Download:
pdf |
pdfPrivacy Impact Assessment
for the
H-1B Visa Cap Registration
January 28, 2011
Contact Point
Donald Hawkins
Privacy Officer
United States Citizenship and Immigration Services
Department of Homeland Security
202-272-8404
Reviewing Official
Mary Ellen Callahan
Chief Privacy Officer
Department of Homeland Security
(703) 235-0780
Privacy Impact Assessment
USCIS, H-1B Cap Registration
Page 2
Abstract
The United States Citizenship and Immigration Services (USCIS) is proposing to amend its
regulation governing petitions by U.S. employers seeking H-1B nonimmigrant worker status for aliens
subject to annual numerical limitations or exempt from numerical limitations by having earned a U.S.
master’s or higher degree (also referred to as the “65,000 cap” and “20,000 cap” respectively, or the “cap”
collectively). Under the proposed rule, USCIS would establish H-1B Cap Registration, a mandatory
registration process, to streamline the administration of H-1B petitions filed by employers. This Privacy
Impact Assessment (PIA) is being conducted because the H-1B Cap Registration NPRM proposes a
change to USCIS’ collection of personally identifiable information (PII).
Overview
USCIS receives and adjudicates petitions and applications for all immigration benefits, including
petitions by U.S. employers seeking nonimmigrant worker status for aliens. More specifically, USCIS
administers and adjudicates H-1B nonimmigrant petitions, which are filed by employers (hereinafter
referred to as petitioners) to employ foreign workers in specialty occupations that require theoretical or
practical application of highly specialized knowledge and attainment of a bachelor’s or higher degree in
the specialty. Typical H-1B occupations include architects, engineers, computer programmers,
accountants, doctors, and college professors, among others.
Petitioners seeking benefits for an alien (hereinafter referred to as beneficiary) under the H-1B
nonimmigrant classification are subject to congressionally-mandated annual numerical limits, known as
the H-1B cap. Caps control the number of workers that can be issued a visa and/or receive H-1B
classification in a given fiscal year. By law, USCIS cannot grant more than 65,000 new H-1B visa
petitions per fiscal year subject to certain limited exceptions (“65,000 cap”). An exemption applies to the
first 20,000 H-1B petitions filed on behalf of an alien who has attained a U.S. master’s degree or higher
(“20,000 cap”). This means, in effect, 85,000 visas are available.
Historically, USCIS received more petitions than available slots and reached the H-1B cap within
days of opening the H-1B filing period for the new fiscal year. In the event USCIS anticipates that the H1B filings will exceed the cap, USCIS announces to the public a final date on which it will accept H-1B
petitions from petitioners. This date has been as early as the first day after USCIS began accepting H-1B
petitions for the upcoming fiscal year. USCIS then administers a random lottery to ensure the fair and
orderly distribution of available H-1B cap numbers. Properly submitted petitions undergo a random
selection process to determine which petitions can be processed to completion and, if otherwise eligible,
which beneficiaries are able to receive a new H-1B visa number.
Current Random Selection Process
Before employing an H-1B temporary worker, a U.S. petitioner must first file an H-1B petition
with USCIS on behalf of the worker using Form I-129, “Petition for a Nonimmigrant Worker.” In order
to ensure that the 65,000 cap and 20,000 master’s degree exemption are not exceeded, USCIS monitors
the number of H-1B petitions it receives. When USCIS determines, based on the number of H-1B
Privacy Impact Assessment
USCIS, H-1B Cap Registration
Page 3
petitions it has received, that the 65,000 cap or 20,000 cap exemption will be reached, it announces to the
public the final day on which it will accept such petitions for adjudication in that fiscal year. USCIS
refers to this day as the “final receipt date.”
Following the final receipt date, USCIS conducts two random selections: (1) for petitions
qualifying for the 20,000 cap exemption, and (2) the remaining advance degree petitions together with the
other H-1B petitions, for the 65,000 cap. Selected H-1B petitions continue to adjudication. USCIS
rejects any petitions that are not selected; rejected petitions are returned along with filing fees to the
petitioner.
Proposed Registration Program
USCIS is proposing to implement a mandatory registration process known as the H-1B Cap
Registration. Under the NPRM, petitioners will be able to register prospective beneficiaries for the
random selections instead of filing a full petition. USCIS is proposing to amend its regulations to provide
an alternate H-1B petition filing procedure to streamline and simplify the process for petitioners subject to
H-1B numerical limits. This rule will establish the mandatory Internet-based electronic registration
requirement requiring petitioners to register in order to participate in the random selections.
The proposed H-1B Cap Registration rule will allow petitioners to register for the lottery, while
being less cumbersome and require less beneficiary PII than filing a complete H-1B petition. The PII
required for the new process may include: (1) petitioner’s name and employer identification number
(EIN), petitioner contact information, (2) petitioner designated user’s name and contact information, (3)
beneficiary’s name, date of birth, country of birth, country of citizenship, gender, and passport number,
and (4) any additional information requested by the registration or USCIS. The petitioner will receive an
immediate registration confirmation for every registration request that USCIS accepts. The registration
confirmation will be printable. USCIS will administer the random lottery selection process when the cap
is reached. Petitioners of selected registration forms will be eligible to file complete H-1B petitions for
the upcoming fiscal year on behalf of the beneficiary named in the registration.
The NPRM will not alter the process for processing and adjudicating H-1B petitions (i.e., Form I129), which USCIS will continue to process and adjudicate as described in the Benefits Processing of
Applicants other than Petitions for Naturalization, Refugee Status, and Asylum (CLAIMS 3) PIA 1 and
Benefits Information System (BIS) system of records notice (SORN).2
USCIS will update this PIA and publish a new SORN for lottery information as necessary to
reflect the outcome of the rulemaking process in advance of the actual H-1B Cap Registration’s
deployment.
1
Available at http://www.dhs.gov/xlibrary/assets/privacy/privacy_pia_cis_claims3.pdf.
at http://edocket.access.gpo.gov/2008/E8-22802.htm.
2 Available
Privacy Impact Assessment
USCIS, H-1B Cap Registration
Page 4
Section 1.0 Characterization of the Information
The following questions are intended to define the scope of the information requested and/or
collected as well as reasons for its collection as part of the program, system, rule, or technology being
developed.
1.1
What information is collected, used, disseminated, or
maintained in the system?
Under the proposed rule, USCIS will collect PII related to the H-1B petitioner, designated user,
and prospective beneficiary. USCIS will work with the Office of Management and Budget (OMB) to
develop the method of collection.
The H-1B petitioner is an employer seeking to hire a beneficiary under the H-1B classification.
Information about the H-1B petitioner includes the:
Organization name
Full name of contact person
Title of contact person
Email address
Telephone number
Mailing address (includes street address, city, state, province, and zip code)
EIN
Social Security Number (SSN), only if the petitioner is an individual
User ID created by the petitioner
Account activation code
The designated user may be an employee or legal representative of the petitioner who is assisting
with the H-1B Cap Registration form. Information about the designated user includes his or her:
Full name
Title
Email address
Telephone number
Mailing address (includes street address, city, state, province, and zip code)
Indication of legal representative
Firm name, if applicable
User ID for users and legal representatives
Account activation code
Privacy Impact Assessment
USCIS, H-1B Cap Registration
Page 5
The H-1B beneficiary is the alien seeking H-1B classification. Information about the beneficiary
includes his or her:
Full name
Passport number
Date of birth
Country of birth
Country of citizenship
Gender
Category – cap or exemption
Information Generated by the H-1B Cap Registration
The proposed rule will require USCIS to immediately provide a confirmation notice for the
petitioner for each successful registration. The confirmation receipt will recapture the beneficiary’s
information and include a confirmation number associated with the registration. The petitioner may print
the notice at that time.
Selected petitioners will also receive a selection notice from USCIS at the conclusion of the
random selection process. The selection notification will contain a unique identifying number and a
machine readable zone that USCIS can use to verify the petitions and intended beneficiary.
1.2
What are the sources of the information in the system?
USCIS will collect information related to H-1B Cap Registration directly from the petitioner or
the designated user. The petitioner or designated user will collect beneficiary information from the
beneficiary.
1.3
Why is the information being collected, used,
disseminated, or maintained?
USCIS will collect information during H-1B Cap Registration from the petitioner or designated
user to administer the H-1B lotteries to determine which petitioners are eligible to file an H-1B petition
on behalf of the beneficiary named in the registration form. Further, USCIS will collect the SSN from the
petitioner only if the petitioner is the sole proprietor and does not maintain an EIN. This registration
system will streamline the petitioning process for petitioners and improve the efficiency of USCIS’
management of the H-1B cap.
1.4
How is the information collected?
The H-1B Cap Registration information will be collected online directly from the petitioner or the
designated user via the secure USCIS website.
Privacy Impact Assessment
USCIS, H-1B Cap Registration
Page 6
1.5
How will the information be checked for accuracy?
The H-1B Cap Registration is dependent on the accuracy and quality of information provided by
the H-1B petitioner and designated user. Most of the information is collected directly from the petitioner
and is assumed to be accurate. Prior to their official submission to the agency, the petitioner and
designated user are provided an opportunity to review and correct data inputs.
1.6 What specific legal authorities, arrangements, and/or
agreements defined the collection of information?
The primary legal authority to collect this information comes from 8 U.S.C. § 1101 et seq.
(Aliens and Nationality).
1.7
Privacy Impact Analysis: Given the amount and type of
data collected, discuss the privacy risks identified and how
they were mitigated.
Privacy Risk: The H-1B Cap Registration will present the risk of data inaccuracies.
Mitigation: The H-1B Cap Registration will be dependent on the accuracy and quality of
information provided by the petitioner. USCIS will not collect information directly from the beneficiary,
but will rely on the petitioner or designated user to input data into the registration system. The H-1B
beneficiary will provide information to the petitioner or designated user, which is then submitted online.
USCIS will provide users an opportunity to review and correct data inputs prior to their official
submission to the agency. Moreover, the registration form will include clear and concise instructions to
limit the possibility of providing incorrect data (e.g., petitioners would be instructed to use mm/dd/yyyy
for birth date).
Privacy Risk: USCIS risks collecting more information than necessary to perform the random
lottery.
Mitigation: The proposed H-1B Cap Registration will eliminate the need for petitioners to
prepare and file complete H-1B petitions without any certainty that an H-1B cap number will ultimately
be allocated to the beneficiary named on the petition. Previously, USCIS collected and reviewed
complete H-1B petitions from the petitioner. If the caps were reached, USCIS administered the random
lotteries with the complete petitions. The proposed H-1B Cap Registration rule will only require USCIS
to collect the minimum amount of information needed to determine which petitioner is eligible to file the
complete petition.
USCIS will also significantly reduce its initial collection of information with the implementation
of the H-1B Cap Registration rule. This rule will collect only those data elements needed to perform the
lottery required by the program. USCIS will collect a minimum set of PII about the petitioner and
beneficiary to administer the random lottery.
Privacy Impact Assessment
USCIS, H-1B Cap Registration
Page 7
Section 2.0 Uses of the Information
The following questions are intended to delineate clearly the use of information and the accuracy
of the data being used.
2.1
Describe all the uses of information.
USCIS will use the H-1B Cap Registration information to administer random lotteries to
determine which petitioners are eligible to file an H-1B petition on behalf of the beneficiary named in the
registration form. The collected information will also be used by USCIS to generate notifications to
forward to the petitioner indicating whether the petitioner may file a Form I-129 to request an H-1B visa
for the registered beneficiary.
Under the proposed rule, USCIS will be able to produce the following reports in order to
effectively manage the registration process:
Duplicate Petitioners – lists all petitioners associated with the same SSN or EIN who
activated more than one account.
Duplicate Beneficiaries – lists all duplicate beneficiaries under one petitioner. The following
beneficiary attributes are shown in the report list: last and first name, date of birth. The
following petitioner attributes are shown in the report list: account owner last and first name,
firm name, and registration date. USCIS will only allow for the first registration filed by the
petitioner on behalf of a particular beneficiary to be included in the lottery for a particular
fiscal year.
Lottery Results – indicates the lottery status of the beneficiary registration. The report will
include the beneficiary’s name and lottery result.
2.2
What types of tools are used to analyze data and what type
of data may be produced?
The implementation of the proposed rule will allow USCIS to produce reports (as discussed in
Section 2.1) in order to facilitate its ability to effectively manage the H-1B Cap Registration. The H-1B
Cap Registration will not have data analysis capabilities. The rule does not require USCIS to perform
complex analytical tasks resulting in data matching such as relational analysis, scoring, reporting, or
pattern analysis.
Privacy Impact Assessment
USCIS, H-1B Cap Registration
Page 8
2.3
If the system uses commercial or publicly available data
please explain why and how it is used.
Under the proposed rule, USCIS will not collect, use, or maintain commercial or publicly
available data during the registration process.
2.4
Privacy Impact Analysis: Describe any types of controls
that may be in place to ensure that information is handled
in accordance with the above described uses.
Privacy Risk: Unauthorized users will access the registration records.
Mitigation: All records will be protected from unauthorized access through appropriate
administrative, physical, and technical safeguards that include restricting access to authorized personnel
who have a need-to-know. USCIS will limit access to PII by employing role-based access (only allowing
access to users who need particular PII to perform their duties). USCIS will also deploy user logs to
ensure users are only accessing information related to their job functions.
Privacy Risk: USCIS will use collected information for unspecified purposes.
Mitigation: USCIS will only use the collected information to determine which petitioners are
eligible to file an H-1B petition on behalf of the beneficiary named in the registration form. Petitioners of
selected registration forms will receive a selection notice. USCIS will require the petitioner to submit the
selection notice to facilitate the proper and timely identification of petitioners and beneficiaries selected
during the registration process. The submission of the selection notice is an anti-fraud measure to ensure
the integrity of the H-1B cap number allocation process. USCIS will store the selection notice in the H1B beneficiary’s Receipt File or Alien File (A-File), whichever is appropriate.
Section 3.0 Retention
The following questions are intended to outline how long information will be retained after the
initial collection.
3.1
How long is information retained?
USCIS will be retaining the full information collected from the online registration. USCIS will
be working with the National Archives and Records Administration (NARA) to develop a records
retention schedule to cover the H-1B Cap Registration rule.
Privacy Impact Assessment
USCIS, H-1B Cap Registration
Page 9
3.2
Has the retention schedule been approved by the
component records officer and the National Archives and
Records Administration (NARA)?
No. USCIS is working to develop a schedule to cover records about individuals utilizing the H1B Cap Registration. USCIS will be proposing the following retention schedule: USCIS will delete or
destroy inputs 6 years from the last recorded action in the registration system (which would be the
outcome of the lottery conducted on a yearly basis). USCIS will delete/destroy reports after three years.
System documentation will be destroyed or deleted when no longer needed for agency business.
USCIS anticipates that it will maintain the H-1B Cap Registration records (selected and
unselected registrations) for six years. These records will be retained in order to support investigations
relating to fraudulent activities. The current retention period for the Form I-129 is six years. USCIS may
consider proposing a change in the retention period of the H-1B records in the future. USCIS will
recommend that the registration data be retained for same period of time as the Form I-129, as this
information would be available for investigations of fraudulently filed Form I-129s. The availability of
these records would allow USCIS to review and examine the totality of the evidence to facilitate its
ability to make informed decisions for each case under investigation.
3.3
Privacy Impact Analysis: Please discuss the risks
associated with the length of time data is retained and how
those risks are mitigated.
Privacy Risk: The Fair Information Practice Principles embodied in the Privacy Act require
minimization of length of time a federal agency retains information. Therefore, retaining data too long is
always a risk.
Mitigation: USCIS will be working with the USCIS Records Officer and NARA to develop a
record schedule. USCIS will carefully negotiate a schedule to ensure that data is retained for the
minimum time needed to process the registration form. The proposed schedule will match the
requirements of the Federal Records Act and the stated purpose and mission of the proposed registration
program. USCIS will propose a six year retention to support investigative efforts.
Section 4.0 Internal Sharing and Disclosure
The following questions are intended to define the scope of sharing within the Department of
Homeland Security.
4.1
With which internal organization(s) is the information
shared, what information is shared and for what purpose?
Generally, USCIS will not share H-1B Cap Registration information with internal organizations.
USCIS will only maintain information on whether the petitioner was eligible to file a complete H-1B
petition from the H-1B Cap Registration. On an individual basis, USCIS may share selected records from
Privacy Impact Assessment
USCIS, H-1B Cap Registration
Page 10
this system with its Fraud Detection and National Security Data System3 or with Immigration and
Customs Enforcement (ICE) or Intelligence and Analysis (I&A) for enforcement or intelligence purposes.
USCIS will continue to process and adjudicate H-1B petitions as described in CLAIMS 3 PIA 4
and BIS SORN.5 CLAIMS 3 collects information related to the processing and adjudication of the H-1B
petition, which may exchange data with several systems internal to DHS in order to process petitions.
4.2
How is the information transmitted or disclosed?
USCIS does not have a regular mechanism for transmitting information as it would be on an asneeded basis. However, it would most likely be transmitted via secure sockets layer (SSL).
4.3
Privacy Impact Analysis: Considering the extent of internal
information sharing, discuss the privacy risks associated
with the sharing and how they were mitigated.
Privacy Risk: Information submitted for benefits purposes may be shared too broadly for law
enforcement or intelligence purposes.
Mitigation: USCIS mitigates this risk by following strict protocols for referring particular data
sets to those other internal entities. These protocols ensure that the internal entity gets only the specific
sets of records it needs in order to meet a very specific purpose, and does not share entire databases or
large data sets when minimized record sets are justified.
Section 5.0 External Sharing and Disclosure
The following questions are intended to define the content, scope, and authority for information
sharing external to DHS which includes federal, state and local government, and the private sector.
5.1
With which external organization(s) is the information
shared, what information is shared, and for what purpose?
USCIS will not share H-1B Cap Registration information with external organizations. The
registration system will only maintain information on whether the petitioner was eligible to file a
complete H-1B petition.
CLAIMS 3 collects information related to the processing and adjudication of the H-1B petition,
which may exchange data with several systems external to DHS in order to process petitions (see
CLAIMS 3 PIA and BIS SORN for more details).
DHS-USCIS-006 - Fraud Detection and National Security Data System (FDNS DS) System of Records Notice (FR
48231)
4 Available at http://www.dhs.gov/xlibrary/assets/privacy/privacy_pia_cis_claims3.pdf.
5 Available at http://edocket.access.gpo.gov/2008/E8-22802.htm.
3
Privacy Impact Assessment
USCIS, H-1B Cap Registration
Page 11
5.2
Is the sharing of personally identifiable information outside
the Department compatible with the original collection? If
so, is it covered by an appropriate routine use in a SORN?
If so, please describe. If not, please describe under what
legal mechanism the program or system is allowed to
share the personally identifiable information outside of
DHS.
USCIS will not share H-1B Cap Registration information with external organizations.
5.3
How is the information shared outside the Department and
what security measures safeguard its transmission?
USCIS will not share H-1B Cap Registration information with external organizations.
5.4
Privacy Impact Analysis: Given the external sharing,
explain the privacy risks identified and describe how they
were mitigated.
Not applicable: USCIS will not share H-1B Cap Registration information with external
organizations.
Section 6.0 Notice
The following questions are directed at notice to the individual of the scope of information
collected, the right to consent to uses of said information, and the right to decline to provide information.
6.1
Was notice provided to the individual prior to collection of
information?
USCIS will update this PIA and publish an applicable system of records notice, if needed, prior to
the deployment of the system. Additionally, USCIS will post a Privacy Act statement on its website
explaining that USCIS will not use the information for any purpose other than to determine whether the
beneficiary subject to the cap is eligible to apply for H-1B visa for the upcoming fiscal year.
6.2
Do individuals have the opportunity and/or right to decline
to provide information?
USCIS will inform petitioners through the online Privacy Act statement and instructions that they
are not required to provide information and providing PII is voluntary. However, failure to provide the
requested information may delay or prevent the completion of the registration form, which may preclude
the petitioner from participating in the H-1B lottery.
Privacy Impact Assessment
USCIS, H-1B Cap Registration
Page 12
6.3
Do individuals have the right to consent to particular uses
of the information? If so, how does the individual exercise
the right?
The Privacy Act statement posted on the USCIS website will inform the petitioner of the uses of
the information they may provide while registering for the lottery. The petitioner may either consent to
the stated uses of their information or choose not to participate in the H-1B Cap Registration.
6.4
Privacy Impact Analysis: Describe how notice is provided
to individuals, and how the risks associated with
individuals being unaware of the collection are mitigated.
Privacy Risk: Individuals are unaware of the purposes for which their information is used.
Mitigation: The collection of PII will be required as part of the lottery process. Petitioners
registering to participate in the lottery will be made aware that the information they are providing will be
collected to determine whether the petitioners are eligible to submit H-1B petitions on behalf of the
beneficiary named in the registration form. In addition, the Privacy Act statement posted on the website
will notify individuals that electronically submitted information will be maintained and destroyed
according to the principles of the Federal Records Act, NARA regulations and records schedules, and in
some cases may be covered by the Privacy Act and subject to disclosure under the Freedom of
Information Act (FOIA).
Privacy Risk: Petitioners submit beneficiary information for the random lotteries without the
data subject’s knowledge or consent.
Mitigation: Petitioners who choose to participate in the registration process file a registration for
each prospective H-1B beneficiary they seek to hire. This process will allow petitioners to register on
behalf of the prospective beneficiary for consideration of available H-1B cap numbers. USCIS will not
collect information directly from the beneficiary, but will rely on the petitioner or designated user to
provide information. This presents the risk of petitioners submitting beneficiary information for the
random lottery without the data subject’s knowledge or consent. In an effort to minimize this risk, USCIS
will provide notice to the public through the USCIS website, the applicable NPRM, SORN, and this PIA.
These notices are aimed to inform the public of the new H-1B Cap Registration process.
Section 7.0 Access, Redress and Correction
The following questions are directed at an individual’s ability to ensure the accuracy of the
information collected about them.
7.1
What are the procedures that allow individuals to gain
access to their information?
USCIS treats all requests for access of information in a system of records as Privacy Act
amendment requests. Any individual seeking to access H-1B Cap Registration information will be able to
Privacy Impact Assessment
USCIS, H-1B Cap Registration
Page 13
direct his or her request to the USCIS FOIA / Privacy Act (PA) Officer at USCIS FOIA/PA, 70 Kimball
Avenue, South Burlington, Vermont 05403-6813 (Human resources and procurement records) or USCIS
National Records Center (NRC), P.O. Box 648010, Lee's Summit, MO 64064-8010 (all other USCIS
records). The process for requesting records can be found at 6 CFR § 5.21. The request should state
clearly the information that is being contested, the reasons for contesting it, and the proposed amendment
to the information.
USCIS anticipates that petitioners and designated users will also have the ability to access their
own information via the online interface and update it accordingly. The web users may view or update
their data such as their full name or work phone number by logging into the website using their unique
user ID and password combination which they established at registration. No individual user will be able
to view the profile data of another registered user.
7.2
What are the procedures for correcting inaccurate or
erroneous information?
Requests to contest or amend H-1B Cap Registration information should be submitted as
discussed in Section 7.1. The requestor should clearly and concisely state the information being
contested, the reason for contesting or amending it, and the proposed amendment. The requestor should
also clearly mark the envelope, “Privacy Act Amendment Request.” The record must be identified in the
same manner as described for making a request for access.
As noted above, USCIS also anticipates an online interface where petitioners and designated
users of the H-1B Cap Registration will have the ability to access their own information and update it as
needed.
7.3
How are individuals notified of the procedures for
correcting their information?
This PIA notifies individuals of the procedures for correcting their information. A Privacy Act
statement, including notice of an individual’s right to correct information, will be contained in the
proposed cap registration form.
7.4
If no formal redress is provided, what alternatives are
available to the individual?
Individuals will be provided opportunity for redress as discussed above.
7.5
Privacy Impact Analysis: Please discuss the privacy risks
associated with the redress available to individuals and
how those risks are mitigated.
Privacy Risk: Inaccurate or erroneous information collected during the registration period.
Mitigation: USCIS offers formal redress and access measures for individuals to mitigate the risks
Privacy Impact Assessment
USCIS, H-1B Cap Registration
Page 14
presented by inaccurate or erroneous information. Under the proposed rule, individuals will be given
numerous opportunities during and after the completion of the cap registration process to correct
information they have provided or designated users submitted on their behalf. USCIS does not intend to
claim any Privacy Act access and amendment exemptions for this process so individuals may avail
themselves to redress and appeals as stated in the DHS Privacy Act regulations (found at 6 CFR § 5.21).
Section 8.0 Technical Access and Security
The following questions are intended to describe technical safeguards and security measures.
8.1
What procedures are in place to determine which users
may access the system and are they documented?
In compliance with federal law and regulations, USCIS users will have access to H-1B Cap
Registration on a need-to-know basis. This need-to-know will be determined by the individual’s current
job functions. Moreover, access privileges (for both internal and external users) will be limited by
establishing role-based user accounts to minimize access to information that is not needed to perform
essential job functions.
8.2
Will Department contractors have access to the system?
Contractors will assist with the maintenance of H-1B Cap Registration under the direction of the
USCIS Office of Information Technology (OIT). Access will be provided to contractors only as needed
to perform their duties as required in the agreement between USCIS and the contractor and as limited by
relevant SOPs. In addition, USCIS employees and contractors must undergo federally approved
clearance investigations and sign nondisclosure agreements in order to obtain the appropriate access
levels.
8.3
Describe what privacy training is provided to users either
generally or specifically relevant to the program or
system?
USCIS provides annual privacy and security awareness training to all personnel (includes
employees and contractors). The privacy training addresses appropriate privacy concerns, including
Privacy Act obligations (e.g., SORNs, Privacy Act Statements, etc.). The security awareness training
examines appropriate technical, physical, personnel, and administrative control measures to safeguard
information. Each USCIS system owner and program also has the responsibility to ensure that all federal
employees and contractors receive the required annual Privacy Act and security training.
Privacy Impact Assessment
USCIS, H-1B Cap Registration
Page 15
8.4
Has Certification & Accreditation been completed for the
system or systems supporting the program?
USCIS will obtain Certification and Accreditation for the system prior to it being deployed,
subject to the results of the current rulemaking process. USCIS will update this PIA prior to deployment.
8.5
What auditing measures and technical safeguards are in
place to prevent misuse of data?
When privileges expire, user access will be promptly terminated. After termination of
employment at USCIS, access privileges will be removed as part of the employee exit clearance process
(signed by various persons before departure). Each employee will be given annual security awareness
training that addresses their duties and responsibilities to protect the data. In order to reduce the
possibility of misuse and inappropriate dissemination of information, DHS security specifications require
auditing capabilities that log user activity. All user actions will be tracked via audit logs.
8.6
Privacy Impact Analysis: Given the sensitivity and scope of
the information collected, as well as any information
sharing conducted on the system, what privacy risks were
identified and how do the security controls mitigate them?
Privacy Risk: Unauthorized access to personal information.
Mitigation: Access and security controls will be established to identify and mitigate privacy risks
associated with authorized and unauthorized users, namely misuse and inappropriate dissemination of
data. Role-based user accounts will be used to minimize the number of persons who have access to the
registration system. Audit trails will be kept in order to track and identify any unauthorized changes to
information in the system. USCIS will incorporate a comprehensive audit trail tracking and maintenance
function that will record activity surrounding the H-1B Cap Registration process. All personnel will be
required to complete annual privacy and security training.
Section 9.0 Technology
The following questions are directed at critically analyzing the selection process for any
technologies utilized by the system, including system hardware, RFID, biometrics and other technology.
9.1
What type of project is the program or system?
This program is part of the rulemaking process to amend regulations governing H-1B petitions
subject to annual numerical limitations.
Privacy Impact Assessment
USCIS, H-1B Cap Registration
Page 16
9.2
What stage of development is the system in and what
project development lifecycle was used?
This rulemaking is in the NPRM state of the rulemaking process.
9.3
Does the project employ technology which may raise
privacy concerns? If so please discuss their
implementation.
USCIS will not employ technology or monitor the activities of individuals or groups beyond that
required to register for the random selection.
Responsible Officials
Donald Hawkins
Privacy Officer
United States Citizenship and Immigration Services
Department of Homeland Security
Approval Signature
Original signed copy on file with the DHS Privacy Office
Mary Ellen Callahan
Chief Privacy Officer
Department of Homeland Security
File Type | application/pdf |
File Title | Privacy Impact Assessment Department of Homeland Security H-1B Visa Cap Registration |
Author | Privacy Impact Assessment Department of Homeland Security H-1B V |
File Modified | 2019-11-14 |
File Created | 2019-11-14 |