Download:
pdf |
pdfPrivacy Impact Assessment Update
for the
myUSCIS Account Experience
DHS/USCIS/PIA-071(a)
June 28, 2019
Contact Point
Donald K. Hawkins
Privacy Officer
U.S. Citizenship and Immigration Services
(202) 272-8030
Reviewing Official
Jonathan R. Cantor
Acting Chief Privacy Officer
Department of Homeland Security
(202) 343-1717
Privacy Impact Assessment Update
DHS/USCIS/PIA-071(a) myUSCIS Account Experience
Page 2
Abstract
U.S. Citizenship and Immigration Services (USCIS) operates myUSCIS Account
Experience, a personalized online environment that helps individuals navigate the immigration
process. Through myUSCIS, individuals are able to establish an online account to electronically
manage their account and profile, file immigration request forms, access submitted and USCISgenerated documents, and view case status information. myUSCIS Account Experience is being
updated to: (1) employ the use of data streaming services to interface with other USCIS
information systems; (2) interconnect with the Computer Linked Application Information
Management System 3 (CLAIMS 3), GLOBAL (not an acronym), and Investor File Adjudication
Case Tracker (INFACT) case management systems; (3) include the electronic submission of
additional USCIS forms; (4) interface with the Content Management Services (CMS); and (5) use
the Profile Manager to manage the profile for all myUSCIS account holders. This PIA evaluates
the privacy risks and mitigations associated with these updates to the collection, use, and
maintenance of personally identifiable information (PII).
Overview
U.S. Citizenship and Immigration Services (USCIS) is the component of the Department
of Homeland Security (DHS) that oversees lawful immigration to the United States. USCIS’
mission includes receiving and adjudicating a wide variety of immigration and non-immigration
benefits and requests (“immigration requests”). USCIS historically operated under a paper form
intake process requiring USCIS adjudicators to use a variety of case management systems to
adjudicate benefit requests and issue written notices. USCIS is moving from a paper-based
environment to a digital environment—in which filing, adjudication, and communication are all
electronic. USCIS is continuously striving to expand opportunities for individuals to further
engage with USCIS in a secure online environment as part of its mission.
USCIS established myUSCIS Account Experience to offer immigration requestors and
legal representatives (account holders) a secure digital environment for a personalized and
seamless immigration experience. Through myUSCIS Account Experience, individuals are able
to create an authenticated and secure account to securely use various digital services that support
the immigration request process and allow access to pending case information. Secure online
accounts also allow individuals to manage their account, profile, and case information with USCIS.
myUSCIS Account Experience offers the following six core digital services along with
several supporting functions and capabilities:
1. Onboarding allows account holders to establish a secure account with USCIS.
2. Account Home serves as the central location for account holders to manage their case
with USCIS. Account holders are able to save information throughout the request filing process
Privacy Impact Assessment Update
DHS/USCIS/PIA-071(a) myUSCIS Account Experience
Page 3
and return at a later time to submit or delete their draft case. Account holders who successfully
submit their case are able to manage their active cases from the beginning until the end.
3. Digital Forms allows account holders to electronically file applications and petitions.
The digital immigration request forms collect the same information as the corresponding
paperform. Prior to initiating the request, USCIS provides the account holder with a Privacy Notice
covering the particular immigration request at the time of that collection. The immigration request
forms and service types are dynamic, meaning that questions dynamically expand or become
disabled as the account holder progresses through the request.
4. Case Activity offers a holistic view of a single case as well as a view into an account
holder’s full immigration history with USCIS. The Case Activity modules notify the account
holder of major milestones such as receipt of an immigration request form or upcoming biometric
and interview appointments. Case updates associated with a receipt number are sent electronically
on a daily basis to myUSCIS Account Experience.
5. Document Center serves as a repository of documents and notices specific to the
account holder that are integral to the immigration process. Account holders are able to upload and
view evidence submitted in support of an electronically-filed or paper-filed application or petition
and reuse evidence submitted previously for new forms or USCIS requests.
6. Secure Messaging provides access to live assistance within the account. This secure
online account allows account holders to manage their account, profile, and case information with
USCIS.
Together, these modules provide individuals with a cohesive and seamless experience with USCIS.
Reason for the PIA Update
Historically, legacy Immigration Naturalization Service (INS) and USCIS handled
immigration requests in a purely paper world. Applicants, petitioners, and other immigration
related requestors (“immigration requestors”) mailed paper forms to designated physical addresses
or P.O. boxes. Any supporting evidence or supplements to an immigration request similarly had
to be submitted by mail or delivered in-person. USCIS stored submitted material in a physical file
associated with the individual, known as an Alien File (A-File). Immigration requests were
reviewed and adjudicated on paper, and any requests for additional evidence, decision notices, or
other materials associated with the adjudication of immigration requests had to be physically
mailed, receipted, and stored. More recently, technological advances in the breadth and quality of
digital solutions have created more efficient and convenient alternatives to traditional paper
methods for handling immigration requests.
Privacy Impact Assessment Update
DHS/USCIS/PIA-071(a) myUSCIS Account Experience
Page 4
USCIS is modernizing its administration and adjudication of immigration requests through
electronic processing (hereinafter referred to as eProcessing).1 eProcessing encompasses the
electronic submission, adjudication, communication, and all practices and procedures associated
with the paperless processing of immigration requests or other documents submitted to USCIS.2
USCIS is currently in the process of making all immigration request forms available for online
filing and electronic processing. myUSCIS Account Experience supports the eProcessing initiative
by making immigration requests forms available to account holders for electronic filing, as well
as supporting the electronic engagement with USCIS.3
USCIS plans to adapt existing operational systems and integrate new services to enhance
the processing of electronically filed immigration request forms. USCIS has historically built large
systems that performed functions that were aligned with specific benefit types or operational
directorates (e.g., Field Operations Directorate (FOD), Service Center Operations Directorate
(SCOPS), Refugee, Asylum, and International Operations (RAIO)). These system were originally
built to support the paper process for specific directorates, which has limited USCIS’ ability to
integrate systems within USCIS operations. As part of its modernization effort, USCIS is moving
away from siloed benefit-specific systems to functionally-aligned services that holistically support
USCIS operations. USCIS is integrating myUSCIS Account Experience with existing USCIS case
management systems and other support systems to support the electronic processing and
adjudication of electronically filed immigration requests.
Since the publication of DHS/USCIS/PIA-071, USCIS has made several updates to
myUSCIS in support of eProcessing. Upon publication of this PIA, myUSCIS will (1) employ the
use of data streaming services to interface with other USCIS information systems; (2) expand its
support for the electronic submission of electronically filed immigration requests with connections
to the Computer Linked Application Information Management System 3 (CLAIMS 3),4
GLOBAL5 (not an acronym), and Investor File Adjudication Case Tracker (INFACT) case
management systems;6 (3) accept the electronic submission of additional USCIS forms;7 (4)
interface with the Content Management Services (CMS)8 via the STACKS user interface to
retrieve case-specific content maintained in the CMS; and (5) use the Profile Manager to create
and manage an electronic profile for all myUSCIS account holders who successfully submit an
immigration request.
1
Immigration files currently in paper form will remain as such until an individual affirmatively requests an
additional benefit or until the record is otherwise used in an administrative context.
2
Proposed 8 CFR § 107.1(a))
3
Please see Appendix A for a full list for immigration request forms available for electronic filing.
4
See DHS/USCIS/PIA-016(a) Computer Linked Application Information Management System 3 (CLAIMS 3) and
Associated Systems, available at www.dhs.gov/privacy.
5
See DHS/USCIS/PIA-027(a) Asylum Division, available at www.dhs.gov/privacy.
6
See EB-5 PIA, available at www.dhs.gov/privacy.
7
See Appendix B to view the list of USCIS forms available for electronic submission.
8
See CMS PIA, available at www.dhs.gov/privacy.
Privacy Impact Assessment Update
DHS/USCIS/PIA-071(a) myUSCIS Account Experience
Page 5
Data Streaming Services
myUSCIS Account Experience is integrating with data streaming services9 to share data
with applicable USCIS systems and eProcessing services. Data streaming services act as
intermediary messengers to effectively and efficiently move data among USCIS systems in near
real-time. The use of these services allows USCIS to transport data without the technical and
administrative burden usually placed on the operating systems. myUSCIS Account Experience
uses the data streaming services to route the submitted immigration requests to the correct case
management systems or support system.
Once an immigration request is submitted via the myUSCIS Account Experience,
myUSCIS places the encrypted data from the application on the data streaming service with an
indicator that identifies the case management system or support system that will store the data.
The applicable case management system or support system then receives the message and decrypts
the application data for storage and case processing. The data streaming services provide high
availability and resiliency for data and uses an event-driven design when events or changes to a
source system trigger an update to the recipient system.
Case Management System Interfaces
Previously myUSCIS Account Experience replaced all aspects of the public-facing USCIS
Electronic Immigration System (USCIS ELIS) and enabled the submission of a select number of
USCIS forms. USCIS ELIS continues to serve as an internal electronic case management system
for electronically filed immigration request forms. USCIS ELIS supports a series of processing
and adjudication actions, such as case receipt and intake, biometric collection appointment
generation, case specific processing and management, automated background checks, interview
appointment scheduling, final decision rendering, and production of the proof of benefit. For each
step in the process, USCIS ELIS sends updates with the latest case status to myUSCIS Account
Experience to provide the immigration requestor with the latest status of the requestor’s benefit
filing.
USCIS is integrating myUSCIS Account Experience with other existing case management
systems to expand the immigration request types that may be electronically filed with USCIS.
myUSCIS Account Experience is being updated to include the following case management
systems:
•
9
Computer Linked Application Management System 3 (CLAIMS 3) is used to manage
the adjudication process for most domestically-filed, immigration benefit filings with the
See Data Streaming Services PIA, available at https://www.dhs.gov/privacy.
Privacy Impact Assessment Update
DHS/USCIS/PIA-071(a) myUSCIS Account Experience
Page 6
exception of naturalization, intercountry adoption, and certain requests for asylum and
refugee status.10
•
Global (not acronym) is used to support the screening of individuals during the credible
fear, reasonable fear, affirmative asylum,11 defensive asylum,12 and Nicaraguan
Adjustment and Central American Relief Act (NACARA) processes. Global provides the
means for tracking of asylum cases as they progress from application filing through final
determination/decision or referral to the U.S. Immigration Courts.13
•
Investor File Adjudication Case Tracker (INFACT) supports the case management
needs in support of the FOD Immigrant Investor Program Office (IPO).14
A key aspect to the eProcessing initiative is the continual roll out of electronic immigration request
forms until all USCIS forms are available for electronic submission via the myUSCIS Account
Experience. Each form type is designated to a certain case management system. Electronically
submitted immigration requests are routed to the applicable case management system (i.e., USCIS
ELIS, CLAIMS 3, Global, and INFACT) after submission to myUSCIS Account Experience
through the use of the data streaming services, ensuring that only the relevant cases are sent to
each system. The data streaming services use a technical filter that allows only the immigration
requests processed by a specific case management system to be available to that system.15
myUSCIS Account Experience does not retain the information that is sent to the case management
system.
Similarly to USCIS ELIS, CLAIMS 3, Global, and INFACT are responsible for a series of
case processing and adjudication actions, such as case receipt and intake, biometric collection
appointment generation, case specific processing and management, automated background checks,
interview appointment scheduling, final decision rendering, and production of the proof of benefit.
For each step in the case management process, CLAIMS 3, Global, and INFACT update myUSCIS
10
See DHS/USCIS/PIA-016(a) Computer Linked Application Information Management System (CLAIMS 3) and
Associated Systems, available at https://www.dhs.gov/privacy.
11
USCIS is responsible for the administration and adjudication of the affirmative asylum applications. To obtain
affirmative asylum, the individual must be physically present in the United States. An individual may apply for
affirmative asylum status regardless of how he or she arrived in the United States or his or her current immigration
status.
12
A defensive application for asylum occurs when an individual requests asylum as a defense against removal from
the United States. In defensive asylum cases, the individual is currently in removal proceedings in immigration court
with the Department of Justice’s Executive Office for Immigration Review (EOIR). Global requests ASC
appointments, and initiates TECS (not an acronym) and Federal Bureau of Investigation (FBI) namechecks, which
are background check procedures performed by the U.S. Customs and Border Protection (CBP) and FBI,
respectively.
13
See DHS/USCIS/PIA-027 USCIS Asylum Division, available at https://www.dhs.gov/privacy.
14
See EB-5 PIA, available at www.dhs.gov/privacy.
15
As new forms become available for electronic submission, USCIS will update Appendix B, and identify the
designated case management systems, of this PIA.
Privacy Impact Assessment Update
DHS/USCIS/PIA-071(a) myUSCIS Account Experience
Page 7
Account Experience to share with the immigration requestor the latest case status of his or her
electronically-filed immigration request.
Content Management Services
USCIS uses Content Management Services (CMS)16 to store all electronically filed
immigration requests and evidence via myUSCIS Account Experience, and USCIS-generated
correspondence created via Enterprise Correspondence Handling Online (ECHO).17 CMS is a
back-end repository of all digital immigration-related content. CMS supports USCIS’ storage and
management of digital immigration-related content in support of intake, case adjudication, and
records management. All documents are indexed using a unique identifier (i.e., receipt number) to
associate filings and associated documents in CMS to a particular immigration request.18
myUSCIS Account Experience account holders are able to access the immigration content
submitted including a copy of the immigration request form in its entirety as well as all associated
supporting evidence and documentation by logging into their accounts. USCIS adjudicators are
able to access the content related to a specific benefit request via a user interface called, STACKS,
or through separate USCIS interconnected systems.
Profile Manager Service
myUSCIS Account Experience is integrating with the Person Centric Services (PCS)
Profile Manager Service (hereafter referred to as Profile Manager) to manage the myUSCIS
Account Experience user’s profile data. The Profile Manager creates the user profile to store a
limited amount of declared requestor or legal representative information. Profile creation occurs
after an account holder successfully submits an immigration request via the myUSCIS Account
Experience, the form has been paid for, and the case has become operationalized. myUSCIS
Account Experience sends the profile information via the data streaming services to the Profile
Manager.
After the submission of the request, a USCIS profile is created for the account holder and
stored within the Profile Manager. The Profile Manager stores the following declared information
submitted by the account holder:
•
•
•
•
•
16
USCIS Receipt Number*
First name
Last name*
Date of Birth*
Physical address
See DHS/USCIS/PIA-079 Content Management Services, available at www.dhs.gov/privacy.
See DHS/USCIS/PIA-063 Benefit Decision and Output Processes, available at https://www.dhs.gov/privacy.
18
A person-centric model goes beyond simply associating case records to an individual. This model provides a
consolidated view of an individual’s entire immigration history through the digital content associated with his or her
interactions.
17
Privacy Impact Assessment Update
DHS/USCIS/PIA-071(a) myUSCIS Account Experience
Page 8
•
•
•
•
•
•
•
Mailing address*
Alien Number
Social Security number (SSN)
Country of Birth
Country of Citizenship
Daytime phone number
USCIS Account Number*
*denotes minimum fields required for the creation of a profile
Prior to submission of the immigration request, the account holder is able to review all of the
information, including the data fields used to create a profile, which he or she will be submitting
to USCIS for accuracy and completeness.
After the profile is created, the account holder can log into his or her myUSCIS account
and view his or her profile information by clicking on the Profile Tab. The Profile displays the
account holder’s full name, date of birth, physical and mailing addresses, and daytime phone
number. On this tab, the user can edit his or her physical address, mailing address, and daytime
phone number. Updates are communicated to the Profile Manager and reflected back to the
myUSCIS Account Experience account holder on the Profile Tab within the account.
To enable the applicable USCIS case management systems to receive a notification of the
profile changes, the Profile Manager posts an encrypted notification to the data streaming service
containing the updated information and the individual’s Unique User ID. In addition, if an
applicant submits an additional form, the Profile Manager uses the latest form information to
update the profile. Any updates to the account holder’s myUSCIS Account Experience account
profile (i.e., physical and mailing addresses, and daytime phone number) only impacts the filing
submissions processed through USCIS ELIS, CLAIMS 3, Global, and INFACT. Address changes
made in the Profile Manager Service does not satisfy the INA requirement to keep addresses upto-date. Account holders are required to file a paper or electronic Form AR-11 in order to legally
update their address with USCIS.
Privacy Impact Analysis
Authorities and Other Requirements
The authority to collect and use information, including SSN, does not change with this
update. The authority to collect information is found within the Immigration and Nationality Act
(INA), 8 U.S.C. §§ 1103, 1201, and 1255.
The information collected, used, maintained, and stored in myUSCIS Account Experience
is covered under the following SORNs:
Privacy Impact Assessment Update
DHS/USCIS/PIA-071(a) myUSCIS Account Experience
Page 9
•
DHS/USCIS/ICE/CBP-001 Alien File, Index, and National File Tracking System of
Records19 covers documentation and maintenance of an individual’s immigration
application, petitions, and requests as he or she passes through the U.S. immigration
process;
•
DHS/USCIS-007 Benefits Information System20 permits USCIS’ collection, use,
maintenance, dissemination, and storage of paper and electronic benefit request
information. This includes case processing and decisional data not included in the AFile SORN. It also covers case specific information that is collected and shared with
online account holders;
•
DHS/USCIS-010 Asylum Information and Pre-Screening System of Records21 covers
the information collected during the ingestion of the I-589 and I-881 forms; and
•
DHS/ALL-037 E-Authentication Records System of Records22 covers information
collected to create and authenticate an individual’s identity for the purpose of obtaining
a credential to electronically access a DHS program or application.
This update does not change the Authority to Operate (ATO) for myUSCIS.
This update does not change the records schedule.
This update does not impact the Paperwork Reduction Act (PRA) requirements for the
myUSCIS Account Experience. The OMB Control number for online account creation is 16150122 (there is no corresponding agency number). Each immigration request form or service type
filed through myUSCIS Account Experience has an existing OMB Control number that covers the
electronic information collection. An updated list is available in Appendix A and B.
Characterization of the Information
USCIS continues to collect the information outlined in Section 2.0 of the DHS/USCIS/PIA071 myUSCIS Account Experience. This PIA update expands the immigration forms that may be
submitted electronically. Information collected from each benefit request form or service type
varies and not all forms collect the same information. Generally, immigration request forms collect
biographic information about the immigration requestor, beneficiaries, legal representatives,
interpreter, and preparer. A full account of what data is requested for each immigration benefit and
service type may be viewed by referencing the forms associated with each immigration benefit or
service type in Appendix A and B.
19
DHS/USCIS/ICE/CBP-001 Alien File, Index, and National File Tracking System of Records, 82 FR 43556
(October 18, 2017).
20
DHS/USCIS-007 Benefits Information System, 81 FR 72069 (October 19, 2016).
21
DHS/USCIS-010 Asylum Information and Pre-Screening System of Records, 80 FR 74781 (November 30, 2015)
22
DHS/ALL-037 E-Authentication Records System of Records, 79 FR 46857 (August 11, 2014).
Privacy Impact Assessment Update
DHS/USCIS/PIA-071(a) myUSCIS Account Experience
Page 10
This update does not impact the sources of information collected. USCIS continues to
collect information directly from the immigration requestor and/or legal representative. Instead of
solely collecting information via paper forms, USCIS is continuing its information collection
efforts to include the electronic filing of additional forms via the myUSCIS online portal.
This update does not impact the use of information from commercial sources or publicly
available data.
myUSCIS Account Experience continues to collect user profile, biographic information,
and supplemental evidence directly from the account holder (i.e., individual or his or her
representative); therefore, USCIS is dependent upon the accuracy of the information provided by
the account holder. To ensure the accuracy and integrity of the information, account holders are
provided with the opportunity to review and edit information prior to its submission.
Privacy Risk: myUSCIS Profile may capture outdated, inaccurate, irrelevant, or
incomplete information through the electronically submitted forms.
Mitigation: This risk is mitigated because the account holder has the ability to review
information included in his or her myUSCIS Account Profile prior to submission to USCIS and at
any time after the profile has been created. USCIS account holders provide information to
myUSCIS Account Experience directly to ensure accuracy of information. Prior to the submission
of information, myUSCIS Account Experience provides the individual with an opportunity to enter
biographic information, review its accuracy, and amend it. Information submitted by the legal
representative requires the benefit requestor to review the filing prior to electronically signing the
form. The benefit requestor is required to check a box attesting that he or she has reviewed the
information. This ensures the accuracy and integrity of the benefit request form prior to
submission.
In addition, after the information is submitted to USCIS and is added to the account
holder’s profile, the account holder may log into his or her myUSCIS account at any time to review
the profile information and make any updates if necessary. Account holders can update the
physical address, mailing address, and daytime phone number. Updating the physical and mailing
address does not legally update their address with USCIS and does not update the official change
of address systems. The updated profile information is then provided to the applicable case
management system via the data streaming service.
Privacy Risk: There is a risk that by myUSCIS transferring information received on
immigration request forms to multiple interconnected systems via the data streaming services it
could lead to the inaccurate and untimely delivery of data to USCIS systems.
Mitigation: This risk is partially mitigated. USCIS transfers immigration request data to
the case management systems (USCIS ELIS, CLAIMS 3, Global, and INFACT), which are the
appropriate systems of record for this information. Any time information is updated, the update
will be made in the case management system to ensure all changes are recorded at the authoritative
Privacy Impact Assessment Update
DHS/USCIS/PIA-071(a) myUSCIS Account Experience
Page 11
source of the data. Any requests for the immigration request data will be sent from the case
management systems to ensure that the authoritative source is queried and correct information is
provided.
Privacy Risk: There is a risk that inaccurate or incomplete data will be transferred from
myUSCIS to the case management systems via the data streaming services.
Mitigation: This risk is mitigated. Previously, information was manually entered into each
case management system from the immigration request form. With this practice, there was an
increased risk of inaccurate data being captured and stored within these systems and that data
relating to an immigration requestor could be different in different systems. USCIS mitigated this
risk as best as possible through training, supervisor reviews, and ongoing quality assurance
reviews. With this update, data is entered into myUSCIS directly from the immigration requestor
and is then encrypted, transported, and delivered “as is” to the appropriate case management
systems via the data streaming services, As appropriate, this system is responsible for reformatting
and standardizing the representation of the data. This process ensures the data integrity from the
intake of the information to the receipt of the information by the other system. The data streaming
services continuously extracts, replicates, and loads myUSCIS information in real-time to keep
that system data consistent with the data in myUSCIS. Since the data streaming service is
continuously refreshing, it is able to identify changes and immediately update case management
systems with the corrected information.
Uses of the Information
USCIS continues to use the information it collects from account holders in the same
manner as outlined in Section 3.0 of the DHS/USCIS/PIA-071 myUSCIS Account Experience.
USCIS is integrating myUSCIS Account Experience with existing USCIS case management
systems and new support systems to enhance the overall immigration experience of the account
holder. Account holders continue to manage their account and profile, electronically file benefit
request forms, access submitted evidence and USCIS-generated documents, and view case status
information through myUSCIS Account Experience. Access to the data stored in myUSCIS
Account Experience, as well as the system, is limited to account holders (i.e., immigration
requestors and legal representatives). There are no additional risks to the uses of information.
Notice
USCIS provides general notice to the public about system changes through this PIA update.
USCIS continues to provide general notice to account holders through the publication of associated
SORNs and through the USCIS website. Additionally, myUSCIS Account Experience provides a
Privacy Notice prior to the submission of any information. The Privacy Notice notifies the account
holder about the authority to collect the information requested, the purposes of collection, USCIS’
Privacy Impact Assessment Update
DHS/USCIS/PIA-071(a) myUSCIS Account Experience
Page 12
routine uses of the information, and the consequences of an account holder providing or declining
to provide the information to USCIS.
Privacy Risk: There is a privacy risk that myUSCIS Account Experience account holders
are unaware that the change of address functionality does not satisfy the legal requirement for the
applicant, petitioner, or requestor to notify DHS of any change of address as required by section
254 of the INA.
Mitigation: This risk is partially mitigated. Individuals who currently have a myUSCIS
Account Experience online account may submit their address changes in myUSCIS Account
Experience for correspondence purposes only. myUSCIS Account Experience notifies individuals,
while updating their profile, that they are also required to file a paper or electronic Form AR-11 in
order to legally update their address with USCIS. This PIA also provides notice to file a separate
Form AR-11 to satisfy section 254 of the INA.
Data Retention by the project
The records schedule does not change with this update. There are no additional risks to
data retention.
Information Sharing
This PIA update does not impact the information sharing practices as outlined in Section
6.0 of the DHS/USCIS/PIA-071 myUSCIS Account Experience. There are no additional risks to
information sharing.
Redress
This PIA update does not impact how access, redress, and correction may be sought from
USCIS. myUSCIS Account Experience allows account holders to directly and securely engage
with USCIS to obtain pertinent immigration case-related information. Account holders who
created online accounts must authenticate their identity using the username, password, and
authentication code. Once authenticated, individuals may access the information they used to
create their profiles, such as name and address information, as well as the case specific information
prior to official submission to USCIS.23
Additionally, an individual seeking access to his or her information held by USCIS may
continue to gain access to his or her records by filing a Freedom of Information Act (FOIA) or
Privacy Act request. Individuals not covered by the Privacy Act may obtain access to records
consistent with FOIA unless disclosure is prohibited by law or if the agency reasonably foresees
23
The account creation and authentication process is discussed in DHS/USCIS-071 myUSCIS Account Experience,
available at www.dhs.gov/privacy.
Privacy Impact Assessment Update
DHS/USCIS/PIA-071(a) myUSCIS Account Experience
Page 13
that disclosure would harm an interest protected by an exemption. Any account holder seeking
access to his or her information should direct their request to the following address:
USCIS National Records Center (NRC)
FOIA/PA Office
P.O. Box 648010
Lee's Summit, MO 64064-8010
Further information for Privacy Act and FOIA requests for USCIS records can also be found at
http://www.uscis.gov. U.S. citizens and lawful permanent residents may correct information by
filing a Privacy Act Amendment. U.S. citizens and lawful permanent residents should submit
requests to contest or amend information contained in USCIS systems. Individuals not covered by
the Privacy Act are also able to amend their records. If an individual finds inaccurate information
in his or her record received through FOIA, he or she may visit a local USCIS Field Office to
identify and amend inaccurate records with evidence. There are no additional risks to redress.
Auditing and Accountability
USCIS ensures that practices stated in this PIA comply with federal, DHS, and USCIS
standards, policies, and procedures, including standard operating procedures, rules of behavior,
and auditing and accountability procedures. myUSCIS Account Experience is maintained in the
Amazon Web Services (AWS), which is a public cloud designed to meet a wide range of security
and privacy requirements (e.g., administrative, operational, and technical controls) that are used
by USCIS to protect data in accordance with federal security guidelines.24 AWS is Federal Risk
and Authorization Management Program (FedRAMP)-approved and authorized to host PII.25
FedRAMP is a U.S. government-wide program that delivers a standard approach to the security
assessment, authorization, and continuous monitoring for cloud services. USCIS employs
technical and security controls to preserve the confidentiality, integrity, and availability of the data,
which are validated during the security authorization process. These technical and security controls
limit access to USCIS users and mitigate privacy risks associated with unauthorized access and
disclosure to non-USCIS users. Further DHS security specifications also require auditing
capabilities that log the activity of each user in order to reduce the possibility of misuse and
inappropriate dissemination of information. All user actions are tracked via audit logs to identify
information by user identification, network terminal identification, date, time, and data accessed.
All USCIS systems employ auditing measures and technical safeguards to prevent the misuse of
data.
24
Public clouds are owned and operated by third-party service providers whereas private clouds are those that are
built exclusively for an individual enterprise.
25
https://marketplace.fedramp.gov/#/product/aws-us-eastwest?status=Compliant&sort=productName.
Privacy Impact Assessment Update
DHS/USCIS/PIA-071(a) myUSCIS Account Experience
Page 14
Privacy Risk: The data maintained by AWS for the purposes of cloud hosting may be
vulnerable to breach because security controls may not meet system security levels required by
DHS.
Mitigation: This risk is mitigated. USCIS is responsible for all PII associated with the
myUSCIS Account Experience, whether on USCIS infrastructure or on a vendor’s infrastructure
and it therefore imposes strict requirements on vendors for safeguarding PII. USCIS strictly
adheres to the DHS 4300A Sensitive Systems Handbook, which provides implementation criteria
for the rigorous requirements mandated by DHS’s Information Security Program.26 USCIS cloud
service providers must be FedRAMP-certified. By using FedRAMP-certified providers, USCIS
leverages cloud services assessed and granted provisional security authorization through the
FedRAMP process to increase efficiency while ensuring security compliance. All contracted cloud
service providers must follow DHS privacy and security policy requirements. Before using AWS,
USCIS verified through a risk assessment that AWS met all DHS privacy and security policy
requirements. Further, all cloud-based systems and service providers are added to the USCIS
Federal Information Security Modernization Act (FISMA) inventory and are required to undergo
a complete security authorization review to ensure security and privacy compliance.
Responsible Official
Donald K. Hawkins
Privacy Officer
U.S. Citizenship and Immigration Services
Department of Homeland Security
Approval Signature
Original, signed copy on file with the DHS Privacy Office.
________________________________
Jonathan R. Cantor
Acting Chief Privacy Officer
Department of Homeland Security
26
See https://www.dhs.gov/publication/dhs-4300a-sensitive-systems-handbook.
Privacy Impact Assessment Update
DHS/USCIS/PIA-071(a) myUSCIS Account Experience
Page 15
Appendix A
Immigration Service Types Filed Online Through myUSCIS
Name of Immigration Service
OMB Control
Number
USCIS Immigrant Visa Fee
1615-0122
Privacy Impact Assessment Update
DHS/USCIS/PIA-071(a) myUSCIS Account Experience
Page 16
Appendix B
Immigration Forms Filed Online Through myUSCIS27
27
Form
Number
Form Name
OMB Control
Number
Case
Management
System
G-28
Notice of Entry of Appearance as
Attorney or Accredited Representative
1615-0105
USCIS ELIS,
CLAIMS 3,
INFACT,
GLOBAL
I-90
Replacement of Permanent Resident
Card
1615-0082
USCIS ELIS
N-400
Application for Naturalization
1615-0052
USCIS ELIS
N-336
Request for a Hearing on a Decision in
Naturalization Proceedings (Under
Section 336 of the INA)
1615-0050
USCIS ELIS
N-565
Application for Replacement
Naturalization/Citizenship Document
1615-0091
USCIS ELIS
N-600
Application for Certificate of
Citizenship
1615-0057
USCIS ELIS
N-600K
Application for Citizenship and Issuance
of Certificate Under Section 322
1615-0087
USCIS ELIS
I-539
Application to Extend/Change
Nonimmigrant Status
1615-0003
CLAIMS 3
I-589
Application for Asylum and for
Withholding of Removal
1615-0067
GLOBAL
I-924
Application for Regional Center
Designation Under the Immigrant
Investor Program
1615-0061
INFACT
All USCIS Forms are available at https://www.uscis.gov/forms.
Privacy Impact Assessment Update
DHS/USCIS/PIA-071(a) myUSCIS Account Experience
Page 17
I-924A
Annual Certification of Regional Center
1615-0061
INFACT
I-881
Application for Suspension of
Deportation or Special Rule
Cancellation of Removal (Pursuant to
Section 203 of Public Law 105-100
(NACARA))
1615-0072
GLOBAL
I-130
Petition for Alien Relative
1656-0012
USCIS ELIS
I-765
Application for Employment
Authorization
1615-0040
USCIS ELIS
File Type | application/pdf |
File Title | DHS/USCIS/PIA-071(a) myUSCIS Account Experience |
Author | USCIS |
File Modified | 2021-02-17 |
File Created | 2021-02-16 |