Download:
pdf |
pdfPrivacy Impact Assessment
for the
Ombudsman Case Assistance Analytic Data
Integration System
DHS Reference No. DHS/CISOMB/PIA-001(a)
February 17, 2021
�Privacy Impact Assessment
DHS/CISOMB/PIA-001(a) CAADI
Page 1
Abstract
The U.S. Department of Homeland Security (DHS), Office of the Citizenship and
Immigration Services Ombudsman (CISOMB) as mandated by Section 452 of the Homeland
Security Act of 2002, is an independent office that reports directly to the Deputy Secretary of
Homeland Security. CISOMB’s mission is to: (1) assist individuals and employers who are
experiencing difficulty resolving immigration benefit-related matters with U.S. Citizenship and
Immigration Services (USCIS); (2) identify systemic challenges or trends with the delivery of
immigration benefits; and (3) propose changes to mitigate those issues pursuant to 6 U.S.C. §
272(b). To accomplish this mission, CISOMB uses the Case Assistance Analytics and Data
Integration (CAADI) system to process, track, and respond to requests for assistance, and to
manage the workflow of cases. CISOMB is conducting this PIA to discuss the information that
CISOMB receives from individuals and employers and processes through CAADI. This PIA
updates and replaces the 2010 DHS/CISOMB/PIA-001 Virtual Ombudsman System PIA.
Overview
CISOMB is dedicated to improving the quality of citizenship and immigration services
delivered to the public by providing individual case assistance and making recommendations to
improve the administration of immigration benefits by USCIS. CISOMB follows fundamental
ombudsman principles, such as confidentiality, neutrality, and independence while undertaking its
statutory mission. CISOMB does not have the authority to make or change USCIS decisions
regarding any immigration matter.
Prior to requesting case assistance from CISOMB, individuals and employers must first
attempt to resolve any issues directly with USCIS through one of the USCIS customer service
options such as checking “My Case Status Online” for processing times or calling the USCIS
Contact Center.1 In the event that an individual or employer is dissatisfied with the USCIS response
to a case-related question or believes the disposition of an application or petition was made in error
or is unduly delayed, further assistance may be sought from CISOMB.
CISOMB provides cases assistance to address both procedural and substantive matters.
Examples of procedural matters include: typographic errors in immigration documents; cases that
are past normal processing times; USCIS failure to schedule biometric appointments, interviews,
For more information about USCIS customer service, see U.S. DEPARTMENT OF HOMELAND SECURITY, U.S.
CITIZENSHIP AND IMMIGRATION SERVICES, PRIVACY IMPACT ASSESSMENT FOR THE CUSTOMER RELATIONSHIP
INTERFACE SYSTEM, DHS/USCIS/PIA-019 (2008 and subsequent updates); U.S. DEPARTMENT OF HOMELAND
SECURITY, U.S. CITIZENSHIP AND IMMIGRATION SERVICES, PRIVACY IMPACT ASSESSMENT FOR CUSTOMER
SCHEDULING AND SERVICES, DHS/USCIS/PIA-046 (2014 and subsequent updates); U.S. DEPARTMENT OF
HOMELAND SECURITY, U.S. CITIZENSHIP AND IMMIGRATION SERVICES, PRIVACY IMPACT ASSESSMENT FOR THE
NATIONAL CUSTOMER SERVICE CENTER, DHS/USCIS/PIA-054 (2014), available at https://www.dhs.gov/uscis-piasand-sorns.
1
�Privacy Impact Assessment
DHS/CISOMB/PIA-001(a) CAADI
Page 2
naturalization oath ceremonies, or other appointments; change of address and mailing issues;
refunds in cases of clear USCIS error; and lost files or file transfer problems. Examples of
substantive matters include clear errors of facts or the misapplication of applicable laws and
regulations.
Case Assistance
Individuals/employers (or their legal/accredited representatives) seeking case assistance
from CISOMB submit their request using the Form DHS-7001, Case Assistance Form, which can
be completed and submitted electronically on the CISOMB website.2 Individuals/employers are
also able to attach and submit supporting documentation related to their request, such as paperwork
previously submitted to USCIS. The electronic form (DHS-7001) automatically converts and
transfers the information submitted therein into CAADI. Cases within CAADI have a
corresponding field for each section of Form DHS-7001, so that each piece of information entered
by the individual/employer appears in the CAADI record. Once an individual completes the online
form, all data from the browser session is deleted from the individual’s computer.
Individuals/employers are encouraged to use the online form but can also download a PDF
version of the form from the CISOMB website and then submit the form and supporting
documentation through mail, email, or fax.3 When a Form DHS-7001 is received by these methods,
CISOMB personnel manually create a case and input the data and supporting documentation from
the form into the CAADI system. CISOMB personnel create a case in the CAADI system by
entering the data from the hardcopy and uploading the supporting documents.
Once a request is submitted online, the individual will receive an emailed auto-response to
acknowledge receipt of the case. If the case was submitted via mail, email, or fax, CISOMB
personnel will send an email or letter, depending on the mode of submission, to the submitter
acknowledging receipt of the request.
Case Assistance Analytic and Data Integration (CAADI) System
The CAADI system is an internal (i.e., behind the DHS firewall) system that CISOMB
personnel use to process, track, and respond to requests for assistance from individuals and
employers, and to manage the workflow of cases. Only CISOMB and Office of the Chief
Information Officer (OCIO) operations and maintenance personnel have access to the CAADI
system. The CAADI system enables CISOMB to segregate data into several categories to provide
customized feedback to individuals and employers, generate internal reports, and supply real-time
aggregated statistical information about the office workflow.
CAADI assists CISOMB in accomplishing its statutory mandate in a more efficient and
The electronic Form DHS-7001 is available at https://www.dhs.gov/topic/cis-ombudsman/forms/7001.
The downloadable Form DHS-7001 and associated instructions for submission via mail, email, or fax is available
at https://www.dhs.gov/publication/form-dhs-7001-instructions.
2
3
�Privacy Impact Assessment
DHS/CISOMB/PIA-001(a) CAADI
Page 3
effective manner and reduces the amount of time dedicated to data entry and collection by
affording an individual or employer with the option to submit their information electronically,
feeding it directly into the CAADI system via the Form DHS-7001 web interface. CISOMB can
also use the reports and statistics generated by CAADI to assist with identifying systemic
challenges and trends and proposing changes to mitigate those issues.
Case Intake and Processing
When a Form DHS-7001 is entered into CAADI system, either automatically or manually,
it is reviewed by senior CISOMB personnel (via a process called “triage”) to determine:
1. Whether the issue is within CISOMB’s jurisdiction. If not, the triage analyst will mark
the case as resolved and notify the applicant via email;
2. Whether there are issues that meet criteria set by USCIS for a case to be expedited.4 If
so, the triage analyst will indicate on the case record that it is expedited and it will be
routed to a separate expedite queue; and
3. Whether the information submitted is complete and the case is ready to be worked by
CISOMB personnel. If not, the triage analyst will contact the individual/employer with
a request for the necessary information and inform them that the information must be
sent within seven days or the record will be closed.
When triage is complete, the triage analyst routes the case to the appropriate queue within CAADI,
where the case is then assigned to an Immigration Law Analyst for an in-depth review. The
Immigration Law Analyst will use the identifying information from the case to search available
USCIS systems5 for the current status of the applicant’s petition. At this time, the Immigration
Law Analyst will also look for any discrepancies between the information given by the applicant
and the information contained in USCIS systems. Any discrepancies are resolved by contacting
the applicant or the relevant USCIS office, whichever is more likely to have the most accurate
information.
Upon review, CISOMB personnel may inquire with USCIS on the status of the case. These
inquiries are sent by email to the USCIS office of jurisdiction and include a summary of the
applicant’s issue as well as identifying information (e.g., name, date of birth, Alien Number) that
USCIS can use to query its internal data systems and retrieve the hardcopy file, as necessary.
CISOMB may also discuss the case with the individual or employer who submitted it for additional
USCIS may consider an expedited request if one or more of the following criteria are met: severe financial loss,
urgent humanitarian reasons, compelling U.S. government interest, clear USCIS error. See USCIS Webpage,
https://www.uscis.gov/forms/filing-guidance/how-to-make-an-expedite-request.
5
For more information on the USCIS systems that CISOMB accesses, see U.S. DEPARTMENT OF HOMELAND
SECURITY, U.S. CITIZENSHIP AND IMMIGRATION SERVICES, PRIVACY IMPACT ASSESSMENT FOR USCIS AND
CISOMB INFORMATION SHARING, DHS/USCIS/PIA-073 (2018), Appendix A, available at
https://www.dhs.gov/uscis-pias-and-sorns.
4
�Privacy Impact Assessment
DHS/CISOMB/PIA-001(a) CAADI
Page 4
clarification of the issue or may determine that no action is currently required by CISOMB (e.g.,
USCIS is still within their established processing times for the case). Once a resolution to the
applicant’s issue is achieved, or if it is determined that there is no further step CISOMB can take
to assist them, the case is considered resolved. CISOMB notifies the applicant of the outcome of
inquiries made to USCIS and that their case is closed. These actions and their outcomes are
documented within the CAADI system along with the contents of any correspondence with the
applicant or USCIS.
Reporting and Metrics
CAADI also supports the creation of charts, graphs, and customized reports based on
information collected through the Form DHS-7001. This information is aggregated and does not
include PII. CISOMB uses these products to provide feedback and recommendations to USCIS,
both formally and informally, and to report to Congress on areas where USCIS could improve
delivery of immigration services and benefits. CAADI also provides metrics and statistics to assist
CISOMB in understanding and improving office workflow and efficiency. This information does
not include PII.
Section 1.0 Authorities and Other Requirements
1.1
What specific legal authorities and/or agreements permit and
define the collection of information by the project in question?
The specific legal authorities that define this collection of information are articulated in the
Homeland Security Act of 2002, 6 U.S.C. § 272; Title VI the Civil Rights Act of 1964;
Departmental Regulation (5 U.S.C. § 301); and Records Management by Federal Agency Heads
(44 U.S.C. § 3101).
1.2
What Privacy Act System of Records Notice(s) (SORN(s)) apply
to the information?
The information collected from individuals/employers and stored in CAADI is covered by
DHS/CISOMB-001 Virtual Ombudsman System.6
1.3
Has a system security plan been completed for the information
system(s) supporting the project?
This PIA update does not change the Authority to Operate (ATO) for CAADI. The ATO
was granted on August 27, 2013. The CAADI system was implemented, approved, and authorized
by the DHS Chief Information Officer (OCIO), Information Sharing and Services Office (IS2O)
and is compliant with all Federal Information Security Management Act (FISMA) and Agency
See DHS/CISOMB-001 Virtual Ombudsman System, 75 Fed. Reg. 8857 (April 3, 2010), available at
https://www.dhs.gov/system-records-notices-sorns. This SORN is currently in the process of being updated.
6
�Privacy Impact Assessment
DHS/CISOMB/PIA-001(a) CAADI
Page 5
Privacy Management requirements.
1.4
Does a records retention schedule approved by the National
Archives and Records Administration (NARA) exist?
In accordance with the NARA-approved retention and disposal schedule DAA-0563-20190004, processed requests at the final disposition phase of the case are deleted or destroyed three
years after resolution. Uncompleted requests are the record copy of request for assistance where
additional information was requested, but not received. Individuals/employers are notified that
their requests will be closed if their responses are not received within seven business days. Cases
are closed 30 days after the request for additional information. They are deleted and destroyed
three years later. In a case where the Form DHS-7001 is submitted in paper form via mail or fax,
a CAADI case is created, all information is entered into it, and the paper form is destroyed. In a
case where the Form DHS-7001 is submitted as a PDF via email, a CAADI case is created, all
information is entered into it, the PDF is saved to the record as an attachment, and the email is
deleted. Any supporting documentation is retained and destroyed according to the same retention
schedules and practices as the Form DHS-7001 itself.
7
1.5
If the information is covered by the Paperwork Reduction Act
(PRA), provide the OMB Control number and the agency number
for the collection. If there are multiple forms, include a list in an
appendix.
Form DHS-7001, OMB Control number is 1601-0004, is covered by the PRA. Any forms
added to CAADI will be listed in Appendix A.
Section 2.0 Characterization of the Information
2.1
Identify the information the project collects, uses, disseminates, or
maintains.
CISOMB collects the following information via Form DHS-7001 about individuals
requesting case assistance:
•
Individual’s full legal name, including any aliases;
•
Individual’s date and country of birth;
•
Individual’s legal country of citizenship;
See NATIONAL ARCHIVES AND RECORDS ADMINISTRATION, REQUEST FOR RECORDS DISPOSITION AUTHORITY,
OFFICE OF CITIZENSHIP IMMIGRATION SERVICES OMBUDSMAN (2019), available at
https://www.archives.gov/files/records-mgmt/rcs/schedules/departments/department-of-homeland-security/rg0563/daa-0563-2019-0004_sf115.pdf.
7
�Privacy Impact Assessment
DHS/CISOMB/PIA-001(a) CAADI
Page 6
•
Individual’s Alien Number;
•
Individual’s contact information, including mailing address, email address, phone
number, and fax number;
•
Full legal name of person preparing the form if other than the individual name in the
case;
•
Applications and petitions filed;
•
Receipt number received from USCIS in response to application/petition filed;
•
Immigration status or interim benefit applied or petitioned for;
•
Type of case problem;
•
Source of case problems;
•
Description of case problems;
•
Prior actions taken to remedy the problem;
•
Name of and contact information for designated attorney/representative, if applicable;
•
Consent of the petitioner for USCIS to disclose information in the file to the
designated representative, if applicable;
•
Verification statement signed and dated by the subject of the request or the authorized
representative;
•
Declaration by the individual or the attorney or representative submitting the case
problem; and
•
Supporting documentation attached to the form submission, such as evidence
submitted to USCIS, documents received from USCIS, or other information the
individual feels is relevant or important.
CAADI also maintains CISOMB personnel information for the appropriate creation and
provisioning of user accounts, such as: name, job title, phone number, email address, and DHSNET
Username.
The CAADI system also helps generate various reports based on the systematic issues raised in
the requests received from individuals and employers. This information, which does not include
PII, is articulated in:
•
The Ombudsman’s Annual Reports to Congress and any official recommendations to
USCIS;
•
Detailed reports providing list of pending, unassigned, and assigned cases;
�Privacy Impact Assessment
DHS/CISOMB/PIA-001(a) CAADI
Page 7
•
Management reports that help monitor workloads, determine resource needs, and
recognize problem areas;
•
Summary reports that provide management and analysis information; and
•
Troubleshooting reports identifying potential problems.
The CAADI system contains a list of CISOMB personnel who are users of the system. The user
profile is created to enable the staff members to gain access to the system. The CAADI system
also contains a list of names and email addresses for points of contacts at each USCIS Service
Center and Field Office. This list is updated by CISOMB staff as necessary.
2.2
What are the sources of the information and how is the
information collected for the project?
CISOMB collects information from members of the general public who seek assistance
from the Ombudsman in resolving their case problems with USCIS through the Form DHS-7001,
Case Assistance Form. CISOMB also accesses and receives information from USCIS; this
information is entered into CAADI, as appropriate.
2.3
Does the project use information from commercial sources or
publicly available data? If so, explain why and how this
information is used.
No. CISOMB does not use any information derived from commercial sources or publicly
available information.
2.4
Discuss how accuracy of the data is ensured.
CISOMB personnel check information in CAADI against information in USCIS systems
for accuracy by comparing it with data previously submitted and verified by USCIS. CISOMB
personnel may also correspond with individuals/employers to verify information and resolve cases.
For example, if an individual/employer submits a request for assistance to CISOMB and the
information the person submits does not match the information currently held by USCIS, CISOMB
will attempt to clear the discrepancy by contacting USCIS or the individual/employer (or their
representatives) to request clarification. Whether USCIS or the individual/employer is contacted
depends on which would be more likely to have definitive information.
2.5
Privacy Impact Analysis: Related to Characterization of the
Information
Privacy Risk: There is a risk that information collected on Form DHS-7001 or information
contained in the attached documents submitted with the Form DHS-7001 may be inaccurate.
Mitigation: This risk is partially mitigated. CISOMB collects information directly from
�Privacy Impact Assessment
DHS/CISOMB/PIA-001(a) CAADI
Page 8
the requester or their legal representative using Form DHS-7001. Supporting documentation is
also provided directly by the requester. CISOMB personnel working on the case verify accuracy
of submitted information by comparing it against available information in USCIS systems.
CISOMB resolves any inconsistencies in the form and/or the supporting documentation by
contacting the individual who submitted the information or the relevant USCIS office. If the
information is submitted by a legal representative, CISOMB will only contact the legal
representative, so a risk remains that the legal representative may submit inaccurate information.
Privacy Risk: If an individual submits Form DHS-7001 via mail, email, or fax, the
information could be inaccurately entered into CAADI during the manual entry process.
Mitigation: This risk is mitigated. There is always a risk of mistakes during data entry, but
CISOMB personnel perform the same process of verifying accuracy whether information is
submitted electronically via the online form or via mail, email, or fax. Personnel will contact the
preparer of the request, as required, to resolve inconsistences or typing errors.
Section 3.0 Uses of the Information
3.1
Describe how and why the project uses the information.
CISOMB collects biographical data and case information to assist individuals and
employers who are experiencing difficulty resolving immigration benefit-related matters with
USCIS. Aggregated case information is also used to identify systemic challenges or trends with
the delivery of immigration benefits and propose changes to mitigate those issues pursuant to 6
U.S.C. § 272(b).
3.2
Does the project use technology to conduct electronic searches,
queries, or analyses in an electronic database to discover or locate
a predictive pattern or an anomaly? If so, state how DHS plans to
use such results.
No, there is no specific technology used to conduct electronic searches to locate predictive
patterns or anomalies.
3.3
Are there other components with assigned roles and
responsibilities within the system?
Only CISOMB personnel use the CAADI system; OCIO personnel provide technical
operations and maintenance support.
3.4
Privacy Impact Analysis: Related to the Uses of Information
Privacy Risk: There is a risk that information in the CAADI system will be accessed by
individuals without the proper clearances and without a need to know.
�Privacy Impact Assessment
DHS/CISOMB/PIA-001(a) CAADI
Page 9
Mitigation: This risk is mitigated. CISOMB personnel receive annual privacy training and
introductory training on CAADI before they are given an account name and password, and
specialized CISOMB access and security control training as a prerequisite for authorization to use
the system. All CISOMB staff are able to see information on any case, but ability to edit
information is restricted through user permissions.
Section 4.0 Notice
4.1
How does the project provide individuals notice prior to the
collection of information? If notice is not provided, explain why
not.
A Privacy Act Statement is available to the individual or employer at the point of collection
on both the DHS webpage and paper Form DHS-7001. The Privacy Act Statement covers the
authority, purpose, routine uses, and effects on the individual or employers as it relates to the
collection. CISOMB also provides general notice to individuals through the publication of this
PIA and corresponding SORN. Additional information about the Ombudsman and its mission is
available on the agency website.
4.2
What opportunities are available for individuals to consent to
uses, decline to provide information, or opt out of the project?
CISOMB assists individuals and employers who are unable to resolve problems directly
with USCIS. To receive assistance with a problem regarding an application or petition with
USCIS, individuals may submit Form DHS-7001 to CISOMB. The Form DHS-7001 includes a
Privacy Act Statement, which informs the individuals that provide their information is voluntary.
An individual can choose to decline to provide information; however, that may prevent the
individual from receiving case assistance from CISOMB.
4.3
Privacy Impact Analysis: Related to Notice
Privacy Risk: There is a risk that individuals may be unaware that CISOMB will share
their information with USCIS or with external agencies.
Mitigation: This risk is mitigated. Information is collected directly from Form DHS-7001,
which states that by submitting this information to CISOMB, individuals consent to the review of
the information and allows CISOMB to contact USCIS on the individual’s behalf. CISOMB also
provides individuals, employers, and/or their legal representatives with a Privacy Act Statement
before they submit any information to CISOMB. Further, any CISOMB actions are generally taken
with the individual’s consent.
�Privacy Impact Assessment
DHS/CISOMB/PIA-001(a) CAADI
Page 10
Section 5.0 Data Retention by the project
5.1
Explain how long and for what reason the information is retained.
Records residing in CAADI will be maintained and retained by CISOMB in accordance
with the NARA General Records Schedule DAA-0563-2019-004. Processed requests at the final
disposition phase of the case are deleted or destroyed three years after resolution. Uncompleted
requests are the record copy of request for assistance where additional information was requested,
but not received. Individuals/employers are notified that their requests will be closed if their
responses are not received within seven business days. Cases are closed 30 days after the request
for additional information. They are deleted and destroyed three years later.
5.2
Privacy Impact Analysis: Related to Retention
Privacy Risk: There is a risk that case information submitted via mail, email, or fax could
be retained after the data has been entered into the CAADI system.
Mitigation: This risk is mitigated. Standard operating procedures have been implemented
by CISOMB to destroy paper submissions of Form DHS-7001 and to delete emails containing
attached PDF versions of the form. CISOMB staff are regularly trained on these procedures to
ensure adherence to the above retention schedule.
Section 6.0 Information Sharing
6.1
Is information shared outside of DHS as part of the normal
agency operations? If so, identify the organization(s) and how the
information is accessed and how it is to be used.
Information submitted on the Form DHS-7001 is collected and directly input into the
CAADI system, whether electronically or by CISOMB personnel. Information is shared outside
of DHS on a need to know basis and in accordance with the routine uses outlined in the
DHS/CISOMB-001 Virtual Ombudsman System SORN. CISOMB does not share data directly
from the CAADI system. CISOMB may send inquiries via email or phone call on a need to know
to resolve a case issue or to obtain case status. These inquiries may be sent to the National Visa
Center (NVC), which is an entity of the U.S. Department of State, and the Executive Office for
Immigration Review (EOIR) and Board of Immigration Appeals (BIA), which are part of the U.S.
Department of Justice.
CISOMB sends inquiries to those agencies by providing information such as receipt
numbers or beneficiary or petitioners’ names to obtain status updates on a customer’s case in order
to assist that individual. This type of information already exists in those agencies’ files, records,
and databases.
�Privacy Impact Assessment
DHS/CISOMB/PIA-001(a) CAADI
Page 11
6.2
Describe how the external sharing noted in 6.1 is compatible with
the SORN noted in 1.2.
CAADI collects individuals’ personal information to support the Ombudsman’s efforts to
resolve case issues through collaboration with other agencies. This information is also used to
formulate recommendations to USCIS pursuant to 6 U.S.C. 272(b). CISOMB only shares data
with external agencies pursuant to a routine use in the DHS/CISOMB-001 Virtual Ombudsman
SORN and when the information will be used for a purpose that is compatible with CISOMB’s
mission. Strict controls have been imposed to minimize risk of compromising the information that
is being stored. Access to the CAADI system is limited to those individuals who have a need to
know the information for the performance of their official duties and who have appropriate
clearances or permissions.
6.3
Does the project place limitations on re-dissemination?
No limitations on re-dissemination restrictions are placed on the external organizations as
those agencies listed above are the owners of the information requested.
6.4
Describe how the project maintains a record of any disclosures
outside of the Department.
CISOMB maintains a record of the requests and the results of those requests or responses
in CAADI. CAADI maintains records of the outcome of each request, including the date of the
request and the response.
6.5
Privacy Impact Analysis: Related to Information Sharing
Privacy Risk: There is a risk that information contained in CAADI may be shared
improperly with individuals who do not have a need to know the information.
Mitigation: This risk is mitigated. CISOMB does not share information directly from
CAADI. CISOMB may send inquiries on a case-by-case basis to external agencies to obtain status
updates on particular cases, but all such sharing is performed in accordance with the routine uses
outlined in the DHS/CISOMB-001 Virtual Ombudsman SORN. Additionally, the external
agencies with whom the information is shared already have access to the same information in their
own databases.
Section 7.0 Redress
7.1
What are the procedures that allow individuals to access their
information?
Individuals or employers seeking access to any record containing information that is part
of CAADI may submit a Freedom of Information Act (FOIA) request. U.S. citizens, lawful
�Privacy Impact Assessment
DHS/CISOMB/PIA-001(a) CAADI
Page 12
permanent residents, and individuals who have records covered under the Judicial Redress Act
(JRA) may file a Privacy Act (PA) request to access their information. Individuals may obtain
instructions on how to submit a FOIA/PA request at https://www.dhs.gov/how-submit-foia-orprivacy-act-request-department-homelandsecurity. Individuals or employers can submit requests
in writing to the address below, indicting in their request that it is for CISOMB records. DHS also
allows Privacy Act and FOIA requests to be submitted electronically at https://www.dhs.gov/dhsfoia-privacy-act-request-submission-form.
Chief Privacy Officer and Chief Freedom of Information Act Officer
Privacy Office, Department of Homeland Security
2707 Martin Luther King Jr. Avenue, SE
Washington, D.C. 20528
Further information about how to contact CISOMB is available at https://www.dhs.gov/contactcisomb.
7.2
What procedures are in place to allow the subject individual to
correct inaccurate or erroneous information?
Individuals experiencing difficulties with the immigration benefits process may contact
CISOMB to request case assistance. CISOMB contacts and works with USCIS to respond to and
resolve customer inquiries. All customers, regardless of citizenship or lawful permanent resident
status, may correct erroneous information by contacting CISOMB by phone, email, fax, or mail.
U.S. citizens and lawful permanent residents are additionally afforded the ability to correct
information by filing a Privacy Act Amendment request under the Privacy Act. Individuals may
direct all requests to contest or amend information to the USCIS FOIA/PA Office. More
information is available at: https://www.uscis.gov/records/request-records-through-the-freedomof-information-act-or-privacy-act.
7.3
How does the project notify individuals about the procedures for
correcting their information?
CISOMB notifies individuals of the procedures for correcting their information through
this PIA, Privacy Act Statement and other notices on Form DHS-7001, and the CISOMB portion
of the DHS website.
7.4
Privacy Impact Analysis: Related to Redress
Privacy Risk: There is a risk that the individual or employer will not know how to gain
access to their information, how to correct it, and where redress is provided.
Mitigation: This risk is mitigated. CISOMB notifies the individual or employer through
the Privacy Act Statement at the point of collection on Form DHS-7001, through this PIA, and by
�Privacy Impact Assessment
DHS/CISOMB/PIA-001(a) CAADI
Page 13
following the notification procedures section of the DHS/CISOMB-001 Virtual Ombudsman
System SORN. Additional information is available on the agency website.
Section 8.0 Auditing and Accountability
8.1
How does the project ensure that the information is used in
accordance with stated practices in this PIA?
CISOMB ensures that the practices stated in this PIA comply with federal, DHS, and
CISOMB policies and procedures through various measures including standard operating
procedures, orientation and training, rules of behavior, and auditing and accountability procedures.
CAADI allows for the auditing and tracking of any user action taken within the system.
Additionally, any actions taken regarding an individual’s or employer’s case or workflow are
tracked and logged for security control and continuity of operations. Any correspondence back to
an individual or employer is tracked and logged.
Current CISOMB operations do not involve an IT system other than the designated portion
of the DHS webpage containing the electronic Form DHS-7001 and CAADI. Access to CAADI is
restricted to CISOMB staff, contractors, and other authorized DHS personnel (e.g., OCIO technical
support staff) with a need to know.
Because CISOMB’s webpage is a user interface to the electronic Form DHS-7001, roles
are not necessary or available. Roles are, however, in place for CAADI. Further, because
CISOMB’s webpage is a portion of the larger, DHS public-facing website, this webpage conforms
to guidance governing the larger website. CISOMB employs Immigration Law Analysts and
Immigration Case Assistants to review and analyze case problems and trends filed by an individual
or employer. The Ombudsman’s CAADI Program Manager is the Management and Program
Analyst assigned to administer and provide oversight for the CAADI system.
8.2
Describe what privacy training is provided to users either
generally or specifically relevant to the project.
All federal employees and contractors, including CISOMB staff, are required to complete
annual privacy and security awareness training. The Privacy Awareness training addresses
appropriate privacy concerns including Privacy Act obligations. The Computer Security
Awareness training also examines appropriate technical, physical, personnel, and administrative
controls to safeguard information. In addition, CISOMB conducts internal training specifically
focusing on the use of the CAADI system, providing necessary awareness of the functionality of
the system as it pertains to the secure processing, storage, and retrieval of information.
�Privacy Impact Assessment
DHS/CISOMB/PIA-001(a) CAADI
Page 14
8.3
What procedures are in place to determine which users may
access the information and how does the project determine who
has access?
Access to information contained in CISOMB’s system and case files is provided on a need
to know basis, which is determined by the users’ respective responsibilities. CISOMB personnel
with a valid need to know will be granted access to CAADI to assist with requests for case
assistance and/or to participate in the study of systemic issues, consistent with the office’s statutory
mission. Once it is determined that personnel no longer have a need to know (e.g., separation from
the office, change of role), their access is immediately revoked.
8.4
How does the project review and approve information sharing
agreements, MOUs, new uses of the information, new access to the
system by organizations within DHS and outside?
All MOUs, MOAs, and similar agreements are reviewed by the CAADI Program Manager
and senior CISOMB personnel, as appropriate, before being forwarded as needed to other DHS
Headquarters offices (e.g., Privacy Office, Office of the General Counsel) for a formal review.
Contact Official
Zoubair Moutaoukil
Office of the Citizenship and Immigration Services Ombudsman
(202) 357-8537
Responsible Official
Gary Merson
Chief of Staff
Office of the Citizenship and Immigration Services Ombudsman
(202) 357-8103
Approval Signature
James Holzer
Acting Chief Privacy Officer
U.S. Department of Homeland Security
(202) 343-1717
�
| File Type | application/pdf |
| File Modified | 2022-02-03 |
| File Created | 2021-02-17 |