Download:
pdf |
pdfPrivacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 06-2020(USCG)
Page 1 of 14
PRIVACY THRESHOLD ANALYSIS (PTA)
This form will be used to determine whether a Privacy Impact Assessment (PIA), System of Records Notice
(SORN), or other privacy compliance documentation is required under the E-Government Act of 2002, the
Homeland Security Act of 2002, the Privacy Act of 1974, or DHS policy.
Please complete this form and send it to your Component Privacy Office. If you are unsure of your
Component Privacy Office contact information, please visit https://www.dhs.gov/privacy-office-contacts.
If you do not have a Component Privacy Office, please send the PTA to the DHS Privacy Office:
Senior Director, Privacy Compliance
DHS Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717
[email protected]
Your Component Privacy Office will submit the PTA on behalf of your office. Upon receipt from your
Component Privacy Office, the DHS Privacy Office will review this form. If a PIA, SORN, or other privacy
compliance documentation is required, your Component Privacy Office, in consultation with the DHS
Privacy Office, will send you a copy of the template to complete and return.
For
more
information
about
the
DHS
Privacy
compliance
process,
please
see
https://www.dhs.gov/compliance. A copy of the template is available on DHS Connect at
http://dhsconnect.dhs.gov/org/offices/priv/Pages/Privacy-Compliance.aspx or directly from the DHS
Privacy Office via email: [email protected] or phone: 202-343-1717.
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 06-2020(USCG)
Page 2 of 14
PRIVACY THRESHOLD ANALYSIS (PTA)
SUMMARY INFORMATION
Project, Program,
or System Name:
Pilots’ Medical Certificate Validity Period
Component or
Office:
U.S. Coast Guard (USCG)
Office or
Program:
CG-MMC
FISMA Name (if
applicable):
N/A
FISMA
Number (if
applicable):
N/A
Type of Project or
Program:
Rule
Project or
program
status:
Modification
November 2, 2020
Pilot launch
date:
N/A
April 28, 2021
Pilot end date:
N/A
N/A
Expected
ATO/ATP/OA
date (if
applicable):
N/A
Date first
developed:
Date of last PTA
update
ATO Status (if
applicable): 1
PROJECT, PROGRAM, OR SYSTEM MANAGER
Name:
Mr. Eric Malzkuh
Office:
CG-MMC
Title:
Marine Transportation
Specialist
Phone:
202-372-1425
Email:
[email protected]
INFORMATION SYSTEM SECURITY OFFICER (ISSO) (IF APPLICABLE)
Name:
N/A
Phone:
N/A
Email:
N/A
The DHS OCIO has implemented a streamlined approach to authorizing an Authority to Operate (ATO), allowing for rapid deployment of new
IT systems and initiate using the latest technologies as quickly as possible. This approach is used for selected information systems that meet the
required eligibility criteria in order to be operational and connect to the network. For more information, see
http://dhsconnect.dhs.gov/org/comp/mgmt/ocio/ciso/CISO%20ALL%20Documents/Authority%20to%20Proceed%20Memo%20Phase%20II.pdf.
1
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 06-2020(USCG)
Page 3 of 14
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 06-2020(USCG)
Page 4 of 14
SPECIFIC PTA QUESTIONS
1. Reason for submitting the PTA: Updated PTA
The U.S. Coast Guard (USCG) submits this PTA as part of the rulemaking process.
The USCG is extending the maximum period of validity of merchant mariner medical certificates issued
to first-class pilots and masters or mates serving as pilot from 2 years to 5 years. This rule will reduce the
frequency of medical certification application submissions to the Coast Guard.
First-class pilots and masters and mates who serve as pilot on vessels of 1,600 gross registered tons or
more must submit the results of their annual physical examinations to the Coast Guard between medical
certificate applications if:
(1) the mariner does not meet the physical ability requirements;
(2) the mariner has a condition that does not meet the medical, vision, or hearing requirements;
(3) the mariner is deemed “not recommended” by a medical practitioner for a medical certificate;
(4) upon request by the USCG, the rule will not compromise safety because it maintains the requirement
for pilots to obtain annual physicals and because it provides the Coast Guard opportunity to review the
medical examination of pilots who may become medically unqualified between medical certificate
applications.
The Application for Merchant Mariner Medical Certificate (CG-719K/E) is used to valid physical
examinations. The Coast Guard uses an alternate unique identifier for existing mariners called a Mariner
Reference Number. The Social Security number (SSN) is only required for new initial applicants who
have not previously been issued a merchant mariner credential from the USCG.
CG-719K/E collects the following personally identifiable information from the mariner:
name;
home address;
date of birth;
gender;
Social Security number (only required for new initial applicants that
have not been issued a merchant mariner credential)
Mariner Reference Number;
physical traits; physical ability results; and
signature.
CG-719K/E also contains the name, business address, phone number, and license number of the medical
practitioner and the name, address, and phone number of the organization or third party that the mariner
elects to release information associated with this form.
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 06-2020(USCG)
Page 5 of 14
The Pilots’ Medical Certificate Validity Period Final Rule is privacy sensitive with coverage provided by
DHS/USCG/PIA-015 Merchant Mariner Licensing and Documentation System and DHS/USCG-030
Merchant Seamen’s Records.
☐ This project does not collect, collect, maintain,
use, or disseminate any personally identifiable
information 2
☒ Members of the public
2. From whom does the Project, Program,
or System collect, maintain, use, or
disseminate information?
Please check all that apply.
☒ U.S. Persons (U.S citizens or lawful
permanent residents)
☒ Non-U.S. Persons
☐ DHS Employees/Contractors (list Components):
Click here to enter text.
☐ Other federal employees or contractors (list
agencies): Click here to enter text.
2
DHS defines personal information as “Personally Identifiable Information” or PII, which is any information that permits the identity of an
individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual, regardless of whether the
individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to the Department. “Sensitive PII” is PII, which
if lost, compromised, or disclosed without authorization, could result in substantial harm, embarrassment, inconvenience, or unfairness to an
individual. For the purposes of this PTA, SPII and PII are treated the same.
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 06-2020(USCG)
Page 6 of 14
☒ No
2(a) Is information meant to be
collected from or about
sensitive/protected populations?
☐ 8 USC § 1367 protected individuals (e.g., T, U,
VAWA) 3
☐ Refugees/Asylees
☐ Other. Please list: Click here to enter text.
3. What specific information about individuals is collected, maintained, used, or
disseminated?
The Application for Merchant Mariner Medical Certificate (CG-719K/E) is used to valid physical examinations.
CG-719K/E collects the following personally identifiable information from the mariner:
name;
home address;
date of birth;
gender;
Mariner Reference Number;
Social Security number (only required for new initial applicants that have not
been issued a merchant mariner credential);
physical traits; physical ability results; and
signature.
CG-719K/E also contains the name, business address, phone number, and license number of the medical practitioner
and the name, address, and phone number of the organization or third party that the mariner elects to release
information associated with this form.
3(a) Does this Project, Program, or System collect, maintain, use, or disseminate Social Security
numbers (SSN) or other types of stand-alone sensitive information? 4 If applicable, check all
that apply.
☒ Social Security number
☐ Alien Number (A-Number)
☐ Tax Identification Number
☐ Social Media Handle/ID
☐ Driver’s License/State ID Number
This involves the following types of individuals: T nonimmigrant status (Victims of Human Trafficking), U nonimmigrant status (Victims of
Criminal Activity), or Violence Against Women Act (VAWA). For more information about 1367 populations, please see: DHS Management
Directive 002-02, Implementation of Section 1367 Information Provisions, available at
http://dhsconnect.dhs.gov/org/comp/mgmt/policies/Directives/002-02.pdf.
4
Sensitive PII (or sensitive information) is PII that if lost, compromised, or disclosed without authorization, could result in substantial harm,
embarrassment, inconvenience, or unfairness to an individual. More information can be found in the DHS Handbook for Safeguarding Sensitive
Personally Identifiable Information, available at https://www.dhs.gov/publication/handbook-safeguarding-sensitive-personally-identifiableinformation.
3
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 06-2020(USCG)
Page 7 of 14
☐ Visa Number
☐ Passport Number
☐ Bank Account, Credit Card, or other
financial account number
☐ Medical Information (e.g., Protected
Health Information (PHI))
☐ Biometric identifiers (e.g., FIN, EID)
☐ Biometrics. 5 Please list modalities (e.g.,
fingerprints, DNA, iris scans): Click here to
enter text.
☐ Other. Please list: Click here to enter
text.
3(b) Please provide the specific legal basis
Click here to enter text.
for the collection of SSN:
3(c) If the SSN is needed to carry out the functions and/or fulfill requirements of the Project,
System, or Program, please explain why it is necessary and how it will be used.
The purpose of this system is to administer the Merchant Mariner Credentialing Program to determine
domestic and international qualifications for the issuance of seaman credentials with domestic and
international endorsements, licenses, documents, and staff officer certifications.
The collection ensures that merchant mariners are physically qualified in an efficient manner to perform
their duties for the purpose of: promoting the safety of life and property at sea, promoting public safety,
protecting the marine environment and promoting homeland security.
This includes establishing eligibility for a merchant mariner’s credential, duplicate credential, or
additional endorsements issued by the USCG and establishing and maintaining continuous records of the
person’s documentation transactions.
3(d) If the Project, Program, or System requires the use of SSN, what actions are being taken to
abide by Privacy Policy Instruction 047-01-010, SSN Collection and Use Reduction, 6 which
requires the use of privacy-enhancing SSN alternatives when there are technological, legal, or
regulatory limitations to eliminating the SSN? Note: even if you are properly authorized to collect
SSNs, you are required to use an alternate unique identifier. If there are technological, legal, or
regulatory limitations to eliminating the SSN, privacy-enhancing alternatives should be taken, such as
masking, truncating, or encrypting the SSN, or blocking the display of SSNs in hard copy or digital
formats.
If related to IDENT/HART and applicable, please complete all Data Access Request Analysis (DARA) requirements. This form provides
privacy analysis for DHS’ IDENT, soon to be HART. The form replaces a PTA where IDENT is a service provider for component records. PRIV
uses this form to better understand how data is currently shared, will be shared and how data protection within IDENT will be accomplished.
IDENT is a biometrics service provider and any component or agency submitting data to IDENT is a data provider.
6
See https://www.dhs.gov/publication/privacy-policy-instruction-047-01-010-ssn-collection-and-use-reduction.
5
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 06-2020(USCG)
Page 8 of 14
The Coast Guard uses an alternate unique identifier for existing mariners called a Mariner Reference
Number. The SSN is only required for new initial applicants who do have not previously been given a
credential from the USCG.
☒ By a unique identifier.7 Please list all unique
4. How does the Project, Program, or
System retrieve information?
5. What is the records retention
schedule(s) for the information
collected for each category type (include
the records schedule number)? If no
schedule has been approved, please
provide proposed schedule or plans to
determine it.
identifiers used:
Information is retrieved by any combination of the
various which may include the name, address,
Social Security number, and Merchant Mariner
Licensing and Documentation System assigned
system number.
☐ By a non-unique identifier or other means. Please
describe:
Click here to enter text.
SSIC 16720
Destroy 60 years after last discharge or evidence of
death is reviewed, whichever is sooner.
Note: If no records schedule is in place or are unsure
of the applicable records schedule, please reach out to
the appropriate Records Management Office. 8
5(a) How does the Project, Program, or
System ensure that records are
disposed of or deleted in accordance
with the retention schedule (e.g.,
technical/automatic purge, manual audit)?
Quarterly the HSC Records Coordinator will contact
appropriate program managers regarding any of
their scheduled records due for destruction. It is
essential that owners of records have an opportunity
to indicate if subject records might be required for
impending litigation or some other need. Even if
records have met their specified retention periods,
they cannot be destroyed without the concurrence of
Generally, a unique identifier is considered any type of “personally identifiable information,” meaning any information that permits the identity
of an individual to be directly or indirectly inferred, including any other information which is linked or linkable to that individual regardless of
whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to the Department.
8
See http://dhsconnect.dhs.gov/org/comp/mgmt/ocio/IS2O/rm/Pages/RIM-Contacts.aspx
7
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 06-2020(USCG)
Page 9 of 14
the program manager having legal custody of the
records.
6. Does this Project, Program, or System
connect, receive, or share PII with any
other DHS/Component projects,
programs, or systems? 9
☒ No.
☐ Yes. If yes, please list:
Click here to enter text.
☐ No.
7. Does this Project, Program, or System
connect, receive, or share PII with any
external (non-DHS) government or
non-government partners or systems?
8. Is this sharing pursuant to new or
existing information sharing agreement
(MOU, MOA, LOI, RTA, etc.)? If
applicable, please provide agreement as
an attachment.
9. Does the Project, Program, or System
or have a mechanism to track external
disclosures of an individual’s PII?
10. Does this Project, Program, or System
use or collect data involving or from
any of the following technologies:
☒ Yes. If yes, please list:
Information may be released to a third party if
specific guidance is given to the National Maritime
Center (NMC), by the applicant, regarding what
issues may be discussed and with whom. The
applicant must complete a Third Party Authorization
for each entity or individual named.
N/A.
Please describe applicable information sharing
governance in place: Click here to enter text.
☐ No. What steps will be taken to develop and
maintain the accounting: Click here to enter text.
☒ Yes. In what format is the accounting
maintained: USCG FOIA/Privacy Act requests &
the Merchant Mariner Licensing and Documentation
System (MMLDS).
☐ Social Media
☐ Advanced analytics 10
PII may be shared, received, or connected to other DHS systems directly, automatically, or by manual processes. Often, these systems are listed
as “interconnected systems” in IACS.
The autonomous or semi-autonomous examination of Personally Identifiable Information using sophisticated techniques and tools to draw
conclusions. Advanced Analytics could include human-developed or machine-developed algorithms and encompasses, but is not limited to, the
following: data mining, pattern and trend analysis, complex event processing, machine learning or deep learning, artificial intelligence, predictive
analytics, big data analytics.
9
10
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 06-2020(USCG)
Page 10 of 14
☐ Live PII data for testing
☒ No
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 06-2020(USCG)
Page 11 of 14
11. Does this Project, Program, or System
use data to conduct electronic searches,
queries, or analyses in an electronic
database to discover or locate a
predictive pattern or an anomaly
indicative of terrorist or criminal
activity on the part of any individual(s)
(i.e., data mining)? 11 This does not
include subject-based searches.
11(a) Is information used for research,
statistical, or other similar purposes? If so,
how will the information be de-identified,
aggregated, or otherwise privacyprotected?
☒ No.
12. Does the planned effort include any
☒ No.
interaction or intervention with human
subjects 12 via pilot studies, exercises,
focus groups, surveys, equipment or
technology, observation of public
behavior, review of data sets, etc. for
research purposes
13. Does the Project, Program, or System
provide role-based or additional
privacy training for personnel who
have access, in addition to annual
privacy training required of all DHS
personnel?
☐ Yes. If yes, please elaborate: Click here to enter
text.
☒ No.
☐ Yes. If yes, please elaborate: Click here to
enter text.
☐ Yes. If yes, please reach out to the DHS
Compliance Assurance Program Office (CAPO) for
independent review and approval of this effort. 13
☒ No.
☐ Yes. If yes, please list: Click here to enter text.
Is this a program involving pattern-based queries, searches, or other analyses of one or more electronic databases, where—
(A) a department or agency of the Federal Government, or a non-Federal entity acting on behalf of the Federal Government, is conducting
the queries, searches, or other analyses to discover or locate a predictive pattern or anomaly indicative of terrorist or criminal activity on the part of
any individual or individuals;
(B) the queries, searches, or other analyses are not subject-based and do not use personal identifiers of a specific individual, or inputs
associated with a specific individual or group of individuals, to retrieve information from the database or databases; and
(C) the purpose of the queries, searches, or other analyses is not solely—
(i) the detection of fraud, waste, or abuse in a Government agency or program; or
(ii) the security of a Government computer system.
12
Human subject means a living individual about whom an investigator conducting research: (1) obtains information or biospecimens through
intervention or interaction with the individual, and uses, studies, or analyzes the information or biospecimens; or (2) obtains, uses, studies, analyzes,
or generates identifiable private information or identifiable biospecimens.
13
For more information about CAPO and their points of contact, please see: https://www.dhs.gov/publication/compliance-assurance-programoffice or https://collaborate.st.dhs.gov/orgs/STCSSites/SitePages/Home.aspx?orgid=36. For more information about the protection of human
subjects, please see DHS Directive 026-04: https://www.dhs.gov/sites/default/files/publications/mgmt/general-science-and-innovation/mgmtdir_026-04-protection-of-human-subjects_revision-01.pdf.
11
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 06-2020(USCG)
Page 12 of 14
14. Is there a FIPS 199 determination? 14
☒ No.
☐ Yes. Please indicate the determinations for each
of the following:
Confidentiality:
☐ Low ☐ Moderate ☐ High ☐ Undefined
Integrity:
☐ Low ☐ Moderate ☐ High ☐ Undefined
Availability:
☐ Low ☐ Moderate ☐ High ☐ Undefined
PRIVACY THRESHOLD REVIEW
(TO BE COMPLETED BY COMPONENT PRIVACY OFFICE)
Component Privacy Office Reviewer:
A.L. Craig
Date submitted to Component Privacy
Office:
April 14, 2022
Concurrence from other Component
Reviewers involved (if applicable):
N/A
Date submitted to DHS Privacy Office:
May 5, 2022
Component Privacy Office Recommendation:
Please include recommendation below, including what new privacy compliance documentation is needed,
as well as any specific privacy risks/mitigations, as necessary.
The USCG is extending the maximum period of validity of merchant mariner medical certificates issued
to first-class pilots and masters or mates serving as pilot from 2 years to 5 years. This rule will reduce the
frequency of medical certification application submissions to the Coast Guard.
First-class pilots and masters and mates who serve as pilot on vessels of 1,600 gross registered tons or
more must submit the results of their annual physical examinations to the Coast Guard between medical
certificate applications if:
FIPS 199 is the Federal Information Processing Standard Publication 199, Standards for Security Categorization of Federal Information and
Information Systems and is used to establish security categories of information systems.
14
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 06-2020(USCG)
Page 13 of 14
(1) the mariner does not meet the physical ability requirements;
(2) the mariner has a condition that does not meet the medical, vision, or hearing requirements;
(3) the mariner is deemed “not recommended” by a medical practitioner for a medical certificate;
(4) upon request by the USCG, the rule will not compromise safety because it maintains the requirement
for pilots to obtain annual physicals and because it provides the Coast Guard opportunity to review the
medical examination of pilots who may become medically unqualified between medical certificate
applications.
The Pilots’ Medical Certificate Validity Period Final Rule is privacy sensitive with coverage provided by
DHS/USCG/PIA-015 Merchant Mariner Licensing and Documentation System and DHS/USCG-030
Merchant Seamen’s Records.
(TO BE COMPLETED BY THE DHS PRIVACY OFFICE)
DHS Privacy Office Reviewer:
Brian Pochatila
DHS Privacy Office Approver (if
applicable):
Riley Dean
Workflow Number:
0022474
Date approved by DHS Privacy Office:
May 5, 2022
PTA Expiration Date
May 5, 2025
DESIGNATION
Privacy Sensitive System:
Category of System:
Determination:
Yes
Rule
If “other” is selected, please describe: Click here to enter text.
☒ Project, Program, System in compliance with full coverage
☐ Project, Program, System in compliance with interim coverage
☐ Project, Program, System in compliance until changes implemented
☐ Project, Program, System not in compliance
PIA:
SORN:
System covered by existing PIA
DHS/USCG/PIA-015 Merchant Mariner Licensing and Documentation System
System covered by existing SORN
DHS/USCG-030 Merchant Seamen's Records, June 25, 2009, 74 FR 30308
DHS Privacy Office Comments:
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 06-2020(USCG)
Page 14 of 14
Please describe rationale for privacy compliance determination above, and any further action(s) that
must be taken by Component.
USCG is submitting this PTA to discuss the Pilots’ Medical Certificate Validity Period Final Rule. The
USCG is extending the maximum period of validity of merchant mariner medical certificates issued to
first-class pilots and masters or mates serving as pilot from 2 years to 5 years. This rule will reduce the
frequency of medical certification application submissions to the Coast Guard.
First-class pilots and masters and mates who serve as pilot on vessels of 1,600 gross registered tons or
more must submit the results of their annual physical examinations to the Coast Guard between medical
certificate applications if:
(1) the mariner does not meet the physical ability requirements;
(2) the mariner has a condition that does not meet the medical, vision, or hearing requirements;
(3) the mariner is deemed “not recommended” by a medical practitioner for a medical certificate;
(4) upon request by the USCG, the rule will not compromise safety because it maintains the requirement
for pilots to obtain annual physicals and because it provides the Coast Guard opportunity to review the
medical examination of pilots who may become medically unqualified between medical certificate
applications.
The purpose of this system is to administer the Merchant Mariner Credentialing Program to determine
domestic and international qualifications for the issuance of seaman credentials with domestic and
international endorsements, licenses, documents, and staff officer certifications. This includes establishing
eligibility for a merchant mariner’s credential, duplicate credential, or additional endorsements issued by
the USCG and establishing and maintaining continuous records of the person’s documentation
transactions. SSNs are only required for new initial applicants that have not been issued a merchant
mariner credential
DHS Privacy concurs this Final Rule privacy sensitive requiring PIA and SORN coverage. PIA coverage
provided by DHS/USCG/PIA-015 Merchant Mariner Licensing and Documentation System, WHICH
permits USCG to manage the issuance of credentials to Merchant Mariners and process and track
merchant mariner applications.
DHS/USCG-030 Merchant Seamen’s Records administers the Commercial Vessel Safety Program to
determine domestic and international qualifications for the issuance of licenses, documents, and staff
officer certifications.
File Type | application/pdf |
File Title | DHS PRIVACY OFFICE |
Author | marilyn.powell |
File Modified | 2022-05-06 |
File Created | 2022-05-06 |