Pia

privacy-pia-cbp-ace003b-appendixa-march2020.pdf

Notice of Detention

PIA

OMB: 1651-0073

Document [pdf]
Download: pdf | pdf
Privacy Impact Assessment
for the

Automated Commercial Environment (ACE)
DHS/CBP/PIA-003(b)
July 31, 2015
Contact Point
Deborah Augustin
Acting Executive Director
ACE Business Office, Office of International Trade
(571) 468-8362
Reviewing Official
Karen L. Neuman
Chief Privacy Officer
Department of Homeland Security
(202) 343-1717

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 1

Abstract
The Automated Commercial Environment (ACE) is the backbone of the U.S. Customs and
Border Protection’s (CBP) trade information processing and risk management activities and is the
key to implementing many of the agency’s trade transformation initiatives. ACE allows efficient
facilitation of imports and exports and serves as the primary system used by U.S. Government
agencies to process cargo. ACE will serve as the “Single Window” for trade facilitation as
mandated by Executive Order 13659, Streamlining the Export/Import Process for America’s
Businesses. CBP published this Privacy Impact Assessment (PIA) for ACE because ACE collects,
maintains, uses, and disseminates import and export information from the trade community that
contains personally identifiable information (PII).

Overview
Before September 11, 2001, the major responsibility of the former U.S. Customs Service
(“Customs”) was to administer the Tariff Act of 1930, as amended. When Customs subsequently
merged with other border enforcement agencies to become U.S. Customs and Border Protection,
CBP’s priority mission became homeland security: detecting, deterring, and preventing terrorists
and their weapons from entering the United States. This mission fits ideally with CBP’s longestablished responsibilities for protecting and facilitating international trade. CBP retains its
traditional enterprise of protecting the nation’s revenue by assessing and collecting duties, taxes,
and fees incident to international traffic and trade. Further, by providing procedural guidance to
the import community, CBP enhances and increases compliance with domestic and international
customs laws and regulations. CBP thus helps importers ensure that their shipments are free from
terrorist or other malicious interference, tampering, or corruption of containers or commodities.
CBP executes the responsibilities for which it has always been known: controlling,
regulating, and facilitating the movement of carriers, people, and commodities between the United
States and other nations; protecting the U.S. consumer and the environment against the
introduction of hazardous, toxic, or noxious products into the United States; protecting domestic
industry and labor against unfair foreign competition; and detecting, interdicting, and investigating
smuggling and other illegal practices aimed at illegally entering narcotics, drugs, contraband, or
other prohibited articles into the United States. CBP is also responsible for detecting, interdicting,
and investigating fraudulent activities intended to avoid the payment of duties, taxes and fees, or
activities meant to evade the legal requirements of international traffic and trade; and for detecting,
interdicting, and investigating illegal international trafficking in arms, munitions, currency, and
acts of terrorism at U.S. ports of entry.

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 2

CBP Entry Process
When a shipment reaches the United States, the importer of record (i.e., the owner,
purchaser, or licensed customs broker designated by the owner, purchaser, or consignee) will file
the necessary paper or electronic documents with CBP to facilitate the entry of the merchandise.1
The importer of record files the entry with the CBP port director at the port where the merchandise
arrived in the United States. The information filed as part of the entry must be sufficient to enable
CBP to determine whether the imported merchandise may be released from CBP custody.
Imported goods are not legally entered until after the shipment has arrived within the port of entry,
delivery of the merchandise has been authorized by CBP, and estimated duties have been paid. It
is the importer of record’s responsibility to arrange for examination and release of the goods.
Entry by Importer
Merchandise arriving in the United States by commercial carrier must be entered by the
owner, purchaser, his or her authorized regular employee, or by the licensed customs broker
designated by the owner, purchaser, or consignee. Customs brokers are the only persons who are
authorized by the tariff laws of the United States to act as agents for importers in the transaction
of their customs business.2
Entries Made by Others
Entry of goods may be made by a nonresident individual or partnership, or by a foreign
corporation through a U.S. agent or representative of the foreign shipper, a member of the
partnership, or an officer of the corporation.3
A licensed customs broker named in a CBP power of attorney4 may make entry on behalf
of the foreign shipper or his representative. The owner’s declaration made by a nonresident
“Entry” means that documentation required by 19 CFR § 142.3 to be filed with the appropriate CBP officer to
secure the release of imported merchandise from CBP custody, or the act of filing that documentation. “Entry” also
means that documentation required by 19 CFR §181.53 to be filed with CBP to withdraw merchandise from a dutydeferral program in the United States for exportation to Canada or Mexico or for entry into a duty-deferral program
in Canada or Mexico (19 CFR § 141.0a(a)).
2
Customs brokers are private individuals or firms licensed by CBP to prepare and file the necessary customs entries,
arrange for the payment of duties found due, take steps to effect the release of the goods in CBP custody, and
otherwise represent their principals in customs matters.
3
The surety on any CBP bond required from a nonresident individual or organization must be incorporated in the
United States. In addition, a foreign corporation in whose name merchandise is entered must have a resident agent in
the state where the port of entry is located who is authorized to accept service of process on the foreign
corporation’s behalf.
4
A nonresident individual, partnership, or foreign corporation may issue a power of attorney to a regular employee,
customs broker, partner, or corporation officer to act in the United States for the nonresident employer. Any person
named in a power of attorney must be a resident of the United States who has been authorized to accept service of
process on behalf of the person or organization issuing the power of attorney. The power of attorney to accept
service of process becomes irrevocable with respect to customs transactions duly undertaken. Either the applicable
1

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 3

individual or organization, which the customs broker may request, must be supported by a surety
bond providing for the payment of increased or additional duties found due.
A nonresident, individual or partnership, or a foreign corporation may issue a power of
attorney to authorize the persons or firms named in the power of attorney to issue like powers of
attorney to other qualified residents of the United States and to empower the residents to whom
such powers of attorney are issued to accept service of process on behalf of the nonresident
individual or organizations.
1. Entry of Merchandise
Goods may be entered for consumption,5 entered for warehouse at the port of arrival,6 or
they may be transported in-bond7 to another port of entry and entered there under the same
conditions as at the port of arrival. Arrangements for transporting the merchandise in-bond to an
inland port may be made by the consignee, by a customs broker, or by any other person with an
interest in the goods for that purpose.
“Entering” merchandise into the United States is a two-part process consisting of (1)
admissibility and (2) characterization and value. For admissibility determinations, importers of
record must file the documents necessary to determine whether merchandise may be released from
CBP custody. For characterization and value determinations, importers of record must file the
documents that contain information for duty assessment and statistical purposes. Both of these
processes can be accomplished electronically via the Automated Broker Interface (ABI) program.
ABI is a voluntary program available to brokers, importers, carriers, port authorities, and
independent service centers. ABI allows brokers who have established accounts to electronically
file required import data with CBP.
Entry documents may include but are not limited to:
•

Application and Special Permit for Immediate Delivery (CBP Form 3461) or other
form of merchandise release required by the port director;

•

Evidence of “right to make entry;”8

CBP form (see Appendix) or a document using the same language as the form is acceptable. References to acts that
the issuer has not authorized the agent to perform may be deleted from the form or omitted from the document.
5
“Entered for consumption” means that an entry summary for consumption has been filed with CBP in proper form,
with estimated duties attached. “Entered for consumption” also means the necessary documentation has been filed
with CBP to withdraw merchandise from a duty-deferral program in the United States for exportation to Canada or
Mexico or for entry into a duty-deferral program in Canada or Mexico (19 CFR § 141.0a(f)).
6
“Entered for warehouse” means that an entry summary for warehouse has been filed with Customs in proper form
(19 CFR § 141.0a(g)).
7
“Entered temporarily under bond” means that an entry summary supporting a temporary importation under bond
has been filed with Customs in proper form (19 CFR § 141.0a(h)).
8
All merchandise imported into the United States is required to be entered, unless specifically excepted (19 CFR §
141.4).

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 4

•

Commercial invoice or a pro forma invoice when the commercial invoice cannot be
produced;

•

Packing lists, if appropriate; and

•

Other documents necessary to determine merchandise admissibility, including
documents required by other federal agencies.

The entry must be accompanied by evidence that a bond has been posted with CBP to cover
any potential duties, taxes, and charges that may accrue. Bonds may be secured through a resident
U.S. surety company, and may be posted in the form of U.S. currency or certain U.S. Government
obligations. In the event that a customs broker is employed for the purpose of making entry, the
broker may permit the use of his bond to provide the required coverage.
2. Right to Make Entry
Goods may only be entered into the United States by their owner, purchaser, or a licensed
customs broker. A bill of lading,9 properly endorsed by the consignor, may serve as evidence of
the right to make entry. An air waybill may be used for merchandise arriving by air. In most
instances, entry is made by a person or firm certified by the carrier bringing the goods to the port
of entry. This entity (i.e., the person or firm certified) is considered the “owner” of the goods for
customs purposes. In certain circumstances, entry may be made by means of a duplicate bill of
lading or a shipping receipt. When the goods are not imported by a common carrier, possession of
the goods by the importer at the time of arrival shall be deemed sufficient evidence of the right to
make entry.
Importer Security Filing
On January 26, 2009, a new rule titled Importer Security Filing and Additional Carrier
Requirements (commonly known as “10+2” or ISF)10 went into effect. The ISF requires importers
to submit 10 select data elements from the manifest and entry documents and two data elements
(the “vessel stow plan” and the “container status message” from the shipper or carrier of the
merchandise). The information submitted on the ISF improves CBP’s ability to identify high-risk
shipments in order to prevent smuggling and ensure cargo safety and security.
Importers submit ISF data to CBP via the Automated Commercial Environment (ACE)
Secure Portal or the Electronic Data Interchange (EDI). However, ISF data is stored within CBP’s
9

A Bill of Lading is a commercially available document issued by a carrier to a shipper, signed by the captain,
agent, or owner of a vessel, furnishing written evidence regarding receipt of the goods, the conditions on which
transportation is made (contract of carriage), and the engagement to deliver goods at the prescribed port of
destination to the lawful holder of the Bill of Lading. CBP regulates cargo declaration (CBP Form 1302) data in
accordance with the Customs Regulations at 19 CFR, Part 4.
10
73 FR 71730 (November 25, 2008).

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 5

Automated Targeting System (ATS).11 For a full list of data elements required for the ISF, please
see Appendix B of the ATS PIA.12
3. Examination of Goods and Entry Documents
Following presentation of the entry, the shipment may be examined or examination may
be waived. The shipment is then released if no legal or regulatory violations have occurred.
Examination of goods and documents is necessary to determine, among other things:
•

The value of the goods for customs purposes and their dutiable status;

•

Whether the goods must be marked with their country of origin or require special
marking or labeling. If so, whether they are marked in the manner required;

•

Whether the shipment contains prohibited articles;

•

Whether the goods are correctly invoiced;

•

Whether the goods are in excess of the invoiced quantities or a shortage exists; and

•

Whether the shipment contains illegal narcotics.

Prior to the goods’ release, the port director will designate representative quantities for
examination by CBP under conditions that will safeguard the goods. Additionally, examinations
may also be conducted by Partner Government Agencies (PGA) for merchandise that falls within
those agencies area of responsibility, e.g., Food and Drug Administration (FDA). Some kinds of
goods must be examined to determine whether they meet special requirements of the law. For
example, food and beverages unfit for human consumption would not meet the requirements of
the FDA.
Importers of record, or their agents, must file entry summary documentation13 and deposit
any estimated duties within 10 working days of the entry of the merchandise at a designated
customhouse. Entry summary documentation consists of:

11

•

Return of the entry package to the importer, broker, or his authorized agent after CBP
permits the release of the merchandise;

•

Entry summary (CBP Form 7501); and

DHS/CBP/PIA-006(b) Automated Targeting System (June 1, 2012), available at
http://www.dhs.gov/publication/automated-targeting-system-ats-update.
12
Id.
13
“Entry summary” means any other documentation necessary to enable Customs to assess duties, collect statistics
on imported merchandise, and determine whether other requirements of law or regulation are met. (19 CFR §
141.0a(b)).

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 6

•

Other invoices and documents necessary to assess duties, collect statistics, or determine
that all import requirements have been satisfied.

ACE Modernization
As a part of CBP’s mission to facilitate trade and enforce the nation’s import and export
laws, CBP is engaged in an ongoing effort to modernize its business practices and information
technology (IT) assets. These IT assets are essential to securing U.S. borders, speeding the flow of
legitimate shipments, and targeting illicit goods that require scrutiny.15 The key IT component of
these initiatives is ACE, an upgraded and modernized version of several legacy IT systems. ACE
is the main IT component within the International Trade Data System (ITDS), an interagency
initiative formalized under the Security and Accountability for Every Port Act of 2006 (the SAFE
Port Act).16
14

On February 19, 2014, the President signed Executive Order (E.O.) 13659, Streamlining
the Export/Import Process for America’s Businesses, which establishes a deadline for completion
of CBP’s modernization of ACE, requires PGAs to transition from paper-based forms to electronic
data collection, and calls for enhanced transparency requiring CBP to publicly post ACE
modernization implementation plans and schedules.17 To comply with E.O. 13659, CBP will
complete the development of core trade processing capabilities in ACE and decommission legacy
system capabilities by December 31, 2016. At that time, ACE will become the “single window”18
for trade processing and the primary system through which the international trade community will
submit import and export data to various federal agencies. To meet this deadline, CBP will
decommission two major legacy IT systems: the Automated Manifest System (AMS) and the
Automated Commercial System (ACS). ABI (which was an integral part of legacy ACS) will
remain the method by which electronic information is transmitted to ACE. ABI allows qualified
14

In 2014, CBP Officers processed more than $2.46 trillion in trade and nearly 25.6 million cargo containers
through the nation’s Ports of Entry (POE).
15
On December 8, 1993, Title VI of the North American Free Trade Agreement Implementation Act (Pub. L. 103182, 197 Stat. 2057), also known as the Customs Modernization Act or “Mod” Act, became effective. These
provisions amended many section of the Tariff Act of 1930 and related laws. In support of the Mod Act, Customs
began the ongoing process of modernizing its core trade processing functions and systems.
16
The ITDS, as described in section 405 of the Security and Accountability for Every Port Act of 2006 (the “SAFE
Port Act”) (Public Law 109-347), is an electronic information exchange capability, or “single window,” through
which businesses will transmit data required by participating agencies for the importation or exportation of cargo.
17
Executive Order No. 13659, Streamlining the Export/Import Process for America’s Businesses (February 19,
2014), available at https://www.whitehouse.gov/the-press-office/2014/02/19/executive-order-streamliningexportimport-process-america-s-businesses.
18
Executive Order No. 13659, Streamlining the Export/Import Process for America’s Businesses (February 19,
2014), available at https://www.whitehouse.gov/the-press-office/2014/02/19/executive-order-streamliningexportimport-process-america-s-businesses.

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 7

trade participants to electronically file required import data with CBP thus expediting the release
of merchandise for the trade community.
Since trade requirements will continue to evolve, CBP anticipates further development to
ensure trade automation capabilities in ACE. ACE will continue to adapt to meet changing needs
with state-of-the-art automation that speeds legitimate trade and continually improves CBP’s
ability to assess risk and identify unsafe shipments. As CBP continues to develop capabilities to
streamline trade processes, this PIA will be updated.
Single Window
E.O. 13659 mandates the implementation of a “single window” for trade.19 A single
window is an “electronic information exchange capability through which businesses will transmit
data required by participating agencies for the importation or exportation of cargo.”20 CBP is
upgrading and modernizing ACE to serve as the U.S. Government single window by providing a
single, centralized access point to connect CBP, PGAs, and the trade community.21
Forty-seven PGAs22 are involved in the trade process and among these PGAs nearly 200
forms are required for importers and exporters to complete. The current processes are largely
paper-based and require importers and exporters to manually input information into multiple
Government-owned electronic systems. As a result, importers and exporters are often required to
submit the same data to multiple agencies at multiple times. The single window initiative is the
effort to create a single system to eliminate multiple paper processes and ensure importers and
exporters only have to submit information once.
Participating in ACE
There are two primary methods of interacting with ACE:
1. Filing transactions via Electronic Data Interchange (EDI) Interface: With the
exception of filing an electronic truck manifest and the ISF for low volume filers, EDI
is the only mechanism through which transactions (entries, entry summaries, and ocean
and rail manifests) can be filed in ACE.
2. Filing transactions via the ACE Secure Data Portal: The ACE portal is an online tool
that allows users to file Importer Security Filing (ISF), electronic truck manifests, access
Executive Order No. 13659, Streamlining the Export/Import Process for America’s Businesses (February 19,
2014), available at https://www.whitehouse.gov/the-press-office/2014/02/19/executive-order-streamliningexportimport-process-america-s-businesses.
20
Id.
21
See Appendix A for current list of PGAs with a signed Memorandum of Understanding with CBP.
22
From ensuring motor carrier safety to safeguarding against hoof and mouth disease, the 47 ITDS partner
government agencies currently slated for ACE integration are as diverse as international trade is complex. The PGAs
represent ten cabinet level and four independent departments/agencies. For additional information about PGAs,
please visit http://www.itds.gov/xp/itds/toolbox/organization/pgas/.
19

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 8

financial data, and run reports. ACE reports can be used to monitor compliance and daily
operations.

Electronic Data Interchange (EDI)
EDI is an electronic communication framework that provides standards for exchanging
data via any available electronic means. Trade filers are able to electronically transmit import and
export data to CBP through EDI. Filings transmitted through EDI link to all CBP systems,
including ACE. Electronic communication through EDI allows trade filers to receive faster
decision responses for the movement of cargo. Business entities that wish to communicate via EDI
to CBP may use a certified software provider, become a self-filer, or contract a service center.
EDI allows the trade community to file:
•

Importer Security Filing Data;

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 9

•

Import Ocean, Rail, or Truck Manifests;

•

Entries;

•

Entry Summaries;

•

Export commodity data; and

•

Supporting documentation.

Members of the trade community may opt-in to receive automated status notices from EDI.
ACE Secure Data Portal
The ACE Secure Data Portal is a web-based interface for ACE available at
www.cbp.gov/trade/automated that provides a centralized online access point to connect CBP,
trade representatives, and PGAs involved in importing goods into the United States. The portal
provides account holders the ability to identify and evaluate compliance issues, monitor daily
operations, set up payment options, review filings, access a reports tool, compile data, and perform
national trend analysis.
ACE Secure Data Portal allows the trade community to:
•

File Importer Security Filing Data;

•

File Import Truck Manifests;

•

File Responses to CBP Forms 28, 29, and 4647;

•

Run reports;

•

Manage account and Periodic Monthly Statement Information;

•

Create blanket declarations; and

•

File Import or Export Bonds.

With respect to accounts, the portal provides access to transaction and financial data and
permits users to download large quantities of account data and transfer that data to their own
reporting system. The portal enables users to enroll in Periodic Monthly Statement and customize
payment schedules. Within the portal, the portal updates Account Revenue data hourly; MultiModal Manifest data every two hours; and compliance data monthly. All other reporting data is
updated nightly.
The ACE Secure Data Portal helps improve compliance with trade laws by allowing users
to run targeted reports to conduct in-house audits, identify systemic errors, and be provided with
insight into entries under review by CBP. The portal also facilitates identification of unauthorized
filers and allows the monitoring of cargo carrier activity by driver, conveyance, or equipment.

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 10

Users may also monitor rail and sea in-bond movements, bills of lading manifest, and equipment
data.
ACE Account Access
In order to participate in ACE, requesting participants must submit a letter of intent (LOI)
requesting access to a specific system and an Interconnection Security Agreement (ISA)23 to
connect to a CBP IT system. The LOI should be submitted to [email protected] on
company letterhead.
Account types within ACE can be categorized into three broad groups. The access groups
currently available within ACE include:
•

Filers – Broker, Filer, and Surety;

•

Service Providers – Software Vendor; Service Bureau; Port Authority; Preparer; and
Surety Agent; and

•

Operators – Facility Operator (Warehouse, Container Freight Station, Container
Examination Station), Foreign Trade Zone Operator, Cartman/Lighterman,24 Air
Carrier, Rail Carrier, Sea Carrier, Truck Carrier, and Driver/Crew.

Data elements required by CBP for ACE account access vary for each of these groups, and
each data element is discussed in turn in Section 2.1.

ACE Modules and Functionality
Once participants have filed an LOI or ISA as required, and completed the user account
registration process, ACE users can access several modules within ACE to conduct their trade
business:
1. Manifest
ACE e-Manifest
ACE currently supports the processing of rail, sea, and truck electronic manifests.
Electronic manifests allow the Government to more quickly determine if incoming cargo poses a
CBP Information Systems Security Policy requires all participants that transmit electronic data directly to CBP’s
automated systems to file a signed Interconnection Security Agreement (ISA). If an entity is using a connection
already established through a Service Center or VPN, an ISA may not be required. For additional information and
required forms see http://www.cbp.gov/trade/automated/getting-started/transmitting-data-cbp-electronic-datainterchange-edi.
24
A “cartman” is one who undertakes to transport goods or merchandise within the limits of the port (19 CFR §
112.1). A “lighterman” is one who transports goods or merchandise on a barge, scow, or other small vessel to or
from a vessel within the port, or from place to place within a port (19 CFR § 112.1).
23

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 11

risk or can proceed into the country. CBP will expand ACE to include air electronic manifests in
2015.
ACE e-Manifest accepts manifest data electronically submitted by importers, carriers, and
brokers. Truck carriers are able to file manifests via EDI or the ACE Secure Data Portal; however,
ocean, rail, and air carriers25 transmit their manifest data solely by EDI. ACE manifest
functionality also allows for enhanced capabilities such as managing the financial details related
to importation of merchandise for authorized users. CBP sends status messages and replies via
EDI.
2. Cargo Release
Cargo Release
The first requirement to enter merchandise into the United States is a successful finding of
admissibility by CBP. For admissibility determinations, importers of record must file the
documents necessary to determine whether merchandise may be released from CBP custody. This
is known as “cargo release.”
After importers of record file manifest and informal entry information26 via EDI or the
ACE Secure Portal, cargo can be released from the port and the importer has up to 10 days to file
entry summary information (including any duty payments). ACE Cargo Release module allows
importers to file the entry information electronically. This data fulfills merchandise entry
requirements and allows CBP to make earlier cargo release decisions. This, in turn, provides more
certainty for the importer in determining how long the cargo will take to be released from CBP
custody. Cargo may be released in-bond pending the completed entry summary.
3. Post Release
ACE participants can file entry summaries in ACE for Antidumping/Countervailing Duty
(AD/CVD), Consumption, Formal, and Informal entry types (Types 01, 03, 11). ACE Periodic
Monthly Statements also allow participants to pay duties and fees on a monthly basis rather than
transaction by transaction.
Entry Summary
ACE participants may submit their entry summary (the formal, legal submission of an
imported commodity’s description, quantity, value, country of origin, customs duty obligation,
and the commodity’s satisfaction of any other PGA requirements that affect admission into U.S.
25

CBP provided a free method of submitting data, given the very large number of North American truck carriers. At
last tally, there were 400,000 registered, many of which are typically small business owners. While not all are
international crossers, the cost associated with buying a software solution to communicate with ACE would not have
been practical for many of the carriers.
26
Importers that wish to file informal entry in advance of the formal entry summary (CBP Form 7501) may file a
CBP Form 3461.

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 12

commerce) for their imported commodity. ACE fully replaces the former paper processes, which
helps to decrease courier and administrative costs for the importing community.
ACE provides the functionality to process “edits” or checks, which validate the accuracy
of the data on the entry summary. ACE provides automated validation calculations for such items
as the harbor maintenance fee, commodity classification, simple and complex duty calculations,
the merchandise processing fee, entry restrictions, taxes, and other associated fees.
Electronic Bond Filing (eBond)
In January 2015, CBP launched capabilities in ACE that enable electronic bond filing
(eBond). eBond allows the importer to identify the bond being used to guarantee her or his promise
to pay a financial obligation associated with the importation of the commodity. A bond is a form
contract between the importer, a surety (insurer), and CBP that states that if the importer is unable
to satisfy a financial obligation to CBP, then the surety will step in and pay the obligation. This
requires the importer to provide certain identity and financial information to the surety to facilitate
this process of Single Transaction Bonds (STB) and Continuous Bonds and Bond Riders from a
surety, surety agent, or via the ACE Portal. CBP is able to provide electronic bond status update
messages back to a surety, the surety’s agent, and other parties with a financial interest in the
merchandise via EDI. Bond validations are required for ACE Cargo Release and ACE Entry
Summary.
CBP launched eBond in response to a June 2011 Department of Homeland Security (DHS)
Office of Inspector General (OIG) report citing bond execution errors, deficiencies in bond
retention, and other issues that challenge CBP’s ability to collect on STB. eBond also enhances
CBP’s ability to report to Congress or the Department of the Treasury (“Treasury”) on key
inquiries regarding bonds, and protects CBP by informing CBP officers that a valid bond has been
secured before cargo is released into commerce.
eBond is an electronic mechanism for the submission of Customs Bonds from a Surety or
Surety Agent to ACE via EDI to be stored and used for various downstream processes for which
a bond is required. eBond accepts Single Transaction Bonds and Continuous Bonds electronically
and eliminates the mandatory paper requirement when a Single Transaction Bond is used to secure
Cargo Release.
Periodic Monthly Statement
Periodic Monthly Statements enable trade users to streamline accounting and payment of
duties and fees. By signing up, users can adopt an interest-free periodic payment schedule and
delay the payment of duties, fees, and taxes until they are deposited on a monthly basis. Filers may
mark entry summaries they wish to be paid on the statement and then submit payments through
Automated Clearing House (ACH) processing. ACE account holders have the ability to pay for
shipments entered or released during the previous calendar month by the 15th business day of the

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 13

following month. Filers must establish an ACE Secure Data Portal Account and select either a
national or a port statement. Brokers may pay on behalf of importers. The use of the Periodic
Monthly Statement functionality allows the user to track activity with customized account views
through the ACE Secure Data Portal.
4. Exports
Exports
Pursuant to Executive Order 13659, the export process is being brought under the ACE
umbrella so that ACE may serve as the single window for both imports and exports. CBP discusses
the export process in the Export Information Systems (EIS) PIA.27
In April 2014, CBP deployed full export processing capabilities in ACE and
decommissioned corresponding processing capabilities in the Automated Export System (AES).
CBP will begin a pilot in 2015 to electronically collect air, rail, and ocean export manifest
information.28 AES will eventually be integrated into ACE; CBP will deploy functionality to allow
for AES filings via the ACE Secure Portal starting in October 2015. CBP will conduct a PIA
update to the ACE or EIS PIA to describe this expanded functionality for the export process.
5. Document Image System (DIS)
Document Image System
Document Image System (DIS) allows trade users to electronically submit images of
documentation required by CBP or PGAs during the import and export process. This
documentation includes general forms such as commercial invoices, packing lists, invoice working
sheets, as well as forms to support cargo release (e.g., government issued identification, vehicle
titles, and certificates). Trade users may also use DIS to submit agency specific forms such as
licenses, permits, or regulatory certificates.
Through DIS, the trade community has the ability to send electronic images of specific
CBP and PGA forms and supporting information to CBP via EDI in lieu of conventional paper
methods. DIS stores these images and makes them available for CBP and PGA users for review
for acceptance or rejection. DIS provides storage of all submitted images in a secure centralized
location in order to link to the appropriate ACE entry summaries.
Finally, DIS allows trade partners to supply supporting documentation electronically as
image files to CBP and PGAs. DIS integrates with the ACE Secure Data Portal, allowing
authorized personnel access to images of submitted documents to perform coordinated reviews.

27

See, Privacy Impact Assessment for the Export Information System (EIS), DHS/CBP/PIA-020 (January 31,
2014).
28
80 Fed. Reg. 32971 (June 10, 2015).

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 14

6. PGA Integration
ACE is working closely with PGAs to implement the single window, which is part of the
ITDS initiative. Key single window capabilities have been deployed, including the DIS, PGA
Interoperability, and the PGA Message Set.
PGA Message Set
The PGA Message Set is a single, harmonized data set to be collected electronically from
trade members by CBP on behalf of the PGAs. This capability allows federal agencies to receive
trade data in a common format to facilitate making decisions about what cargo can come into the
United States without the myriad paper forms currently required. This capability will ultimately
provide the trade community with a “one stop shop” to electronically transmit all required import
data to the U.S. government.
Interoperability Web Service (IWS)
IWS is the pipeline through which data is transmitted between CBP and the PGAs. This
capability enables improved information sharing and faster decision making by CBP and the
PGAs.

Section 1.0 Authorities and Other Requirements
1.1 What specific legal authorities and/or agreements permit and define
the collection of information by the project in question?
CBP’s law enforcement jurisdiction is highly complex and derives authority from a wide
spectrum of federal statutes. CBP enforces customs laws related to tariff and revenue protection
pursuant to The Tariff Act of 1930, as amended.29 The following are additional legal authorities
or agreements related to ACE:

29

•

CBP has the authority to board vessels or vehicles and conduct searches of cargo
pursuant to the SAFE Port Act of 2006;30

•

Section 203 of the SAFE Port Act of 2006 and section 343(a) of the Trade Act of
2002, as amended by the Maritime Transportation Security Act of 2002;

•

Title 19 of the Code of Federal Regulations;31

•

CBP has the authority to collect Social Security numbers (SSN) under Executive
Order (E.O.) 9397, as amended by E.O. 13478.32 SSN is used because some

19 U.S.C. §§ 66, 1431, 1448, 1484, 1505, 1514, 1624, and 2071; 26 U.S.C. § 6109(d); 31 U.S.C. § 7701I.
19 U.S.C. §§ 482, 1467, 1581(a) and Pub. L. 109-347, 120 Stat. 1884 (Oct. 13, 2006).
31
19 C.F.R. §§24.5, 149.3, 101.9, and 103.31(e).
32
Pursuant to 31 U.S.C. §7701(c), 26 U.S.C. §6109(d), 19 C.F.R. §§24.5 and 149.3.
30

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 15

individuals who do not have an employer identification number (EIN) or a tax
identification number (TIN) choose to instead submit their SSN.

1.2

What Privacy Act System of Records Notice(s) (SORN(s)) apply to
the information?

Concurrent with this PIA, CBP is publishing the new Import Information System (IIS)
SORN to cover ACE and general import trade data. IIS combines the former SORNs for
ACE/ITDS and ACS into one privacy act system of records.

1.3

Has a system security plan been completed for the information
system(s) supporting the project?

Yes. ACE is presently undergoing the Security Authorization process in accordance with
DHS and CBP policy, which complies with federal statutes, policies, and guidelines. The system
will certify its Authority to Operate (ATO) upon publication of this PIA.

1.4

Does a records retention schedule approved by the National
Archives and Records Administration (NARA) exist?

Yes. CBP retains the ISF for 15 years from the date of submission. However, if it becomes
linked to an active law enforcement lookout record (i.e., specific and credible threats; individuals
and routes of concern; or other defined sets of circumstances), it remains accessible for the life of
the law enforcement matter and other related enforcement activities. All other import records are
maintained for a period of six years from the date of entry.
CBP retains information collected in connection with the submission of a Postal
Declaration for a mail importation for a maximum of six years and three months (as set forth
pursuant to NARA Authority N1-36-86-1, U.S. Customs Records Schedule, Schedule 9 Entry
Processing, Items 4 and 5).
Personal information collected in connection with the creation of a carrier, broker, or
importer account is retained for up to three years following the closing of the account either
through withdrawal by the individual or denial of access by CBP.
Lastly, CBP retains information pertaining to CBP and PGA employees regarding that
individual’s access to ACE for as long as the individual maintains his or her portal access to ACE
and authorization to access the information.

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 16

1.5

If the information is covered by the Paperwork Reduction Act
(PRA), provide the OMB Control number and the agency number
for the collection. If there are multiple forms, include a list in an
appendix.

ACE collects a number of forms relating to different commodities or trade transactions. A
list of these control numbers and forms is attached at Appendix B. The ACE Secure Data Portal is
covered by OMB Control number 1651-0105 and is the primary means of importers and other
trade filers to submit information to ACE and establish their user accounts.

Section 2.0 Characterization of the Information
The following questions are intended to define the scope of the information requested and/or collected, as
well as reasons for its collection.

2.1

Identify the information the project collects, uses, disseminates, or
maintains.

ACE collects personally identifiable information (PII) from members of the public
involved in the importation of merchandise and international trade. ACE collects PII for two
purposes: 1) to permit participants to create ACE accounts33 and 2) to permit participants to
electronically file trade documentation.
Information maintained by ACE as part of the user account creation process includes:
1. Account Information – Including Name of Company, Name of Company Officer, Title of
Company Officer, Company Organization Structure, and Officer’s Date of Birth (optional).
For Operators, this information must match the name on the company’s bond.
a. Account Owner Information – Name, Application Data, E-mail, Date of Birth,
Country, Address, and Business Phone Number.
b. Legal Entity Information34 – Name, Application Data, E-mail, Country, Address,
and Business Phone Number.

33

PII contained in ACE for user account creation is collected from Filers (i.e., Importers, Brokers, Consignees,
Filers, and Sureties); Service Providers (i.e., Carriers, Manufacturers, Shippers, Software Vendors, Service Bureaus,
Port Authorities, Preparers, Surety Agents, Attorneys/Consultants, and Agents); and Operators (i.e.,
Cartmen/Lightermen, Facility Operators, Foreign Trade Zone Operators, and Drivers/Crew). ACE also collects
information about to persons required to file Customs Declarations for international mail transactions (including
sender and recipient).
34
An Account Owner for a U.S. based truck carrier or truck driver must supply a U.S. business address. A foreignbased truck carrier or truck driver must provide their foreign business address and is not required to provide a U.S.
business address. If applying for a Broker, Importer, or Filer Account, a U.S. address is required. Importers that are
self-filers should apply for both their importer and their filer view on one ACE application.

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 17

c. Point of Contact Information – Name, Application Data, E-mail, Country, Date of
Birth, Address, and Business Phone Number.
2. Business Activity Information – Depending on the account type being established, the
following identifying information is required to set up an ACE portal account. Users are
limited to a single identification number for the portal account being requested with the
exception of: importer, broker, filer, software vendor, service bureau, port authority,
preparer, or surety agent, which can use up to three identifying numbers for each portal
view:
a. Importer/Broker/Filer/Surety: Importer Record Number; Filer Code; Taxpayer
Identification Number (TIN) [e.g., Internal Revenue Service (IRS) Employer
Identification Number (EIN)/SSN]; Surety Code.
b. Service Provider:35 Standard Carrier Alpha Code (SCAC) or Filer Code; EIN/SSN.
c. Operator: EIN/SSN, Bond Number, Facilities Information and Resources
Management System (FIRMS) Code, Zone Number, Site Number. Operators must
also note whether their background investigation has been completed by CBP and
whether their fingerprints are on file with CBP.36
d. Cartman/Lighterman: Cartman/Lighterman Identification Number, Customhouse
License (CHL) Number, Passport Number, Country of Issuance, Date of
Expiration, U.S. Visa Number, Birth Certification Number, Permanent Resident
Card Number, Certificate of Naturalization, Certificate of U.S. Citizenship, Reentry Permit Number (I-327), Refugee Permit Number, Other Identification (such
as Military Dependent’s Card, Temporary Resident Card, Voter Registration Card).
Cartman/Lighterman must also note whether his or her background investigation
has been completed by CBP and whether his or her fingerprints are on file with
CBP.
e. Carriers: Standard Carrier Alpha Code (SCAC), Bond Numbers, Importer Record
for Type 2 Bond (if applicable).
f. Drivers/Crew: Commercial Driver License (CDL) Number, State/Province of
Issuance, Country, whether the Driver has an Enhanced CDL or is HAZMAT
endorsed, Full Name, Date of Birth, Gender, Citizenship, Travel Documentation
(and Country of Issuance) such as: Passport Number, Permanent Resident Card, or
other type of identification including: SENTRI Card, NEXUS37, U.S. Visa (non35

Software Vendor, Service Bureau/Ctr., Port Authority, Preparer, or Surety Agent.
Background investigation information is not stored in ACE. Background investigation information is stored in
DHS Integrated System for Security Management (ISMS); fingerprints are maintained by OPM..
37
Available at, http://www.cbp.gov/travel/trusted-traveler-programs.
36

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 18

immigrant or immigrant), Permanent Resident Card, U.S. Alien Registration Card,
U.S. Passport Card, DHS Refugee Travel Document, DHS Re-Entry Permit, U.S.
Military ID Document, or U.S. Merchant Mariner Document.

Information maintained by ACE as part of the trade facilitation process includes:
Filer Information
1. Importer of Record Name and Address – The name and address, including the standard
postal two-letter state or territory abbreviation, of the importer of record.38 The importer
of record is defined as the owner, purchaser, or consignee of the goods or their agent (e.g.,
a licensed customs broker). The importer of record is the individual or firm liable for
payment of all duties and meeting all statutory and regulatory requirements incurred as a
result of importation, as described in 19 C.F.R. § 141.1(b).
2. Consignee Number – IRS EIN, SSN, or CBP assigned number of the consignee. This
number must reflect a valid identification number filed with CBP via the CBP Form 5106
or its electronic equivalent.
3. Importer Number – The IRS EIN, SSN, or CBP assigned number of the importer of record.
4. Reference Number – The IRS EIN, SSN, or CBP assigned number of the individual or
firm to whom refunds, bills, or notices of extension or suspension of liquidation are to
38

Importers are required to file a CBP Form 5106 (Create/Update Importer Identity Form) at the time of their first
entry and other occasions. New and established users may use this form. For example, an established importer may
wish to launch a new division or subsidiary, change its name, or change its address. Under these circumstances an
established importer is required to file a CBP Form 5106.
In October 2014, CBP proposed to amend CBP Form 5106. In addition to renaming CBP Form 5106 from
“Importer ID Input Record” to “Create/Update Importer Identity,” the proposed changes include new data
collection. Specifically, CBP would require an SSN, Passport Number, and Passport Country of Issuance for those
officers who have importing and financial business knowledge of the importer and the legal authority to make
decisions on its behalf. Other new information that would be required includes the importer’s DUNS number, its
primary banking institution, the state or country in which it is incorporated, and a unique identifying number for the
appropriate Certificate of Incorporation.
CBP’s goal in requesting additional data is to “enhance [its] ability to make an informative assessment of
risk prior to the initial importation, and [to] provide CBP with improved awareness regarding the company and its
officers who have chosen to conduct business with CBP.” In other words, in order to carry out its mission to ensure
the safety of our nation’s borders as well as that of our global supply chain, CBP believes these additional data
elements are necessary to make an informed risk assessment of an importer prior to an initial importation. The 60day comment period for the proposed changes ended December 8, 2014. CBP received and reviewed one-hundred
and eighty-eight (188) public comments. Many of the comments were related to concern about providing SSNs and
Passport Information on corporate officers. In response, CBP modified the Agency’s position and made SSNs and
Passport Information optional, except in the scenario in which an individual is requesting to use a CBP-assigned
number for all entry documentation. In the event that the individual is requesting to use a CBP-assigned number she
or he must provide an SSN for CBP vetting purposes. CBP is publishing an Information Collection Request Notice
allowing for an additional 30 days for public comments.

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 19

be sent (if other than the importer of record and only when a CBP Form 4811 is on file).
5. Ultimate Consignee Name and Address – The name and address of the individual or
firm purchasing the merchandise or, if a consigned shipment, to whom the merchandise
is consigned.
6. Broker/Filer Information – A broker or filer name, address, and phone number.
7. Broker/Importer File Number – A broker or importer internal file or reference number.
8. Bond Agent Information – Bond agent name, SSN or a surety created identification, and
surety name.
9. Declarant Name, Title, Signature and Date – The name, job title, and signature of the
owner, purchaser, or agent who signs the declaration. The month, day, and year when the
declaration was signed.
10. Importer Business Description – Including the Importer Dun & Bradstreet (DUNS)
Number and the North American Industry Classification System (NAICS) number for
Importer Business.
11. Senior Officers of the Importing Company – Information pertaining to Senior Officers of
the Importing Company with an importing or financial role in trade transactions: Position
title; Name (First, Middle, Last); Business Phone; SSN (Optional); Passport Number
(Optional); Passport Country of Issuance (Optional).
12. Additional Data Elements – Filers may, on their own initiative, provide additional or
clarifying information on the form, provided such additional information does not
interfere with the reporting of those required data elements.

Supply Chain Information
1. Manufacturer Information:
o Manufacturer (or supplier) name;
o Manufacturer (or supplier) address;
o Foreign manufacturer identification code and/or shipper identification code;
o Foreign manufacturer name and/or shipper name; and
o Foreign manufacturer address and/or shipper address.
2. Carrier Information:
o Importing Carrier - For merchandise arriving in the United States by vessel, CBP

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 20

records the name of the vessel that transported the merchandise from the foreign
port of lading to the first U.S. port of unlading.
▪

Vessel Identifier Code;

▪

Vessel Name;

▪

Carrier Name;

▪

Carrier Address;

▪

Carrier codes (non-SSN) SCAC for vessel carriers, International Air
Transport Association (IATA) for air carriers);

▪

Department of Transportation (DOT) number,

▪

Tax Identification Number;

▪

DUNS;

▪

Organizational structure; and

▪

Insurance information including name of insurer, policy number, date of
issuance and amount.

▪

The carrier can create users and points of contact, and may also choose to
store details associated with the driver and crew, conveyance, and
equipment for purposes of expediting the creation of manifests.

o Mode of Transport - The mode of transportation by which the imported
merchandise entered the U.S. port of arrival from the last foreign country. The
mode of transport may include vessel, rail, truck, air, or mail.
o Export Date – The month, day, and year on which the carrier departed the last port
(or airport, for merchandise exported by air) in the exporting country.
3. Liquidator identification (non-SSN);
4. Seller (full name and address or a widely accepted industry number such as a DUNS
number);
5. Buyer (full name and address or a widely accepted industry number such as a DUNS
number);
6. Ship to party name;
7. Consolidator (stuffer);
8. Foreign trade zone applicant identification number;
9. Country of origin;

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 21

10. Commodity Harmonized Tariff Schedule of the United States (HTSUS) number;
11. Booking party; and
12. Other identification information regarding the party to the transaction.

Crewmember/Passenger Information
1. Carrier Information – Including vessel flag and vessel name, date of arrival and port of
arrival (CBP Form 5129);
2. Person on arriving conveyance who is in charge;
3. Names of all crew members and passengers;
4. Date of birth of each crew member and passenger;
5. Commercial driver license (CDL)/driver license number for each crew member;
6. CDL state or province of issuance for each crew member;
7. CDL country of issuance for each crew member;
8. Travel document number for each crew member and passenger;
9. Travel document country of issuance for each crew member and passenger;
10. Travel document for state/province of issuance for each crew member and passenger;
11. Travel document type for each crew member and passenger;
12. Address for each crew member and passenger;
13. Gender of each crew member and passenger;
14. Nationality/citizenship of each crew member and passenger; and
15. HAZMAT endorsement for each crew member.

Federal Employee Information (including CBP and PGA employees)
1. CBP employee names;
2. CBP employee hash identification, SSN, or other employee identification number; and
3. Federal Government employee names, work addresses, work phone numbers, and ACE
identification if already an ACE-ITDS user.

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 22

Manifest Information
1. Bill of Lading (B/L) or Air Waybill (AWB) Number – The number assigned on the
manifest by the international carrier delivering the goods to the United States.
2. Immediate Transportation Number – The Immediate Transportation number obtained
from the CBP Form 7512, the AWB number from the Transit Air Cargo Manifest
(TACM), or Automated Manifest System (AMS) master in-bond (MIB) movement
number.
3. Immediate Transportation Date – The month, day, and year obtained from the CBP Form
7512, TACM, or AMS MIB record. Note that Immediate Transportation date cannot be
prior to import date.
4. Missing Documents – Codes that indicate which documents are not available at the time
of filing the entry summary.
5. Foreign Port of Lading – The five digit numeric code listed in the “Schedule K”
(Classification of Foreign Ports by Geographic Trade Area and Country) for the foreign
port at which the merchandise was actually laden on the vessel that carried the
merchandise to the United States.39
6. U.S. Port of Unlading – The U.S. port code where the merchandise was unladen (or
delivered) from the importing vessel, aircraft, or train.
7. Location of Goods/General Order (GO) Number – Also known as a “container stuffing
location,” the pier or site where the goods are available for examination. For air
shipments, this is the flight number.

CBP Generated Records
1. Entry Number – The entry number is a CBP-assigned number that is unique to each
Entry Summary (CBP Form 7501).
2. Entry Type – Entry type denotes which type of entry summary is being filed (i.e.,
consumption, information, warehouse). The sub-entry type further defines the specific
processing type within the entry category (i.e., free and dutiable, quota/visa, antidumping/countervailing duty, and appraisement).40
3. Summary Date – The month, day, and year on which the entry summary is filed with
CBP. The record copy of the entry summary will be time stamped by the filer at the
The “Schedule K” may be retrieved at: http://www.iwr.usace.army.mil/ndc/wcsc/scheduleK/schedulek.htm.
Automated Broker Interface (ABI) processing requires an ABI status indicator. This indicator must be recorded in
the entry type code block. It is to be shown for those entry summaries with ABI status only.
39
40

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 23

time of presentation of the entry summary. Use of this field is optional for ABI
statement entries. The time stamp will serve as the entry summary date. The filer will
record the proper team number designation in the upper right portion of the form above
this block (three-character team number code).41
4. Port Code – The port is where the merchandise was entered under an entry or released
under an immediate delivery permit. CBP relies on the U.S. port codes from Schedule D,
Customs District and Port Codes, listed in Annex C of the Harmonized Tariff Schedule
(HTS).
5. Entry Date – The month, day, and year on which the goods are released, except for
immediate delivery, quota goods, or when the filer requests another date prior to release.42
It is the responsibility of the filer to ensure that the entry date shown for entry/entry
summaries is the date of presentation (i.e., the time stamp date). The entry date for a
warehouse withdrawal is the date of withdrawal.
6. Manufacturer ID – This code identifies the manufacture/shipper of the merchandise by a
CBP-constructed code. The manufacturer/shipper identification code is required for all
entry summaries and entry/entry summaries, including informal entries, filed on the CBP
Form 7501.
7. Notes – Notations and results of examinations and document review for cleared
merchandise.

Surety and Bond Information
1. Surety Information – Full legal name of entity, address.
2. Surety Number – A three-digit numeric code that identifies the surety company on the
Customs Bond. This code can be found in block 7 of the CBP Form 301, or is available
through CBP’s automated system to ABI filers via the importer bond query transaction.
3. Bond Type – A three-digit numeric code identifying the following type of bond: U.S.
Government or entry types not requiring a bond; Continuous; or Single Transaction.
4.

Additional Bond Information – All authorized users of bond, bond expiration date.

Merchandise-Specific Information

For ABI entry summaries, the team number is supplied by CBP’s automated system in the summary processing
output message.
42
19 CFR § 141.68.
41

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 24

1. Line Number – A commodity from one country, covered by a line that includes a net quantity,
entered value, HTS number, charges, rate of duty, and tax.
2. Description of Merchandise – A description of the articles in sufficient detail (i.e., gross
weight, manifest quantity, net quantity in HTS units, U.S. dollar value, all other charges,
costs, and expenses incurred while bringing the merchandise from alongside the carrier at
the port of exportation in the country of exportation and placing it alongside the carrier at the
first U.S. port of entry).
3. License Numbers – For merchandise subject to agriculture licensing.
4. Country of Origin – The country of origin is the country of manufacture, production, or
growth of any article. When merchandise is invoiced in or exported from a country other
than that in which it originated, the actual country of origin shall be specified rather than
the country of invoice or exportation.
5. Import Date – The month, day, and year on which the importing vessel transporting the
merchandise from the foreign country arrived within the limits of the U.S. port with the intent
to unlade.
6. Exporting Country – The country of which the merchandise was last part of the commerce
and from which the merchandise was shipped to the United States.

2.2

What are the sources of the information and how is the information
collected for the project?

ACE collects information primarily from importers, authorized brokers or agents, carriers,
custodians of imported merchandise such as customs bonded warehouses and foreign trade zones,
and freight forwarders. These parties may submit data electronically using their EDI or ACE
Secure Portal Accounts, through third parties or services, or through a direct connection to CBP.
Other filers submit paper documents directly to the cargo arrival port.
ACE receives information from ATS and reports screening results. ACE also interfaces
with the Seized Assets and Case Tracking System (SEACATS)43 and TECS44 and connects
enforcement files to the trade data that forms a basis for the penalty or seizure.

43
44

See SEACATS System of Records Notice at, http://edocket.access.gpo.gov/2008/E8-29802.htm
See, TECS System of Records Notice at, http://edocket.access.gpo.gov/2008/E8-29807.htm

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 25

2.3

Does the project use information from commercial sources or
publicly available data? If so, explain why and how this
information is used.

Yes. ACE uses the importer’s DUNS numbers, which are used to verify information
already provided about the individual or her or his business.

2.4

Discuss how accuracy of the data is ensured.

To ensure accuracy, CBP officials collect data directly from the importers or their
authorized representatives. CBP officials review the data in ACE and verify it by inspecting the
cargo and accompanying documentation. Filers must use CBP-certified software for electronic
information, receive training from CBP, and obtain a certification from CBP before transmitting
data. The system validates each data transmission when the filer is authorized to transmit data.
After certification, CBP requires the filer to maintain an acceptable level of performance filing
timely and accurate information into ACE. ACE generates and returns an Internal Transaction
Number (ITN) as confirmation of successful electronic filing once electronic data has been
accepted in ACE.

2.5

Privacy Impact Analysis: Related to Characterization of the
Information

Privacy Risk: Generally, there is a risk that ACE collects more personal information than
is necessary to track, control, and process commercial goods imported into the United States.
Mitigation: This risk is partially mitigated. CBP indicates which data elements are optional
or voluntary; however, these elements remain on the forms. Two specific examples include:
Privacy Risk: There is a privacy risk that individuals will submit their date of birth as part
of the user account registration process despite the field noted as “optional” on the user account
registration form.
Mitigation: This risk is not mitigated. CBP will work with DHS Privacy to amend the
description of this data field so that it accurately describes what date is acceptable.
Privacy Risk: There is a privacy risk of over-collection because ACE requires
cartmen/lightermen, drivers, and carriers to submit unnecessary PII (including travel documents)
as part of the ACE user account request form.

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 26

Mitigation: This risk is partially mitigated. CBP explains in the instructions which
elements are optional . For example, the form states that only one set of identification documents
is required.45
Privacy Risk: There is a risk that ACE may contain inaccurate information.
Mitigation: ACE mitigates this risk by collecting information directly from applicants
through Trade Portal Accounts. All importers, or individuals acting on their behalf, must complete
training and a CBP certification before they transmit information into ACE. ACE contains
parameters that alert the submitter about inaccurate or otherwise inadequate data. Individuals may
enter the information themselves and have the ability to amend all submissions. All brokers or
other authorized third-party submitters must obtain an ACE certification and receive written
authorization from the importer.

Section 3.0 Uses of the Information
3.1

Describe how and why the project uses the information.

CBP uses ACE to collect, use, and maintain electronic records required to track, control,
and process commercial goods imported into the United States. ACE enhances national security
by enabling CBP to enforce U.S. law, facilitate legitimate international trade, and detect illegal
merchandise attempting to be imported into the United States or violations of import laws. ACE
automates and consolidates border processing and is the centralized access point that connects
CBP, the trade community, and other government agencies. ACE provides CBP personnel with
data to use within Automated Targeting System (ATS).46 ATS uses enhanced automated tools and
additional information (e.g., lookouts and watchlists) to perform risk-based assessments and
decide what cargo to target and investigate before a shipment reaches the U.S. border. It also allows
CBP to expedite certain cargo or shipments because it complies with U.S. laws.
ACE connects, receives, or shares records with the following CBP systems:
1.

Automated Commercial System (ACS)47 – until it is fully transferred into ACE.

2. Automated Targeting System (ATS)48 – ACE enhances CBP enforcement
processes by implementing significant screening, targeting, and border security
capabilities by interfacing with ATS, which is a decision support tool that compares
traveler, cargo, and conveyance information against law enforcement, intelligence,

45

A copy of the current application is available at,
http://www.cbp.gov/sites/default/files/documents/ace_portal_app_2013114.pdf
46
DHS/CBP-006 Automated Targeting System May 22, 2012, 77 Fed. Reg. 30297.
47
DHS/CBP-001 Automated Commercial Environment/International Trade Data System (ACE/ITDS) January, 19,
2006, 71 FR 3109.
48
DHS/CBP-006 Automated Targeting System May 22, 2012, 77 Fed. Reg. 30297.

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 27

and other enforcement data using risk-based targeting scenarios and assessments.
ACE facilitates identification of high-risk cargo and associated people and
businesses based on advance information by leveraging the services provided by
ATS.
3. TECS49 – import records related to a violation are shared with TECS to create and
maintain records related to the violation.
4. Seized Asset and Case Tracking System (SEACATS)50 – seizures recorded in
SEACATS draw upon the related records in ACE.
5. Credit/Debit Card Data System (CDCDS)51 – ACE provides payment information
to CDCDS for payment processing.

3.2

Does the project use technology to conduct electronic searches,
queries, or analyses in an electronic database to discover or locate
a predictive pattern or an anomaly? If so, state how DHS plans to
use such results.

ACE does not perform targeting or locate predictive patterns. ACE provides data to ATS
for conducting queries or locating a predictive pattern or anomaly. ATS uses ACE information to
conduct targeting and screening for high risk cargo. This targeting and screening assists CBP
officers in identifying imports with transportation safety and security risks, such as weapons of
mass destruction. ACE information is also used by U.S. Immigration and Customs Enforcement’s
(ICE) FALCON-DARTTS52 to identify anomalous transactions that may indicate violations of
U.S. trade laws. However, the results of any analysis conducted by other DHS systems do not
appear in ACE.

3.3

Are there other components with assigned roles and responsibilities
within the system?

CBP has granted ACE access to ICE users via the ICE FALCON-DARTTS system to
facilitate Homeland Security Investigation (HSI) investigations of trade fraud, mismarking,
counterfeiting, or other trade related violations.

49

DHS/CBP-011 U.S. Customs and Border Protection TECS December 19, 2008, 73 Fed. Reg. 77778.
DHS/CBP-014 Regulatory Audit Archive System (RAAS) December 19, 2008, 73 Fed. Reg. 77807.
51
DHS/CBP-003 Credit/Debit Card Data System November 2, 2011, 76 Fed. Reg. 67755.
52
DHS/ICE/PIA-038 – FALCON Data Analysis & research for Trade Transparency System, January 16, 2014, at
http://www.dhs.gov/publication/dhsicepia-038-%E2%80%93-falcon-data-analysis-research-trade-transparencysystem-falcon-dartts
50

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 28

3.4

Privacy Impact Analysis: Related to the Uses of Information

Privacy Risk: There is a risk of unauthorized use of information in ACE by authorized
users.
Mitigation: Although certified ACE filers may transmit data to ACE, these users do not
have access to query ACE. Additionally, CBP and PGA officials are required to complete privacy
training and obtain approval from their supervisors to access ACE. CBP maintains the paper
documents and records and the electronic information in ACE in controlled spaces protected by
security personnel. CBP tracks the electronic information search activities of its users and provides
audit logs, which CBP security officials review and in the context of PGA users share with the
appropriate security officials of the PGA. Any inappropriate use of ACE results in an investigation
and suspension of a user’s access to ACE, and may result in further disciplinary action or criminal
investigation.
To further mitigate this risk, ACE employs passwords and restrictive role-based rules to
access internal data. Users are limited to the roles that define their authorized use of the system.
CBP uses procedural accountability and physical safeguards, including audit logs and receipt
records. Management oversight ensures appropriate assignment of roles and access to information.
In order to become an authorized user, a CBP employee must have passed a full field
background investigation. In addition, authorized users must have a “need to know” the
information for the performance of their official duties.

Section 4.0 Notice
4.1

How does the project provide individuals notice prior to the
collection of information? If notice is not provided, explain why
not.

CBP provides notice of the scope of information collected in ACE through publications in
the Federal Register, information on the public CBP website, and this PIA. The Trade Account
Portal application form contains a Privacy Act Statement regarding the authority of CBP to collect
the requested information and how the Agency uses the information. CBP also provides notice
through the ACE PIA and the forthcoming Import Information System (IIS) SORN.

4.2

What opportunities are available for individuals to consent to uses,
decline to provide information, or opt out of the project?

U.S. law requires importers to provide CBP information that contains PII in conjunction
with commercial entry documents submission that support importing commodities or merchandise
in to or transit through the United States. Importer identity, manufacturer or supplier, and other

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 29

parties involved in the import transaction and supply chain are necessary for commercial entry
acceptance. Failure to provide required information will result in rejection of the commercial entry
and the issuance of an order by CBP to remove the commodity from the territory of the United
States. When importers submit the required information to ACE they fulfill their legal
requirements and they consent to how CBP will properly use this data.

4.3

Privacy Impact Analysis: Related to Notice

Privacy Risk: There is a risk that individuals may not know that their information is
collected in ACE because many CBP forms do not have a Privacy Act Statement.
Mitigation: This risk is partially mitigated. Although approved by OMB, CBP forms do
not have a Privacy Act Statement as required, CBP provides notice to the trade community on its
website about ACE modernization. CBP provides notice of the scope of information collected in
ACE through notices and rulemakings in the Federal Register, information posted on the public
CBP website, the new IIS SORN, and this PIA. In addition, E.O. 13659 requires CBP to publicly
post ACE modernization implementation plans and schedules.53

Section 5.0 Data Retention by the project
5.1

Explain how long and for what reason the information is retained.

CBP retains ACE records for six years. ACE information shared with ATS for screening
and targeting purposes will be retained for fifteen years or for the duration of a law investigation
or proceeding continues beyond fifteen years.

5.2

Privacy Impact Analysis: Related to Retention

There is no risk to retention of ACE records. CBP retains ACE data (both paper and
electronic) for six years to support various legal requirements and so that businesses will be able
to retrieve their information for commercial taxation purposes. For example, duty payments are
tax deductible and the retention of these records may assist businesses for cross-reference.

Executive Order No. 13659, Streamlining the Export/Import Process for America’s Businesses (February 19,
2014), available at https://www.whitehouse.gov/the-press-office/2014/02/19/executive-order-streamliningexportimport-process-america-s-businesses.
53

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 30

Section 6.0 Information Sharing
6.1

Is information shared outside of DHS as part of the normal agency
operations? If so, identify the organization(s) and how the
information is accessed and how it is to be used.

CBP shares ACE data external to DHS with PGAs that have entered into a Memorandum
of Understanding (MOU) with CBP. ACE data sharing MOUs with PGAs define and limit the
scope and use of information shared pursuant to the PGA’s respective authorities. (See Appendix
A for current list of PGAs with a signed MOU with CBP.) Each MOU with a PGA describes the
ACE data sets the PGA is permitted to access.
As required by 19 U.S.C. § 1431, 46 U.S.C. § 60105, and 19 CFR § 103.31, certain inbound
and outbound manifest data in ACE may be made available for publication. Importers and shippers
may request confidential treatment of their name and address pursuant to 19 CFR § 103.31(d).
When CBP grants confidentiality, six data elements are withheld from disclosure: importer name
and address, consignee name and address, and shipper name and address.
As required by the Debt Collection Act of 1982,54 CBP will disclose information
concerning bad debt (i.e., obligations owed for the payment of duties, taxes and fees) to the
Department of Justice, collection agencies, credit bureaus, and consumer reporting agencies.
In addition, CBP may disclose ACE information on a case-by-case basis consistent with
the routine uses explained the IIS SORN, which CBP is publishing concurrent with this PIA.

6.2

Describe how the external sharing noted in 6.1 is compatible with
the SORN noted in 1.2.

Pursuant to the IIS SORN, Routine Use J allows CBP to transmit data to PGAs so they
may fulfill their statutorily mandated requirements to ensure compliance with transportation and
trade laws. Routine Use N allows CBP to provide debtor address information in the context of
referring delinquent obligations to the Department of Justice and credit reporting agencies in
accordance with established procedures set forth in the Fair Credit Reporting Act. Routine Use R
allows CBP to transmit certain inbound and outbound manifest information to the public pursuant
to 19 U.S.C. §1431 and 19 C.F.R. §103.31. Lastly, section (b)(12) of the Privacy Act,55 allows
CBP to transmit information concerning defaulted debt to the Department of Justice and credit
reporting agencies for the purpose of improving collection of the obligation.
•
54

J. To a federal agency, pursuant to an International Trade Data System Memorandum of

5 U.S.C. § 5514, and Pub L. 97-365 (Oct. 25, 1982), as amended by the Debt Collection Improvement Act of
1996, 31 U.S.C. § 3701, and Pub L. 104-134 (Apr. 26, 1996). See also 5 U.S.C. § 552a(b)(12).
55
5 U.S.C. § 552a(b)(12).

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 31

Understanding, consistent with the receiving agency’s legal authority to collect
information pertaining to and/or regulate transactions in international trade.
•

N. To the Department of Justice, Offices of the United States Attorneys or a consumer
reporting agency as defined by the Fair Credit Reporting Act, address or physical location
information concerning the debtor, for further collection action on any delinquent debt
when circumstances warrant;.

•

R. To paid subscribers, in accordance with applicable regulations, for the purpose of
providing access to manifest information as set forth in 19 U.S.C. 1431.

CBP discloses ACE information only on a case-by-case basis to entities for specific uses,
which include anti-terrorism and law enforcement, to ensure cargo safety and security, or to
prevent smuggling.

6.3

Does the project place limitations on re-dissemination?

Yes. As a condition of sharing information pursuant to a routine use in the IIS SORN, CBP
requires anyone who receives non-public ACE data to obtain written permission from CBP before
re-disseminating the information. Similarly, all of the ACE Data MOUs with PGAs contain
confidentiality sections that include terms regarding consultation with respect to the redissemination of shared information.

6.4

Describe how the project maintains a record of any disclosures
outside of the Department.

To obtain ACE information, the requesting party must submit a written request for specific
information and state how it plans to use the information in relation to importing commercial goods
into the United States or its nexus to a law enforcement matter. CBP retains a copy of this request
and submits it to the CBP Privacy Office for review. Once the CBP Privacy Office reviews the
request, based on the circumstances of each case, a CBP Privacy official drafts an authorization
memorandum specific to each case. CBP retains a copy of the memorandum. If the disclosure is
approved, CBP also maintains a record of the disclosure using DHS Form 191. An ACE Data
MOU may cover other requests, which memorializes routine information sharing. (See Appendix
A for a current list of PGAs with a signed MOU with CBP.) All authorization memoranda
expressly forbid sharing information to third parties unless CBP authorizes, or the individual
consents to, the sharing. All ACE Data MOUs require that the agency receiving CBP information
agree to obtain authorization from CBP before sharing information to third parties.

6.5

Privacy Impact Analysis: Related to Information Sharing

Privacy Risk: There is a privacy risk that CBP could share data outside DHS for purposes
that differ from the stated purpose and use of the original collection.

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 32

Mitigation: This risk is mitigated because disclosure is permitted only upon authorization
and in accordance with the routine uses in the ACE and/or the forthcoming IIS SORN. As DHS
procedures and policies require, all current external sharing arrangements, whether on a case-bycase basis or pursuant to ACE Data MOUs, are compatible with the collection’s original purpose.
The risk if further mitigated through the CBP Privacy Office review process.
Privacy Risk: There is a privacy risk that PGAs could further disseminate the information
without CBP authorization.
Mitigation: This risk is mitigated by the terms of the ACE Data MOU with each PGA that
limit further external dissemination in the Confidentiality sections of the agreements. With regard
to case-by-case sharing the terms of each authorization require CBP consent for further external
dissemination.
Privacy Risk: There is a privacy risk to data security because manifest information, which
may include sensitive PII, is made public.
Mitigation: This risk is partially mitigated. Only certain vessel (not air, rail, or truck)
manifest information is made public as required by statute and regulation. To mitigate this risk,
CBP permits an importer or consignee (inward) or a shipper (outward) to request confidential
treatment of its name and address contained in manifests by following the procedure set forth in
19 CFR 103.31. However, oftentimes manifest information contains sensitive PII in the free text
fields that cannot be redacted. CBP has published a notice in the Container Status Messaging
Service, a tool for communicating with the carrier and shipper community, informing carriers and
shippers that PII is not acceptable in the free text fields of the vessel manifest; CBP also engages
in outreach through trade conferences to this community to remind them of the risk to their clients
from including PII in free text fields.

Section 7.0 Redress
7.1

What are the procedures that allow individuals to access their
information?

As described in section 6.1 and 6.2 of this PIA, certain inbound manifest information in
ACE is publicly available. Individuals that file electronically cannot conduct queries in ACE but
may view and correct their information prior to submission and before ACE accepts the
transmission.
To gain access to non-public information in ACE, an individual may request information
about his or her ACE records, pursuant to procedures provided by the Freedom of Information Act

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 33

(FOIA) (5 U.S.C. § 552) and the access provisions of the Privacy Act of 1974 (5 U.S.C. § 552a(d)),
and by writing to:
U.S. Customs and Border Protection (CBP)
Freedom of Information Act (FOIA) Division
90 K Street, N.E.
Washington, D.C. 20229
When seeking records from ACE or any other CBP system of records, the request must
conform to Part 5, Title 6 of the Code of Federal Regulations (CFR).56 An individual must provide
his or her full name, current address, and date and place of birth. He or she must also provide:
•

An explanation of why the individual believes DHS would have information on
him or her;

•

Details outlining when he or she believes the records would have been created; and

•

If the request is seeking records pertaining to another living individual it must
include a statement from that individual certifying his/her agreement for access to
his/her records.

The request is required to include a notarized signature or to be submitted pursuant to 28
U.S.C. § 1746, which permits statements to be made under penalty of perjury as a substitute for
notarization. Without this information, CBP may not be able to conduct an effective search and
the request may be denied due to lack of specificity or lack of compliance with applicable
regulations. Although CBP does not require a specific form, guidance for filing a request for
information is available on the DHS website at http://www.dhs.gov/file-privacy-act-reqeust and
http://www.dhs.gov/file/foia-overview.

7.2

What procedures are in place to allow the subject individual to
correct inaccurate or erroneous information?

Individuals who file information electronically may amend, correct, or cancel their active
data, and ACE system updates reflect the changes. Individuals may also contact the CBP INFO
Center, to request correction of erroneous ACE information. See section 7.1 above.
Although CBP makes certain inbound manifest information publicly available for
publication, shippers may request that CBP refrain from disclosing their names, addresses, and tax
identifying number (TIN) by submitting a certification claiming confidential treatment. Such
certifications allow businesses and individuals to partially shield their identity from association
with their shipment in these publications while still permitting CBP to screen their shipments.
Approved certifications are valid for two years after the approval date. Importers may submit a
56

See 6 CFR Part 5.

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 34

letter via email ([email protected]), or by mail (address below), to CBP
requesting that their company name not be disclosed on the vessel manifest. There is no fee
associated with the request for confidentiality.
Director, Client Rep Division
ACE Business Office, Office of International Trade
U.S. Customs and Border Protection
8444 Terminal Road
Beauregard A-312-5
Lorton, VA 22079
Individuals may notify CBP or their Account Managers incorrect or inaccurate in ACE,
and may send their requests for correction to:
U.S. Customs and Border Protection
CBP INFO Center
Office of Public Affairs
1300 Pennsylvania Avenue, NW
Washington, D.C. 20229
Although requests to amend information should be made in writing, individuals may
contact the CBP INFO Center by phone at (877) 227-5511 or (703) 526-4200. Following the links
on https://help.cbp.gov/app/home/search/1, individuals may submit complaints online.

7.3

How does the project notify individuals about the procedures for
correcting their information?

Individuals may contact the CBP INFO Center to obtain guidance for requesting correction
of their ACE information. This PIA and www.cbp.gov provide contact information for making
those requests. Within ACE, individuals who submit information electronically are notified of the
procedures for correcting their information in the electronic user guides and during the training
process. Furthermore, when the electronic system encounters a possible error with the transmitted
data it will issue a response message alerting the individual that he or she may need to correct the
information.

7.4

Privacy Impact Analysis: Related to Redress

Privacy Risk: There is a privacy risk that trade filers may be adversely affected by a
targeting rule.
Mitigation: All cargo shipments arriving in the United States are subject to further review
or physical inspection to determine that the shipment poses no threat and that the shipment is in
compliance with all applicable U.S. laws and regulations. This data review or physical inspection

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 35

of the cargo shipment allows CBP or another applicable regulatory agency to determine that no
violation has occurred. The review, analysis, and training of the officer making a decision
regarding admissibility, or further inspection, provides the greatest mitigation to the risk that a
targeting rule may be improperly applied. Trade filers are responsible for filing accurate
information and have the opportunity to amend inaccurate information.
Privacy Risk: A potential risk related to redress occurs with the ability to validate the
accuracy of third-party information because ACE contains PII that pertains to third parties such as
personal names and contact information that appear in manifests or other commercial entries
submitted by agents or other intermediaries serving as filers.
Mitigation: CBP mitigates this risk by allowing individuals and third parties (including
those who submit information in hard copy format) to contact CBP when they believe that the data
contained in ACE is inaccurate. Individuals and other filers may submit corrections electronically
and are required to meet standards of quality, accuracy, and timeliness to be allowed to transmit
data to ACE.

Section 8.0 Auditing and Accountability
8.1

How does the project ensure that the information is used in
accordance with stated practices in this PIA?

CBP officials may obtain access to ACE data only on a “need to know” basis and after
their supervisor and the ACE business owner has authorized their access. For the paper records,
only CBP officials authorized to review ACE may obtain access to them. Authorized ACE users
may obtain electronic access through the CBP network through encrypted passwords and sign-on
identification. ACE records who logged into the system and when, what functions the user
performed, and what changes were made, if any. CBP reviews audit logs and conducts periodic
reviews of all ACE users.

8.2

Describe what privacy training is provided to users either generally
or specifically relevant to the project.

CBP requires ACE users to take the annual privacy and security training, such as the “CBP
IT Security Incident Response Training,” “CBP IT Security Awareness and Rules of Behavior
Training,” “CBP Safeguarding Classified National Security Information,” “CBP Sensitive
Security Information” through the online CBP Performance and Learning Management System
(PALMS). Each of these courses covers how CBP ACE users must handle PII.
The ACE Program Manager maintains a master list of all ACE users and their privacy and
security training completion information. If an ACE user fails to complete the training by the
annual deadline, then he or she loses access to ACE.

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 36

There are similar requirements for PGA users as outlined in their respective ACE Data
MOUs. For example, PGAs must provide CBP, on an annual basis, with an updated list of field
locations and personnel with access to ACE data. They must ensure that ACE data is only provided
to employees and contractors who have an official “need-to-know.” They are also subject to
periodic audit security measures for accessing ACE and maintaining ACE data. PGAs must
ensure, in accordance with the Privacy Act of 1974, as amended57 that a SORN will be timely
published or amended for any system(s) that will maintain data received from ACE and that a PIA
is published. (See Appendix A for current list of PGAs with a signed MOU with CBP).

8.3

What procedures are in place to determine which users may access
the information and how does the project determine who has
access?

An ACE program manager grants access to ACE after he or she receives an official request
from an individual’s supervisor. Both the CBP official’s supervisor and the ACE program manager
determine whether the particular CBP official has a “need to know” basis for access to ACE. After
approval form the program manager, the supervisor transmits the request to the Security Help
Desk, which determines whether the CBP official has completed the necessary background
investigation. If the CBP official does not use ACE for 90 days, or if the CBP official’s profile
changes, then he or she must again obtain authorization from his or her supervisor, ACE program
manager, and the Security Help Desk to obtain access to ACE. After the CBP official has obtained
all the necessary approval, then the electronic system in ACE will accept the CBP official’s
specific user sign-on identification and password.

8.4

How does the project review and approve information sharing
agreements, MOUs, new uses of the information, new access to the
system by organizations within DHS and outside?

For new sharing agreements and authorizations for access to any ACE information, the
agency, component, or organization must obtain a written agreement or written authorization from
CBP, i.e., an MOU, in order to become a PGA with access to ACE data. During the MOU
negotiations between CBP and the federal agency, Appendices A and B are key because they will
determine the scope of ACE access. Appendix A maps the data the agency is legally entitled to
collect based on its statutory authority. Appendix B is a list of commodities the agency is legally
authorized to regulate, as represented by Harmonized Tariff Schedule (HTS) numbers. Once an
agency becomes a PGA by having a signed MOU, CBP grants access to the ACE data portal. Each
PGA’s view of ACE data is limited to the commodities it has authority to regulate as denoted by

57

5 U.S.C. § 552a.

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 37

the HTS numbers listed in Appendix B of the MOU. The CBP Privacy Officer reviews all such
agreements and authorizations.

8.5

Privacy Impact Analysis: Related to Redress

Privacy Risk: There is a privacy risk that PGA users of ACE may exceed their authority
and access information beyond their authorized roles.
Mitigation: This risk is partially mitigated through the terms of the ACE Data MOU with
each PGA. The confidentiality section identifies the roles, responsibilities and access requirements
for PGA users, as well as requiring the PGA to designate an official as its Security Control Officer
for the purpose of reviewing access concerns presented by CBP, from its auditing of system access
and use logs, and determining appropriate remedial action. PGA users are also reminded through
the terms of their respective agency MOU and the system sign-on banner that information in ACE
is protected by both the Privacy Act and the Trade Secrets Act, which provide for criminal
penalties for misuse of the protect information.

Responsible Officials
Deborah Augustin
Acting Executive Director
ACE Business Office, Office of International Trade
U.S. Customs and Border Protection
(571) 468-8362

John Connors
CBP Privacy Officer
Privacy and Diversity Office, Office of the Commissioner
U.S. Customs and Border Protection
(202) 344-1610

Approval Signature
Original signed copy on file with the DHS Privacy Office.
________________________________

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 38

Karen L. Neuman
Chief Privacy Officer
Department of Homeland Security

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 39

APPENDIX A
Partner Government Agencies (PGA)
At present, the following PGAs have signed a Memorandum of Understanding (MOU)
with CBP to have access to ACE-ITDS:
1. Agricultural Marketing Service (AMS), Department of Agriculture
2. Alcohol and Tobacco Tax and Trade Bureau (TTB), Department of Treasury
3. Alcohol, Tobacco, Firearms and Explosives Bureau (ATF), Department of Justice
4. Animal and Plant Health Inspection Service (APHIS), Department of Agriculture
5. Bureau of Industry and Security (BIS), Department of Commerce
6. Bureau of Labor Statistics (BLS), Department of Labor
7. Bureau of Transportation Statistics (BTS), Office of Assistant Secretary for Research and
Technology (OST-R), Department of Transportation
8. Census Bureau, (Census), Department of Commerce
9. Center for Disease Control and Prevention (CDC), Department of Health and Human
Services
10. Consumer Product Safety Commission (CPSC)
11. Defense Contract Management Agency (DCMA), Department of Defense
12. Directorate of Defense Trade Controls (DDTC), Department of State
13. Drug Enforcement Agency (DEA), U.S. Department of Justice
14. Energy Information Administration (EIA), Department of Energy
15. Enforcement and Compliance (E&C), Department of Commerce
16. Environmental Protection Agency (EPA)
17. Export–Import Bank (EXP/IMP Bank) of the United States
18. Federal Aviation Administration (FAA), Department of Transportation
19. Federal Highway Administration (FHWA), Department of Transportation
20. Federal Maritime Commission (FMC)
21. Federal Motor Carrier Safety Administration (FMCSA), Department of Transportation
22. Federal Railroad Administration (FRA), Department of Transportation

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 40

23. Fish and Wildlife Services (FWS), Department of Interior
24. Food and Drug Administration (FDA)
25. Food Safety and Inspection Service (FSIS), Department of Agriculture
26. Foreign Agricultural Service (FAS), Department of Agriculture
27. Foreign Trade Zones Board (FTZB), Department of Commerce
28. Internal Revenue Service (IRS), Department of Treasury
29. Maritime Administration (MARAD), Department of Transportation
30. National Highway Traffic Safety Administration (NHTSA), Department of Transportation
31. National Marine Fisheries Service (NMFS), Department of Commerce
32. Nuclear Regulatory Commissioner (NRC)
33. Office of Foreign Assets Control (OFAC), Department of Treasury
34. Office of Foreign Missions (OFM), Department of State
35. Office of General Counsel (OGC), Department of Energy
36. Office of Marine Conservation (OMC), Bureau of Oceans and International Environmental
and Scientific Affairs (OES), Department of State
37. Office of Textile and Apparel (OTEXA), Department of Commerce
38. Pipeline and Hazardous Materials Safety Administration (PHMSA), Department of
Transportation
39. U.S. Army Corps of Engineers (USACE), Department of Defense
40. U.S. Office of the Trade Representative (USTR), Executive Office of the President

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 41

APPENDIX B
OMB Control Numbers
OMB Collection
Number

Form Name/Description

CBP Form
Number58

1651-0001

Air Cargo Manifest

7509

1651-0001

Inward Cargo Manifest

7533

1651-0001

Inward Cargo Declaration

1302

1651-0001

Cargo Declaration (Outward)

1302A

1651-0001

Importer Security Filing (also known as 10+2)

1651-0001

Vessel Stow Plan

1651-0001

Container Status Messages

1651-0001

Request for Manifest Confidentiality

1651-0002

General Declaration

7507

1651-0003

Continuation Sheet

7512A

1651-0003

Transportation Entry and Manifest
of Goods Subject to CBP
Inspection and Permit

7512

1651-0005

Application-Permit-Special
License Unlading/Lading,

3171

1651-0006

Application and Approval to Manipulate, Examine, Sample or
Transfer Goods

3499

1651-0007

Application for Allowance in Duties

4315

1651-0009

Customs Declaration

6059B

1651-0010

Certificate of Registration

4455

1651-0010

Certificate of Registration for Personal Effects Taken Abroad

4457

1651-0011

Declaration for Free Entry of Returned American Products

3311

1651-0012

Lien Notice

3485

58

All of these CBP forms have been approved by OMB and have an OMB control number, however, not all of them
have a CBP Form Number.

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 42

1651-0013

Entry and Manifest Free of Duty

7523

1651-0014

Declaration for Free Entry of Unaccompanied Articles

3299

1651-0015

Application for Extension of Bond for Temporary Importation

3173

1651-0016

Certificate of Origin

3229

1651-0017

Protest

19

1651-0018

Ship's Stores Declaration

1303

1651-0019

Vessel Entrance or Clearance Statement

1300

1651-0020

Crew Effects Declaration

1304

1651-0022

Entry Summary

7501

1651-0022

Document/Payment Transmittal

7051A

1651-0023

Request for Information

28

1651-0024

Entry/Immediate Delivery Application

3461

1651-0024

Entry/Immediate Delivery Application ALT

3461 ALT

1651-0025

Report of Diversion

26

1651-0027

Record of Vessel Foreign Repair or Equipment Purchase

226

1651-0028

Cost Submission

247

1651-0029

Application for Foreign Trade Zone Admission and/or Status
Designation

214

1651-0029

Application for Foreign Trade Zone Admission and/or Status
Designation Copy

214A

1651-0029

Application for Foreign Trade Zone Admission and/or Status
Designation Continuation Sheet

214B

1651-0029

Application for Foreign Trade Zone Admission and/or Status
Designation Continuation/Statistical Copy

214C

1651-0029

Foreign-Trade Zone Activity Permit

216

1651-0030

Declaration of Unaccompanied Articles

255

1651-0031

Foreign Assemblers Declaration (with Endorsement by Importer

1651-0032

Importers of Merchandise Subject to Actual Use Provisions

1651-0033

Bonded Warehouse Proprietor's Submission

1651-0034

Triennial Report

300

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 43

1651-0035

Holders or Containers Which Enter the United States Duty Free

1651-0036

Declaration of Ultimate Consignee That Articles Were Exported for
Temporary Scientific or Educational Purposes

1651-0037

Entry of Articles for Exhibition

1651-0041

Establishment of a Bonded Warehouse (Bonded Warehouse
Regulations

1651-0048

Declaration of Persons Who Performed Repairs or Alteration

1651-0050

Corporate Surety Power of Attorney

5297

1651-0050

Customs Bond

301

1651-0050

Customs Bond Continuation Sheet

301A

1651-0051

Foreign Trade Zone, Reconciliation, Certification

1651-0053

Approval of Commercial Gaugers & Accreditation of Commercial
Laboratories

1651-0055

Harbor Maintenance Fee Quarterly Summary Report

349

1651-0055

Harbor Maintenance Fee (Amended Quarterly Summary
Report Form 350)

350

1651-0055

Harbor Maintenance Fee Recordkeeping

1651-0057

Country of Origin Marking Requirements for Containers or Holders

1651-0061

Centralized Examination Station

1651-0063

Petroleum Refineries in Foreign Trade Subzones

1651-0064

Importer ID Input Record

1651-0067

Documentation Requirements for Articles Entered Under Various
Special Treatment Provisions

1651-0074

Prior Disclosure

1651-0075

Delivery Certificate for Purposes of Drawback

7552

1651-0075

Notice of Intent to Export, Destroy or Return Merchandise

7553

1651-0075

Drawback Entry

7551

1651-0077

CTPAT

1651-0078

ACH Application

1651-0080

Deferral of Duty on Large Yachts Imported for Sale

5106

400

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 44

1651-0081

Delivery Ticket

6043

1651-0082

African Growth and Opportunity Act Certificate of Origin

1651-0083

U.S.-Caribbean Basin Trade Partnership Act (CBTPA)

1651-0085

Administrative Rulings

1651-0086

Distribution of Continued Dumping and Subsidy Offset to Affected
Domestic Producers (CDSOA)

1651-0090

Commercial Invoice

1651-0092

Application for Withdrawal of Bonded Stores for Fishing Vessels
and Certification of Use

5125

1651-0093

Declaration of Owner when Entry is Made by an Agent

3347A

1651-0098

NAFTA Certificate of Origin

434

1651-0098

NAFTA Verification of Origin Questionnaire

446

1651-0098

NAFTA Motor Vehicle Averaging Election

447

1651-0105

Application to Use Automated Commercial Environment (ACE)

1651-0117

US/Chile FTA

1651-0117

US/Singapore FTA

1651-0117

US/Australia FTA

1651-0117

US/Morocco FTA

1651-0117

US/Bahrain FTA

1651-0117

US/Jordan FTA

1651-0117

US/Oman FTA

1651-0117

US/Peru FTA

1651-0117

U.S. -Korea Free Trade Agreement

1651-0117

U.S. - Columbia TPA

1651-0117

U.S. Central American Free Trade Agreement (CAFTA)

450

7401

Please note, too, there are multitudes of various forms and documents relating to the
importation of commodities or merchandise. Not all of these forms and documents are controlled

Privacy Impact Assessment
DHS/CBP/PIA-003(b) Automated Commercial Environment
Page 45

by CBP. CBP has separately published on the ACE website a list of the forms and documents it is
making available in the Document Imaging System (DIS).59

59

See http://www.cbp.gov/document/guidance/ace-november-1-pga-forms, pages 9-12.


File Typeapplication/pdf
File TitleDHS/CBP/PIA-003(b) Automated Commercial Environment (ACE)
AuthorU.S. Department of Homeland Security Privacy Office
File Modified2020-03-12
File Created2020-03-12

© 2024 OMB.report | Privacy Policy