Download:
pdf |
pdfPrivacy Impact Assessment
for the
Customer Scheduling and Services
DHS/USCIS/PIA-046
March 25, 2014
Contact Point
Donald K. Hawkins
Privacy Officer
U.S. Citizenship and Immigration Services
(202) 272-8000
Reviewing Official
Karen L. Neuman
Chief Privacy Officer
Department of Homeland Security
(202) 343-1717
�Privacy Impact Assessment
USCIS, Customer Scheduling and Services
Page 2
Abstract
The Department of Homeland Security (DHS), United States Citizenship and
Immigration Services (USCIS) allows customers to schedule appointments with a USCIS
Immigration Service Officer (ISO) to discuss the specifics of their benefit application and
petition through the infopass.uscis.gov website and customer service kiosks. This PIA
discusses the USCIS systems associated with scheduling and managing appointments and
evaluates the privacy risks and mitigation strategies built into the systems. These systems
include InfoPass and the Customer Management Information System (CMIS). USCIS is
updating and reissuing this Privacy Impact Assessment (PIA), originally published on
June 6, 2013, because CMIS may collect, use, and maintain not only Alien Number, but
also USCIS Electronic Immigration System Numbers and Receipt Numbers. USCIS also
removed references to a planned automated process for an individual to check in for his
or her appointment at a USCIS field office through bar code scanners that was not
implemented, and updated the system’s Authority to Operate.
Overview
The Department of Homeland Security (DHS), United States Citizenship and
Immigration Services (USCIS) is responsible for the administration and adjudication of
applications and petitions for all immigrant and non-immigrant benefits under the
Immigration and Nationality Act. 1 While USCIS’s core mission is to ensure the timely
adjudication of benefits, a priority for USCIS is to streamline the processing of customer
inquiries to improve the overall customer experience. USCIS enhanced and expanded
various online customer-oriented services in an effort to promote transparency and
accessibility to its operations.
USCIS receives and processes millions of benefit cases each year. Customers
who apply for immigration-related benefits may have questions about immigration law,
procedures, or specifics of their case that are best addressed by a trained Immigration
Service Officer (ISO). Previously, these customers seeking assistance from USCIS had
to wait in long lines for a first-come first-served in-person appointment. Generally, the
number of customers seeking assistance exceeded the number of appointments available
at their local field office. Many customers had to make an additional trip to the local
field office due to the overwhelming demand of individuals seeking assistance and lack
of available appointments.
USCIS Field Operations Directorate (FOD) developed an online appointment
scheduling system known as InfoPass. With InfoPass, USCIS FOD allows customers to
1
See 8 U.S.C. §§ 1101, 1103, 1201, 1255.
�Privacy Impact Assessment
USCIS, Customer Scheduling and Services
Page 3
schedule their own appointments online to speak with an ISO at a local USCIS field
office. InfoPass offers a convenient alternative to waiting in long lines at USCIS field
offices and ensures customers receive same day service. InfoPass automates the process
of scheduling an appointment with USCIS through the internet and allows USCIS to
efficiently manage and streamline its appointment scheduling process.
InfoPass allows customers to schedule in-person appointments with USCIS field
offices nationwide. USCIS provides customers the option to schedule an appointment
through the infopass.uscis.gov website or at an InfoPass customer service kiosk. Each
field office provides either a kiosk or computer to accommodate individuals without
access to the internet to book an appointment. USCIS continues to assist walk-in
customers, but those with a scheduled appointment receive priority. InfoPass users
include:
1. Individual applicants and petitioners, and representatives: These users do not need
user names or passwords to schedule or cancel an appointment. InfoPass only
permits these individuals to schedule one appointment at time.
2. Third Party Representatives (TPR): Individuals and entities, such as lawyers and
Community Based Organizations (CBO); these users have registered user
accounts with public permissions. USCIS no longer issues TPR accounts for
business reasons. USCIS grandfathered in existing accounts and currently five
accounts remain. TPRs were issued user names and passwords only when their
request for an account was approved by USCIS. The registered user account
allows TPRs to schedule multiple appointments. TPR are able to use InfoPass to
schedule appointments for their clients as an individual user.
Appointment Creation
InfoPass guides customers through several steps, including: finding a field office,
choosing an appointment date, entering personal information, and confirming the
appointment. To begin the process, customers enter their zip code into InfoPass to locate
the closest field office. InfoPass displays a range of dates and times of available
appointments for the customer to choose for the specified location.
InfoPass collects the following personally identifiable information (PII) from the
customer to complete the appointment process:
•
Full Name;
•
Date of Birth;
•
Telephone Number;
•
Email Address;
�Privacy Impact Assessment
USCIS, Customer Scheduling and Services
Page 4
•
Alien Number (A-Number);
•
Receipt Number;
•
Country of Residence; and
•
Purpose of Visit.
The name, date of birth, zip code, and telephone number are required fields to schedule
an appointment. InfoPass provides the customer with an opportunity to enter biographic
and appointment information, review its accuracy, and amend prior to confirming his or
her appointment. After the customer confirms the appointment, InfoPass generates an
electronic appointment confirmation notice. Customers are instructed to print out the
notice and bring it along with a photo ID to their appointment.
The appointment confirmation notice serves as the official appointment notice for
the customer and contains the name of the customer; appointment type; confirmation
number (a system-generated serial tracking number assigned to the appointment);
appointment date; appointment time; location; and personal identification number (PIN),
which is a system-generated, random, five-digit code assigned to the appointment. As a
security measure, the PIN is displayed only at the time the appointment is created and
cannot be retrieved at any other time.
Customers can review and reprint a copy of their confirmation appointment notice
from any computer that is connected to the internet by going to http://infopass.uscis.gov
and clicking on the link to make an appointment. The customer then enters the same first
name, last name, date of birth, and phone number used when the original appointment
was made. After clicking the ‘continue’ button, a copy of the confirmation letter will be
displayed. However the 5-digit PIN number will not be included on this copy. The 5digit PIN is required only if the customer needs to cancel the appointment for any reason.
Customers can also cancel their appointments through InfoPass by selecting the
‘cancel’ option. Customers must first cancel an existing appointment before they can
schedule an appointment for another date and time. To cancel an appointment, InfoPass
prompts the customer to provide the system-generated confirmation number and PIN
printed on the original appointment confirmation notice to identify the confirmed
appointment. Without the PIN and/or confirmation number, the customer will not able to
cancel their appointment and will not be able to make another appointment until the
scheduled appointment date and time has passed. The customer then follows step-by-step
instructions to complete the appointment cancellation process.
This PIA replaces the Customer Scheduling and Services PIA published on June
6, 2013.
�Privacy Impact Assessment
USCIS, Customer Scheduling and Services
Page 5
Appointment Management
Upon arrival at a USCIS field office, a customer checks in for an appointment at
the front counter of the office. The customer presents the printed confirmation
appointment notice and a photo identification document to the Reception Desk Officer
operating the counter. The Reception Desk Officer enters the confirmation number from
the appointment confirmation notice into InfoPass, which displays the information about
the customer and appointment. If the appointment confirmation notice is not available,
the Reception Desk Officer manually searches the day’s appointments for a name and
date of birth match. If there is not a match, the Reception Desk Officer treats the
customer as a walk-in.
USCIS uses Customer Management Information System (CMIS) to issue all
customers (both walk-ins and those with scheduled appointments) a queuing ticket while
the customer is checking into his or her appointment. CMIS is a queuing system that
prioritizes customers to ensure they receive service in a timely and efficient manner, and
allows USCIS personnel to better track incoming customers chronologically. CMIS
handles individual appointments, reception registration, customer routing, and monitoring
customer flow through the field offices. Each issued ticket is sequentially numbered to
organize the queue flow of incoming customers and is assigned by arrival time. To
generate a queuing ticket, the following information is entered into CMIS: (1)
confirmation number; (2) A-Number, USCIS Electronic Immigration System (USCIS
ELIS) Number, or Receipt Number; (3) appointment type; (4) appointment time; (5) zip
code; and (6) number in the party. A CMIS-generated queuing ticket places the
individual in a virtual line. The printed ticket includes the ticket number, the service
category, and the time the ticket printed. Once a ticket is issued, USCIS directs the
customer to the waiting area to be called for assistance.
The Immigration Service Officer (ISO) also uses CMIS to identify the next
customer in the queue. The ISO uses the A-Number, USCIS ELIS Number, or Receipt
Number to index and retrieve notes recorded into CMIS during an applicant’s prior visits,
and to retrieve the individual’s Alien File (A-File) and relevant case information prior to
the appointment to better assist the customer with his or her specific inquiry. The ISO
who completes the appointment makes appropriate notes within CMIS about the
questions the customer asked and the responses given, and closes the ticket number at the
end of the appointment. This information is used to better assist customers during future
visits. USCIS time stamps each interaction from the moment the customer reports to the
reception desk until the visit ends; e.g., waiting time, time spent with the agent. The ISO
records all services provided to the customer in the visit in CMIS. USCIS does not use
notes related to customer questions and inquires to make adjudicative benefit decisions.
�Privacy Impact Assessment
USCIS, Customer Scheduling and Services
Page 6
Reporting
USCIS field offices use InfoPass and CMIS to manage and track the flow of
incoming appointments. Authorized USCIS personnel are able to use InfoPass and CMIS
to run a variety of customizable reports to monitor employee workload and office
productivity in order to determine if resources are properly allocated. These reports can
be run on a broad spectrum to measure productivity trends and average processing times.
InfoPass and CMIS can also generate granular level reports to identify types, number,
and status of appointments located in a particular office or assigned to a particular ISO.
Customer Satisfaction Assessments
USCIS Customer Services and Public Engagement Directorate (CSPED) conducts
customer satisfaction assessments through electronic surveys (e-surveys) and focus
groups to collect data from customers about their experiences and the level of satisfaction
with the services received on the InfoPass appointment scheduling system and USCIS
local offices. InfoPass and CMIS are used to improve customer services and enhance
operational efficiency. A customer satisfaction assessment is an important tool in
evaluating the level of satisfaction of all customers when using the InfoPass appointment
system and obtaining USCIS local office services. Results from these assessments are
used by USCIS to change and modify different aspects about InfoPass and office services
in order to improve customer satisfaction.
1. E-Surveys
USCIS extracts appointment and customer-related information from InfoPass to
contact customers about e-surveys. Information extracted from InfoPass includes email
address, location of appointment, and date of appointment. USCIS only emails e-surveys
to customers who provided an email address. USCIS provides notice to the customer that
the agency may use his or her email address to send follow up invitations to participate in
voluntary e-surveys through the InfoPass Privacy Act Statement. 2 The survey is made
available via a web link in the e-mail invitation and only solicits opinion-based responses
from customers about their experience with InfoPass, their appointment, and service
provided by USCIS employees. The e-survey is not mandatory and is conducted
anonymously. In the e-mail invitations to the survey, customers are provided a notice
with the purpose of the survey, instructions on how to complete the survey, and how to
opt-out of future surveys. Four days after the initial invitation, an email reminder is sent
to those individuals who have not yet responded. This is the last email these customers
receive regarding the e-survey.
2
See Appendix A of this PIA to view the InfoPass Privacy Act Statement.
�Privacy Impact Assessment
USCIS, Customer Scheduling and Services
Page 7
2. Focus Groups
USCIS also conducts customer focus groups at various professional focus group
facilities. To recruit respondents for the focus groups, USCIS randomly selects e-mail
addresses of InfoPass customers whose local office matches the geographic location
where the focus group is to be conducted. USCIS provides notice to the customer that
the agency may use his or her email address to send follow up invitations to participate in
voluntary focus groups through the InfoPass Privacy Act statement. 3 The contractor uses
the e-mail addresses to send email invitations to customers. In the e-mail invitations to
the focus group, customers are provided a notice with the purpose of the focus group,
instructions on how to register, and how to opt-out of future surveys. Customers who are
interested in participating in the focus group sessions respond to the request either by
email or by telephone. When scheduling focus group meetings, the survey contractor
collects the customer’s first name and phone number to confirm participation of the
customer in the focus group meeting. After the customer confirms participation, USCIS
contacts the participant prior to the focus group session by e-mail or telephone to confirm
participation.
Individuals who opted to participate in a focus group session are advised that the
information is used to determine customer perceptions regarding the services received by
InfoPass and the USCIS office and responses are anonymous. Responses to focus group
questions from individuals are collected and retained through transcription services.
These transcription documents do not include customer names or any other identifying
information. USCIS CSPE generates customer satisfaction reports from the response.
The responses are anonymous and aggregated and will not be tied to specific individuals.
Once the focus group has been conducted, the survey contractor deletes all email
addresses and telephone numbers associated with this specific focus group within 120
days of contact.
Section 1.0 Authorities and Other Requirements
1.1
What specific legal authorities and/or agreements permit
and define the collection of information by the project in
question?
The authority to collect information is found within the Immigration and
Nationality Act (INA), 8 U.S.C. §§ 1101, 1103, 1201, and 1255.
3
See Appendix A of this PIA to view the InfoPass Privacy Act Statement.
�Privacy Impact Assessment
USCIS, Customer Scheduling and Services
Page 8
1.2
What Privacy Act System of Records Notice(s) (SORN(s))
apply to the information?
The customer information in InfoPass, CMIS, and for the customer satisfaction
assessments is covered by the DHS/USCIS-007 Benefit Information System (BIS)
System of Records Notice (SORN). 4 The customer responses from the customer
satisfaction assessments are anonymous and do not require SORN coverage because they
are not linked to an individual and are not uniquely retrievable. The employee
information in InfoPass and CMIS is covered by the DHS/ALL-004 - General
Information Technology Access Account Records System (GITAARS) SORN. 5
1.3
Has a system security plan been completed for the
information system(s) supporting the project?
InfoPass was approved for operation on January 2, 2014 for a period of 18
months, unless a significant change to the information system requires an earlier
accreditation. The InfoPass Authority to Operate (ATO) is set to expire on July 2, 2015.
The InfoPass Security Plan (SP) was completed on December 12, 2013.
CMIS was approved for operation on January 2, 2014 for a period of 12 months.
The CMIS Authority to Operate (ATO) is set to expire on January 2, 2015. The CMIS
Security Plan (SP) was completed on November 16, 2013.
1.4
Does a records retention schedule approved by the National
Archives and Records Administration (NARA) exist?
NARA approved the CMIS Retention Schedule [N1-566-08-08]. This schedule
covers both InfoPass is and CMIS records.
1.5
If the information is covered by the Paperwork Reduction
Act (PRA), provide the OMB Control number and the
agency number for the collection. If there are multiple
forms, include a list in an appendix.
InfoPass is subject to the PRA requirements. OMB approved this collection
under OMB Control Numbers 1615-0113. OMB also approved the collection of
customer satisfaction data under OMB Control Number 1615-0121.
4
DHS/USCIS-007 Benefit Information System, 73 FR 56596 (Sept. 28, 2008).
DHS/ALL-004 - General Information Technology Access Account Records System, 77 FR 70792 (Nov.
27, 2012).
5
�Privacy Impact Assessment
USCIS, Customer Scheduling and Services
Page 9
Section 2.0 Characterization of the Information
The following questions are intended to define the scope of the information requested and/or
collected, as well as reasons for its collection.
2.1
Identify the information the project collects, uses,
disseminates, or maintains.
Appointment Scheduling
InfoPass collects the following customer information to create an appointment:
full name, zip code, date of birth, telephone number, email address, A-Number, Receipt
Number, country of residence, and purpose of visit. The name, date of birth, zip code,
and telephone number are the only fields required to schedule an appointment.
InfoPass generates and maintains an appointment confirmation notice with
appointment details. The appointment confirmation notice contains the customer’s name,
appointment type, confirmation number, confirmation code, appointment date,
appointment time, location, and PIN. Customers use the system-generated confirmation
number and PIN to cancel an appointment with InfoPass.
Customer Queue Flow
To generate a queuing ticket, the following information from InfoPass is entered
into CMIS: (1) confirmation number; (2) A-Number, USCIS ELIS Number, or Receipt
Number; (3) appointment type; (4) appointment time; (5) zip code; and (6) number in the
party. CMIS generates a ticket number for each customer that places the individual in a
virtual line. The printed CMIS ticket includes the ticket number, the service request
category, and the time the ticket was printed. The information associated with a ticket,
such as the A-Number, Receipt Number, and USCIS ELIS Number, is used to index
records of past visits to USCIS Field Offices and by the ISO to retrieve the case
information for the customer.
Employee Information
InfoPass and CMIS collect USCIS employee user names and passwords to
facilitate log-in access to the system and for auditing purposes. CMIS employee PII
includes the name of the ISO assigned to the appointment.
Customer Satisfaction Assessments
USCIS collects and uses email addresses from InfoPass users to email an e-survey
or invitation for participation in a USCIS-sponsored focus group session. Results from
the assessments are not stored in InfoPass.
�Privacy Impact Assessment
USCIS, Customer Scheduling and Services
Page 10
2.2
What are the sources of the information and how is the
information collected for the project?
USCIS collects information directly from the individual or his or her
representative to schedule an appointment with USCIS through InfoPass. Customers may
access InfoPass via the infopass.uscis.dhs.gov webpage or a kiosk located at a USCIS
office.
CMIS information is collected from individuals, automatically generated during
appointment check-in, and recorded by USCIS personnel to document the services
provided during a visit.
2.3
Does the project use information from commercial sources
or publicly available data? If so, explain why and how this
information is used.
No. USCIS does not use commercial or publicly available data to schedule
appointments and place incoming customers in queue.
2.4
Discuss how accuracy of the data is ensured.
InfoPass collects information directly from the individual or his or her
representative; therefore, USCIS is dependent upon the accuracy of the information
provided by the customer.
InfoPass does not support customer access and alteration of information in the
system. If a customer determines information on the appointment confirmation notice is
inaccurate, he or she may cancel the appointment. Upon cancelling the appointment,
USCIS deletes all data associated with the appointment request. The customer may then
create a new appointment that includes the correct information. When a customer cancels
his or her appointment, USCIS deletes the data collected to create that appointment.
InfoPass generates a new PIN and confirmation number when the customer schedules a
new appointment.
USCIS instructs customers to present their printed confirmation appointment
notice and a photo identification document at the time of the appointment. USCIS
employees manually enter the confirmation number into InfoPass, which displays the
information about the customer and appointment. If the appointment confirmation notice
is not available, the ISO manning the front counter manually searches the day’s
appointments for a name and date of birth match. If there is a match, the customer is
issued a CMIS ticket and waits to be called. If there is not a match, the customer will be
treated as a walk-in customer.
�Privacy Impact Assessment
USCIS, Customer Scheduling and Services
Page 11
2.5
Privacy Impact Analysis: Related to Characterization of the
Information
Privacy Risk: There is a risk that USCIS will collect more information than is
necessary.
Mitigation: USCIS mitigates this risk by conducting an analysis in conjunction
with the USCIS Privacy Office to determine which data elements are relevant and
necessary to (1) schedule an appointment, (2) identify the person making the
appointment, (3) maintain a history of his or her visits to a USCIS field office, (4) locate
his or her file or application, and (5) conduct customer service assessments.
Privacy Risk: There is a risk that USCIS will maintain inaccurate data.
Mitigation: USCIS mitigates the risk of maintaining inaccurate data by
collecting information directly from the individual or his or her representative. If an
individual with a scheduled appointment notices inaccurate data on his or her
confirmation letter, the individual may correct his or her information by cancelling his or
her appointment and creating a new appointment with the accurate information. When an
individual cancels his or her appointment, InfoPass deletes the collected data. If the
individual does not notice, or is otherwise unaware that the information is inaccurate, the
individual and USCIS have the opportunity to correct the data when the individual meets
with the ISO at his or her InfoPass appointment. When an individual makes an InfoPass
appointment, USCIS requests that the individual bring the InfoPass appointment notice
confirmation and a government-issued identification. This allows the ISO to verify the
individual’s identity. Once the ISO verifies the individual’s identity, the ISO is able to
correct inaccurate information.
USCIS instructs the customer to bring and present his or her printed confirmation
appointment notice and a photo identification document. USCIS employees manually
enter the confirmation number into InfoPass, which displays the information about the
customer and appointment. If the appointment confirmation notice is not available, the
clerk manually searches the day’s appointments for a name and date of birth match. If
there is a match, the customer receives a CMIS ticket and waits to be called. If there is
not a match, the customer will be treated as a walk-in.
�Privacy Impact Assessment
USCIS, Customer Scheduling and Services
Page 12
Section 3.0 Uses of the Information
The following questions require a clear description of the project’s use of information.
3.1
Describe how and why the project uses the information.
USCIS uses the information collected by InfoPass and CMIS to schedule and
effectively manage appointments made by the customer, queue customers, and conduct a
customer satisfaction assessment through the coordination of an e-survey or focus group.
Specific uses of the information are as follows:
•
Name and date of birth are used to identify the individual when he or she
arrives for the appointment;
•
Zip code is used to locate the field office closest to the individual scheduling
the appointment;
•
A-Number, USCIS ELIS Number, and Receipt Number are used to verify the
identity of the individual, retrieve associated case data, and update
information if there are any discrepancies at the scheduled appointment;
•
Email addresses are used to contact the customer for Customer Satisfaction
Assessments;
•
Email address or phone number is used to contact the applicant in the event of
a scheduling issue involving the appointment time;
•
Confirmation number and PIN are used by the customer to cancel an
appointment. If an appointment is canceled, InfoPass deletes the appointment
and individual information associated with the confirmation number and PIN;
and
•
Results from customer satisfaction assessments are used by USCIS to change
and modify different aspects about InfoPass and office services in order to
improve customer satisfaction.
3.2
Does the project use technology to conduct electronic
searches, queries, or analyses in an electronic database to
discover or locate a predictive pattern or an anomaly? If so,
state how DHS plans to use such results.
No. InfoPass and CMIS do not use technology to conduct electronic searches,
queries, or analyses.
�Privacy Impact Assessment
USCIS, Customer Scheduling and Services
Page 13
3.3
Are there other components with assigned roles and
responsibilities within the system?
Access to InfoPass and CMIS is limited to USCIS authorized personnel. There
is no intra-departmental sharing of this information.
3.4
Privacy Impact Analysis: Related to the Uses of
Information
Privacy Risk: There is a risk that InfoPass will collect and use information in a
manner inconsistent with USCIS’ authority and mission.
Mitigation: Part of USCIS’s mission is to provide effective customer-oriented
immigration benefit and information services. USCIS created InfoPass to help fulfill this
goal. USCIS mitigates the risk of collecting and using information in a manner
inconsistent with USCIS’s authority and mission by minimizing the amount of
information collected and by limiting the purposes for which USCIS may use the
information collected when creating an InfoPass appointment. As described in the
Privacy Act Statement on the InfoPass website, the primary purpose for collecting the
information is to allow USCIS to schedule the appointment.
USCIS also uses the information collected to identify the person making the
appointment, to maintain a history of his or her visits to a USCIS field office, to locate
his or her file or application, and to conduct customer service assessments. In addition,
USCIS requires that all InfoPass and CMIS users receive training on the appropriate use
of the information and system prior to being approved for access.
Privacy Risk: There is a risk that negative feedback from customer satisfaction
assessments could be inappropriately used to adversely impact the individual’s benefit
request.
Mitigation: USCIS mitigates this risk by making participation completely
voluntary and by ensuring that USCIS only receives results that are not associated with
an individual. USCIS contracts an outside vendor to conduct the customer satisfaction
survey and any focus groups. In the e-mail invitation to the survey or focus group, the
vendor provides the individual with a notice with the purpose of the survey or focus
group, instructions on how to complete the survey or focus group, and how to opt-out of
future invitations. USCIS and the vendor conducting the survey or focus group do not
request PII from the individual during the customer satisfaction survey or focus group
and do not link the responses back to the customer’s other records.
�Privacy Impact Assessment
USCIS, Customer Scheduling and Services
Page 14
Section 4.0 Notice
The following questions seek information about the project’s notice to the individual about the
information collected, the right to consent to uses of said information, and the right to decline to provide
information.
4.1
How does the project provide individuals notice prior to the
collection of information? If notice is not provided, explain
why not.
USCIS provides general notice to individuals through the publication of this PIA
and DHS/USCIS-007 BIS SORN. Additionally, USCIS provides a Privacy Act
Statement prior to the submission of any information, as required by Section (e)(3) of the
Privacy Act. The Privacy Act Statement notifies the individual about the authority to
collect the information requested, purposes, routine uses, and consequences of providing
or declining to provide the information to USCIS. 6
USCIS also contacts the individual by email to request participation in an esurvey or focus group and advises the individual that participation is voluntary. In the email invitation, customers are provided a notice with the purpose of the customer
satisfaction assessment, instructions on how to participate, and how to opt-out of future
requests.
4.2
What opportunities are available for individuals to consent
to uses, decline to provide information, or opt out of the
project?
The Privacy Act Statement informs individuals that providing the information is
voluntary. A customer can choose to decline to provide information; however, that may
prevent the customer from scheduling an appointment through InfoPass. Once the
customer provides the information, he or she does not have the ability to consent for
specific uses. Providing information is giving implied consent for all uses specified in
the SORN.
4.3
Privacy Impact Analysis: Related to Notice
Privacy Risk: There is a risk that individuals are not aware of the collection and
use of their PII.
Mitigation: USCIS mitigates this risk by providing several forms of notice. On
the InfoPass website, prior to collecting information, USCIS displays a link to the
6
Please see Appendix A to view the InfoPass Privacy Act Statement.
�Privacy Impact Assessment
USCIS, Customer Scheduling and Services
Page 15
Privacy Act Statement applicable to InfoPass. The Privacy Act Statement states that
providing information is voluntary, but failure to provide certain requested information
may prevent the customer from scheduling an appointment through InfoPass.
Additionally, when the individual schedules his or her appointment, InfoPass provides
step-by-step instructions that briefly explain why USCIS collects the information and
how the agency uses the information. USCIS also provides notice through this PIA and
the BIS SORN.
Section 5.0 Data Retention by the project
The following questions are intended to outline how long the project retains the information after
the initial collection.
5.1
Explain how long and for what reason the information is
retained.
InfoPass retains PII to identify individuals scheduling an appointment for 60 days
after the date of the appointment, with the exception of the full name, phone number, and
email address data used to contact the customer in order to conduct customer service
assessments. Information used to conduct customer quality assessments is purged after
120 days. USCIS destroys CMIS data when no longer needed for agency business.
5.2
Privacy Impact Analysis: Related to Retention
Privacy Risk: There is a risk that PII is retained longer than necessary to fulfill
specified purposes.
Mitigation: The CMIS data retention periods identified in the approved NARA
schedule limit the retention of data for only as long as necessary to support USCIS’s
mission. The schedule complies with the requirements of the Federal Records Act and
the stated purpose and mission of the systems.
InfoPass and CMIS records are not used to make benefits decisions. Instead,
USCIS uses InfoPass and CMIS records to schedule and facilitate InfoPass appointments.
The information in InfoPass is purged on a weekly basis to ensure that PII is not retained
beyond the 60-day retention schedule. The only exception currently permitted on the
retention of any PII older than 60 days is for the data used to conduct the Customer
Satisfaction Assessments. This data is deleted within 120 days of receipt. Details about
appointments are retained for as long as a business use requires the data. The details
include name of the ISO conducting the interview, the date, and the times the interview
started and ended.
�Privacy Impact Assessment
USCIS, Customer Scheduling and Services
Page 16
Section 6.0 Information Sharing
The following questions are intended to describe the scope of the project information sharing
external to the Department. External sharing encompasses sharing with other federal, state, and local
government, and private sector entities.
6.1
Is information shared outside of DHS as part of the normal
agency operations? If so, identify the organization(s) and
how the information is accessed and how it is to be used.
USCIS does not share appointment records from InfoPass or queue information
from CMIS with external entities in the normal course of business.
6.2
Describe how the external sharing noted in 6.1 is compatible
with the SORN noted in 1.2.
USCIS does not share appointment records from InfoPass or queue information
from CMIS with external entities in the normal course of business. USCIS will ensure
any instances of sharing are fully consistent with the routine uses outlined in the
DHS/USCIS-007 BIS SORN.
6.3
Does the project place limitations on re-dissemination?
USCIS does not share appointment records from InfoPass or queue information
from CMIS with external entities in the normal course of business. USCIS will ensure
any instances of sharing are fully consistent with the DHS/USCIS-007 BIS SORN.
6.4
Describe how the project maintains a record of any
disclosures outside of the Department.
USCIS does not share appointment records from InfoPass or queue information
from CMIS with external entities in the normal course of business. USCIS will maintain
a record of any disclosures made pursuant to a routine use.
6.5
Privacy Impact Analysis: Related to Information Sharing
Privacy Risk: There is a risk of unauthorized sharing of information.
Mitigation: USCIS mitigates this risk by implementing strong oversight
procedures. Currently, USCIS does not routinely share appointment records from
InfoPass or queue information from CMIS with external agencies. USCIS has formal
review and approval process in place for new sharing initiatives. Any new use of
information and/or new access requests for the system must be approved by the proper
review authorities. USCIS reviews any updates related to information sharing with
�Privacy Impact Assessment
USCIS, Customer Scheduling and Services
Page 17
external entities prior to disclosure to ensure any instances of sharing are fully consistent
with the DHS/USCIS-007 BIS SORN. USCIS has an approval process in place for new
sharing agreements.
Section 7.0 Redress
The following questions seek information about processes in place for individuals to seek redress,
which may include access to records about themselves, ensuring the accuracy of the information collected
about them, and/or filing complaints.
7.1
What are the procedures that allow individuals to access
their information?
InfoPass allows the customers and their representatives to access their scheduled
appointments through the online interface. InfoPass allows the individual or his or her
representative to cancel an appointment and then schedule another appointment using the
correct information if inaccurate information was provided. USCIS deletes all InfoPass
PII 120 days after a customer’s scheduled appointment. Customers seeking access to
their scheduled appointment information may access it any time prior to the date and time
of their scheduled appointment.
CMIS is a customer queuing and information gathering system that manages the
flow of customers who visit field offices. CMIS gathers limited customer PII and
statistical information about the services the customer received while in the office, such
as time spent waiting, time spent with an ISO / adjudicator and types of services offered.
USCIS maintains appointment history data in CMIS until the information is no longer
needed. Customers seeking access to their appointment history may request access to it
at any time.
An individual may gain access to his or her USCIS records by filing a Freedom of
Information Act (FOIA) or Privacy Act request. Any individual seeking access to his or
her USCIS record may submit the aforementioned requests to the following address:
U.S. Citizenship and Immigration Services
National Records Center
FOIA/PA Office
P.O. Box 648010
Lee’s Summit, MO 64064-8010
The process for requesting records can be found at 6 CFR § 5.21. The request should
state clearly the information that is being requested. The procedures for making a request
for access to one’s records can be found on the USCIS web site, located at
www.uscis.gov.
�Privacy Impact Assessment
USCIS, Customer Scheduling and Services
Page 18
7.2
What procedures are in place to allow the subject individual
to correct inaccurate or erroneous information?
InfoPass customers and their representatives have the ability to correct
information by cancelling the scheduled appointment and then scheduling another
appointment using the correct information. The customer must first cancel the
appointment, and then reschedule the appointment with the correct information.
Customer and appointment data is deleted from InfoPass when an appointment is
cancelled.
Individuals will not have the ability to correct appointment information after the
appointment date has passed, and all records are deleted 60 days after the scheduled
appointment date in InfoPass and CMIS. Individuals are able to correct potentially
inaccurate data that they submitted during the appointment with an ISO. The only
exception currently permitted on the retention of any PII older than 60 days is for the data
used to conduct the Customer Satisfaction Assessments. This data is deleted within 120
days of contact.
7.3
How does the project notify individuals about the
procedures for correcting their information?
The procedures for individuals to correct their information are outlined in this
PIA, the SORN associated with this system and while creating an InfoPass appointment.
After the appointment is completed, InfoPass does not provide means to make change
appointment and queuing data.
7.4
Privacy Impact Analysis: Related to Redress
Privacy Risk: There is a risk that individuals will not have the ability to correct
their record.
Mitigation: The redress and access measures offered by USCIS are
commensurate with the purpose of the system. USCIS notifies individuals about
procedures to correct their information in this PIA, the SORN associated with this
system, and while creating an InfoPass appointment. InfoPass allows the individual or
his or her representative to cancel an appointment and then schedule another appointment
using the correct information if inaccurate information was provided. The cancellation of
an appointment deletes all biographic and appointment information including the systemgenerated data, such as the confirmation number.
Additionally, individuals may request access to information about themselves
under the FOIA and Privacy Act; however, USCIS deletes most PII collected during the
�Privacy Impact Assessment
USCIS, Customer Scheduling and Services
Page 19
InfoPass appointment creation process 60 days after the scheduled appointment and is
therefore not available for access and amendment after deletion.
Responses from customer satisfaction assessments are anonymous, aggregated,
and not tied to specific individuals. Therefore, customer satisfaction assessments are not
available for access and amendment after submission.
Section 8.0 Auditing and Accountability
The following questions are intended to describe technical and policy based safeguards and
security measures.
8.1
How does the project ensure that the information is used in
accordance with stated practices in this PIA?
InfoPass has an audit trail capability that monitors user activities and generates
alerts for unauthorized access attempts. The general audit log and the security log allows
the Global Administrator to select event type such as access or logon and the data
displayed includes timestamp, name, IP, transaction, and site. The autolock log displays
the person’s name, last login, autolock date with time, reinstate date with time, username,
and site. This auditing influences users to use the system appropriately.
InfoPass limits the number of employees with access to PII to those who need the
information to perform their duties, and will utilize software to perform network level
auditing of the application. With the exception of district, region, and global
administrators, users are limited to access data for only their specific location. InfoPass
deletes PII after 60 days unless the information is used for customer satisfaction
assessments. PII used for customer satisfaction assessments is deleted within 120 days.
USCIS and DHS trusted internet connection use a commercial off-the-shelf
solution to protect InfoPass from USCIS and internet connections. This network level
protection includes connection auditing, detection, and prevention of suspect or malicious
connections in order to limit or prevent malicious use of InfoPass. These products
include firewalls, routers, and load balancer/application firewalls that forward system
event messages to a central logging facility. The central logging facility has the ability to
detect known probe or attack signatures.
8.2
Describe what privacy training is provided to users either
generally or specifically relevant to the project.
All federal employees and contractors are required to complete annual privacy
and security awareness training. The Culture of Privacy Awareness training addresses
appropriate privacy concerns, including Privacy Act obligations (e.g., SORN, Privacy
�Privacy Impact Assessment
USCIS, Customer Scheduling and Services
Page 20
Act Statements). The Computer Security Awareness training examines appropriate
technical, physical, personnel, and administrative controls to safeguard information.
8.3
What procedures are in place to determine which users may
access the information and how does the project determine
who has access?
InfoPass and CMIS employ role-based access controls so only employee users
with a need-to-know have access to the information in the system. InfoPass and CMIS
provide a warning banner at all access points to deter unauthorized use of information by
external and internal users. The banner warns authorized and unauthorized users about
the appropriate uses of the system, that the system may be monitored for improper use
and illicit activity, and the penalties for non-compliance.
External users are customers and their representatives who seek to schedule an
appointment with a USCIS field office. InfoPass is publically available to customers
through infopass.uscis.gov for the purpose of scheduling and cancelling an appointment.
A customer may only schedule one appointment using his or her PII.
Internal access is limited to registered employee users. Registered users must be
granted access and be issued a user name and password prior to gaining access to the
system. Internal access to information is on a need-to-know basis. This need-to-know is
determined by the users and their respective responsibilities. Moreover, access
privileges, for both internal and external users, is limited by establishing role-based user
accounts to minimize access to information that is not needed for appointment
management. InfoPass has the capability of identifying and deactivating unused
accounts.
�Privacy Impact Assessment
USCIS, Customer Scheduling and Services
Page 21
8.4
How does the project review and approve information
sharing agreements, MOUs, new uses of the information,
new access to the system by organizations within DHS and
outside?
InfoPass and CMIS do not have any information sharing agreements with an
organization within or outside of DHS. However, USCIS has formal review and
approval process in place for new sharing agreements. Any new use of information
and/or new access requests for the system must go through the USCIS change control
process and must be approved by the proper authorities.
Responsible Officials
Donald Hawkins
Privacy Officer
U.S. Citizenship and Immigration Services
Approval Signature
Original signed and on file with the DHS Privacy Office
________________________________
Karen L. Neuman
Chief Privacy Officer
Department of Homeland Security
�
| File Type | application/pdf |
| File Title | DHS/USCIS/PIA-046 Customer Scheduling and Services |
| Author | U.S. Department of Homeland Security |
| File Modified | 2014-03-26 |
| File Created | 2014-03-25 |