmit data to PGAs so they
may fulfill their statutorily mandated requirements to ensure compliance with transportation and
trade laws. Routine Use N allows CBP to provide debtor address information in the context of
referring delinquent obligations to the Department of Justice and credit reporting agencies in
accordance with established procedures set forth in the Fair Credit Reporting Act. Routine Use
R allows CBP to transmit certain inbound and outbound manifest information to the public
pursuant to 19 U.S.C. §1431 and 19 C.F.R. §103.31. Lastly, section (b)(12) of the Privacy
Act, 55 allows CBP to transmit information concerning defaulted debt to the Department of
Justice and credit reporting agencies for the purpose of improving collection of the obligation.
•
J. To a federal agency, pursuant to an International Trade Data System Memorandum of
Understanding, consistent with the receiving agency’s legal authority to collect
information pertaining to and/or regulate transactions in international trade.
•
N. To the Department of Justice, Offices of the United States Attorneys or a consumer
reporting agency as defined by the Fair Credit Reporting Act, address or physical location
information concerning the debtor, for further collection action on any delinquent debt
when circumstances warrant;.
•
R. To paid subscribers, in accordance with applicable regulations, for the purpose of
providing access to manifest information as set forth in 19 U.S.C. 1431.
CBP discloses ACE information only on a case-by-case basis to entities for specific uses,
which include anti-terrorism and law enforcement, to ensure cargo safety and security, or to
prevent smuggling.
6.3
Does the project place limitations on re-dissemination?
Yes. As a condition of sharing information pursuant to a routine use in the IIS SORN,
CBP requires anyone who receives non-public ACE data to obtain written permission from CBP
before re-disseminating the information. Similarly, all of the ACE Data MOUs with PGAs
contain confidentiality sections that include terms regarding consultation with respect to the redissemination of shared information.
55
5 U.S.C. § 552a(b)(12).
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 32
6.4
Describe how the project maintains a record of any disclosures
outside of the Department.
To obtain ACE information, the requesting party must submit a written request for
specific information and state how it plans to use the information in relation to importing
commercial goods into the United States or its nexus to a law enforcement matter. CBP retains a
copy of this request and submits it to the CBP Privacy Office for review. Once the CBP Privacy
Office reviews the request, based on the circumstances of each case, a CBP Privacy official
drafts an authorization memorandum specific to each case. CBP retains a copy of the
memorandum. If the disclosure is approved, CBP also maintains a record of the disclosure using
DHS Form 191. An ACE Data MOU may cover other requests, which memorializes routine
information sharing. (See Appendix A for a current list of PGAs with a signed MOU with CBP.)
All authorization memoranda expressly forbid sharing information to third parties unless CBP
authorizes, or the individual consents to, the sharing. All ACE Data MOUs require that the
agency receiving CBP information agree to obtain authorization from CBP before sharing
information to third parties.
6.5
Privacy Impact Analysis: Related to Information Sharing
Privacy Risk: There is a privacy risk that CBP could share data outside DHS for
purposes that differ from the stated purpose and use of the original collection.
Mitigation: This risk is mitigated because disclosure is permitted only upon
authorization and in accordance with the routine uses in the ACE and/or the forthcoming IIS
SORN. As DHS procedures and policies require, all current external sharing arrangements,
whether on a case-by-case basis or pursuant to ACE Data MOUs, are compatible with the
collection’s original purpose. The risk if further mitigated through the CBP Privacy Office
review process.
Privacy Risk: There is a privacy risk that PGAs could further disseminate the
information without CBP authorization.
Mitigation: This risk is mitigated by the terms of the ACE Data MOU with each PGA
that limit further external dissemination in the Confidentiality sections of the agreements. With
regard to case-by-case sharing the terms of each authorization require CBP consent for further
external dissemination.
Privacy Risk: There is a privacy risk to data security because manifest information,
which may include sensitive PII, is made public.
Mitigation: This risk is partially mitigated. Only certain vessel (not air, rail, or truck)
manifest information is made public as required by statute and regulation. To mitigate this risk,
CBP permits an importer or consignee (inward) or a shipper (outward) to request confidential
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 33
treatment of its name and address contained in manifests by following the procedure set forth in
19 CFR 103.31. However, oftentimes manifest information contains sensitive PII in the free text
fields that cannot be redacted. CBP has published a notice in the Container Status Messaging
Service, a tool for communicating with the carrier and shipper community, informing carriers
and shippers that PII is not acceptable in the free text fields of the vessel manifest; CBP also
engages in outreach through trade conferences to this community to remind them of the risk to
their clients from including PII in free text fields.
Section 7.0 Redress
7.1
What are the procedures that allow individuals to access their
information?
As described in section 6.1 and 6.2 of this PIA, certain inbound manifest information in
ACE is publicly available. Individuals that file electronically cannot conduct queries in ACE but
may view and correct their information prior to submission and before ACE accepts the
transmission.
To gain access to non-public information in ACE, an individual may request information
about his or her ACE records, pursuant to procedures provided by the Freedom of Information
Act (FOIA) (5 U.S.C. § 552) and the access provisions of the Privacy Act of 1974 (5 U.S.C. §
552a(d)), and by writing to:
U.S. Customs and Border Protection (CBP)
Freedom of Information Act (FOIA) Division
90 K Street, N.E.
Washington, D.C. 20229
When seeking records from ACE or any other CBP system of records, the request must
conform to Part 5, Title 6 of the Code of Federal Regulations (CFR). 56 An individual must
provide his or her full name, current address, and date and place of birth. He or she must also
provide:
56
•
An explanation of why the individual believes DHS would have information on
him or her;
•
Details outlining when he or she believes the records would have been created;
and
See 6 CFR Part 5.
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 34
•
If the request is seeking records pertaining to another living individual it must
include a statement from that individual certifying his/her agreement for access to
his/her records.
The request is required to include a notarized signature or to be submitted pursuant to 28
U.S.C. § 1746, which permits statements to be made under penalty of perjury as a substitute for
notarization. Without this information, CBP may not be able to conduct an effective search and
the request may be denied due to lack of specificity or lack of compliance with applicable
regulations. Although CBP does not require a specific form, guidance for filing a request for
information is available on the DHS website at http://www.dhs.gov/file-privacy-act-reqeust and
http://www.dhs.gov/file/foia-overview.
7.2
What procedures are in place to allow the subject individual to
correct inaccurate or erroneous information?
Individuals who file information electronically may amend, correct, or cancel their active
data, and ACE system updates reflect the changes. Individuals may also contact the CBP INFO
Center, to request correction of erroneous ACE information. See section 7.1 above.
Although CBP makes certain inbound manifest information publicly available for
publication, shippers may request that CBP refrain from disclosing their names, addresses, and
tax identifying number (TIN) by submitting a certification claiming confidential treatment. Such
certifications allow businesses and individuals to partially shield their identity from association
with their shipment in these publications while still permitting CBP to screen their shipments.
Approved certifications are valid for two years after the approval date. Importers may submit a
letter via email ([email protected]), or by mail (address below), to
CBP requesting that their company name not be disclosed on the vessel manifest. There is no fee
associated with the request for confidentiality.
Director, Client Rep Division
ACE Business Office, Office of International Trade
U.S. Customs and Border Protection
8444 Terminal Road
Beauregard A-312-5
Lorton, VA 22079
Individuals may notify CBP or their Account Managers incorrect or inaccurate in ACE,
and may send their requests for correction to:
U.S. Customs and Border Protection
CBP INFO Center
Office of Public Affairs
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 35
1300 Pennsylvania Avenue, NW
Washington, D.C. 20229
Although requests to amend information should be made in writing, individuals may
contact the CBP INFO Center by phone at (877) 227-5511 or (703) 526-4200. Following the
links on https://help.cbp.gov/app/home/search/1, individuals may submit complaints online.
7.3
How does the project notify individuals about the procedures for
correcting their information?
Individuals may contact the CBP INFO Center to obtain guidance for requesting
correction of their ACE information. This PIA and www.cbp.gov provide contact information for
making those requests. Within ACE, individuals who submit information electronically are
notified of the procedures for correcting their information in the electronic user guides and
during the training process. Furthermore, when the electronic system encounters a possible error
with the transmitted data it will issue a response message alerting the individual that he or she
may need to correct the information.
7.4
Privacy Impact Analysis: Related to Redress
Privacy Risk: There is a privacy risk that trade filers may be adversely affected by a
targeting rule.
Mitigation: All cargo shipments arriving in the United States are subject to further
review or physical inspection to determine that the shipment poses no threat and that the
shipment is in compliance with all applicable U.S. laws and regulations. This data review or
physical inspection of the cargo shipment allows CBP or another applicable regulatory agency to
determine that no violation has occurred. The review, analysis, and training of the officer
making a decision regarding admissibility, or further inspection, provides the greatest mitigation
to the risk that a targeting rule may be improperly applied. Trade filers are responsible for filing
accurate information and have the opportunity to amend inaccurate information.
Privacy Risk: A potential risk related to redress occurs with the ability to validate the
accuracy of third-party information because ACE contains PII that pertains to third parties such
as personal names and contact information that appear in manifests or other commercial entries
submitted by agents or other intermediaries serving as filers.
Mitigation: CBP mitigates this risk by allowing individuals and third parties (including
those who submit information in hard copy format) to contact CBP when they believe that the
data contained in ACE is inaccurate. Individuals and other filers may submit corrections
electronically and are required to meet standards of quality, accuracy, and timeliness to be
allowed to transmit data to ACE.
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 36
Section 8.0 Auditing and Accountability
8.1
How does the project ensure that the information is used in
accordance with stated practices in this PIA?
CBP officials may obtain access to ACE data only on a “need to know” basis and after
their supervisor and the ACE business owner has authorized their access. For the paper records,
only CBP officials authorized to review ACE may obtain access to them. Authorized ACE users
may obtain electronic access through the CBP network through encrypted passwords and sign-on
identification. ACE records who logged into the system and when, what functions the user
performed, and what changes were made, if any. CBP reviews audit logs and conducts periodic
reviews of all ACE users.
8.2
Describe what privacy training is provided to users either
generally or specifically relevant to the project.
CBP requires ACE users to take the annual privacy and security training, such as the
“CBP IT Security Incident Response Training,” “CBP IT Security Awareness and Rules of
Behavior Training,” “CBP Safeguarding Classified National Security Information,” “CBP
Sensitive Security Information” through the online CBP Performance and Learning Management
System (PALMS). Each of these courses covers how CBP ACE users must handle PII.
The ACE Program Manager maintains a master list of all ACE users and their privacy
and security training completion information. If an ACE user fails to complete the training by the
annual deadline, then he or she loses access to ACE.
There are similar requirements for PGA users as outlined in their respective ACE Data
MOUs. For example, PGAs must provide CBP, on an annual basis, with an updated list of field
locations and personnel with access to ACE data. They must ensure that ACE data is only
provided to employees and contractors who have an official “need-to-know.” They are also
subject to periodic audit security measures for accessing ACE and maintaining ACE data. PGAs
must ensure, in accordance with the Privacy Act of 1974, as amended 57 that a SORN will be
timely published or amended for any system(s) that will maintain data received from ACE and
that a PIA is published. (See Appendix A for current list of PGAs with a signed MOU with
CBP).
57
5 U.S.C. § 552a.
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 37
8.3
What procedures are in place to determine which users may
access the information and how does the project determine who
has access?
An ACE program manager grants access to ACE after he or she receives an official
request from an individual’s supervisor. Both the CBP official’s supervisor and the ACE
program manager determine whether the particular CBP official has a “need to know” basis for
access to ACE. After approval form the program manager, the supervisor transmits the request to
the Security Help Desk, which determines whether the CBP official has completed the necessary
background investigation. If the CBP official does not use ACE for 90 days, or if the CBP
official’s profile changes, then he or she must again obtain authorization from his or her
supervisor, ACE program manager, and the Security Help Desk to obtain access to ACE. After
the CBP official has obtained all the necessary approval, then the electronic system in ACE will
accept the CBP official’s specific user sign-on identification and password.
8.4
How does the project review and approve information sharing
agreements, MOUs, new uses of the information, new access to the
system by organizations within DHS and outside?
For new sharing agreements and authorizations for access to any ACE information, the
agency, component, or organization must obtain a written agreement or written authorization
from CBP, i.e., an MOU, in order to become a PGA with access to ACE data. During the MOU
negotiations between CBP and the federal agency, Appendices A and B are key because they
will determine the scope of ACE access. Appendix A maps the data the agency is legally
entitled to collect based on its statutory authority. Appendix B is a list of commodities the
agency is legally authorized to regulate, as represented by Harmonized Tariff Schedule (HTS)
numbers. Once an agency becomes a PGA by having a signed MOU, CBP grants access to the
ACE data portal. Each PGA’s view of ACE data is limited to the commodities it has authority to
regulate as denoted by the HTS numbers listed in Appendix B of the MOU. The CBP Privacy
Officer reviews all such agreements and authorizations.
8.5
Privacy Impact Analysis: Related to Redress
Privacy Risk: There is a privacy risk that PGA users of ACE may exceed their authority
and access information beyond their authorized roles.
Mitigation: This risk is partially mitigated through the terms of the ACE Data MOU with
each PGA. The confidentiality section identifies the roles, responsibilities and access
requirements for PGA users, as well as requiring the PGA to designate an official as its Security
Control Officer for the purpose of reviewing access concerns presented by CBP, from its
auditing of system access and use logs, and determining appropriate remedial action. PGA users
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 38
are also reminded through the terms of their respective agency MOU and the system sign-on
banner that information in ACE is protected by both the Privacy Act and the Trade Secrets Act,
which provide for criminal penalties for misuse of the protect information.
Responsible Officials
Deborah Augustin
Acting Executive Director
ACE Business Office, Office of International Trade
U.S. Customs and Border Protection
(571) 468-8362
John Connors
CBP Privacy Officer
Privacy and Diversity Office, Office of the Commissioner
U.S. Customs and Border Protection
(202) 344-1610
Approval Signature
Original signed copy on file with the DHS Privacy Office.
________________________________
Karen L. Neuman
Chief Privacy Officer
Department of Homeland Security
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 39
APPENDIX A
Partner Government Agencies (PGA)
At present, the following PGAs have signed a Memorandum of Understanding (MOU)
with CBP to have access to ACE-ITDS:
1) Agricultural Marketing Service (AMS), Department of Agriculture
2) Consumer Product Safety Commission (CPSC)
3) Nuclear Regulatory Commissioner (NRC)
4) Food Safety and Inspection Service (FSIS), Department of Agriculture
5) National Marine Fisheries Service (NMFS), Department of Commerce
6) Federal Maritime Commission (FMC)
7) Office of Foreign Assets Control (OFAC), Department of Treasury
8) Foreign Trade Zones Board (FTZB), Department of Commerce
9) Bureau of Labor Statistics (BLS), Department of Labor
10) Office of Foreign Missions (OFM), Department of State
11) U.S. Census Bureau, (Census), Department of Commerce
12) Center for Disease Control and Prevention (CDC), Department of Health and Human
Services
13) Office of General Counsel (OGC), Department of Energy
14) Animal and Plant Health Inspection Service (APHIS), Department of Agriculture
15) Internal Revenue Service (IRS), Department of Treasury
16) Alcohol and Tobacco Tax and Trade Bureau (TTB), Department of Treasury
17) Alcohol, Tobacco, Firearms and Explosives Bureau (ATF), Department of Justice
18) Energy Information Administration (EIA), Department of Energy
19) Fish and Wildlife Services (FWS), Department of Interior
20) Office of Marine Conservation (OMC), Bureau of Oceans and International
Environmental and Scientific Affairs (OES), Department of State
21) Foreign Agricultural Service (FAS), Department of Agriculture
22) Environmental Protection Agency (EPA)
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 40
23) Defense Contract Management Agency (DCMA), Department of Defense
24) Office of Textile and Apparel (OTEXA), Department of Commerce
25) Food and Drug Administration (FDA)
26) Enforcement and Compliance (E&C), Department of Commerce
27) Federal Aviation Administration (FAA), Department of Transportation
28) Federal Highway Administration (FHWA), Department of Transportation
29) Federal Motor Carrier Safety Administration (FMCSA), Department of Transportation
30) Federal Railroad Administration (FRA), Department of Transportation
31) Maritime Administration (MARAD), Department of Transportation
32) National Highway Traffic Safety Administration (NHTSA), Department of
Transportation
33) Pipeline and Hazardous Materials Safety Administration (PHMSA), Department of
Transportation
34) The Office of the Assistant Secretary for Research and Technology (OST-R), Bureau of
Transportation Statistics (BTS), Department of Transportation
35) Directorate of Defense Trade Controls (DDTC), Department of State
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 41
APPENDIX B
OMB Control Numbers
OMB Collection
Number
Form Name/Description
CBP Form
Number 58
1651-0001
Air Cargo Manifest
7509
1651-0001
Inward Cargo Manifest
7533
1651-0001
Inward Cargo Declaration
1302
1651-0001
Cargo Declaration (Outward)
1302A
1651-0001
Importer Security Filing (also known as 10+2)
1651-0001
Vessel Stow Plan
1651-0001
Container Status Messages
1651-0001
Request for Manifest Confidentiality
1651-0002
General Declaration
7507
1651-0003
Continuation Sheet
7512A
1651-0003
Transportation Entry and Manifest
of Goods Subject to CBP
Inspection and Permit
7512
1651-0005
Application-Permit-Special
License Unlading/Lading,
3171
1651-0006
Application and Approval to Manipulate, Examine, Sample or
Transfer Goods
3499
1651-0007
Application for Allowance in Duties
4315
1651-0009
Customs Declaration
6059B
1651-0010
Certificate of Registration
4455
1651-0010
Certificate of Registration for Personal Effects Taken Abroad
4457
1651-0011
Declaration for Free Entry of Returned American Products
3311
1651-0012
Lien Notice
3485
58
All of these CBP forms have been approved by OMB and have an OMB control number, however, not all of them
have a CBP Form Number.
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 42
1651-0013
Entry and Manifest Free of Duty
7523
1651-0014
Declaration for Free Entry of Unaccompanied Articles
3299
1651-0015
Application for Extension of Bond for Temporary Importation
3173
1651-0016
Certificate of Origin
3229
1651-0017
Protest
19
1651-0018
Ship's Stores Declaration
1303
1651-0019
Vessel Entrance or Clearance Statement
1300
1651-0020
Crew Effects Declaration
1304
1651-0022
Entry Summary
7501
1651-0022
Document/Payment Transmittal
7051A
1651-0023
Request for Information
28
1651-0024
Entry/Immediate Delivery Application
3461
1651-0024
Entry/Immediate Delivery Application ALT
3461 ALT
1651-0025
Report of Diversion
26
1651-0027
Record of Vessel Foreign Repair or Equipment Purchase
226
1651-0028
Cost Submission
247
1651-0029
Application for Foreign Trade Zone Admission and/or Status
Designation
214
1651-0029
Application for Foreign Trade Zone Admission and/or Status
Designation Copy
214A
1651-0029
Application for Foreign Trade Zone Admission and/or Status
Designation Continuation Sheet
214B
1651-0029
Application for Foreign Trade Zone Admission and/or Status
Designation Continuation/Statistical Copy
214C
1651-0029
Foreign-Trade Zone Activity Permit
216
1651-0030
Declaration of Unaccompanied Articles
255
1651-0031
Foreign Assemblers Declaration (with Endorsement by Importer
1651-0032
Importers of Merchandise Subject to Actual Use Provisions
1651-0033
Bonded Warehouse Proprietor's Submission
1651-0034
Triennial Report
300
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 43
1651-0035
Holders or Containers Which Enter the United States Duty Free
1651-0036
Declaration of Ultimate Consignee That Articles Were Exported for
Temporary Scientific or Educational Purposes
1651-0037
Entry of Articles for Exhibition
1651-0041
Establishment of a Bonded Warehouse (Bonded Warehouse
Regulations
1651-0048
Declaration of Persons Who Performed Repairs or Alteration
1651-0050
Corporate Surety Power of Attorney
5297
1651-0050
Customs Bond
301
1651-0050
Customs Bond Continuation Sheet
301A
1651-0051
Foreign Trade Zone, Reconciliation, Certification
1651-0053
Approval of Commercial Gaugers & Accreditation of Commercial
Laboratories
1651-0055
Harbor Maintenance Fee Quarterly Summary Report
349
1651-0055
Harbor Maintenance Fee (Amended Quarterly Summary
Report Form 350)
350
1651-0055
Harbor Maintenance Fee Recordkeeping
1651-0057
Country of Origin Marking Requirements for Containers or Holders
1651-0061
Centralized Examination Station
1651-0063
Petroleum Refineries in Foreign Trade Subzones
1651-0064
Importer ID Input Record
1651-0067
Documentation Requirements for Articles Entered Under Various
Special Treatment Provisions
1651-0074
Prior Disclosure
1651-0075
Delivery Certificate for Purposes of Drawback
7552
1651-0075
Notice of Intent to Export, Destroy or Return Merchandise
7553
1651-0075
Drawback Entry
7551
1651-0077
CTPAT
1651-0078
ACH Application
1651-0080
Deferral of Duty on Large Yachts Imported for Sale
5106
400
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 44
1651-0081
Delivery Ticket
6043
1651-0082
African Growth and Opportunity Act Certificate of Origin
1651-0083
U.S.-Caribbean Basin Trade Partnership Act (CBTPA)
1651-0085
Administrative Rulings
1651-0086
Distribution of Continued Dumping and Subsidy Offset to Affected
Domestic Producers (CDSOA)
1651-0090
Commercial Invoice
1651-0092
Application for Withdrawal of Bonded Stores for Fishing Vessels
and Certification of Use
5125
1651-0093
Declaration of Owner when Entry is Made by an Agent
3347A
1651-0098
NAFTA Certificate of Origin
434
1651-0098
NAFTA Verification of Origin Questionnaire
446
1651-0098
NAFTA Motor Vehicle Averaging Election
447
1651-0105
Application to Use Automated Commercial Environment (ACE)
1651-0117
US/Chile FTA
1651-0117
US/Singapore FTA
1651-0117
US/Australia FTA
1651-0117
US/Morocco FTA
1651-0117
US/Bahrain FTA
1651-0117
US/Jordan FTA
1651-0117
US/Oman FTA
1651-0117
US/Peru FTA
1651-0117
U.S. -Korea Free Trade Agreement
1651-0117
U.S. - Columbia TPA
1651-0117
U.S. Central American Free Trade Agreement (CAFTA)
450
7401
Please note, too, there are multitudes of various forms and documents relating to the
importation of commodities or merchandise. Not all of these forms and documents are controlled
�Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 45
by CBP. CBP has separately published on the ACE website a list of the forms and documents it
is making available in the Document Imaging System (DIS). 59
59
See http://www.cbp.gov/document/guidance/ace-november-1-pga-forms, pages 9-12.
�
| File Type | application/pdf |
| File Title | DHS/CBP/PIA-003(b) Automated Commercial Environment (ACE) |
| Author | U.S. Department Of Homeland Security Privacy Office |
| File Modified | 2016-02-17 |
| File Created | 2015-08-04 |