1 for the Database January 15, 2010 Contact Point Kumar Kibble Acting Director, Office of Investigations U.S. (202) Reviewing Official Mary Ellen Callahan Chief Privacy Officer Department of Homeland Security (703)
2 Page 2 Abstract The Department of Homeland Security (DHS) U.S. (ICE) owns, a gang-tracking software application used for investigative, analytical, and statistical recording and tracking of gang members and associates, gangs, and their activities. The database supports information sharing on gang members and activities among participating law enforcement agencies. ICE is conducting this Privacy Impact Assessment because the system collects and maintains personally identifiable information (PII). Overview is based on the commercially developed GangNET software tailored to include immigration status-related information and is similar to other versions of GangNET utilized by numerous federal, state and local law enforcement agencies across the United States and Canada. is managed by the ICE Office of Investigations (OI) under the National Gangs Unit. has two main purposes. First, it supplements the existing ICE case management system by providing a consolidated repository of information on gang members and associates and gangrelated activity. allows ICE agents and support personnel to search gang-oriented information in a more efficient and effective manner than is possible in ICE s standard investigative case management system. For example, an ICE field agent can easily query for a list of members in a specific gang. It is not currently possible to perform the same sort of query using ICE s case management system. As a matter of policy, ICE agents are required to create and/or update records for suspected and/or confirmed gang members and associates whenever they encounter gang members and associates in the field during their official law enforcement activities. records also contain references to the official evidentiary system of records, which allows ICE agents and support personnel to refer to official case records. Second, facilitates the sharing of gang information between ICE and other law enforcement agencies. In particular, ICE currently provides the California Department of Justice (CalDOJ) access to the data in. CalDOJ users access the repository remotely through their own CalGangs application. In the future, ICE anticipates that it will share information with other state and local law enforcement agencies that use the GangNET software. ICE will require access controls for state and local agencies as a prerequisite to gaining access to data. complies with 28 Code of Federal Regulations (C.F.R.) Part 23, a federal regulation governing Federally funded multijurisdictional criminal intelligence systems to ensure they are used in conformance with the privacy and constitutional rights of individuals. Under this regulation, a project can only collect and maintain criminal intelligence information concerning an individual if there is reasonable suspicion that the individual is involved in criminal conduct or activity and the information is relevant to that criminal conduct or activity. Also, a program must establish system submission criteria that define which individuals will be recorded in the system. All systems operating under 28 C.F.R. Part 23 have a mandatory maximum retention period of five years after the last date the data is accessed.
3 Page 3 In accordance with 28 C.F.R. Part 23, an individual must meet criteria established by ICE to be included as either a gang member or gang associate in. For example, an individual that has been convicted of a gang-related offense, has admitted to gang membership, and/or has been identified as a gang member by a jail or prison in which they were confined, would be included as a gang member or associated in the system. data is not used directly as evidence to prosecute crimes. is solely a data repository with limited search and analytical tools that help ICE agents identify individuals and organizations that may be involved in gang-related criminal activity. It is incumbent on the investigator that uses to build their case using original data sources which are referenced in. Typical Transaction During the course of a criminal investigation, an ICE agent encounters an individual (for example, the agent interviews the individual) who meets the ICE-established criteria for being a gang member. In addition to other recordkeeping activities associated with the investigation (e.g., writing a report of interview for the case file and inputting information into the ICE case management system), the agent will also logon to and query the system to determine if the individual already has an record. If no record exists, the agent will create a new record and enter the available identifying information about the individual, such as name, date of birth, physical description, immigration status, suspected gang affiliation, and photograph if available. The agent will also enter notes about his encounter with the individual (i.e., the interview). If the individual already has an record, the agent will review the record to determine if there is any useful information that may assist in his current investigation. In addition to updating any official case records that exist pertaining to the current investigation, he will also update the record with any new information obtained during the interview and will enter notes about the interview itself. Section 1.0 Characterization of the Information The following questions are intended to define the scope of the information requested and/or collected as well as reasons for its collection as part of the program, system, rule, or technology being developed. 1.1 What information is collected, used, disseminated, or maintained in the system? maintains personal information about individuals who qualify as suspected or confirmed gang members and associates under ICE criteria. stores the following data about each gang member and associate to the extent it is available: biographic information (name, date of birth, etc.), immigration status, gang affiliation, physical description, government-issued identification numbers, photos of the individual, identities of gang associates, field interview notes, and criminal history information. also stores general comments entered by the ICE agent that created the gang
4 Page 4 member or associate record as well as a reference to the official evidentiary system of records where official case files are stored. maintains more general data on criminal gangs including gang names, various symbols they use, membership levels, and turf claimed. Each subject record in also includes the contact information for the ICE agent that entered the information into so that they can be contacted, if necessary, by other users. Finally, users can quickly generate various reports such as gang rosters or statistical reports on demographics, and link analysis reports that identify commonalities between records in based on user-defined queries and criteria. Statistical reports do not contain any personal information about gang members. These reports are user-generated on an ad hoc basis and are not stored in the system for future use. These reports can be printed. 1.2 What are the sources of the information in the system? ICE agents obtain information such as statements or seized communications 1 about gang members and/or associates directly from the individual or from other suspects, witnesses, informants, and victims during normal law enforcement investigative activities such as arrest, search, or field interview. ICE agents and support personnel may also collect and input into information from other law enforcement agencies so long as that agency s information satisfies ICE criteria for designating an individual as a gang member or associate. users also have access to the records of other organizations that use the GangNET software. Currently, ICE is only able to access data from CalDOJ s CalGangs application. In the future, ICE anticipates accessing gang data from a variety of state and local law enforcement agencies, via its existing connection to CalGangs. 1.3 Why is the information being collected, used, disseminated, or maintained? The database supplements the existing ICE case management system in that it allows ICE agents and support personnel to efficiently search, access, and review gang-related information in support of law enforcement investigations. Currently, the ICE case management system is not designed to consolidate and organize investigative materials about gang-related activity or to facilitate sharing of gang-related information with other law enforcement agencies. provides a central repository for all ICE field offices to use to enter, search, and analyze information about gangs, gang activities, and gang members and their associates. The information is also maintained to allow the sharing of gang information with other law enforcement agencies in support of criminal investigations and related activities. At present, 1 A seized communication might be the contents of a cell phone or pager, documents identified at a crime scene or in the possession of a suspect, etc.
5 Page 5 only shares information with CalDOJ. ICE may share in the future with other state and local law enforcement entities. 1.4 How is the information collected? ICE agents collect the information directly from individuals during normal law enforcement investigative activities such as an arrest or field interview, from an informant, or by reviewing documentary evidence such as seized communications. ICE agents and support personnel also collect information from prisons about gang members in their populations on an ad hoc basis. Periodically, ICE receives data on gang members and associates from other law enforcement organizations, which it then enters into. Data collection from other law enforcement organizations is not routine and currently takes place on an ad hoc basis. Before an user creates a new record, the software automatically queries the existing records and allows the user to update an existing subject record rather than creating a new record. This reduces the likelihood of duplicate subject records. Likewise, information in CalGangs is collected under similar circumstances by law enforcement personnel employed by the CalDOJ. CalGangs uses the same software as so the method of entry (including the provisions for preventing subject record duplication) is identical. 1.5 How will the information be checked for accuracy? ICE agents and support personnel entering information into the database are trained on the identification and verification of suspected gang members and associates and only enter a subject into the database once the individual has been determined to satisfy the ICE gang member/associate criteria. It is under the discretion of trained ICE agents and support personnel to determine whether an individual meets these criteria and is entered into the database. At least once per calendar year, the system administrator will query a sample of records and check them for accuracy by contacting the originating office and verifying the information. Additionally, automatically queries existing records before allowing the user to create a new subject record so there is usually only one record per individual in. The subject s record is updated, expanded, and corrected each time the subject is encountered by an ICE agent, which improves the accuracy of the information. As a safeguard, if data is found to be helpful in the context of a current investigation, ICE agents are required to obtain and verify the original source data from the agency, whether it is another ICE agent or another agency, that collected the information, rather than relying solely on the information in, to prevent inaccurate information from being relied upon during the investigation and any subsequent trial.
6 Page What specific legal authorities, arrangements, and/or agreements defined the collection of information? ICE has been authorized to collect this information under 5 U.S.C. 301, 8 U.S.C. 1103; 8 U.S.C. 1225(d)(3), 8 U.S.C. 1324(b)(3), 8 U.S.C. 1357(a), 8 U.S.C. 1360(b); 19 U.S.C. 1 and 19 U.S.C Privacy Impact Analysis: Given the amount and type of data collected, discuss the privacy risks identified and how they were mitigated. Privacy Risk: may contain records about individuals who are neither gang members nor associates. Mitigation: This risk is mitigated by having automatic purge parameters in place which permanently deletes stored PII if that information has not been accessed within five years, in accordance with 28 C.F.R. Part 23. Furthermore, every user of undergoes agency-wide and systemspecific training as described in Question 8.3 to ensure they conform with all policies pertaining to the system. It is important to note that data is never used directly as evidence to prosecute crimes. contains references to the official evidentiary systems of records, which makes it possible for agents to verify the accuracy of information before taking action based on that information. is solely a data repository with limited search and analytical tools that help users identify individuals and organizations that may be involved in gang-related criminal activity. It is incumbent on the investigator who uses to fully check all original data sources. As a safeguard, when investigating potential violations of U.S. laws ICE investigators are required to obtain and verify the original source data from the agency that collected the information to prevent inaccurate information from propagating. Privacy Risk: There is also a risk that collects more information than necessary for the purpose of the system. Mitigation: For to be effective, it must contain as many details on gangs and gang members and associates as possible so that users can search the database for the individuals or organizations they are researching. Systems used for law enforcement purposes typically require more information than non-law enforcement systems to serve their purpose. This risk is mitigated by the limited retention period (five years from the date of last record activity) for information about individuals.
7 Page 7 Section 2.0 Uses of the Information The following questions are intended to delineate clearly the use of information and the accuracy of the data being used. 2.1 Describe all the uses of information. ICE uses the gang member and associates information stored in to support the centralized storage, retrieval, research and analysis of this information among various ICE field offices. ICE agents use for various purposes in connection with criminal law enforcement investigations and other law enforcement activities. For example, an ICE agent may search to determine whether an individual who is the subject of an ongoing criminal investigation is associated with gang activity. Such information may reveal to the agent a connection between the crimes being investigated and gang activity, which could help refocus the investigation. The agent may also use to identify the individual s known gang associates or fellow gang members who may be witnesses, suspects, or accomplices to the crimes being investigated. users are also able to see the other personnel who encountered the subject, which may facilitate information sharing pertaining to the investigation or prosecution of a particular individual or case. ICE also uses to electronically share gang information between ICE and CalDOJ through reciprocally connected GangNET software. Through their own CalGangs application, CalDOJ users can query and obtain read-only access to the ICE data in. ICE users can also access CalGangs information in the same way by querying the system. ICE also uses to produce statistical reports on gang activities for various law enforcement, management, and reporting purposes. also allows users to conduct link analysis among the various records to identify individuals that may be connected by an attribute such as an address or an associate. These connections and associations may provide leads for ICE agents to follow in pending investigations. users can also quickly generate gang rosters identifying all members of a particular gang. data is never used directly as evidence to prosecute crimes. is solely a data repository with limited search and analytical tools that help users identify individuals and organizations that may be involved in gang-related criminal activity. It is incumbent on the investigator that uses to fully check all original data sources. The only exception to this is that has the capacity to create photographic lineups. These photographic lineups may be shown to witnesses or victims to aid in the identification of suspects. 2.2 What types of tools are used to analyze data and what type of data may be produced? has a query interface called Find Subject which provides users the capability to search over 50 unique field types against subject records. For example, a list can be generated searching all subjects with a tattoo on the front side of their left leg. From that list another
8 Page 8 tool, the photo line-up, can be used to produce a series of photos of gang members or associates from the list of search results. The user can save the lineup in or print it to help witnesses and victims identify suspected gang members or associates. Additionally, includes many standardized statistical reports that provide aggregate counts based on the report type. These reports are pre-programmed and require a user to supply basic criteria such as age, gender, or ethnic background. The ad-hoc query reports allow users to create and save custom query templates that are not already included in. Users can construct their own reports using any information contained in the database. These reports are built using standard structured query language (SQL). 2.3 If the system uses commercial or publicly available data please explain why and how it is used. ICE agents that collect information about a gang member or associate in the course of an investigation or other law enforcement activity may obtain some of that information from commercial or publicly available data sources. That information may ultimately be entered into when the gang member or associate record is created or updated by the agent. The agent is responsible for ensuring that the public or commercial data is accurate to the extent possible before including it in or other Federal record systems. 2.4 Privacy Impact Analysis: Describe any types of controls that may be in place to ensure that information is handled in accordance with the above described uses. Automatic purge parameters permanently delete stored PII if that information has not been accessed within five years, in accordance with 28 C.F.R. Part 23. Additionally, users undergo agency-wide and system-specific training as described in Question 8.3. Only DHS employees and contractors are able to directly access the system, which is only available through the ICE network (at DHS sites or remotely). Further, individuals cannot access without an account created for them by the administrator. CalDOJ users have access to a different system (CalGangs) which can query and has read-only access to ICE gang data, but do not have direct user access to.
9 Page 9 Section 3.0 Retention The following questions are intended to outline how long information will be retained after the initial collection. 3.1 What information is retained? records containing gang members and associates PII are retained. General information in that does not necessarily pertain to a specific individual (such as estimated membership size, claimed turf, common signs, symbols etc.) is also retained. does not store reports or link analyses for later review. They must be printed out in hard copy to be retained. 3.2 How long is information retained? The gang member and associates records are stored in the system for five years after the last date they were accessed, as required under 28 C.F.R. Part 23. Records are automatically tagged when they are accessed with the expected purge date, allowing administrators to purge expired data automatically and efficiently. Gang information that does not relate to or identify a specific person will also be purged after five years of inactivity. 3.3 Has the retention schedule been approved by the component records officer and the National Archives and Records Administration (NARA)? ICE is currently establishing a records retention schedule for records. 3.4 Privacy Impact Analysis: Please discuss the risks associated with the length of time data is retained and how those risks are mitigated. Privacy Risk: Retaining data longer than necessary would violate the Fair Information Principle of minimization which requires systems and programs to retain only the information necessary and relevant to complete the task associated with its initial collection. Mitigation: The five year period suggested for complements the mission requirements of because five years allows for sufficient time to analyze and track suspected gang members and associates, and allows for a fuller development of complicated cases where linkages between subjects, organizations, and criminal conspiracies are difficult to detect. It is also sufficiently short to reduce the risk of out-of-date information persisting indefinitely. Understanding that the retention period should not be longer than the mission and purpose of the system, five years ensures that ICE can use the
10 Page 10 information for the stated purpose while not keeping the information longer than necessary. It should be noted that the retention period is established by 28 C.F.R. Part 23 and all users of the GangNET systems (such as CalGangs) must also comply with this retention period. Section 4.0 Internal Sharing and Disclosure The following questions are intended to define the scope of sharing within the Department of Homeland Security. 4.1 With which internal organization(s) is the information shared, what information is shared and for what purpose? In certain cases, select individuals within DHS who have a specific need for access may be given access to the system through user accounts on a case-by-case basis. So far, this has only occurred for U.S. Customs and Border Protection (CBP) personnel mostly Border Patrol agents when subjects they are encountering through border inspections or border patrol law enforcement activities meet the criteria for gang members or associates. They currently have read-only access and cannot modify records directly. 4.2 How is the information transmitted or disclosed? Information is transmitted and shared with other internal organizations by directly accessing in the same way as standard users do by accessing via the ICE Intranet via a secure DHS workstation. From there, these users have access to all the same functions and tools that ICE users have. However, users outside of ICE are given read-only access to prevent them from adding, modifying, or printing data. 4.3 Privacy Impact Analysis: Considering the extent of internal information sharing, discuss the privacy risks associated with the sharing and how they were mitigated. Privacy Risk: A risk exists that information may be shared with other DHS components without a need to know. Mitigation: Information from is shared only with law enforcement organizations that have a role in the investigation of possible violations with criminal and immigrations laws. As described in Question 8 of this document, uses access controls and audit trails to mitigate the risk that information will be accessed by unauthorized individuals or improperly used by authorized individuals. Non-ICE users of currently have read-only access, which mitigates the risk that they will modify the data. All users undergo mandatory agency-wide and system-specific training as described in Question 8.3 which helps ensure that data is not shared inappropriately.
11 Page 11 Section 5.0 External Sharing and Disclosure The following questions are intended to define the content, scope, and authority for information sharing external to DHS which includes Federal, state and local government, and the private sector. 5.1 With which external organization(s) is the information shared, what information is shared, and for what purpose? shares information with the CalDOJ CalGangs system for the purpose of providing information on gangs, gang members, and gang associates to the wider law enforcement community. CalGangs is a separate database based on the commercially available GangNET software that stores the same type of data found in. and CalGangs are able to reciprocally query and access data in each other s repository. The GangNET software provides a different color scheme for each system, allowing and CalGangs users to visually differentiate whether they are viewing an or CalGangs record. Users of each system have read-only access to the data in the other system and cannot save or print the information. 5.2 Is the sharing of personally identifiable information outside the Department compatible with the original collection? If so, is it covered by an appropriate routine use in a SORN? If so, please describe. If not, please describe under what legal mechanism the program or system is allowed to share the personally identifiable information outside of DHS. Sharing with external law enforcement agencies is compatible with the purpose of the original collection, namely to improve the efficiency and effectiveness of law enforcement personnel investigating gang members and associates and gang-related activity and to facilitate sharing of gang-related information. The ICE Intelligence Records System (IIRS) SORN (DHS/ICE-006, December 9, 2008, 73 FR 74735) 2 is being amended concurrently with this PIA to include information in the system and to document the system s routine uses. information shared with CalDOJ is done so pursuant to an existing information sharing agreement. As the community of GangNET participants grows, additional sharing partners may be identified and may give users access to their data and may be given access to data. 2 Additional information on the ICE Intelligence Records System SORN is located at
12 Page How is the information shared outside the Department and what security measures safeguard its transmission? A secure network connection protects the data as it flows between and CalGangs, owned by the CalDOJ. Users of and CalGangs access each other s data transparently via their own application. An Interconnection Security Agreement (ISA) between ICE and the CalDOJ is currently in progress that will establish individual and organizational security responsibilities for protection and handling of ICE Sensitive-but-Unclassified / For Official Use Only information. 5.4 Privacy Impact Analysis: Given the external sharing, explain the privacy risks identified and describe how they were mitigated. Privacy Risk: The primary risk that results from sharing information with CalGangs is that CalGangs users will use data for purposes besides the investigation of gangs and gangrelated activity. Mitigation: External users of reciprocally supported GangNET software suites are trained, granted access, and monitored by their host agency but with training, policies and monitoring which is similar and complimentary to policy. Further, CalGangs users are limited to read-only access to and cannot print or save the information they access from. Section 6.0 Notice The following questions are directed at notice to the individual of the scope of information collected, the right to consent to uses of said information, and the right to decline to provide information. 6.1 Was notice provided to the individual prior to collection of information? All information collected about gangs and their members and associates is law enforcement sensitive and notice is not given to the subject that a record is being created in. In some cases, the subject knows law enforcement is gathering information about him/her (such as information given at the time of booking or during interviews). In lieu of individual notice, this PIA and the IIRS SORN act as notice to the public that the system exists and that it collects information regarding gang members and associates. 6.2 Do individuals have the opportunity and/or right to decline to provide information? In most cases, because of the DHS law enforcement purposes for which the information is collected, opportunities to decline may be limited or nonexistent.
13 Page Do individuals have the right to consent to particular uses of the information? If so, how does the individual exercise the right? In most cases, because of the DHS law enforcement purposes for which the information is collected, individuals do not have a right to consent to particular uses of the information. The information in will be used in accordance with this PIA and the IIRS SORN. 6.4 Privacy Impact Analysis: Describe how notice is provided to individuals, and how the risks associated with individuals being unaware of the collection are mitigated. Privacy Risk: A risk exists that the public is not aware of, or, that individuals may not be aware that their information may be contained within. Mitigation: Most directly, the public is provided notice of the system through this PIA and the IIRS SORN. As part of this PIA and SORN process, DHS reviewed the applicable SORNs to ensure that is used appropriately, given the notice provided. Further, because is a system where many law enforcement contexts apply, notice or the opportunity to consent to use would compromise the ability of ICE to perform its missions and could put law enforcement officers at risk. Thus, notice of collection and consent to specific uses are not available in most cases for. Section 7.0 Access, Redress and Correction The following questions are directed at an individual s ability to ensure the accuracy of the information collected about them. 7.1 What are the procedures that allow individuals to gain access to their information? Individuals may request access to records about them in by following the procedures outlined in the IIRS SORN (DHS/ICE-006, December 9, 2008, 73 FR 74735). All or some of the requested information may be exempt from access pursuant to the Privacy Act in order to prevent harm to law enforcement investigations or interests. Providing individual access to records contained in could inform the subject of an actual or potential criminal, civil, or regulatory violation investigation or reveal investigative interest on the part of DHS or another agency. Access to the records could also permit the individual who is the subject of a record to impede the investigation, to tamper with witnesses or evidence, and to avoid detection or apprehension. In addition to the procedures above, individuals seeking notification of and access to any record contained in this system of records, or seeking to contest its content, may submit a request in writing to: ICE FOIA Officer 800 North Capitol Street, N.W.
14 Page 14 5th Floor, Suite 585 Washington, D.C Individuals may also submit requests by fax at or by at Please see the ICE FOIA Office s website for additional information (http://www.ice.gov/foia/index.htm). If an individual believes more than one component maintains Privacy Act records concerning him or her the individual may submit the request to the Chief Privacy Officer, Department of Homeland Security, 245 Murray Drive, S.W., Building 410, STOP-0550, Washington, D.C What are the procedures for correcting inaccurate or erroneous information? If individuals obtain access to the information in pursuant to the procedures outlined in the IIRS SORN, they may seek correction of any incorrect information in the system by submitting a request to correct the data. The data correction procedures are also outlined in the IIRS SORN. All or some of the requested information may be exempt from amendment pursuant to the Privacy Act in order to prevent harm to law enforcement investigations or interests. Amendment of the records could interfere with ongoing investigations and law enforcement activities and may impose an impossible administrative burden on investigative agencies. In addition to the procedures above, individuals seeking notification of and access to any record contained in this system of records, or seeking to contest its content, may submit a request in writing to: ICE FOIA Officer 800 North Capitol Street, N.W. 5th Floor, Suite 585 Washington, D.C Individuals may also submit requests by fax at or by at Please see the ICE FOIA Office s website for additional information (http://www.ice.gov/foia/index.htm). If an individual believes more than one component maintains Privacy Act records concerning him or her the individual may submit the request to the Chief Privacy Officer, Department of Homeland Security, 245 Murray Drive, S.W., Building 410, STOP-0550, Washington, D.C How are individuals notified of the procedures for correcting their information? The procedure for submitting a request to correct information is outlined in the IIRS SORN and in this PIA in Questions 7.1 and 7.2.
15 Page If no formal redress is provided, what alternatives are available to the individual? As stated, individuals may submit Privacy Act requests for information and correction, which will be reviewed and corrected on a case-by-case basis. 7.5 Privacy Impact Analysis: Please discuss the privacy risks associated with the redress available to individuals and how those risks are mitigated. Privacy Risk: There is a risk that an individual s record may be inaccurate and/or out-of-date. Mitigation: data is never used directly as evidence to prosecute crimes. is solely a data repository with limited search and analytical tools that help users identify individuals and organizations that may be involved in gang-related criminal activity. It is incumbent on the investigator that uses to fully check all original data sources. As a safeguard, when investigating potential violations of U.S. laws ICE investigators are required to obtain and verify the original source data from the agency that collected the information to prevent inaccurate information from propagating. There is also a limited retention period for these records, and quality review checks that are performed to identify and correct records. These protections mitigate the risks posed to any individuals whose data may be in. Section 8.0 Technical Access and Security The following questions are intended to describe technical safeguards and security measures. 8.1 What procedures are in place to determine which users may access the system and are they documented? ICE OI management is responsible for ensuring that all DHS personnel granted direct access to are appropriately trained and monitored. This is done by working with the administrator to establish user accounts as users are assigned to access and to update user identification, role, and access profiles as changes are needed. All users requesting access must be approved through the local administrator. All ICE agents are eligible for an account. Some non-agents, such as ICE analysts who work on gang-related issues, have accounts as well. CBP law enforcement agents and analysts (primarily Border Patrol agents) also may have accounts. Other groups have access, including contractors working with ICE who are responsible for maintaining the system and contractor information technology operations and support staff. Users who access information from external GangNET portals are granted access through their host agency and do not have user accounts. All GangNET software packages with access to will have audit trails or access controls allowing for the tracking of information access. Each GangNET host agency is responsible for maintaining user accounts and ensuring compliance with applicable policies.
16 Page 16 There are three access control roles that users might be assigned. Generally, users have read/write access so as to allow them to search and update the database. Some users have a limited account that allows them to search data, but not edit it. This role is used to ensure that individuals, such as some analysts, who do not need to edit the data, won t intentionally or inadvertently alter the data. Finally, administrators have full read and write access and the capacity to configure various parameters of the application. When access is given to CBP agents, they have read-only access and cannot modify records. 8.2 Will Department contractors have access to the system? Contractors, including developers and information technology operations and maintenance staff, will have access to for the purpose of maintaining and upgrading the system. All contractors undergo security and background checks before being granted access and will be granted the appropriate level of access. 8.3 Describe what privacy training is provided to users either generally or specifically relevant to the program or system? All ICE personnel and contractors complete annual mandatory privacy and security training and training on Securely Handling ICE Sensitive but Unclassified (SBU)/For Official Use Only (FOUO) Information. In addition, ICE system users must sign a Rules of Behavior agreement, which includes protecting sensitive information from disclosure to unauthorized individuals or groups, after passing the background investigation. ICE will provide system-specific training to any DHS personnel who will be authorized to use. Training is to consist of a course of instruction that address, at a minimum: 1. The definition of a criminal street gang 2. Accepted criteria for indentifying gang members, associates, and entry of photographs 3. Criminal predicate/reasonable suspicion definitions 4. Federal, state and local law statutes and policies regarding criminal intelligence information 5. Responsibilities related to, and utilization of both the and CalGangs systems 8.4 Has Certification & Accreditation been completed for the system or systems supporting the program? The Certification and Accreditation process is in progress and is expected to be completed in March 2010.
17 Page What auditing measures and technical safeguards are in place to prevent misuse of data? Activities including subject name searches, vehicle, address, gang name, case number and contact number searches are audited. The enhanced auditing captures what new data was entered, what data existed before and after modification, and what data was deleted. In order to print from the system, a user is required to enter the purpose/reason. To comply with 28 C.F.R. Part 23, when a record is purged, all data related to that record is also purged including any audit records (i.e. the fact the record ever existing in the system has to be expunged). Security measures in place include the fact that users must be located at a government issued computer in order to access the intranet, VPN access is only granted to authorized employees and is password protected and user accounts are created on an individual basis to further secure user information. 8.6 Privacy Impact Analysis: Given the sensitivity and scope of the information collected, as well as any information sharing conducted on the system, what privacy risks were identified and how do the security controls mitigate them? Privacy Risk: There is a risk that personally identifiable information in will be accessed inappropriately. Mitigation: This risk is mitigated by security training that discusses how to protect sensitive information and by the use of audit mechanisms that log and monitor user activity. The assignment of roles to users to establish their access requirements, based on their functions and regular review of those roles, mitigates the risk that users will be able to access information they are not required to access. All systems have been through a system security certification and accreditation process that reviews those security mechanisms and procedures that are in place, and ensures they are in accordance with established policy. Section 9.0 Technology The following questions are directed at critically analyzing the selection process for any technologies utilized by the system, including system hardware, RFID, biometrics and other technology. 9.1 What type of project is the program or system? The database is web-based commercial software tool that allows data entry and data sharing within ICE and with external law enforcement agencies. It enhances the ICE s capability to identify and investigate crimes by gang members and associates and other illegal gang-related activity.
18 Page What stage of development is the system in and what project development lifecycle was used? is in the Operations and Maintenance stage of the ICE Enterprise Architecture Life Cycle Management System. 9.3 Does the project employ technology which may raise privacy concerns? If so please discuss their implementation. No. Responsible Officials Lyn Rahilly Privacy Officer U.S. Department of Homeland Security Approval Signature Original signed copy on file with the DHS Privacy Office Mary Ellen Callahan Chief Privacy Officer Department of Homeland Security
for the Bonds Online System (ebonds) - Phase One July 14, 2009 Contact Point James T. Hayes, Jr. Director, Office of Detention and Removal U.S. Immigration and Customs Enforcement (202) 732-3100 Reviewing
for the Automated Threat Prioritization Web Service DHS/ICE/PIA-028 June 6, 2011 Contact Point Luke McCormack Chief Information Officer U.S. Immigration and Customs Enforcement (202) 732-3100 Reviewing
for the Fugitive Case Management System (FCMS) August 11, 2009 Contact Point David Venturella Acting Director, Detention and Removal Operations U.S. Immigration and Customs Enforcement (202) 732-3100 Reviewing
for the Conversion to 10-Fingerprint Collection for the United States Visitor and Immigrant Status Indicator Technology Program (US-VISIT) November 15, 2007 Contact Point Barbara M. Harrison, Acting Privacy
for the Federal Protective Service Dispatch and Incident Record Management Systems September 16, 2009 Contact Point Gary Schenkel Director, Federal Protective Service U.S. Immigration and Customs Enforcement
for the Visa Security Program Tracking System August 27, 2009 Contact Point Raymond R. Parmer Director, Office of International Affairs U.S. Immigration and Customs Enforcement (202) 732-0350 Reviewing
for the ICE Pattern Analysis and Information Collection (ICEPIC) January 25, 2008 Contact Point Marcy Forman Director Office of Investigations U.S. Immigration and Customs Enforcement (202) 514-0078 Reviewing
for the (CWS System) DHS/TSA/PIA-036 January 13, 2012 Contact Point Carolyn Y. Dorgham Program Manager, National Explosives Detection Canine Team Program Carolyn.Dorgham@dhs.gov Reviewing Official Mary
for the Stakeholder Engagement Initiative: December 10, 2009 Contact Point Christine Campigotto Private Sector Office Policy 202-612-1623 Reviewing Official Mary Ellen Callahan Chief Privacy Officer Department
for the CASE MATTER MANAGEMENT TRACKING SYSTEM September 25, 2009 Contact Point Mr. Donald A. Pedersen Commandant (CG-0948) (202) 372-3818 Reviewing Official Mary Ellen Callahan Chief Privacy Officer Department
for the E-Mail Secure Gateway (EMSG) DHS/MGMT/PIA-006 March 22, 2012 Contact Point David Jones MGMT/OCIO/ITSO/ESDO DHS HQ (202) 447-0167 Reviewing Official Mary Ellen Callahan Chief Privacy Officer Department
for the Law Enforcement Intelligence Fusion System (IFS) November 17, 2008 Contact Point Susan Lane Director, Office of Intelligence U.S. Immigration and Customs Enforcement (202) 514-1900 Reviewing Officials
for the Directory Services and Email System (DSES) Contact Point James Kief Functional Area Manager Department of Homeland Security/US Coast Guard (304) 264-2573 Reviewing Official Hugo Teufel III Chief
for the Physical Access Control System DHS/ALL 039 June 9, 2011 Contact Point David S. Coven Chief, Access Control Branch (202) 282-8742 Reviewing Official Mary Ellen Callahan Chief Privacy Officer (703)
for the Five Country Joint Enrollment and Information-Sharing Project (FCC) November 2, 2009 Contact Point Paul Hasson, Privacy Officer Program National Protection & Programs Directorate (202) 298-5200
for the Background Check Service Contact Point Elizabeth Gaffin USCIS Privacy Officer United States Citizenship and Immigration Services 202-272-1400 Reviewing Official Hugo Teufel III Chief Privacy Officer
for the Student Administration and Scheduling System DHS/FLETC/PIA-002 February 12, 2013 Contact Point William H. Dooley Chief, Office of IT Budget, Policy, & Plans (912) 261-4524 Reviewing Official Jonathan
for the E-Verify Self Check March 4, 2011 Contact Point Janice M. Jackson Privacy Branch, Verification Division United States Citizenship and Immigration Services 202-443-0109 Reviewing Official Mary Ellen
AUGUST 16, 2013 Privacy Impact Assessment CIVIL PENALTY FUND AND BUREAU-ADMINISTERED REDRESS PROGRAM Contact Point: Claire Stapleton Chief Privacy Officer 1700 G Street, NW Washington, DC 20552 202-435-7220
for Alien Criminal Response Information Management System (ACRIMe) April 22, 2010 Contact Point James A. Dinkins, Director Office of Investigations U.S. Immigration & Customs Enforcement (202) 732-5100
for the Enforcement Integrated Database (EID) Criminal History Information Sharing (CHIS) Program DHS/ICE/PIA-015(h) January 15, 2016 Contact Point Peter Edge Executive Associate Director, Homeland Security
for the Enterprise Services Management System April 28, 2016 Contact Point Marshall Nolan Border Enforcement and Management Systems Division Office of Information Technology U.S. Customs & Border Protection
United States Department of State (PIA) Consular Affairs Enterprise Service Bus (CAESB) 01.00.00 Last Updated: May 1, 2015 Bureau of Administration 1. Contact Information A/GIS/IPS Director Bureau of Administration
for the Enforcement Integrated Database (EID) ENFORCE Alien Removal Module (EARM 3.0) DHS/ICE-PIA-015(b) May 20, 2011 Contact Point James Dinkins Executive Associate Director Homeland Security Investigations
for the Bond Management Information System January 19, 2011 Contact Point Radha Sekar Chief Financial Officer U.S. Immigration & Customs Enforcement (202) 732-7500 Reviewing Official Mary Ellen Callahan
for the Alien Criminal Response Information Management System (ACRIMe) DHS/ICE/PIA 020(d) January 24, 2013 Contact Point Gary Mead Enforcement and Removal Operations U.S. Immigration and Customs Enforcement
for Clearances, Logistics, Employees, Applicants, and Recruitment (CLEAR) DHS/USSS/PIA-013 January 3, 2013 Contact Point Latita M. Payne, Privacy Officer United States Secret Service (202) 406-5838 Reviewing
United States Trustee Program Privacy Impact Assessment for the Credit Counseling/Debtor Education System (CC/DE System) Issued by: Larry Wahlquist, Privacy Point of Contact Reviewed by: Approved by: Vance
for the DHS / UKvisas Project November 14, 2007 Contact Point Elizabeth Gaffin Associate Counsel United States Citizenship and Immigration Services 202-272-1400 Reviewing Official Hugo Teufel III Chief
Federal Bureau of Prisons Privacy Impact Assessment for TRUFONE Inmate Telephone System Issued by: Sonya D. Thompson Reviewed by: Approved by: Vance E. Hitch, Chief Information Officer, Department of Justice
for the Crew Member Self Defense Training (CMSDT) Program February 6, 2008 Contact Point Michael Rigney Federal Air Marshal Service Flight Programs Division Michael.Rigney@dhs.gov Reviewing Officials Peter
United States Department of State Privacy Impact Assessment Risk Analysis and Management Bureau of Administration 1. Contact Information Risk Analysis and Management (RAM) PIA Department of State Privacy
for the National File Tracking System (NFTS) October 5, 2010 Contact Point Donald K. Hawkins Privacy Officer US Citizenship and Immigration Services (202) 272-8000 Reviewing Official Mary Ellen Callahan
for the March 22, 2011 Robert Morningstar Information Systems Security Manager DHS Office of the Chief Information Officer/Enterprise Service Delivery Office (202) 447-0467 Reviewing Official Mary Ellen
United States Department of State (PIA) Waiver Review System (WRS) Version 03.06.01.01 Last Updated: December 2, 2013 Bureau of Administration 1. Contact Information Department of State Privacy Coordinator
for the Protected Critical Infrastructure Information Management System (PCIIMS) Final Operating Capability (FOC) DHS/NPPD/PIA-006(a) Contact Point Tammy Barbour Protected Critical Infrastructure Information
for the SharePoint Matter Tracking Systems DHS/ICE/PIA-043 July 9, 2015 Contact Point Lyn Rahilly Privacy Officer Immigration and Customs Enforcement (202) 732-3300 Reviewing Official Karen L. Neuman Chief
Technology, Planning, Architecture, & E-Government Version: 1.1 Date: April 14, 2011 Prepared for: USDA OCIO TPA&E Privacy Impact Assessment for the April 14, 2011 Contact Point Charles McClam Deputy Chief
for the Computer Linked Application Information Management System DHS/USCIS/PIA-015(a) August 31, 2011 Contact Point Donald Hawkins Privacy Officer United States Citizenship and Immigration Services (202)
for the 9/11 Heroes Stamp Act of 2001 File System Contact Point Elizabeth Edge US Fire Administration Federal Emergency Management Agency (202) 646-3675 Reviewing Official Nuala O Connor Kelly Chief Privacy
for the FALCON Tipline DHS/ICE/PIA-033 November 2, 2012 Contact Point James Dinkins Executive Associate Director Homeland Security Investigations U.S. Immigration & Customs Enforcement (202) 732-5100 Reviewing
for the Port Authority of New York/New Jersey Secure Worker Access Consortium Vetting Services DHS/TSA/PIA-040 November 14, 2012 Contact Point Joseph Salvator Office of Intelligence & Analysis Joseph.Salvator@tsa.dhs.gov
DECEMBER 20, 2013 Privacy Impact Assessment MARKET ANALYSIS OF ADMINISTRATIVE DATA UNDER RESEARCH AUTHORITIES Contact Point: Claire Stapleton Chief Privacy Officer 1700 G Street, NW Washington, DC 20552
Privacy Impact Assessment Form LITIGATION SUPPORT SYSTEM (SYSTEM NAME) This template is used when the Chief Privacy Officer determines that the system contains Personally Identifiable Information and a
1. Contact Information Department of State Privacy Coordinator Margaret P. Grafeld Bureau of Administration Global Information Services Office of Information Programs and Services 2. System Information
FHFA Privacy Impact Assessment Template FM: SYSTEMS (SYSTEM NAME) This template is used when the Chief Privacy Officer determines that the system contains Personally Identifiable Information and a more
for the December 10, 2010 Contact Point Peter Vincent Principal Legal Advisor 202-732-5000 Reviewing Official Mary Ellen Callahan Chief Privacy Officer Department of Homeland Security (703) 235-0780 Page
Privacy Impact Assessment For: Education Investigative Tracking System (EDITS) Date: April 10, 2013 Point of Contact: Hui Yang System Owner: Wanda A. Scott Author: William Hamel Office of Inspector General
Federal Bureau of Prisons Privacy Impact Assessment for the Forensic Laboratory Issued by: Sonya D. Thompson, Senior Component Official for Privacy, Sr. Deputy Assistant Director/CIO Approved by: Erika
1. Contact Information A/GIS/IPS Director Department of State SharePoint Server PIA Bureau of Administration Global Information Services Office of Information Programs and Services 2. System Information
for the Visa Security Program Tracking System- Network version 2.0 DHS/ICE/PIA-011(a) January 17, 2013 Contact Point James Dinkins Executive Associate Director Homeland Security Investigations Immigration
for the NOC Patriot Report Database December 7, 2010 Contact Point Ashley Tyler Department of Homeland Security Office of Operations and Coordination and Planning Reviewing Official Mary Ellen Callahan
(4910-62-P) DEPARTMENT OF TRANSPORTATION Office of the Secretary Docket No. DOT-OST-2015-0235 Privacy Act of 1974; Department of Transportation, Federal Aviation Administration, DOT/FAA-801; Aircraft Registration
United States Department of State (PIA) Consular Data Information Transfer System (CDITS) Version 02.00.00 Last Updated: April 15, 2014 Bureau of Administration 1. Contact Information Department of State
for the Integrated Digitization Document Management Program January 5, 2007 Contact Point Elizabeth Gaffin Privacy Officer U.S. Citizenship and Immigration Services (USCIS) (202) 272-1400 Reviewing Official
Office of Financial Research Constituent Relationship Management Tool Privacy Impact Assessment ( PIA ) April, 2015 A. Identification System Name: OMB Unique Identifier: System Owner: Constituent Relationship
Privacy Impact Assessment for the Standardized Tracking and Accounting Reporting System- Financial Management System (STARS-FMS) United States Marshals Service Contact Point William E. Bordley Associate
for the Homeland Security Virtual Assistance Center November 3, 2008 Contact Point Donald M. Lumpkins National Preparedness Directorate (FEMA) (202) 786-9754 Reviewing Official Hugo Teufel III Chief Privacy
Federal Trade Commission Privacy Impact Assessment for the: W120023 ONLINE FAX SERVICE December 2012 1 System Overview The Federal Trade Commission (FTC, Commission or the agency) is an independent federal
BILLING CODE: 4410-10 DEPARTMENT OF HOMELAND SECURITY Office of the Secretary DHS-2008-0052 Privacy Act of 1974; Department of Homeland Security, U.S. Customs and Border Protection Electronic System for
Federal Bureau of Prisons Privacy Impact Assessment for the Correspondence Tracking System (CTS) Issued by: Sonya D. Thompson Sr. Deputy Assistant Director/CIO Reviewed by: Approved by: Luke J. McCormack,
for Threat Assessments for Access to Sensitive Security Information for Use in Litigation December 28, 2006 Contact Point Andrew Colsky Sensitive Security Information (SSI) Office SSI@dhs.gov Reviewing
Federal Bureau of Prisons Privacy Impact Assessment for the SENTRY Inmate Management System Issued by: Sonya D. Thompson Deputy Assistant Director/CIO Reviewed by: Approved by: Luke McCormack, Chief Information
for the Use of Radio Frequency Identification (RFID) Technology for Border Crossings January 22, 2008 Contact Point Colleen Manaher Western Hemisphere Travel Initiative Program Management Office Office
for the United States Citizenship and Immigration Services (USCIS) June 22, 2007 Contact Point Harry Hopkins Office of Information Technology (OIT) (202) 272-8953 Reviewing Official Hugo Teufel III Chief
The Bureau of the Fiscal Service Privacy Impact Assessment The mission of the Bureau of the Fiscal Service (Fiscal Service) is to promote the financial integrity and operational efficiency of the federal
Federal Bureau of Prisons Privacy Impact Assessment for the HR Automation System Issued by: Sonya D. Thompson Deputy Assistant Director/CIO Reviewed by: Approved by: Eric Olson, Acting Chief Information
1. Contact Information Privacy Impact Assessment (PIA) Department of State Privacy Coordinator Margaret P. Grafeld Bureau of Administration Information Sharing Services Office of Information Programs and
for the Information System (IFMIS) Merger DHS/FEMA/PIA-020 December 16, 2011 Contact Point Michael Thaggard Office of Chief Financial Officer (202) 212-8192 Reviewing Official Mary Ellen Callahan Chief
J. Howard Beales Chair, DHS Data Privacy and Integrity Advisory Committee Via Hand Delivery Secretary Janet Napolitano Department of Homeland Security Washington, DC 20528 Ms. Mary Ellen Callahan Chief
for the Customer Scheduling and Services DHS/USCIS/PIA-046 March 25, 2014 Contact Point Donald K. Hawkins Privacy Officer U.S. Citizenship and Immigration Services (202) 272-8000 Reviewing Official Karen
This document is scheduled to be published in the Federal Register on 07/14/2016 and available online at http://federalregister.gov/a/2016-16598, and on FDsys.gov 9110-04 DEPARTMENT OF HOMELAND SECURITY
1. Contact Information Department of State Privacy Coordinator Margaret P. Grafeld Bureau of Administration Global Information Services Office of Information Programs and Services 2. System Information
for the Scheduling and Notification of Applicants for Processing December 15, 2008 Contact Point Donald Hawkins USCIS Privacy Officer United States Citizenship and Immigration Services 202-272-8404 Reviewing
Department of Homeland Security Management Directives System MD Number: 4500.1 Issue Date: 03/01/2003 DHS E-MAIL USAGE I. Purpose This directive establishes Department of Homeland Security (DHS) policy
Reward TM System Privacy Impact Assessment February 11, 2005 Contact Point John Allen Human Capital Business Systems Department of Homeland Security (202) 357-8285 Reviewing Official Nuala O Connor Kelly