Pia

privacy-pia-cbp067a-unifiedsecondary-may2021.pdf

Collection of Advance Information from Certain Undocumented Individuals on the Land Border

PIA

OMB: 1651-0140

Document [pdf]
Download: pdf | pdf
Privacy Impact Assessment Update
for the

Unified Secondary System:
Advance Information from Certain
Undocumented Individuals
DHS Reference No. DHS/CBP/PIA-067(a)
May 7, 2021

Privacy Impact Assessment Update
DHS/CBP/PIA-067(a) Unified Secondary
Page 1

Abstract
U.S. Customs and Border Protection (CBP), Office of Field Operations (OFO) is
responsible for processing individuals entering the United States at Ports of Entry. To facilitate
individual processing, CBP is expanding the use of the Unified Secondary System (USEC) to
receive specified biographic and biometric information in advance from certain undocumented
individuals who may seek to apply for admission at a U.S. port of entry. On behalf of these
undocumented individuals, International Organizations (IO) or Non-Governmental Organizations
(NGO) submit specified biographic and biometric information to CBP via the CBP One™ Mobile
Application. Upon arrival at the port of entry and referral to secondary, CBP officers access this
previously submitted information within USEC to pre-populate standard intake processing fields
within the system. CBP is conducting this PIA update to analyze the privacy risks of expanding
Unified Secondary to collect and store advance arrival information from certain undocumented
individuals.

Overview
All individuals arriving at, or traveling through, any United States air, sea, or land port of
entry are subject to inspection by a CBP officer (CBPO).1 The purpose of this primary inspection
is to ensure that the individual is legally admissible to the United States, and that the individual is
not bringing items into the United States contrary to law.2 CBPOs at primary inspection have broad
discretion to refer individuals for additional scrutiny, commonly known as “secondary inspection,”
with or without suspicion. Some reasons an individual may be referred for secondary inspection
include: if the trained CBPO at primary believes that further inspection is needed; if the CBPO at
primary is alerted to an issue that may require further inspection; to address issues with the
documentation or information supplied; or at random. If an individual arrives at a port of entry
without sufficient documentation to determine admissibility, the individual may be referred for a
secondary inspection.3

1

19 U.S.C. §§ 1433, 1461, and 8 CFR Part 235, Inspection of Persons Applying for Admission.
Individuals who are inadmissible are subject to removal from the United States. The Immigration and Nationality
Act (INA) sets forth grounds for inadmissibility (INA § 212(a)). The general categories of inadmissibility include
health, criminal activity, national security, public charge, lack of labor certification (if required), fraud or
misrepresentation, prior removals, unlawful presence in the United States, and several miscellaneous categories.
However, for certain grounds of inadmissibility, it may be possible for a person to obtain a waiver of that
inadmissibility.
3
8 U.S.C. § 1182, Inadmissible aliens. In general, any nonimmigrant who is not in possession of a valid visa or
border crossing identification card at the time of application for admission is inadmissible.
2

Privacy Impact Assessment Update
DHS/CBP/PIA-067(a) Unified Secondary
Page 2

When processing undocumented individuals, typically CBP receives no advance
biographic information, nor does the individual present a valid travel document by which CBP can
conduct standard law enforcement and national security system checks. Therefore, undocumented
individuals may be referred for secondary inspection to conduct additional routine systems queries
or questioning to aid officers in making admissibility determinations. When an individual
warranting referral for secondary inspection is encountered at a port of entry, the primary CBPO
creates a “referral” within the primary processing system.4 This “referral” generates a “secondary
inspection referral” within USEC. This secondary inspection referral includes all information
available from primary inspection to allow the CBPO assigned at secondary to process the
individual referred for secondary inspection.
During the secondary inspection, CBPOs conduct routine questioning to resolve the reason
for the referral. When undocumented individuals arrive at a port of entry with insufficient or
inadequate documentation, CBPOs typically conduct routine questioning to obtain the same basic
biographic information found on a travel document (such as a passport or visa) or a prior
authorization for travel, such as the Electronic System for Travel Authorization (ESTA).5
Additionally, as part of the secondary inspection, CBPOs may collect biometric information to
further assist in identity verification.
If, during the secondary inspection, the CBPO determines that the individual may be
inadmissible to the United States, the CBPO will create a Unified Secondary event. The CBPO
will manually populate the event with available information, including information provided by
the individual during routine questioning, adding to any basic information available from the initial
primary inspection. For undocumented individuals, this may only be a photograph taken by CBP
at primary with no accompanying biographic information. Using the biographic information
provided by the undocumented individual during secondary inspection, the CBPO inputs the
information into USEC, which then runs standard law enforcement and national security system
checks against CBP and other government holdings. The CBPO may also input the undocumented
individual’s responses to questions on various topics such as his or her intent to enter the country,
travel history, familial relationships, and any other information the CBPO deems necessary or that
the facts of the case dictate. Individuals determined to be inadmissible to the United States will be
4

For a full description of the privacy risks and mitigations associated with CBP primary and secondary processing
procedures, please see U.S. DEPARTMENT OF HOMELAND SECURITY, U.S. CUSTOMS AND BORDER
PROTECTION, PRIVACY IMPACT ASSESSMENT FOR THE TECS SYSTEM: CBP PRIMARY AND
SECONDARY PROCESSING, DHS/CBP/PIA-009 (2010 and subsequent updates) and TECS SYSTEM
PLATFORM, DHS/CBP/PIA-021 (2016), available at https://www.dhs.gov/privacy-documents-us-customs-andborder-protection.
5
See U.S. DEPARTMENT OF HOMELAND SECURITY, U.S. CUSTOMS AND BORDER PROTECTION,
PRIVACY IMPACT ASSESSMENT FOR THE ELECTRONIC SYSTEM FOR TRAVEL AUTHORIZATION,
DHS/CBP/PIA-007 (2008 and subsequent updates), available at https://www.dhs.gov/privacy-documents-uscustoms-and-border-protection.

Privacy Impact Assessment Update
DHS/CBP/PIA-067(a) Unified Secondary
Page 3

processed for the appropriate adverse action, such as the issuance of a Notice to Appear (NTA) for
removal proceedings under Section 240 of the Immigration and Nationality Act (INA) or placing
the individual in expedited removal, with a referral for a Credible Fear interview, if appropriate.
At the conclusion of the inspection, the CBPO enters a disposition, allegations, or charges
and completes specific forms and documents necessary for parole or referral for detention, and any
adverse action. Additionally, USEC event/secondary inspection results are noted in the TECS
system,6 saved in the Automated Targeting System (ATS),7 and sent to the ICE Enforcement
Integrated Database (EID).8 CBPOs determine the appropriate processing disposition on a caseby-case basis and consider the totality of the circumstances. CBPOs do not make any disposition
determinations in advance of an encounter with an undocumented individual.
As described above, CBP relies on the CBPO to manually collect and input information
from undocumented individuals into the Unified Secondary system as an event. This is a timeconsuming process that is inherently prone to manual data entry errors. Not only is this burdensome
to the CBPO, but it also ultimately leads to increased wait times at ports of entry and reduces the
number of individuals CBP may process on a given day. With this PIA update, CBP is giving
notice of a new process for receiving specified biographic and biometric information in advance
of certain undocumented individuals’ arrival into the United States. If these individuals are referred
for secondary inspection upon arrival, CBPOs will be able to import the advance information into
USEC to streamline processing of an undocumented individual at a port of entry.

6

See U.S. DEPARTMENT OF HOMELAND SECURITY, U.S. CUSTOMS AND BORDER PROTECTION,
PRIVACY IMPACT ASSESSMENT FOR THE TECS SYSTEM: CBP PRIMARY AND SECONDARY
PROCESSING, DHS/CBP/PIA-009 (2010 and subsequent updates) and TECS SYSTEM PLATFORM,
DHS/CBP/PIA-021 (2016), available at https://www.dhs.gov/privacy-documents-us-customs-and-border-protection.
7
See U.S. DEPARTMENT OF HOMELAND SECURITY, U.S. CUSTOMS AND BORDER PROTECTION,
PRIVACY IMPACT ASSESSMENT FOR THE AUTOMATED TARGETING SYSTEM, DHS/CBP/PIA-006(e)
(2017), available at https://www.dhs.gov/privacy-documents-us-customs-and-border-protection.
8
EID is a DHS shared common database repository used by several DHS law enforcement and homeland security
applications. EID stores and maintains information related to the investigation, arrest, booking, detention, and
removal of persons encountered during immigration and criminal law enforcement investigations and operations
conducted by ICE, U.S. Citizenship and Immigration Services (USCIS), and CBP. EID supports ICE’s processing
and removal of noncitizens from the United States. See U.S. DEPARTMENT OF HOMELAND SECURITY, U.S.
IMMIGRATION AND CUSTOMS ENFORCEMENT, PRIVACY IMPACT ASSESSMENT FOR THE
ENFORCEMENT INTEGRATED DATABASE (EID), DHS/ICE/PIA-015 (2010 and subsequent updates),
available at https://www.dhs.gov/privacydocuments-ice.

Privacy Impact Assessment Update
DHS/CBP/PIA-067(a) Unified Secondary
Page 4

Reason for the PIA Update
On March 20, 2020, the Department of Health and Human Services (HHS) issued an
Interim Final Rule (IFR) and Order under Sections 265 and 268 of Title 42 of the U.S. Code, which
permits the Director of the Centers for Disease Control and Prevention (CDC) to “prohibit . . . the
introduction” into the United States of individuals when the Director believes that “there is serious
danger of the introduction of [a communicable] disease into the United States.”9 Section 268 of
Title 42 provides that customs officers—which include officers of CBP’s Office of Field
Operations and U.S. Border Patrol agents—shall implement any quarantine rule or regulation
issued by the CDC, which includes Orders under section 265. The original 2020 CDC Order has
been extended and amended. The most current version of the Order was issued on October 13,
2020, after HHS issued a Final Rule (FR) under Sections 265 and 268 of Title 42 of the U.S.
Code.10 The CDC Order does not apply to U.S. citizens, lawful permanent residents, and their
spouses and children, nor does it apply to U.S. military personnel or those who arrive at a port of
entry with valid travel documents. The Order permits customs officers to except individuals from
the CDC Order in totality of the circumstances based on “consideration of significant law
enforcement, officer and public safety, humanitarian, and public health interests.” (emphasis
added).
Currently, CBPOs spend a significant amount of time collecting and verifying basic
biographic data during the inspection process to process undocumented individuals (including
those excepted from the CDC Order) once they arrive at the port of entry. CBPOs individually
collect and manually input information into USEC during the secondary inspection and event
completion. To streamline the processing of undocumented individuals who may potentially be
excepted from the CDC Order, CBP is relying on partnerships with certain International
Organizations/NGOs. International Organizations/NGOs will identify undocumented individuals
that are potentially excepted from the CDC Order on humanitarian grounds. If an International
Organization/NGO identifies an individual as potentially eligible for this exception, the
International Organization/NGO may submit certain biographic and biometric information to CBP
on the individual’s behalf. The International Organizations/NGOs will use the CBP OneTM Mobile
Application to collect and submit this advance information on a voluntary basis to CBP. The
advance collection of this information will help to streamline the case processing of undocumented
individuals upon arrival at a port of entry. The manual input of data into USEC by CBPOs is a
time-consuming process. The advance collection enables CBPOs to import the information
collected by CBP One™ directly into a Unified Secondary event, which reduces the need for
manual data entry and improves case processing efficiencies. This advance information collection
9

See https://www.federalregister.gov/documents/2020/03/24/2020-06238/control-of-communicable-diseasesforeign-quarantine-suspension-of-introduction-of-persons-into.
10
See https://www.cdc.gov/coronavirus/2019-ncov/order-suspending-introduction-certain-persons.html.

Privacy Impact Assessment Update
DHS/CBP/PIA-067(a) Unified Secondary
Page 5

also minimizes the amount of time individuals are required to spend in congregate settings with
CBPOs and other individuals seeking admission to the United States, which is a safer practice
during the ongoing pandemic.
CBP One™
CBP One™ is available for Android and iOS mobile devices in the Google Play or iTunes
mobile application stores.11 International Organizations/NGOs must either create a new account
using an email address, phone number, and password or open an existing Login.Gov12 account to
access CBP One™. Upon logging into CBP One™, a notification displaying the CBP Privacy
Policy will appear, and users must consent to it prior to using the mobile application. Once the
International Organization/NGO user has created a new account or logged into an existing account,
the International Organization/NGO user may begin the submission of advance information to
CBP on behalf of the undocumented individual. As part of this process, no International
Organization/NGO CBP One™ user information is collected or stored by CBP.
With the consent of and on behalf of the individual, the International Organization/NGO
user will input the following information: name, date of birth, phone numbers, U.S. address,
foreign addresses, nationality, employment history (optional), travel history (optional), emergency
contact information (optional), family information (optional), marital information (optional),
identity documents (optional; non-Western Hemisphere Travel Initiative (WHTI) compliant13),
gender, height, weight, and eye color.14 Next, the International Organization/NGO may take or
upload an existing photograph of the individual into CBP One™. The International
Organization/NGOs verbally advise the undocumented individual that he or she may opt out of
providing a photograph.15 If an individual opts out of providing a photograph, the International
11

See U.S. DEPARTMENT OF HOMELAND SECURITY, U.S. CUSTOMS AND BORDER PROTECTION,
PRIVACY IMPACT ASSESSMENT FOR THE CBP ONETM MOBILE APPLICATION, DHS/CBP/PIA-068
(2021), available at https://www.dhs.gov/privacy-documents-us-customs-and-border-protection.
12
Login.Gov ensures a secure connection and identity verification for IOs/NGOs to use CBP One™. See
GENERAL SERVICES ADMINISTRATION, PRIVACY IMPACT ASSESSMENT FOR LOGIN.GOV (2020),
available at https://www.gsa.gov/reference/gsa-privacy-program/privacy-impact-assessments-pia.
13
WHTI is the joint Department of State (DOS) and DHS plan to implement a key 9/11 Commission
recommendation and the statutory mandates of the Intelligence Reform and Terrorism Prevention Act of 2004
(IRTPA). IRTPA, in part, required DHS and DOS to develop and implement a plan to require all travelers, U.S.
citizens and foreign nationals alike, to present a passport or other acceptable document that denotes identity and
citizenship when entering the United States. The types of acceptable WHTI compliance document vary by port of
entry type, but generally include U.S. Passport; U.S. Passport Card, Enhanced Driver’s License, Enhanced Tribal
Card, Trusted Traveler Program card (NEXUS, SENTRI or FAST); U.S. Military identification card when traveling
on official orders; or U.S. Merchant Mariner document when traveling in conjunction with official maritime
business.
14
CBP is issuing an emergency information collection pursuant to the Paperwork Reduction Act to permit this
collection; however, the data elements are substantially similar to, and used for the same purposes as, the Form I94W Nonimmigrant Visa Waiver Arrival/Departure Record.
15
IOs/NGOs are responsible for providing the method of opt-out.

Privacy Impact Assessment Update
DHS/CBP/PIA-067(a) Unified Secondary
Page 6

Organization/NGO can still submit the biographic information to CBP. Once the biographic and
biometric information is captured, the information collection is complete, and the International
Organizations/NGOs submit the information to CBP using CBP One™.
CBP Collection and Processing
Upon submission, CBP One™ transfers the biographic information and photograph to a
segregated database within ATS. CBP uses the information to perform background checks and
queries of certain databases to identify any previous DHS encounters, public safety threats (such
as wants/warrants), and national security threats (such as links to terrorist organizations) prior to
an undocumented individual’s arrival to a port of entry. CBP may use the results of this vetting to
make the appropriate processing determination at the time that the individual arrives at the port of
entry.
In addition to conducting pre-vetting, CBP also stores a templatized copy of the picture in
a standalone Traveler Verification System (TVS)16 gallery, which will be matched against a
photograph taken by a CBPO once the individual arrives at the port of entry using Simplified
Arrival.17 CBP uses the photographs submitted for advanced information via CBP OneTM to build
a segmented TVS gallery. CBP stages all photographs submitted via CBP OneTM in this segmented
TVS gallery until the individual arrives at the port of entry.
Inspection Process
Primary
When the undocumented individual arrives at a port of entry he or she is subject to a full
primary inspection. As part of processing using Simplified Arrival, the CBPO takes a picture of
the individual during the primary inspection. Once the CBPO takes the photograph, the
undocumented individual’s live photograph will be compared against the pre-made gallery of
images taken from the photographs submitted from International Organizations/NGOs via CBP
OneTM – known as 1:n matching. If the primary CBPO determines that secondary inspection is
warranted, the CBPO will refer the individual for secondary inspection. If TVS locates a match in
the pre-made gallery, the referral will be created from Simplified Arrival to Unified Secondary,
CBP’s TVS is an accredited information technology system consisting of a group of similar systems and
subsystems that support the core functioning and transmission of data between CBP applications and partner
interfaces. Since early 2017, CBP has used the TVS as its backend matching service for all biometric entry and exit
operations that use facial recognition, regardless of air, land, or sea. See U.S. DEPARTMENT OF HOMELAND
SECURITY, U.S. CUSTOMS AND BORDER PROTECTION, PRIVACY IMPACT ASSESSMENT FOR THE
DHS/CBP/PIA-056 TRAVELER VERIFICATION SERVICE, available at https://www.dhs.gov/privacydocuments-us-customs-and-border-protection.
17
Simplified Arrival is an enhanced international arrival process that uses facial biometrics to automate the manual
document checks that are already required for admission into the United States, providing individuals with a secure,
touchless travel experience while fulfilling a longstanding Congressional mandate to biometrically record the entry
and exit of non-citizens.
16

Privacy Impact Assessment Update
DHS/CBP/PIA-067(a) Unified Secondary
Page 7

and will include the confirmation number previously generated by CBP OneTM. This information
will be stored in ATS. If TVS does not produce a match, or the undocumented individual did not
provide a photograph, the CBPO can manually query the CBP OneTM confirmation number or
name and date of birth provided by the undocumented individual. If the manual query identifies a
match to application data previously collected through CBP OneTM, the referral created from
Simplified Arrival to USEC will include the confirmation number.
Secondary
Once the primary CBPO refers the undocumented individual to secondary, CBPOs can
import the information captured through CBP One™ into a USEC event. This will reduce the time
that the CBPO typically spends manually entering data during the inspection process. Once the
CBPO imports information into the USEC event, the CBPO will complete the secondary
inspection, which includes additional system checks and questioning. The additional checks and
routine questioning that occur as part of the secondary inspection process help CBPOs determine
whether an individual is admissible or inadmissible. CBPOs also can review the data prior to
performing the import and can edit the data after importing it to the USEC event. CBPOs determine
the appropriate processing disposition for individuals seeking admission on a case-by-case basis
at the time the individual is encountered at a port of entry.

Privacy Impact Analysis
Authorities and Other Requirements
The legal authorities and System of Records Notice(s) do not change as a result of this
update. This information will be collected on a voluntary basis for the purpose of facilitating and
implementing CBP’s mission. This collection is consistent with DHS and CBP’s authorities,
including under 6 U.S.C. §§ 202 and 211(c). Under these authorities, DHS and CBP are permitted
to maintain the security of the border, including “securing the borders, territorial waters, ports,
terminals, waterways, and air, land, and sea transportation systems of the United States,” and
“implement[ing] screening and targeting capabilities, including the screening, reviewing,
identifying, and prioritizing of passengers and cargo across all international modes of
transportation, both inbound and outbound.”
CBP is concurrently seeking emergency approval from the Office of Management and
Budget (OMB) under the Paperwork Reduction Act (PRA) for the collection of advance
information from undocumented individuals who seek to enter the United States.
Privacy Risk: There is a risk that CBP does not have clear authority to collect advanced
information about certain undocumented individuals prior to arrival at the port of entry.

Privacy Impact Assessment Update
DHS/CBP/PIA-067(a) Unified Secondary
Page 8

Mitigation: This risk is mitigated. CBP conducted a legal analysis and determined that this
collection is consistent with DHS and CBP’s authorities, including under 6 U.S.C. §§ 202 and
211(c). Under these authorities, DHS and CBP are permitted to maintain the security of the border,
including “securing the borders, territorial waters, ports, terminals, waterways, and air, land, and
sea transportation systems of the United States,” and “implement[ing] screening and targeting
capabilities, including the screening, reviewing, identifying, and prioritizing of passengers and
cargo across all international modes of transportation, both inbound and outbound.” Furthermore,
CBP is collecting this information on a completely voluntarily basis from undocumented
individuals for the purpose of facilitating and implementing CBP’s mission. Opt-in consent is
required to participate.
Privacy Risk: There is a risk that CBP’s currently published System of Records Notices
do not provide sufficient coverage and notice for the new collection of pre-arrival information.
Mitigation: This risk is partially mitigated. Several existing Systems of Records Notices
provide sufficient notice to the public and permit this collection of information. The Automated
Targeting System (ATS) System of Records Notice18 permits collection of information in
anticipation of travel. All information collected at the time of inspection and processing is covered
by the Nonimmigrant Information System19 and U.S. Customs and Border Protection TECS20
System of Records Notices.
To the extent this collection becomes a regular, pre-arrival information collection, CBP
will explore publishing a new System of Records Notice to give full transparency regarding
collection, uses of information, permissible routine uses, and other Privacy Act agency
requirements, much like those for other pre-arrival datasets such as Advance Passenger
Information System (APIS)21 and the ESTA.

Characterization of the Information
CBP is continuing to collect the same information typically collected during the inspection
process. However, with this update, CBP is providing notice of its advance collection of certain
information prior to certain undocumented individuals’ arrival in the United States. This
information will be voluntarily submitted to CBP from an International Organization/NGO via the
18

See DHS/CBP-006 Automated Targeting System, May 22, 2012, 77 FR 30297, available at
https://www.dhs.gov/system-records-notices-sorns.
19
See DHS/CBP-016 Nonimmigrant Information System, March 13, 2015, 80 FR 13398, available at
https://www.dhs.gov/system-records-notices-sorns.
20
See DHS/CBP-011 U.S. Customs and Border Protection TECS, December 19, 2008, 73 FR 77778, available at
https://www.dhs.gov/system-records-notices-sorns.
21
See DHS/CBP-005 Advance Passenger Information System (APIS), March 13, 2015, 80 FR 13407, available at
https://www.dhs.gov/system-records-notices-sorns.

Privacy Impact Assessment Update
DHS/CBP/PIA-067(a) Unified Secondary
Page 9

CBP One™ Mobile Application, on behalf of the individual. The purpose of this advance
collection is to achieve efficiencies in processing individuals upon their arrival to the port of entry,
consistent with public health protocols, space limitations, and other restrictions given the current
pandemic. To streamline the processing of undocumented individuals at ports of entry, CBP plans
to collect biographic and biometric information in advance of arrival. The voluntary provision of
this information in advance enables CBP to streamline in-person processing upon arrival by
reducing the inspection and administrative burden for both CBPOs and the undocumented
individual.
Privacy Risk: There is a risk of overcollection since CBP may collect advance arrival
information about individuals who do not actually arrive at the port of entry.
Mitigation: This risk is partially mitigated. CBP, through International
Organizations/NGOs, is collecting this information from individuals whom International
Organizations/NGOs determine are seeking to travel to the United States and may be excepted
from Title 42. The undocumented individuals voluntarily provide this information to International
Organization/NGOs, who in turn submit the information to CBP on the undocumented individual’s
behalf. This advanced information helps to streamline the individual’s inspection and processing
upon his/her arrival at a port of entry. This information collection is similar to other advanced
information collections, such as Advanced Passenger Information (API),22 where a travel carrier
submits advance information on passengers intending to travel to the United States. In this
circumstance, CBP also collects and retains information on individuals who may intend to travel
but fail to board the carrier. However, this advanced information, combined with the results of the
pre-vetting, are used by CBP to identify public safety threats (such as wants/warrants) and national
security threats (such as links to terrorist organizations). Furthermore, for future travel, CBPOs
may refer to past vetting results as a basis for interview inspection questions and to assist with
admissibility determinations.
Privacy Risk: There is a risk that information submitted via CBP OneTM and stored in ATS
will be inaccurate.
Mitigation: This risk is partially mitigated. International Organizations/NGOs submit
information originally provided by the individual to CBP. While there is always an inherent risk
to manual data entry, International Organizations/NGOs can review and verify the information
prior to submission to CBP. Additionally, during the inspection process, a CBPO will verify and
update any information in USEC that is deemed incorrect or inaccurate.

22

See U.S. DEPARTMENT OF HOMELAND SECURITY, U.S. CUSTOMS AND BORDER PROTECTION,
PRIVACY IMPACT ASSESSMENT FOR THE ADVANCED PASSENGER INFORMATION SYSTEM,
DHS/CBP/PIA-001 (2008 and subsequent updates), available at https://www.dhs.gov/privacy-documents-uscustoms-and-border-protection.

Privacy Impact Assessment Update
DHS/CBP/PIA-067(a) Unified Secondary
Page 10

Privacy Risk: There is a risk that CBP is collecting more information than necessary to
make an admissibility determination.
Mitigation: This risk is mitigated. CBP is collecting the same information that is typically
collected prior to an individual traveling to the United States (e.g., API, Passenger Name Record
data,23 ESTA,24 Form I-94 - Nonimmigrant Visa Waiver Arrival/Departure25) and during the
secondary inspection process. CBP is collecting information that would be normally collected at
the port of entry during secondary inspection in accordance with existing CBP processes. In this
circumstance the collection occurs in advance of an undocumented individual’s arrival in order to
streamline the processing of these individuals upon their arrival to the port of entry. The advance
collection of this data helps streamline secondary processing because it reduces the manual data
entry into the Unified Secondary event. Not only does this enable CBP to process individuals more
efficiently, but it also reduces the amount of time undocumented individuals spend in congregate
settings, thereby reducing the risk of COVID-19 transmission.
CBP is collecting this advance arrival information on a completely voluntary basis. CBP
has carefully evaluated the data elements to be submitted, and has made the collection of certain
fields optional. For example, the submission of employment history and a photograph is optional.
If an individual chooses to not supply this information to the International Organization/NGO, his
or her advance arrival information can still be successfully submitted. However, failure to provide
requested information in advance may result in reduced processing efficiencies for individual
cases.

Uses of the Information
This update does not impact the use of information. International Organizations/NGOs are
using CBP OneTM to voluntarily collect biographic information and a photograph from individuals
prior to their arrival at a CBP port of entry. The purpose of this advance information collection is
to streamline the processing of such individuals consistent with public health protocols, space
23

U.S. law requires air carriers operating flights to, from, or through the U.S. to provide CBP, with certain
passenger reservation information, called Passenger Name Record (PNR) data. The collection of PNR data allows
CBP to prevent, detect, investigate, and prosecute terrorist offenses and related crimes and certain other crimes that
are transnational in nature. Air carriers are required to provide this information on all persons traveling on flights to,
from, or through the United States to CBP beginning 72 hours prior to departure of a flight, and up until 24 hours
before the scheduled flight departure.
24
See U.S. DEPARTMENT OF HOMELAND SECURITY, U.S. CUSTOMS AND BORDER PROTECTION,
PRIVACY IMPACT ASSESSMENT FOR THE ELECTRONIC SYSTEM FOR TRAVEL AUTHORIZATION,
DHS/CBP/PIA-007 (2008 and subsequent updates), available at https://www.dhs.gov/privacy-documents-uscustoms-and-border-protection.
25
See U.S. DEPARTMENT OF HOMELAND SECURITY, U.S. CUSTOMS AND BORDER PROTECTION,
PRIVACY IMPACT ASSESSMENT FOR THE I-94 WEBSITE APPLICATION, DHS/CBP/PIA-016 (2013 and
subsequent updates), available at https://www.dhs.gov/privacy-documents-us-customs-and-border-protection.

Privacy Impact Assessment Update
DHS/CBP/PIA-067(a) Unified Secondary
Page 11

limitations, and other restrictions given the current pandemic. This process is designed to reduce
the inspection and administrative burden for both the CBPO and the individual.
Upon receipt, the CBP OneTM data is sent to and stored in a segregated database in ATS.
Prior to an undocumented individual’s arrival at a port of entry, and consistent with CBP standard
operations, CBP will use the advance arrival information to conduct pre-arrival vetting. As with
any other biographic information collected by CBP and stored within ATS, CBP uses this
information for vetting and targeting purposes to identify individuals who may warrant additional
scrutiny. This vetting is consistent with CBP border security authorities and will be used to identify
individuals who may pose a risk to national security or public safety, may be a terrorist or suspected
terrorist, or may otherwise be engaged in activity in violation of U.S. law. Additionally, CBPOs
will continue to use Unified Secondary to document inspections and manage immigration events.
Instead of manually entering information that is typically collected when an event is created in
USEC, USEC will now include functionality to allow the direct import of information obtained
from CBP OneTM into a USEC event.
Privacy Risk: There is a risk that CBP will conduct pre-arrival vetting checks on
individuals who do not arrive in the United States.
Mitigation: This risk is partially mitigated. CBP may conduct pre-arrival vetting on
undocumented individuals who never arrive in the United States. This collection and use is
consistent with current CBP operations, such as when CBP receives API from carriers who submit
information regarding travelers intending to travel to the United States but who do not arrive. In
both these circumstances, CBP still collects and vets travelers to identify public safety threats (such
as wants/warrants) and national security threats (such as links to terrorist organizations).
Additionally, CBP is collecting this information on a completely voluntary basis. By providing
certain biographic and biometric information to the International Organizations/NGOs, these
individuals consent for the International Organizations/NGOs to submit the information to CBP
for pre-arrival vetting and screening. Furthermore, CBP only retains this information for 1 year,
reducing the risk that CBP will use the information beyond the original intended purpose of
conducting pre-arrival vetting.
Privacy Risk: There is a risk that CBP will use the information for purposes other than
what is stated in this PIA.
Mitigation: This risk is mitigated. The original DHS/CBP/PIA-067 CBP Unified
Secondary and this PIA update articulate the ways in which CBP will use the information. Once
the information from CBP OneTM is populated into a USEC event, it will be used in the same way
other USEC events are used and shared. Secondary inspections that result in adverse or
administrative immigration actions are automatically sent to and stored in the ICE Enforcement
Integrated Database. Additionally, biometric and associated biographic information collected

Privacy Impact Assessment Update
DHS/CBP/PIA-067(a) Unified Secondary
Page 12

during the secondary inspection process is enrolled in the Automated Biometric Identification
System/Homeland Advanced Recognition Technology System (IDENT/HART).26
Privacy Risk: There is a risk that CBP will enroll undocumented individuals in
IDENT/HART based on the photograph submitted via CBP OneTM.
Mitigation: This risk is partially mitigated. CBP stores the photographs received from CBP
One in a segmented database within TVS. CBP only uses these photographs to create the TVS
gallery of photographs that CBP collects through CBP OneTM for advance arrival information.
CBP will continue to populate the segmented TVS gallery with images sent to CBP from
International Organizations/NGOs via CBP OneTM. However, upon arrival at a port of entry,
CBPOs take another photograph of the individual. This photograph is enrolled into IDENT/HART
as it is a biometric travel encounter.
TM

Notice
International Organizations/NGOs provide notice to individuals before submitting
information to CBP on their behalf. CBP is providing general notice on the expansion through this
PIA update, an appendix update to CBP/PIA-068 CBP One™ Mobile Application, and appendix
update to DHS/CBP/PIA-056 Traveler Verification Service. Additionally, CBP is concurrently
issuing an emergency PRA approval for the collection of advance information on undocumented
individuals seeking entry into the United States.

Data Retention by the Project
The advance arrival information collected via CBP OneTM will be stored in a segregated
database within ATS for 1 year. However, if the advance arrival information is imported into a
Unified Secondary event, or an ATS event is created during pre-arrival vetting, it will be stored
within ATS for 15 years consistent with the ATS retention schedule. Additionally, the USEC event
data will be transmitted and stored in other systems, where it is retained in accordance with the
retention schedules for those systems. For example, information that is sent to and stored in TECS
26

See U.S. DEPARTMENT OF HOMELAND SECURITY, OFFICE OF BIOMETRIC IDENTITY
MANAGEMENT, PRIVACY IMPACT ASSESSMENT FOR THE AUTOMATED BIOMETRIC
IDENTIFICATION SYSTEM (IDENT), DHS/OBIM/PIA-001 (2012), available at
https://www.dhs.gov/privacydocuments-office-biometric-identity-management-obim. DHS is in the process of
replacing IDENT with the Homeland Advanced Recognition Technology System (HART) as the primary DHS
system for storage and processing of biometric and associated biographic information. For more information about
HART, please see U.S. DEPARTMENT OF HOMELAND SECURITY, OFFICE OF BIOMETRIC IDENTITY
MANAGEMENT, PRIVACY IMPACT ASSESSMENT FOR THE HOMELAND ADVANCED RECOGNITION
TECHNOLOGY SYSTEM (HART) INCREMENT 1, DHS/OBIM/PIA-004 (2020), available at
https://www.dhs.gov/privacydocuments-office-biometric-identity-management-obim.

Privacy Impact Assessment Update
DHS/CBP/PIA-067(a) Unified Secondary
Page 13

is retained for 75 years in accordance with the TECS retention schedule. Many of the forms
completed through USEC are sent to the Enforcement Integrated Database as the source system,
in which case they are stored for 75 years.
Privacy Risk: There is a risk that CBP will retain information on individuals who do not
arrive in the United States.
Mitigation: This risk is partially mitigated. CBP is retaining information on individuals
who may not arrive in the United States. However, CBP is retaining this information on a
temporary basis. If the undocumented individual does not appear at a port of entry within a year
of providing it to an International Organization/NGO, CBP will purge the data unless the
individual is associated with an active law enforcement or national security investigation. This
temporary retention period is 13 months, consistent with the APIS SORN.

Information Sharing
There are no changes to information sharing as a result of this update. Information collected
through USEC continues to be shared on a case-by-case basis with appropriate federal, state, local,
tribal, and foreign governmental agencies or multilateral governmental organizations responsible
for investigating or prosecuting violations of, or for enforcing or implementing, a statute, rule,
regulation, order, or license, or when CBP believes the information would assist enforcement of
civil or criminal laws.

Redress
This update does not impact how access, redress, and correction may be sought through
CBP.

Auditing and Accountability
This update does not impact the auditing and accountability mechanisms in place to ensure
information is used in accordance with stated practices in the original PIA and this PIA update.
Privacy Risk: There is a risk that the information CBP receives from CBP OneTM will be
comingled with other data in ATS.
Mitigation: This risk is mitigated. Upon receipt, the CBP OneTM data is sent to and stored
in a segregated database in ATS. This segregated database is a separate set of independently
managed tables within ATS. However, the biographic and biometric information submitted via the
CBP OneTM Mobile Application will be accessible for pre-vetting in ATS. If an ATS event is

Privacy Impact Assessment Update
DHS/CBP/PIA-067(a) Unified Secondary
Page 14

created, then the information can be queried from the targeting or secondary system. The data will
not be accessible to import into the secondary processing system until the individual arrives at the
port of entry.

Contact Official
Emilia Bakopoulos
Director, Systems Enforcement Analysis and Review Division
Admissibility and Passenger Programs
Office of Field Operations
U.S. Customs and Border Protection
(202) 344-1372

Responsible Official
Debra L. Danisek
CBP Privacy Officer
Privacy and Diversity Office
U.S. Customs and Border Protection
(202) 344-1610

Approval Signature
Original, signed copy on file with the DHS Privacy Office.
________________________________
Lynn Parker Dupree
Chief Privacy Officer
U.S. Department of Homeland Security
(202) 343-1717


File Typeapplication/pdf
File TitleDHS/CBP/PIA-067(a) Unified Secondary System: Advance Information from Certain Undocumented Individuals
AuthorU.S. Customs and Border Protection
File Modified2021-05-07
File Created2021-05-07

© 2024 OMB.report | Privacy Policy