Download:
pdf |
pdfPrivacy Impact Assessment
for the
Customer Scheduling and Services
DHS/USCIS/PIA-046(a)
December 7, 2017
Contact Point
Donald K. Hawkins
Privacy Officer
U.S. Citizenship and Immigration Services
(202) 272-8000
Reviewing Official
Philip S. Kaplan
Chief Privacy Officer
Department of Homeland Security
(202) 343-1717
�Privacy Impact Assessment
USCIS, Customer Scheduling and Services
Page 2
Abstract
The Department of Homeland Security (DHS), United States Citizenship and Immigration
Services (USCIS) provides customers the ability to schedule appointments with USCIS to discuss
the specifics of their pending benefit request filing. Previously, two separate systems supported
this function. The InfoPass system provided customers with the ability to schedule appointments
and the Customer Management Information System (CMIS) assisted USCIS employees with the
customer scheduling and management process. USCIS decommissioned the legacy InfoPass
system and integrated the customer-side appointment scheduling capabilities into an InfoPass
module within myUSCIS. USCIS integrated the internal customer scheduling and management
process into National Appointment Scheduling System (NASS). MyUSCIS serves as the single
web interface for customers while NASS supports internal scheduling management for InfoPass.
USCIS continues to use the Customer Management Information System (CMIS) to issue all
customers a queuing ticket when the customer is checking into his or her appointment. USCIS is
updating and reissuing this Privacy Impact Assessment (PIA), originally published on March 25,
2014, to evaluate the privacy risks and mitigations associated with the collection, use, and
maintenance of personally identifiable information (PII) provided by individuals requesting
appointments with USCIS.
Overview
The Department of Homeland Security (DHS), United States Citizenship and Immigration
Services (USCIS) is responsible for the administration and adjudication of applications and
petitions for all immigrant and non-immigrant benefits under the Immigration and Nationality
Act.1 While USCIS’ core mission is to ensure the timely adjudication of benefits, a priority for
USCIS is to streamline the processing of customer inquiries to improve the overall customer
experience. USCIS enhanced and expanded various online customer-oriented services in an effort
to promote transparency and accessibility to its operations.
USCIS receives and processes millions of benefit cases each year. Customers who apply
for immigration-related benefits may have questions about immigration law, procedures, or
specifics of their case that are best addressed by a trained Immigration Service Officer (ISO).
Previously, customers seeking assistance from USCIS had to wait in long lines for a first-come,
first-served in-person appointment. Generally, the number of customers seeking assistance
exceeded the number of appointments available at a local field office causing many customers to
make an additional trip back to the local field office.
InfoPass allows customers to schedule in-person appointments online at domestic and
international USCIS Field Offices. USCIS provides customers the option to schedule an
1
See 8 U.S.C. §§ 1101, 1103, 1201, 1255.
�Privacy Impact Assessment
USCIS, Customer Scheduling and Services
Page 3
appointment through the my.uscis.gov website or at an USCIS domestic Field Office kiosk. Each
Field Office continues to provide a kiosk to accommodate individuals without access to the internet
to book an appointment. USCIS also continues to assist walk-in customers, but those with a
scheduled appointment receive priority.
The legacy InfoPass system was previously a standalone system that did not interface or
integrate with any other system. USCIS redesigned InfoPass to provide customers with a common
look and feel for all online interactions. Online customers are now able to access InfoPass to
schedule appointments through myUSCIS.2 The InfoPass appointment management functionality,
which was used by USCIS employees, was migrated into the National Appointment Scheduling
System (NASS).3 As a component of NASS, InfoPass employs a new and responsive design that
is more intuitive and easier to navigate for USCIS employees. NASS is the USCIS employee
portal, while myUSCIS is the online portal for the public.
Appointment Creation
Online customers are able to schedule an appointment with USCIS from any computer or
mobile device that is connected to the internet by going to www.uscis.gov or https://my.uscis.gov
and clicking on the link to make an appointment. The InfoPass module guides online customers
through several steps, including: finding a domestic or international field office, choosing an
available appointment date and time, entering personal information, and confirming the
appointment. To schedule an appointment, online customers enter their zip code or country (if the
online customer is outside of the United States), into InfoPass. The module will locate the closest
USCIS office.
The InfoPass module collects the following personally identifiable information (PII) from
the online customer to complete the appointment process:
2
3
Full Name (first, and last names are required; middle name is optional);
Date of Birth (required);
Telephone Number (required);
Email Address (required for international offices only);
Case Number (i.e., Alien Number (A-Number), Receipt Number, or USCIS Online
Account Number); (required)
Purpose of Visit (required for international offices only);
Number of attendees (required for international offices only); and
Name of attendees (required for international offices only).
See DHS/USCIS/PIA-064 myUSCIS available at www.dhs.gov/privacy.
See DHS/USCIS/PIA-057 National Appointment Scheduling System available at www.dhs.gov/privacy.
�Privacy Impact Assessment
USCIS, Customer Scheduling and Services
Page 4
For international appointments, USCIS must collect the names of all attendees to clear the U.S.
Embassy or Consulate security clearance process.
The InfoPass module provides the online customer with an opportunity to enter, review,
and amend biographic and appointment information prior to confirming the appointment. After the
customer confirms the appointment, the InfoPass module generates an electronic appointment
confirmation letter and the information is sent to NASS for management purposes. Customers are
instructed to bring a print out of the letter and a government-issued photo ID to the appointment.
The appointment confirmation letter serves as the official appointment notice for the
customer and contains the name of the customer; confirmation number (a system-generated serial
tracking number assigned to the appointment); appointment date; appointment time; location; and
personal identification number (PIN),4 which is a system-generated, random, five-digit code
assigned to the appointment. For international appointments, the confirmation letter includes the
names of each guest (i.e., interpreter, legal representative, and family members) attending the
appointment with the customer. Many USCIS international offices are located at a U.S. Embassy
or Consulate. Accompanying guest information is shared with and used by the U.S. Embassy or
Consulate for security clearances purposes.5
Online customers can review and reprint a copy of their confirmation appointment letter
from any computer or mobile device that is connected to the internet by going to
http://my.uscis.gov and clicking on the ‘manage an appointment’ link. The customer then enters
the same first name, last name, and date of birth used when the original appointment was made.
A copy of the confirmation letter is displayed after clicking the ‘Next’ button. However, the 5digit PIN number is not included on the duplicate copy for security purposes.
Online customers may also cancel or reschedule their appointments through the InfoPass
module by selecting the ‘manage an appointment’ option. Customers are then prompted to enter
the system-generated confirmation number and five-digit PIN printed on the original appointment
confirmation notice to identify the confirmed appointment. Without the 5-digit PIN and the
confirmation number, the customer is not able to cancel or reschedule their appointment unless he
or she retrieves his or her appointment notice through the InfoPass module. To retrieve the
appointment module the customer must provide his or her first name, last name, and date of birth.
The customer then follows the step-by-step instructions to complete the appointment cancellation
or rescheduling process.
Appointment Management
NASS serves as the centralized appointment scheduling system replacing the legacy
4
The 5-digit PIN is NASS-generated and passed through MyUSCIS. Customers use the system-generated
confirmation number and PIN to cancel or edit an appointment with InfoPass.
5
See www.state.gov for additional information on U.S. Embassy or Consulate visits.
�Privacy Impact Assessment
USCIS, Customer Scheduling and Services
Page 5
InfoPass scheduler component. NASS allows USCIS employees to manage appointment
scheduling demands and better manage and allocate resources. NASS includes an InfoPass module
that allows USCIS employees to allocate appointments to its respective Field Offices, as well as
view daily, weekly, and monthly schedules for management purposes.
USCIS employees use the InfoPass module in NASS to identify available appointment
slots for its respective Field Offices. When an online customer accesses the InfoPass module within
myUSCIS to schedule an appointment, myUSCIS checks NASS to retrieve available date and
times within a two week period to display to the customer. Once a customer successfully schedules
an appointment, the customer’s biographic and associated appointment information is sent to
NASS for management purposes and the appointment slot is no longer available to other online
customers.
Appointment Queuing
Upon arrival at a USCIS Field Office, a customer checks in for an appointment at a
designated reception counter of the office. The customer presents the printed confirmation
appointment notice and a government-issued photo identification document to the Reception Desk
Officer operating the counter. The Reception Desk Officer enters the confirmation number from
the appointment confirmation notice into NASS, which displays the information about the
customer and appointment. If the appointment confirmation notice is not available, the Reception
Desk Officer manually searches the day’s appointments for a name and date of birth match in
NASS. If there is not a match, the Reception Desk Officer treats the customer as a walk-in.
USCIS domestic Field Offices use the Customer Management Information System (CMIS)
to issue all customers (both walk-ins and those with scheduled appointments) a queuing ticket
while the customer is checking into his or her appointment. CMIS is a queuing system that
prioritizes customers to ensure they receive service in a timely and efficient manner, and allows
USCIS personnel to better track incoming customers chronologically. CMIS handles individual
appointments, reception registration, and customer routing. CMIS also monitors customer flow
through the Field Offices.
Each issued ticket is sequentially numbered to organize the queue flow of incoming
customers by arrival time. To generate a queuing ticket, the following information is entered into
CMIS: (1) confirmation number; (2) A-Number, USCIS Online Account Number, or Receipt
Number; (3) appointment type; (4) appointment time; (5) zip code or country; and (6) number in
the party. A CMIS-generated queuing ticket places the individual in a virtual line. The printed
ticket includes the ticket number, the service category, and the time the ticket printed. Once a ticket
is issued, USCIS directs the customer to the waiting area to be called for assistance.
The Immigration Service Officer (ISO) also uses CMIS to identify the next customer in the
queue. The ISO uses the A-Number, USCIS Online Account Number, or Receipt Number to index
�Privacy Impact Assessment
USCIS, Customer Scheduling and Services
Page 6
and retrieve notes recorded in CMIS from an applicant’s prior visits, and to retrieve the individual’s
Alien File (A-File) and relevant case information prior to the appointment to better assist the
customer with his or her specific inquiry. The ISO who completes the appointment makes
appropriate notes within CMIS about the questions the customer asked and the responses given,
and closes the ticket number at the end of the appointment. This information is used to better assist
customers during future visits. USCIS time stamps each interaction from the moment the customer
reports to the reception desk until the visit ends (e.g., waiting time, time spent with the agent). The
ISO records all services provided to the customer during the visit in CMIS. USCIS does not use
notes related to customer questions or inquires to make adjudicative benefit decisions.
Reporting
Authorized USCIS personnel are able to use NASS and CMIS to run a variety of
customizable reports to monitor employee workload and office productivity in order to determine
if resources are properly allocated. These reports can be run on a broad spectrum to measure
productivity trends and average processing times. NASS and CMIS can also generate granular
level reports to identify types, number, and status of appointments located in a particular office or
assigned to a particular ISO.
Customer Satisfaction Assessments
Customer satisfaction with the appointment scheduling process is a priority for USCIS.
myUSCIS, NASS, and CMIS are used to improve customer services and enhance operational
efficiency. To ensure USCIS is meeting the needs of its customers and continuously improving its
services, USCIS measures customer satisfaction through feedback cards, electronic surveys, and
focus groups. A customer satisfaction assessment is an important tool in evaluating the level of
satisfaction of all customers when using InfoPass and obtaining USCIS local field office services.
Results from these assessments are used by USCIS to change and modify different aspects of
USCIS and its office services to improve customer satisfaction.
Feedback Cards
Customer feedback cards are available in the customer service sections (e.g., the waiting
area) of USCIS Field Offices where customers may choose to complete and leave a feedback card
in a locked box. Completing the feedback card is completely voluntary. The customer service
feedback cards are not related to the immigration application filed. The card relates to the
customer’s rating of USCIS Field Office customer service. The customer may choose to complete
the feedback card anonymously, or include his or her name and/or phone number. Completion of
the card is optional and offers the customer the opportunity to rate the service provided to him or
her regarding the helpfulness of staff, courtesy of staff, accuracy of information given on past
visits, and his or her satisfaction with the service received. Customers may rate the parameters as
excellent, good, fair, or poor. USCIS uses the Field Operations Directorate Customer Service
�Privacy Impact Assessment
USCIS, Customer Scheduling and Services
Page 7
Database (FOD CSDB) to record the results.
Electronic Surveys
USCIS extracts appointment and customer-related information from NASS to contact
customers about electronic surveys (e-surveys). USCIS only emails e-surveys to customers who
provided an email address. The purpose of the survey is to collect feedback from individuals about
their experiences with online USCIS resources, such as online self-help tools available on the
USCIS website and the appointment scheduling system. The survey is intended to collect opinion
based responses from the individual, but also includes free text boxes that may capture USCIS
employee PII. USCIS provides notice to the customer that the agency may use his or her email
address to send follow up invitations to participate in voluntary e-surveys through the myUSCIS
Privacy Notice.6 The survey is made available via a web link in the email invitation regarding
customer satisfaction with USCIS. The e-survey is not mandatory and is completed by the
individual anonymously. In the email invitations for the survey, customers are provided a notice
with the purpose of the survey, instructions on how to complete the survey, and how to opt-out of
future surveys. Four days after the initial invitation, an email reminder is sent to those individuals
who have not yet responded. This is the last email these customers receive regarding the e-survey.
Focus Groups
USCIS conducts focus groups to solicit feedback from USCIS customers pertaining to their
opinions and experiences when using USCIS services, such as the online appointment system and
USCIS local office services. The objective is to assess customer satisfaction with USCIS services,
and to solicit customer recommendations to improve these services. On behalf of USCIS, a
contractor coordinates and conducts customer focus groups at professional focus group facilities,
while a USCIS employee observes each focus group session.
To recruit respondents for the focus groups, USCIS randomly selects email addresses of
USCIS customers from NASS whose local office matches the geographic location where the focus
group will be conducted and uploads the respondents list into an excel file. USCIS provides notice
to the customer that the agency may use his or her email address to send follow up invitations to
participate in voluntary focus groups through the USCIS Privacy Notice.7 USCIS uploads the excel
file of respondents into the designated Enterprise Collaboration Network (ECN) site for the
contractor to access.8 The survey contractor operates under a USCIS contract that specifies that
the survey contractor may only use customer provided information for specific survey purposes.
To recruit respondents for the focus groups, the USCIS contractor sorts the spreadsheet by
USCIS local office and randomly selects the email addresses of the customers whose local office
6
See Appendix A of this PIA to view the myUSCIS Privacy Notice.
See Appendix A of this PIA to view the myUSCIS Privacy Notice.
8
The USCIS ECN is SharePoint, which is a document management and collaboration tool developed by Microsoft.
7
�Privacy Impact Assessment
USCIS, Customer Scheduling and Services
Page 8
matches the geographic location where the focus group is to be conducted. In the invitation,
customers are provided a notice with the purpose of the focus group, instructions on how to
register, and how to opt-out of future surveys. Customers who are interested in participating in the
focus group sessions respond to the request by email to register, and the contractor collects the
customer’s first name and phone number in ECN.
Prior to the focus group date, the survey contractor uses the customer’s email addresses to
send email invitations for the Focus Group. The contractor may also use the customer’s email
address or telephone number to confirm his or her participation. Once the focus group has been
conducted, the survey contractor deletes all email addresses and telephone numbers associated
with the specific focus group.
Individuals who volunteer to participate in a focus group session are advised that the
information is used to determine customer perceptions regarding the services received by USCIS.
The responses are anonymous. Responses to focus group questions from individuals are collected
and retained through transcription services. These transcription documents do not include
customer names or any other identifying information, but may include information about the
USCIS employee who assisted the customer. A third party contractor on behalf of USCIS
Customer Service and Public Engagement Directorate generates customer satisfaction reports from
the responses. The responses are anonymous and aggregated. Once the focus group has been
conducted, the survey contractor deletes all email addresses and telephone numbers associated
with this specific focus group within 120 days of contact.
Section 1.0 Authorities and Other Requirements
1.1
What specific legal authorities and/or agreements permit and
define the collection of information by the project in question?
Under Section 103(a) of the Immigration and Nationality Act, USCIS collects information
to identify and communicate with applicants during the immigration benefits process and to
provide a scheduling system directly accessible by the public to facilitate the convenient
scheduling of required personal appointments.
1.2
What Privacy Act System of Records Notice(s) (SORN(s)) apply
to the information?
The customer information in InfoPass, NASS, and CMIS, and for the customer satisfaction
assessments is covered by the DHS/USCIS-007 Benefit Information System (BIS) System of
Records Notice (SORN).9 The customer responses from the customer satisfaction assessments are
anonymous and do not require SORN coverage because they are not linked to an individual and
9
DHS/USCIS-007 Benefit Information System, 73 FR 56596 (Sept. 28, 2008).
�Privacy Impact Assessment
USCIS, Customer Scheduling and Services
Page 9
are not uniquely retrievable. The employee information in InfoPass, NASS, and CMIS is covered
by the DHS/ALL-004 General Information Technology Access Account Records System
(GITAARS) SORN.10
1.3
Has a system security plan been completed for the information
system(s) supporting the project?
MyUSCIS was approved for operation on December 18, 2014, for a period of 36 months.
The myUSCIS Authority to Operate (ATO) is set to expire on December 18, 2017. The myUSCIS
Security Plan (SP) was updated on December 17, 2016.
NASS was approved for operation on April 10, 2014. NASS is part of the Ongoing
Authorization (OA) for which the security posture is continuously monitored and tested. The
NASS SP was updated on April 10, 2017.
CMIS was approved for operation on January 2, 2014. CMIS is part of the OA for which
the security posture is continuously monitored and tested. The CMIS SP was updated on December
17, 2016.
Digital Innovation and Development – Information Technology (DID-IT) was approved
for operation on January 2, 2014. FOD CSDB falls under the accreditation boundary as a minor
application. DID-IT is part of the OA for which the security posture is continuously monitored and
tested. The DID-IT SP was updated on December 17, 2016.
1.4
Does a records retention schedule approved by the National
Archives and Records Administration (NARA) exist?
USCIS is negotiating a USCIS Appointment Scheduling Systems Retention Schedule to
cover systems used to schedule appointments for biometrics, interviews in USCIS offices, and
other appointments. This schedule will cover InfoPass, CMIS, and NASS. The proposed retention
period is to delete and destroy no sooner than 10 years from the date of record creation. Once
approved, the USCIS Appointment Scheduling Systems Schedule will supersede the NARAapproved CMIS Retention Schedule [N1-566-08-008], in which USCIS is set to delete and destroy
records when no longer needed for agency business.
1.5
10
If the information is covered by the Paperwork Reduction Act
(PRA), provide the OMB Control number and the agency number
for the collection. If there are multiple forms, include a list in an
appendix.
DHS/ALL-004 - General Information Technology Access Account Records System, 77 FR 70792 (Nov. 27,
2012).
�Privacy Impact Assessment
USCIS, Customer Scheduling and Services
Page 10
InfoPass is subject to the PRA requirements. OMB approved this collection under OMB
Control Numbers 1615-0113. OMB also approved the collection of customer satisfaction data
under OMB Control Number 1615-0121.
Section 2.0 Characterization of the Information
The following questions are intended to define the scope of the information requested and/or collected, as
well as reasons for its collection.
2.1
Identify the information the project collects, uses, disseminates, or
maintains.
Appointment Scheduling
InfoPass collects the following customer information to create an appointment:
Customer first name (required);
Customer middle name (optional);
Customer last name (required);
Customer date of birth (required);
Customer phone number (required);
Customer Zip Code;
Customer email address (required for International appointments);
Case number (i.e., Alien Number, Receipt Number, USCIS Online Account)
(optional);
Number of attendees (required for International);
Name of attendees (required for International);
Purpose of Visit (required International);
InfoPass generates an electronic appointment confirmation letter. The appointment
confirmation notice contains the customer’s name, appointment type, confirmation number,
authentication code, appointment date, appointment time, location, and PIN. Customers use the
system-generated confirmation number and PIN to cancel or make changes to an appointment with
InfoPass.
Appointment Management
InfoPass passes the collected information to NASS to store. Along with the customer
information, NASS maintains the appointment confirmation notice with appointment details.
�Privacy Impact Assessment
USCIS, Customer Scheduling and Services
Page 11
Customer Queue Flow
To generate a queuing ticket, the following information from NASS is entered into CMIS:
(1) confirmation number; (2) A-Number, USCIS Online Account Number, or Receipt Number; (3)
appointment type; (4) appointment time; (5) Zip code; and (6) number in the party. CMIS generates
a ticket number for each customer that places the individual in a virtual line. The printed CMIS
ticket includes the ticket number, the service request category, and the time the ticket was printed.
The information associated with a ticket, such as the A-Number, Receipt Number, and USCIS
Online Account Number, is used to index records of past visits to USCIS Field Offices and by the
ISO to retrieve the case information for the customer.
Customer Satisfaction Assessments
The customer may choose to complete the feedback card anonymously, or include his or
her name and/or phone number if a follow up response is requested. USCIS collects and uses email
addresses from online customers to email an e-survey or invitation for participation in a USCISsponsored focus group session. Results from the feedback card are stored on the FOD CSDB and
other secured shared drives.
2.2
What are the sources of the information and how is the
information collected for the project?
USCIS collects information directly from the online customer through InfoPass to schedule
an appointment or to provide an assessment. Domestically-located individuals may access
InfoPass via https://my.uscis.gov or a kiosk located at a USCIS Field Office. Internationallylocated individuals may only schedule an InfoPass appointment online. Appointment scheduling
information is then transferred to and stored in NASS.
CMIS information is collected directly from individuals, during appointment check-in, and
recorded by USCIS personnel to document the services provided during a visit.
2.3
Does the project use information from commercial sources or
publicly available data? If so, explain why and how this
information is used.
No. USCIS does not use commercial or publicly available data to schedule appointments
and place incoming customers in queue.
2.4
Discuss how accuracy of the data is ensured.
InfoPass collects information directly from the online customer; therefore, USCIS is
dependent upon the accuracy of the information provided by the online customer.
�Privacy Impact Assessment
USCIS, Customer Scheduling and Services
Page 12
InfoPass supports customer access and alteration of information in the system. Online
customers are able to update their biographic and appointment information via InfoPass. With the
PIN and Confirmation number, online customers can change the appointment time. If an online
customer determines information on the appointment confirmation notice is inaccurate, he or she
may cancel the appointment. Information associated with a cancelled appointment is immediately
deleted upon cancellation. The online customer may then create a new appointment that includes
the correct information. InfoPass generates a new PIN and confirmation number whenever the
customer schedules a new appointment. NASS maintains all data associated with scheduled and
maintained appointments.
USCIS instructs customers to present their printed confirmation appointment notice and a
photo identification document at the time of the appointment. USCIS employees manually enter
the confirmation number into NASS, which displays the information about the customer and
appointment. If the appointment confirmation notice is not available, the Reception Desk Officer
manning the front counter manually searches the day’s appointments for a name and date of birth
match. If there is a match, the customer is issued a CMIS ticket and waits to be called. If there is
not a match, the customer will be treated as a walk-in customer.
2.5
Privacy Impact Analysis: Related to Characterization of the
Information
Privacy Risk: There is a risk that USCIS will collect more information than is necessary.
Mitigation: This risk is mitigated. The USCIS Office of Privacy participates in the
InfoPass [OMB Control No.: 1615-0113] PRA revision process to ensure that only the minimum
amount of information is collected to: (1) schedule an appointment, (2) identify the person making
the appointment, (3) maintain a history of his or her visits to a USCIS Field Office, (4) locate his
or her file or application, and (5) conduct customer service assessments. The frequency of this
process is determined by the Office of Management and Budget (OMB), and usually occurs every
three years. All data elements collected are negotiated with and approved by OMB during PRA
collection review. Furthermore, USCIS designed its appointment scheduling and support systems
to collect and store only the information that is necessary to track and facilitate appointments.
Privacy Risk: There is a risk that USCIS will maintain inaccurate data.
Mitigation: USCIS mitigates the risk of maintaining inaccurate data by collecting
information directly from the individual or his or her representative. If an individual with a
scheduled appointment identifies inaccurate data on his or her confirmation letter, the individual
may correct his or her information by cancelling his or her appointment and creating a new
appointment with the accurate information through InfoPass. When an individual cancels his or
her appointment, NASS deletes the collected data. If the individual does not notice, or is otherwise
unaware that the information is inaccurate, the individual and USCIS have the opportunity to
�Privacy Impact Assessment
USCIS, Customer Scheduling and Services
Page 13
correct the data when the individual meets with the ISO at his or her USCIS appointment. When
an individual makes a USCIS appointment, USCIS requests that the individual bring the USCIS
appointment notice confirmation letter and a government-issued identification. This allows the
ISO to verify the individual’s identity. Once the ISO verifies the individual’s identity, the ISO is
able to correct inaccurate information.
Section 3.0 Uses of the Information
The following questions require a clear description of the project’s use of information.
3.1
Describe how and why the project uses the information.
USCIS uses the appointment information collected to schedule and effectively manage
appointments made by the customer, queue customers, and conduct a customer satisfaction
assessment through the coordination of an e-survey or focus group. Specific uses of the
information are as follows:
11
Name and date of birth are used to identify the individual when he or she arrives for
the appointment;
Zip code or country is used to locate the field or international office, respectively,
closest to the individual scheduling the appointment;
A-Number, USCIS Online Account Number, and Receipt Number are used to verify
the identity of the individual, retrieve associated case data, and update information if
there are any discrepancies at the scheduled appointment;
Email addresses are used to contact the customer for Customer Satisfaction
Assessments;
Email address or phone number is used to contact the applicant in the event of a
scheduling issue involving the appointment time;
Name of additional attendees, number of attendees, and purpose of visit is shared and
used by the U.S. Embassy or Consulate security personnel to facilitate visitor
processing;11
Confirmation number and PIN are used by the customer to makes changes to or cancel
an appointment. If an appointment is cancelled, NASS deletes the appointment and
individual information associated with the confirmation number and PIN; and
See www.state.gov for additional information on U.S. Embassy or Consulate visits.
�Privacy Impact Assessment
USCIS, Customer Scheduling and Services
Page 14
3.2
Results from customer satisfaction assessments are used by USCIS to change and
modify different aspects about InfoPass and office services in order to improve
customer satisfaction.
Does the project use technology to conduct electronic searches,
queries, or analyses in an electronic database to discover or locate
a predictive pattern or an anomaly? If so, state how DHS plans to
use such results.
No. InfoPass, NASS and CMIS do not use technology to conduct electronic searches,
queries, or analyses.
3.3
Are there other components with assigned roles and
responsibilities within the system?
InfoPass is a public interface and is to be used by online customers to schedule an
appointment with a USCIS office. Access to NASS and CMIS is limited to USCIS authorized
personnel. There is no intra-departmental sharing of this information.
3.4
Privacy Impact Analysis: Related to the Uses of Information
Privacy Risk: There is a risk that InfoPass will collect and use information in a manner
inconsistent with USCIS’ authority and mission.
Mitigation: Part of USCIS’ mission is to provide effective customer-oriented immigration
benefit and information services. USCIS created InfoPass to help fulfill this goal. USCIS mitigates
the risk of collecting and using information in a manner inconsistent with USCIS’ authority and
mission by minimizing the amount of information collected and by limiting the purposes for which
USCIS may use the information collected when creating an USCIS appointment. To ensure the
information is used consistently with the purposes of the original collection, USCIS administrators
monitor internal user logs to ensure users are only accessing information related to their job
functions. Additionally, all USCIS employees are required to complete role-based training prior
to accessing appointment data. As described in the InfoPass Privacy Notice, the primary purpose
for collecting the information is to allow USCIS to schedule the appointment. USCIS also uses the
information collected to identify the person making the appointment, to maintain a history of his
or her visits to a USCIS Field Office, to locate his or her file or application, and to conduct
customer service assessments. In addition, USCIS requires that all USCIS NASS and CMIS users
receive training on the appropriate use of the information and system prior to being approved for
access.
Privacy Risk: There is a risk that negative feedback from customer satisfaction
assessments could be inappropriately used to adversely impact the individual’s benefit request.
�Privacy Impact Assessment
USCIS, Customer Scheduling and Services
Page 15
Mitigation: USCIS mitigates this risk by making participation completely voluntary and
by ensuring that USCIS only receives results that are not associated with an individual. USCIS
contracts with an outside vendor to conduct the customer satisfaction survey and any focus groups.
In the email invitation to the survey or focus group, the vendor provides the individual with a
notice with the purpose of the survey or focus group, instructions on how to complete the survey
or focus group, and how to opt-out of future invitations. USCIS and the vendor conducting the
survey or focus group do not request PII from the individual during the customer satisfaction
survey or focus group and do not link the responses back to the customer’s other records.
Section 4.0 Notice
The following questions seek information about the project’s notice to the individual about
the information collected, the right to consent to uses of said information, and the right to decline
to provide information.
4.1
How does the project provide individuals notice prior to the
collection of information? If notice is not provided, explain why
not.
USCIS provides general notice to individuals through the publication of this PIA and
DHS/USCIS-007 BIS SORN. Additionally, USCIS provides a Privacy Notice prior to the
submission of any information. The Privacy Notice notifies the individual about the authority to
collect the information requested, purposes, routine uses, and consequences of providing or
declining to provide the information to USCIS.12
USCIS also contacts the individual by email to request participation in an e-survey or focus
group and advises the individual that participation is voluntary. In the email invitation, customers
are provided a notice with the purpose of the customer satisfaction assessment, instructions on how
to participate, and how to opt-out of future requests.
4.2
What opportunities are available for individuals to consent to
uses, decline to provide information, or opt out of the project?
The Privacy Notice informs individuals that providing the information is voluntary. A
customer can choose to decline to provide information; however, that may prevent the customer
from scheduling an appointment through InfoPass. Once the customer provides the information,
he or she does not have the ability to consent for specific uses.
12
Please see Appendix A to view the USCIS Appointment Scheduler Privacy Notice.
�Privacy Impact Assessment
USCIS, Customer Scheduling and Services
Page 16
4.3
Privacy Impact Analysis: Related to Notice
There is no risk related to notice. USCIS provides individuals and representatives with
several forms of notice. On the InfoPass website, prior to collecting information, USCIS displays
a link to the Privacy Notice applicable to InfoPass. The Privacy Notice states that providing
information is voluntary, but failure to provide certain requested information may prevent the
customer from scheduling an appointment through InfoPass. Additionally, when the individual
schedules his or her appointment, InfoPass provides step-by-step instructions that briefly explain
why USCIS collects the information and how the agency uses the information. USCIS also
provides notice through this PIA and the BIS SORN.
Section 5.0 Data Retention by the project
The following questions are intended to outline how long the project retains the information
after the initial collection.
5.1
Explain how long and for what reason the information is retained.
USCIS is negotiating a USCIS Appointment Scheduling Systems Retention Schedule to
cover systems used to schedule appointments for biometrics, USCIS offices for interviews, and
other appointments. This schedule will cover InfoPass, CMIS, and NASS. The proposed retention
period is to delete and destroy no sooner than 10 years from the date of record creation. Once
approved, the USCIS Appointment Scheduling Systems Schedule will supersede the NARAapproved the CMIS Retention Schedule [N1-566-08-008]. This schedule covers CMIS and
InfoPass records, in which USCIS is set to delete and destroy records when no longer needed for
agency business.
5.2
Privacy Impact Analysis: Related to Retention
Privacy Risk: Without an approved retention schedule, there is a risk that information may
be retained longer than necessary and may increase the potential of an unauthorized disclosure.
Mitigation: This risk is partially mitigated. USCIS is developing a comprehensive
retention schedule to cover USCIS Appointment Scheduling Systems used to schedule
appointments for biometrics, USCIS offices for interviews, and other appointments. The proposed
NARA schedule is consistent with the concept of retaining data only for as long as necessary to
support USCIS mission. Until USCIS completes a NARA-approved retention schedule, USCIS
plans to adhere to the CMIS Retention Schedule, which covers InfoPass and CMIS records.
�Privacy Impact Assessment
USCIS, Customer Scheduling and Services
Page 17
Section 6.0 Information Sharing
The following questions are intended to describe the scope of the project information
sharing external to the Department. External sharing encompasses sharing with other federal, state,
and local government, and private sector entities.
6.1
Is information shared outside of DHS as part of the normal
agency operations? If so, identify the organization(s) and how the
information is accessed and how it is to be used.
USCIS International Offices are located within a U.S. Embassy or Consulate. USCIS
shares the online customer biographic and appointment with U.S. Embassy or Consulate security
personnel to facilitate visitor processing. All visitors are required to make an appointment prior to
their arrival, conform to security regulations, and produce a valid photo identification at the
entrance. The security personnel use the information provided by USCIS to validate the identity
of the visitor.
6.2
Describe how the external sharing noted in 6.1 is compatible with
the SORN noted in 1.2.
Sharing USCIS data with Department of State (DOS) is compatible with the purpose of the
system because the DOS mission, like USCIS, includes ensuring lawful visits and immigration to
the United States as dictated by the INA. Routine Use I of the BIS SORN permits USCIS to share
information with the DOS for the purpose of assisting in the processing of benefit requests under
the INA, and all other immigration and nationality laws including treaties and reciprocal
agreements.
6.3
Does the project place limitations on re-dissemination?
USCIS only shares online customer and appointment data with U.S. Embassies and
Consulates for the purpose of verifying the identity of visitors.
6.4
Describe how the project maintains a record of any disclosures
outside of the Department.
USCIS maintains an electronic record of all NASS data shared with U.S. Embassies and
Consulates.
6.5
Privacy Impact Analysis: Related to Information Sharing
Privacy Risk: There is a risk of unauthorized sharing of information.
�Privacy Impact Assessment
USCIS, Customer Scheduling and Services
Page 18
Mitigation: USCIS is careful to securely share data with U.S. Embassies and Consulates
that have a need-to-know and use the information for a purpose that is compatible with the original
collection. All prospective information handlers must be authorized to access the information. This
mitigates the risk of unauthorized disclosure by requiring a trained USCIS employee with access
to the information to review the information before sharing the information with security personnel
at a U.S. Embassy or Consulate.
Section 7.0 Redress
The following questions seek information about processes in place for individuals to seek
redress, which may include access to records about themselves, ensuring the accuracy of the
information collected about them, and/or filing complaints.
7.1
What are the procedures that allow individuals to access their
information?
InfoPass allows online customers to access their scheduled appointments through the
online interface. InfoPass allows the individual or his or her representative to cancel an
appointment and then schedule another appointment using the correct information if inaccurate
information was provided. Customers seeking access to their scheduled appointment information
may access it any time prior to the date and time of their scheduled appointment.
CMIS is a customer queuing and information gathering system that manages the flow of
customers who visit Field Offices. CMIS gathers limited customer PII and statistical information
about the services the customer received while in the office, such as time spent waiting, time spent
with an ISO / adjudicator, and types of services offered. USCIS maintains appointment history
data in CMIS until the information is no longer needed. Customers seeking access to their
appointment history may request access to it at any time.
An individual seeking access to his or her information held by USCIS may gain access to
his or her records by filing a Freedom of Information Act (FOIA) or Privacy Act request.
Individuals not covered by the Privacy Act or Judicial Redress Act (JRA) still may obtain access
to records consistent with FOIA unless disclosure is prohibited by law or if the agency reasonably
foresees that disclosure would harm an interest protected by an exemption. Any individual seeking
access to his or her information should direct his or her request to the following address:
U.S. Citizenship and Immigration Services
National Records Center
FOIA/PA Office
P.O. Box 648010
Lee’s Summit, MO 64064-8010
�Privacy Impact Assessment
USCIS, Customer Scheduling and Services
Page 19
The process for requesting records can be found at 6 CFR § 5.21. The request should state clearly
the information that is being requested. The procedures for making a request for access to one’s
records can be found on the USCIS web site, located at www.uscis.gov.
7.2
What procedures are in place to allow the subject individual to
correct inaccurate or erroneous information?
Online customers and their representatives have the ability to correct information by
cancelling the scheduled appointment and then scheduling another appointment using the correct
information in InfoPass. The customer must first cancel the appointment, and then reschedule the
appointment with the correct information. Customer and appointment data is deleted from NASS
when an appointment is cancelled.
Individuals will not have the ability to correct appointment information after the
appointment date has passed. Individuals are able to correct potentially inaccurate data that they
submitted during the appointment with an ISO.
7.3
How does the project notify individuals about the procedures for
correcting their information?
The procedures for individuals to correct their information are outlined in this PIA, the
SORNs associated with this system, and the instructions displayed while creating an USCIS
appointment. After the appointment is completed, InfoPass does provide an individual means to
change appointment data by cancelling the original appointment (before the passing of the
appointment date) by using his or her full name, date of birth, confirmation number and PIN
number.
7.4
Privacy Impact Analysis: Related to Redress
There is no privacy risk related to redress. The redress and access measures offered by
USCIS are commensurate with the purpose of the system. USCIS notifies individuals about
procedures to correct their information in this PIA, the SORN associated with this system, and
while creating an USCIS appointment. InfoPass allows the individual or his or her representative
to cancel an appointment and then schedule another appointment using the correct information if
inaccurate information was provided. The cancellation of an appointment will delete all biographic
and appointment information including the system-generated data, such as the confirmation
number.
Section 8.0 Auditing and Accountability
The following questions are intended to describe technical and policy based safeguards and
security measures.
�Privacy Impact Assessment
USCIS, Customer Scheduling and Services
Page 20
8.1
How does the project ensure that the information is used in
accordance with stated practices in this PIA?
InfoPass, NASS, and CMIS have an audit trail capability that monitors user activities and
generates alerts for unauthorized access attempts. The general audit log and the security log allows
the Global Administrator to select event type such as access or logon and the data displayed
includes timestamp, name, IP, transaction, and site. This auditing influences users to use the system
appropriately.
NASS limits the number of employees with access to PII to those who need the information
to perform their duties, and will utilize software to perform network level auditing of the
application. With the exception of district, region, and global administrators, users are limited to
access data for only their specific location. NASS retains all data indefinitely for historical and
statistical purposes as well as to support the customer service assessments.
The USCIS and DHS trusted internet connection uses a commercial off-the-shelf solution
to protect USCIS and internet connections. This network level protection includes connection
auditing, detection, and prevention of suspect or malicious connections in order to limit or prevent
malicious use of the systems. These products include firewalls, routers, and load
balancer/application firewalls that forward system event messages to a central logging facility. The
central logging facility has the ability to detect known probe or attack signatures.
8.2
Describe what privacy training is provided to users either
generally or specifically relevant to the project.
All federal employees and contractors are required to complete annual privacy and security
awareness training. The Culture of Privacy Awareness training addresses appropriate privacy
concerns, including Privacy Act obligations (e.g., SORN, Privacy Notice). The Computer Security
Awareness training examines appropriate technical, physical, personnel, and administrative
controls to safeguard information.
8.3
What procedures are in place to determine which users may
access the information and how does the project determine who
has access?
USCIS employs role-based access controls so only employee users with a need-to-know
have access to the information in the system. NASS and CMIS provide a warning banner at all
access points to deter unauthorized use of information by external and internal users. The banner
warns authorized and unauthorized users about the appropriate uses of the system, that the system
may be monitored for improper use and illicit activity, and that there are penalties for noncompliance.
�Privacy Impact Assessment
USCIS, Customer Scheduling and Services
Page 21
External Users
External users are customers and their representatives who seek to schedule an appointment
with a USCIS Field Office. InfoPass is publicly available to customers through my.uscis.gov for
the purpose of scheduling and managing an appointment. A customer may only schedule one
appointment using his or her PII.
Internal Users
Internal access is limited to registered employee users. Internal access to information is on
a need-to-know basis. This need-to-know is determined by the users and their respective
responsibilities. Moreover, access privileges, for both internal and external users, is limited by
establishing role-based user accounts to minimize access to information that is not needed for
appointment management. USCIS has the capability of identifying and deactivating unused
accounts.
8.4
How does the project review and approve information sharing
agreements, MOUs, new uses of the information, new access to the
system by organizations within DHS and outside?
USCIS has formal review and approval process in place for new sharing agreements. Any
new use of information and/or new access requests for the system must go through the USCIS
change control process and must be approved by the proper authorities.
Responsible Officials
Donald Hawkins
Privacy Officer
U.S. Citizenship and Immigration Services
Approval Signature
Original, signed copy on file with the DHS Privacy Office
Philip S. Kaplan
Chief Privacy Officer
Department of Homeland Security
�
| File Type | application/pdf |
| File Title | DHS/USCIS/PIA-046a Customer Scheduling and Services |
| Author | U.S. Department of Homeland Security Privacy Office |
| File Modified | 2024-09-04 |
| File Created | 2017-12-08 |