1625-0100 Privacy Impact Assessment (PIA)

privacy-pia-update-uscg-noad-ais-04-28-2015.pdf

Advance Notice of Vessel Arrival

1625-0100 Privacy Impact Assessment (PIA)

OMB: 1625-0100

Document [pdf]
Download: pdf | pdf
Privacy Impact Assessment Update
for the

Vessel Requirements for the Notice of Arrival
and Departure (NOAD) and Automatic
Identification System (AIS) Rulemaking
DHS/USCG/PIA-006(b)
April 28, 2015
Contact Point
Mr. Nicholas Andersen
Coast Guard Intelligence (CG-26)
Department of Homeland Security
202-372-2780
Reviewing Official
Karen L. Neuman
Chief Privacy Officer
Department of Homeland Security
202-343-1717

Privacy Impact Assessment Update
DHS/USCG/PIA-006(b) Vessel Requirements for NOAD and AIS
Page 1

Abstract
This Privacy Impact Assessment (PIA) updates the previous “Vessel Requirements for
Notice of Arrival and Departure and Automatic Identification System Notice of Proposed
Rulemaking” PIA dated November 19, 2008. The United States Coast Guard (USCG) is
updating this PIA following a recently published final rule after considering comments received
on the notice of proposed rulemaking (NPRM) published December 16, 2008. The USCG
prepared this PIA update because the Notice of Arrival (NOA) portion of this final rule requires
an expansion of an existing collection of personally identifiable information (PII).

Introduction
Under authority of the Ports and Waterways Safety Act (PWSA), 1 which authorizes the
promulgation of regulations to require the receipt of arrival notices from vessels destined for a
port or place subject to the jurisdiction of the United States, the Coast Guard published a Notice
of Proposed Rulemaking (NPRM) in 2008 that proposed to modify its existing Notice of Arrival
(NOA) regulatory requirements. 2 After considering comments on that proposed rule, the Coast
Guard is issuing a final rule that will change existing NOA requirements. 3
Under the newly issued final rule, 4 USCG expanded the NOA regulations to include: (a)
foreign commercial vessels 300 gross tons (GT) or less than transit two or more Captain of the
Port zones (COTP); 5 and (b) U.S. commercial vessels 300 GT or less coming from a foreign port
or place. The final rule also modifies related reporting content, timeframes, and procedures. The
Automatic Identification System (AIS) regulations 6 only apply to commercial vessels. The U.S.
Coast Guard uses the combination of NOA and AIS data to improve navigation safety, enhance
the ability to identify and track vessels, and heighten overall maritime domain awareness
(MDA), thus helping address threats to maritime transportation safety and security.
The final rule adds five fields to the NOA information collection requirement, only three
of which are new to industry: (1) the Maritime Mobile Service Identity (MMSI) number; (2)
whether a vessel is 300 GT or less; and (3) whether the vessel’s voyage time is less than 24
hours. An MMSI number is a series of nine digits that are sent in digital form over a radio
frequency channel to uniquely identify ships. For a vessel with AIS, 7 the MMSI allows the
1

33 U.S.C. § 1221 et seq.
33 CFR part 160.
3
The Coast Guard received considerable public comment on this rulemaking. USCG provided a 4-month comment
period for the proposed rule. It received 91 written submissions, and 27 persons made oral statements at the public
meetings. There were approximately 475 comments in response to the USCG NPRM.
4
80 FR 5282.
5
Captain of the Port means the Coast Guard officer designated by the Commandant to command a Captain of the
Port Zone as described in 33 CFR part 3.
6
Current AIS requirements are found in 33 CFR 164.46.
7
AIS means a maritime navigation safety communications system standardized by the International
2

Privacy Impact Assessment Update
DHS/USCG/PIA-006(b) Vessel Requirements for NOAD and AIS
Page 2

vessel to recognize other vessels around it (on a visual display) that also have AIS. This aids in
situational awareness and collision avoidance. The MMSI is assigned by a vessel’s Flag
Administration. For U.S. commercial vessels, the Federal Communications Commission (FCC)
assigns MMSI numbers.
The two other fields – (4) last port of departure, and (5) arrival and departure date for last
port of departure – are currently required 8 but the Coast Guard is expanding to capture the last
port of departure (whether foreign or domestic), the arrival and departure date, and the last 5
foreign ports or places visited and the dates of arrival and departure for those five visits. In
addition, the final rule removes the submission of a consolidated NOA and the three ports-to-bevisited fields associated with those submissions.
Using Maritime Transportation Security Act of 2002 (MTSA) authority, 9 this final rule
also expands AIS requirements 10 beyond Vessel Traffic Service (VTS) areas to all U.S.
navigable waters, removes an exception for passenger and fishing vessels from the applicability
threshold for commercial vessels 65 feet or more in length, and expands applicability to certain
dredges and vessels moving certain dangerous cargo (CDC) or flammable or combustible liquid
cargo in bulk. Unlike NOA, these AIS requirements do not involve the collection of PII. These
requirements for additional commercial vessels to install and use AIS are consistent with
statutory requirements and in limited cases rely on the Secretary’s discretionary authority. The
Coast Guard has identified dredges as the only vessels that will be required to install AIS based
solely on the Secretary’s discretionary authority to decide which vessels need AIS for safe
navigation purposes. 11 The final rule will enhance our overall maritime domain awareness
(MDA) by allowing the Coast Guard to retrieve more AIS and NOA data to meet the safety and
security objectives of the MTSA and the PWSA.

Reason for the PIA Update
All NOA information is collected through eNOAD. USCG retains the information by
vessel in the Ship Arrival Notification System (SANS), which is operated by the National Vessel
Movement Center (NVMC) at the USCG’s Operations Systems Center (OSC) in Kearneysville,
WV. SANS provides a central location for all collected information from vessels scheduled to
enter the United States.
Telecommunication Union (ITU), adopted by the International Maritime Organization (IMO), that—
(1) Provides vessel information, including the vessel’s identity, type, position, course, speed, navigational
status, and other safety-related information automatically to appropriately equipped shore stations, other ships,
and aircraft;
(2) Receives automatically such information from similarly fitted ships, monitors, and tracks ships; and
(3) Exchanges data with shore-based facilities.
8
See 33 CFR 160.206, Table 160.206(2)(i) and (ii).
9
MTSA (46 U.S.C. § 70114) specifies which vessels must carry AIS.
10
Current AIS requirements are found in 33 CFR 164.46.
11
46 U.S.C. § 70114(a)(1)(D).

Privacy Impact Assessment Update
DHS/USCG/PIA-006(b) Vessel Requirements for NOAD and AIS
Page 3

Currently, NOA information is received at the NVMC via e-mail, facsimile, telephone,
and electronically at https://enoad.nvmc.uscg.gov/. SANS makes NOA information available to
Coast Guard personnel stationed at various Captain of the Port zones, the Intelligence
Coordination Center (ICC), and the National Maritime Intelligence Center (NMIC). For port
safety issues, NOAD is reviewed to determine whether inspections are required on a particular
vessel, or if there is a need to establish safety zones, escorts, boardings, and other safety
operations.
The USCG has conducted this update to the PIA because the NOAD and AIS final rule
will increase the number of individuals about whom PII is collected and stored in the SANS, 12
and will add new data fields.

Privacy Impact Analysis
The System and the Information Collected and Stored within the System
The increase in vessel NOA reports will come from U.S. and foreign vessels less than
300 GT arriving in a U.S. port or place from a foreign port. The NOA reports will include data
on crew members and passengers. The crewmember/passenger data 13 from vessels less than 300
GT is identical to that data collected now from vessels 300 GT or more. The data will be
received, stored, and handled in the same manner as the data currently received from larger
vessels.
As noted in the Introduction section above, the Coast Guard is adding three new NOA fields:
•

The Maritime Mobile Service Identity (MMSI) number;

•

Whether a vessel is 300 GT or less; and

•

Whether the vessel’s voyage time is less than 24 hours.

These new data fields are beyond what is currently called for in the regulation, but were
included in the Coast Guard NPRM and NOAD and AIS PIA. None of these new data fields
contain PII; rather the fields are specific to the vessel. The MMSI is a unique identity number
used during radio transmissions from the AIS unit. The MMSI helps distinguish one vessel’s AIS
reports from another vessel’s reports. It is similar to a radio call sign. The new data fields about
vessel tonnage and voyage time are specific to the vessel and it voyage and contain no PII.

12

Information is retrieved from the SANS by vessel and not by personal identifier. USCG safeguards NOAD data in
the SANS in accordance with applicable laws, rules, and policies. The NOA data in SANS is cover by a
DHS/USCG-029 Notice of Arrival and Departure System of Records.
13
The crewmember/passenger data is detailed in SORN DHS/USCG-029.

Privacy Impact Assessment Update
DHS/USCG/PIA-006(b) Vessel Requirements for NOAD and AIS
Page 4

Uses of the System and the Information
The uses of PII have not changed with this update, and no new privacy risks have been
identified. New fields added pursuant to the new regulation do not contain PII.
Retention
The retention schedules have not changed. 14
Internal Sharing and Disclosure
The internal sharing and disclosure have not changed with this update, and no new
privacy risks have been identified.
External Sharing and Disclosure
The external sharing and disclosure have not changed with this update, and no new
privacy risks have been identified.
Notice
To provide extensive notice of the expanded collection and revised rulemaking, Coast
Guard provided a four month comment period for the proposed rule. Coast Guard received 91
written submissions, and 27 persons made oral statements at Coast Guard public meetings. There
were approximately 475 comments in response to the NPRM.
Information in SANS is retrieved by Vessel Name, Vessel ID Number, State, Port, or
Captain of the Port Zone (geographical location), and therefore is not covered under the Privacy
Act because information is not retrieved by a personal identifier. As outlined in the original PIA,
because SANS data is used by other IT systems in order to vet, screen, or analyze information on
individuals, Coast Guard nonetheless published a SORN for Notice of Arrival and Departure
information that details the scope, sharing, and information access procedures for NOAD data at
USCG. 15 In addition to the NOAD SORN, USCG has previously provided notice of the use of
NOAD information in the Marine Information for Safety and Law Enforcement and the
Maritime Awareness Global Network SORNs. 16
Individual Access, Redress, and Correction
Access, redress, and correction have not changed with this update, and no new privacy
risks have been identified.

14

NARA’s Request for Records Disposition Authority, dated 5.31.05, job Number N1-026-05-11.
DHS/USCG-029 Notice of Arrival and Departure SORN 79 FR 64812 (October 31, 2014).
16
See DHS/USCG-013 Marine Information for Safety and Law Enforcement SORN 74 FR 30305 (June 25, 2009)
and DHS/USCG-061 Maritime Awareness Global Network SORN 73 FR 28143 (May 15, 2008).
15

Privacy Impact Assessment Update
DHS/USCG/PIA-006(b) Vessel Requirements for NOAD and AIS
Page 5

Technical Access and Security
The technical access and security have not changed with this update, and no new privacy
risks have been identified.
Technology
The technology has not changed with this update, and no new privacy risks have been
identified.

Responsible Official
Mr. Nicholas Andersen
Coast Guard Intelligence (CG-26)
Department of Homeland Security

Approval Signature
Original signed copy on file with the DHS Privacy Office.
________________________________
Karen L. Neuman
Chief Privacy Officer
Department of Homeland Security


File Typeapplication/pdf
File TitleDHS-USCG-PIA-006(b) Vessel Requirements for the Notice of Arrival and Departure (NOAD) and Automatic Identification System (AIS)
SubjectDepartment of Homeland Security Privacy Impact Assessement Update
AuthorDHS Privacy Office
File Modified2015-04-28
File Created2015-04-28

© 2024 OMB.report | Privacy Policy