Download:
pdf |
pdfPrivacy Impact Assessment
for the
USCIS International Biometric
Processing Services
DHS/USCIS/PIA-048(a)
November 12, 2015
Contact Point
Donald K. Hawkins
Privacy Officer
U.S. Citizenship and Immigration Services
(202) 272-8030
Reviewing Official
Karen L. Neuman
Chief Privacy Officer
Department of Homeland Security
(202) 343-1717
�Privacy Impact Assessment Update
DHS/USCIS/PIA-048(a)
International Biometric Processing Services
Page 1
Abstract
Many countries now require biometric data from individuals filing applications for
immigration related benefits. Several countries have partnered with the Department of Homeland
Security (DHS) U.S. Citizenship and Immigration Services (USCIS) to collect the requisite
biometrics and limited biographical information on behalf of their immigration services. On behalf
of the country, USCIS collects biometric and biographic information at its 138 Application
Support Centers and deletes the records immediately after it receives confirmation that the partner
country has received the information. USCIS previously published DHS/USCIS/PIA-048, USCIS
International Visa Project, to address USCIS collection of biometric and biographic information
on behalf of other countries for international visa processing. USCIS is updating, renaming, and
replacing that PIA with this PIA to address expansion of the biometric services USCIS provides
to partner countries.
Overview
The United States Citizenship and Immigration Services (USCIS) collects biometrics and
limited biographic information on behalf of several countries that require biometric and biographic
data as part of their visa issuance process for visitors to their respective countries. Individuals who
file visa applications with these countries are required to submit biometric and biographic
information to increase the security of the partner country’s international visa issuance process.1
USCIS is updating, renaming, and reissuing this PIA to describe the biometric capture services
USCIS provides to partner countries. USCIS now provides biometric services to partner countries
for applicants seeking immigration-related benefits to include visa and naturalization applications.
Appendices to this PIA list the partner country and what service(s) USCIS provides to it,
which may also include other services beyond visa and naturalization cases.
Background
USCIS offers a fee-based service to international partners to collect biometric and limited
biographic information from individuals who are filing immigration-related benefit applications
with partner countries and who are physically present in the United States. Section 573 of the
Foreign Assistance Act of 1961 authorizes U.S. agencies to furnish services to foreign countries,
at the President’s discretion, in furtherance of their anti-terrorism efforts.2 USCIS provides this
service to certain partner countries for a fee agreed upon by each country and set forth in a
Memorandum of Understanding (MOU).
1
Currently, USCIS only provides biometric capture services to the United Kingdom and Canada. USCIS plans to
expand these services to more countries and plans to update the PIA appendix each time new countries are added.
2
22 U.S.C. § 2349aa.
�Privacy Impact Assessment Update
DHS/USCIS/PIA-048(a)
International Biometric Processing Services
Page 2
USCIS has 136 USCIS Application Service Centers (ASC) located throughout the United
States (and its territories) that are equipped to collect this information, Applicants may use one
of these services, without which they might have to travel as far as several states away to provide
their biometrics at the partner country’s embassy or consulate.
USCIS’s collaboration with the United Kingdom (U.K.) since Fiscal Year 2008
demonstrates the success of this effort and suggests this service can assist other countries as well.3
USCIS ASCs enables partner countries to achieve a low-cost, fast, effective, and comprehensive
biometrically-enabled visa system, which helps them to create a more secure border and reduce
fraud.
Biometric visa partnerships are beneficial to DHS because the collected fingerprints and
photographs are transmitted back to the U.S. Government for matching against DHS’s Automated
Biometric Identification System (IDENT),4 as described below.
USCIS Collection of Information
The process begins when an individual seeking a benefit from a partner country completes
an applicable an online benefit application and submits it with the associated fee to the partner
country. After submitting the application online, the partner country’s website directs the applicant
to schedule a biometric appointment at a USCIS ASC. Generally, the country’s website provides
the applicant with available timeslots at surrounding ASCs – initially given to the partner country
by USCIS. Upon selecting an appointment time, the individual is instructed to print out the
appointment letter, which includes country-specific instructions, including what if any supporting
materials (e.g., photo identification, travel document) must be brought to the appointment.. Upon
arrival at the appointment, ASC personnel check the individual’s photo identification against the
person presenting him or herself, to confirm identity, and then confirm the appointment.
ASC personnel collect the applicant’s biographic information5 (e.g., full name, date of
birth, country of birth, sex, and nationality) from the appointment letter and/or photo identification
and capture the individual’s biometrics (i.e., fingerprints, photographs, and signature). The
fingerprints are collected using an electronic fingerprint machine, which captures an image of all
10-fingerprint digits.6 ASC personnel then complete a final quality assurance review to ensure that
USCIS captured all relevant information specific to the partner country. ASC personnel stamp the
individual’s appointment letter for proof that he or she submitted biometrics to USCIS. The ASC
transmits the information to the partner country through the USCIS Enterprise Service Bus (ESB).7
3
The U.K. was the first country to partner with the USCIS for this project.
See DHS/NPPD/USVISIT/PIA-002 IDENT PIA available at www.dhs.gov/privacy.
5
The biographic information collected may vary by country; please see the appendices to this PIA for complete details.
6 Ordinarily, all ten fingerprints will be captured in this process; however, if one or more fingers are not available (for instance,
because of amputation) then USCIS will capture as many fingers as are available.
7 The DHS/USCIS/PIA-008 Enterprise Service Bus (ESB) PIA can be found at www.dhs.gov/privacy.
4
�Privacy Impact Assessment Update
DHS/USCIS/PIA-048(a)
International Biometric Processing Services
Page 3
Transmission
The transmission of biometric information occurs through ESB. USCIS temporarily retains
biographical information and biometrics captured pending notice of successful transmission to the
partner country. USCIS then deletes both the biographic and biometric information after the
partner country confirms receipt of it. USCIS does not have the ability to retrieve any personally
identifiable information (PII) associated with the immigration benefit applicant after the
confirmation of the successful transfer from the partner country. The retention period for this
information is generally less than 30 minutes and no longer than 12 hours.
In the unlikely event that any information fails to transmit, USCIS must determine why
any information does not reach its destination. .8 USCIS can retrieve information that is waiting
transmission to determine if the problem is equipment-or transmission-related. USCIS can do this
by using a combination of the country code and USCIS-assigned random numbers that enables
locating and tracking the case. Once USCIS identifies the problem, ASC personnel either resend
the information to the partner country, or the partner country may require the applicant to come in
for another biometric appointment.
To account for the transmission, USCIS retains an audit log that includes a transaction
control number,9 date and time of transaction, machine identification number, and employee
identification number. This data is separate from, and cannot be linked to, the PII described above.
USCIS retains the audit log data in USCIS enterprise Citizenship and Immigration Services
Centralized Operational Repository (eCISCOR). eCISCOR provides backup information in
support of billing and monthly reporting to be sent to the partner country.10 USCIS advises the
respective partner country that the audit logs are maintained online for 180 days and then stored
offsite for seven years.
Authentication
While USCIS ASCs will perform a preliminary check to confirm an individual’s identity,
USCIS does not authenticate an individual’s identity on behalf of the partner country. ASC
personnel only check the individual’s photo identification and confirm the appointment against the
appointment letter printed from the partner country website.
8
Technically, USCIS can determine whether a message has been not been sent or has not been received by the partner country.
For example, if the VPN circuit is temporarily down, USCIS will hold the case and retry sending it every 10 minutes until it goes
through. Once the case has gone through USCIS deletes the file. USCIS retains minimal information to enable USCIS to
document the cases it processed on the partner country’s behalf. This process enables USCIS to account for the amounts it
charges each country. In the event of a transmission failure, the partner country would not know that an application was not
received until the applicant submits his or her application materials documenting the appointment. If the fingerprints are not
found in the partner country system, the partner country will contact USCIS and ask about the case. USCIS can then troubleshoot
to determine whether a case was submitted but never sent.
9
This is a combination of the partner country account code unique to each applicant and country and includes the date and time
of the appointment.
10 The DHS/USCIS/PIA-023-eCISCOR can be found at www.dhs.gov/privacy.
�Privacy Impact Assessment Update
DHS/USCIS/PIA-048(a)
International Biometric Processing Services
Page 4
Upon receiving the biometric information from USCIS, the partner country uses the
information to screen against other biometric databases in support of its decision to grant or deny
the requested immigration benefit. The process each country follows is in accordance with its
respective policies and Standard Operating Procedures (SOPs).
Additionally, the official authentication of an individual may occur when an individual
who was granted a benefit enters the partner country. When the individual arrives in the country,
an immigration officer greets him or her and asks to see photo identification, travel documents,
and any other relevant information for verification purposes. The partner country’s immigration
officers perform the ultimate authentication of an individual’s identity at the time of entry into the
country. If the partner country has no prior information about the individual, the partner country
will create a new record based on the submitted fingerprints and biographic information presented
at the individual’s time of entry. The officer verifies the documentation and asks the individual
questions to determine if he or she meets the requirements for admission into the country. The
partner country’s officer officially determines if the individual is authorized to enter the country.
DHS Sharing
USCIS does not share any of the data captured on behalf of the partner country with any
other DHS agency, U.S. Government agency, or foreign entity other than the partner country.
Pursuant to USCIS and partner country agreements, USCIS only sends the data associated with
this project directly to the partner country. Some countries may elect, however, to screen the
biometrics against the DHS biometric repository, IDENT. If a partner country chooses to send its
biometrics back to DHS to run against IDENT, the sharing arrangements are governed by separate
information sharing access agreements and vary by country. Further information about the sharing
arrangement can be found in the IDENT PIA referenced above.
If a country chooses to pass back the biometric and biographic information collected by
USCIS to DHS for screening against DHS biometric holdings, queries are made against the IDENT
list of subjects of interest (e.g., “Subjects of interest” are people of interest to the United States or
international law enforcement and/or intelligence agencies because of suspected or confirmed
illegal activity). The DHS Office of Biometric Identity Management (OBIM) provides the country
with results from the query, along with details of the analysis supporting the returned results, if
applicable. These results and analyses assist the partner country in its determination of whether
applicants are eligible to receive immigration benefits according to its applicable laws.
�Privacy Impact Assessment Update
DHS/USCIS/PIA-048(a)
International Biometric Processing Services
Page 5
Section 1.0 Authorities and Other Requirements
1.1
What specific legal authorities and/or agreements permit and
define the collection of information by the project in question?
Section 573 of the Foreign Assistance Act of 1961 authorizes USCIS to conduct this feebased service for partner countries in furtherance of their anti-terrorism efforts.11 In addition, DHS
has signed an MOU with each partner country that uses USCIS ASCs for this service. Each MOU
defines the technical roles, responsibilities, and processes of USCIS and the partner country.
1.2
What Privacy Act System of Records Notice(s) (SORN(s)) apply to
the information?
USCIS temporarily retains information collected on behalf of a partner country for only as
long as it takes to successfully transmit the information to the partner country. While temporarily
retained, USCIS does not retrieve the records using a unique personal identifier. USCIS transfers
the biographic information and biometric capture to the partner country immediately after
collection. USCIS deletes the information from ESB after the partner country provides
confirmation of the successful transfer of the information. Therefore, no SORN is required to cover
this collection.
1.3
Has a system security plan been completed for the information
system(s) supporting the project?
Yes. USCIS completed a system security plan for ESB and eCISCOR. ESB and eCISCOR no
longer receive an Authority to Operate but instead have been placed in Ongoing Authorization (OA),
which means that ESB and eCISCOR security controls and organizational risks are assessed and
analyzed at regular intervals (that vary by security control) to support risk-based security decisions.
New privacy controls issued by the National Institute of Standards and Technology (NIST) are not
impacted by OA.
1.4
Does a records retention schedule approved by the National
Archives and Records Administration (NARA) exist?
No. USCIS does not retain information about the partner country (or non-U.S.)
immigration benefit applicant beyond the point at which it receives confirmation that the partner
country received the information. The retention period is routinely less than 30 minutes and no
longer than 12 hours.
USCIS retains audit logs of the transactions within eCISCOR. USCIS maintains this
information online for 180 days and then offsite for seven years. This requirement is per Section
11
22 U.S.C. § 2349aa.
�Privacy Impact Assessment Update
DHS/USCIS/PIA-048(a)
International Biometric Processing Services
Page 6
5.3 - Audit Logs Maintained of DHS Policy Directive 4300A, which states, “Audit trail records
must be maintained online for at least 90 days, thereby allowing rapid access to recent information.
Audit trails should be preserved for a period of seven years as part of managing records for each
system to allow audit information to be placed online for analysis with reasonable ease.” This is
the standard retention period specified by DHS Security Authorization policy for system audit
data; therefore, no NARA retention schedule exists.
1.5
If the information is covered by the Paperwork Reduction Act
(PRA), provide the OMB Control number and the agency number
for the collection. If there are multiple forms, include a list in an
appendix.
No. The Paperwork Reduction Act applies only to collections by the U.S. Government.
The service described in this PIA use applications and forms furnished and for use by international
agencies.
Section 2.0 Characterization of the Information
The following questions are intended to define the scope of the information requested and/or collected, as
well as reasons for its collection.
2.1
Identify the information the project collects, uses, disseminates, or
maintains.
USCIS collects biographic information and captures biometric information from U.S.
Lawful Permanent Residents, third country nationals, and U.S. citizens applying to a partner
country for immigration benefits. This project collects information from those applicants who are
physically present in the United States who are applying to a partner country for immigration
benefits.
The information that USCIS obtains from these partner country immigration benefit
applicants includes biographic and biometric data. The biometric information includes 10-print
fingerprints captured by the electronic live scan device, photographs, and may also include
signatures. The biographic data includes: first and last name; date of birth; country of birth; gender;
travel document number; and nationality. These data elements will be assembled into a secure
format for transmission from the ASC to the partner country.
2.2
What are the sources of the information and how is the information
collected for the project?
USCIS collects information directly from partner country immigration benefit applicant
who is physically present in the United States. USCIS captures a combination of fingerprints,
�Privacy Impact Assessment Update
DHS/USCIS/PIA-048(a)
International Biometric Processing Services
Page 7
photographs, and signature (for some partner countries) electronically at one of USCIS’s ASCs.
USCIS uses the applicant’s appointment letter generated by the partner country’s application
system and presented to USCIS at the ASC to capture the applicant’s biographic information.
Immigration benefit applicants may include third country nationals, U.S. Lawful Permanent
Residents, and U.S. citizens.
2.3
Does the project use information from commercial sources or
publicly available data? If so, explain why and how this
information is used.
No.
2.4
Discuss how accuracy of the data is ensured.
The information USCIS collects and transfers to the partner country is assumed to be
accurate because it is collected directly from the applicant. The appointment letter the partner
country provides to the applicant contains the requisite biographic data. ASC personnel scan the
appointment letter, which automatically inputs the biographic data into an electronic live scan
device and combines it with the biometric data for transmission through ESB. . Manual data entry
only occurs when ASC personnel need to correct data that is incorrectly scanned, or upon approval,
when the applicant does not have his or her appointment letter. After biometric collection, ASC
personnel also verify that the photographs and fingerprints they collect are clear and usable before
transferring the information to the partner country.
2.5
Privacy Impact Analysis: Related to Characterization of the
Information
Privacy Risk: There is a risk that individuals applying for partner country benefits will
assume that USCIS and the U.S. Government are retaining their information since they submitted
the information at a USCIS facility.
Mitigation: This risk is partially mitigated. For the purposes of international biometric
processing service, USCIS is acting as an agent for the identified partner country. It is the
responsibility of the partner country to inform international immigration benefit applicants that
USCIS will not retain their biometrics but only collect the biometrics on behalf of the partner
country. The partner country generally addresses this issue on its respective website (see
appendices) and informs the applicant that USCIS is collecting biometrics on behalf of the partner
country and the information is not retained for any other purpose.
Furthermore, because some partner countries submit their applicant biometrics for
screening against DHS IDENT – which does retain biometric information – an applicant may
assume that USCIS is the entity retaining this information, rather than OBIM. Again, USCIS
provides notice about its retention of biometric information in this PIA. Because the biometric
�Privacy Impact Assessment Update
DHS/USCIS/PIA-048(a)
International Biometric Processing Services
Page 8
matching that the partner country may have with DHS happens outside of the agent relationship
with USCIS, the IDENT PIA provides notice on what information OBIM is retains on behalf of
the Department and for how long.
Privacy Risk: There is a risk that the information sent to the partner country may be
inaccurate.
Mitigation: All information that USCIS provides to the partner country is collected
directly from the international immigration benefit applicant. USCIS personnel compare the
identity of the individual present for a biometric appointment against information provided on the
applicant appointment letter. If USCIS determines the individual is the person applying for an
international immigration benefit, USCIS collects limited biographic information from the
appointment letter and biometric information and sends it to the partner country. However, once
the partner country receives the information from USCIS, it is the responsibility of the partner
country to confirm the accuracy of the applicant data and to determine if the individual is eligible
to receive immigration benefits.
Section 3.0 Uses of the Information
The following questions require a clear description of the project’s use of information.
3.1
Describe how and why the project uses the information.
USCIS does not use the information collected as part of this program. USCIS serves only
as the front-end data gathering agent on behalf of the partner country. USCIS transfers the
information to the partner country to use during the review of the application for that country to
ultimately grant or deny an immigration benefit. Appendices to this PIA include a detailed
description of how each country uses the biometric information.
If the partner country does not confirm receipt of the information, USCIS must determine
why the information did not reach its destination. USCIS can retrieve information that is awaiting
transmission to determine if the problem is equipment-or transmission-related. USCIS can do this
by using a combination of the country code and USCIS-assigned random numbers that enable
locating and tracking the case. Once USCIS identifies the problem, ASC personnel either resend
the information to the partner country, or may require the applicant to come in for another
biometric appointment.
�Privacy Impact Assessment Update
DHS/USCIS/PIA-048(a)
International Biometric Processing Services
Page 9
3.2
Does the project use technology to conduct electronic searches,
queries, or analyses in an electronic database to discover or locate
a predictive pattern or an anomaly? If so, state how DHS plans to
use such results.
No.
3.3
Are there other components with assigned roles and responsibilities
within the system?
No. USCIS does not share this information with DHS components. Participating partner
countries may opt to share data collected as part of this program with DHS OBIM.
3.4
Privacy Impact Analysis: Related to the Uses of Information
Privacy Risk: There is a risk that the information collected may be used for purposes other
than sending the data to the partner country.
Mitigation: This risk is mitigated by USCIS only temporarily retaining the information
collected on behalf of the partner country. USCIS collects this information, temporarily stores it
on ESB, transfers it to the partner country, and then purges it once USCIS confirms the partner
country received the data. Because USCIS does not retain this information and it is not retrievable
in the future, USCIS cannot use the data for any reason other than the stated purpose. This risk is
also mitigated by the terms of the agreements with partner countries which limit USCIS use of
information.
Section 4.0 Notice
The following questions seek information about the project’s notice to the individual about the information
collected, the right to consent to uses of said information, and the right to decline to provide information.
4.1
How does the project provide individuals notice prior to the
collection of information? If notice is not provided, explain why
not.
The partner countries are responsible for providing notice to these individuals. USCIS
provides notice of the collection through this PIA.
4.2
What opportunities are available for individuals to consent to uses,
decline to provide information, or opt out of the project?
Individuals who apply for partner country immigration benefits may be required by the
partner country to submit their biometrics and limited biographical information. Only the partner
�Privacy Impact Assessment Update
DHS/USCIS/PIA-048(a)
International Biometric Processing Services
Page 10
country, not the U.S. Government, may determine if an individual has an opportunity to decline to
provide the information.
Additionally, the use of a USCIS ASC is voluntary. A partner country immigration benefit
applicant may choose to submit his or her application and biometrics using another approved
method, such as submitting biographic and biometric information through the relevant embassy or
consulate. The applicant should contact the partner country for other options.
4.3
Privacy Impact Analysis: Related to Notice
Privacy Risk: There is a risk that applicants for an international benefit will not receive
explicit notice that time of biometrics collection.
Mitigation: USCIS has 138 ASCs and manages over 3.6 million biometric appointments
each year. Biometric capture services for partner countries account for a relatively small
percentage of appointments (in comparison to the 3.6 million total each year) so providing notice
to UK and Canada visa applicants has solely been the responsibility of the partner country.
Privacy Risk: There is a risk that USCIS and the partner country may provide insufficient
notice to the applicant of the purpose and use of his or her information.
Mitigation: USCIS mitigates this risk by providing notice to the applicant through the
publication of this PIA and information on www.uscis.gov. Additionally, each partner country
publishes its immigration benefit application requirements on its website to inform applicants, and
provides additional notice on this program in the appointment letter. Appendices to this PIA
discuss specific notice provided by each partner country.
Section 5.0 Data Retention by the project
The following questions are intended to outline how long the project retains the information after the initial
collection.
5.1
Explain how long and for what reason the information is retained.
USCIS retains information until it receives confirmation that the partner country received
the information. The retention period is routinely less than 30 minutes and no longer than 12 hours
(but only long enough to complete the processing). Because USCIS only retains these records for
such a short period of time, no retention schedule is needed for the international applicant data.
USCIS retains audit logs of these transactions within ESB. This data is available online for
a period of 180 days in an electronic file. The only data that is retained is the electronic log of the
transaction and not the content of the transaction. Offsite retention of this data is for seven years
in electronic format. This requirement is per Section 5.3 - Audit Logs Maintained of the DHS 4300A, which states, “Audit trail records must be maintained online for at least 90 days, thereby
�Privacy Impact Assessment Update
DHS/USCIS/PIA-048(a)
International Biometric Processing Services
Page 11
allowing rapid access to recent information. Audit trails should be preserved for a period of seven
years as part of managing records for each system to allow audit information to be placed online
for analysis with reasonable ease.” This is the standard retention period specified by DHS Security
Authorization Process policy for system audit data.
5.2
Privacy Impact Analysis: Related to Retention
Privacy Risk: There is a risk to data minimization that USCIS is collecting and retaining
information that is not related to the USCIS mission.
Mitigation: USCIS is assisting partner countries by collecting information that is needed
to adjudicate international immigration benefits, pursuant to Section 573 of the Foreign Assistance
Act of 1961. USCIS collects the information on behalf of the partner country and sends the
applicant information directly to the partner country. USCIS retains the information for the brief
time necessary to ensure a successful transfer to the partner country. If a failure in transmission
occurs, the brief retention period allows USCIS to resend the record to ensure a successful
transmission of information to the partner country. Once USCIS receives confirmation that the
transfer of data was successful, ESB deletes the biometric and biographic records.
Section 6.0 Information Sharing
The following questions are intended to describe the scope of the project information sharing external to the
Department. External sharing encompasses sharing with other federal, state and local government, and private sector
entities.
6.1 Is information shared outside of DHS as part of the normal agency
operations? If so, identify the organization(s) and how the information is
accessed and how it is to be used.
USCIS has signed MOUs in place with each partner country. See appendices to this PIA
for details. Appendices will be added as USCIS enters into additional MOUs.
6.2
Describe how the external sharing noted in 6.1 is compatible with
the SORN noted in 1.2.
No SORN is required for this external sharing because the data is not maintained in a
system of records under the Privacy Act.
6.3
Does the project place limitations on re-dissemination?
All of the MOUs that are currently in place discuss limitations on re-dissemination.
Appendices to this PIA will discuss these limitations with USCIS’s external partners.
�Privacy Impact Assessment Update
DHS/USCIS/PIA-048(a)
International Biometric Processing Services
Page 12
6.4
Describe how the project maintains a record of any disclosures
outside of the Department.
This project maintains records of disclosures through audit logs. The audit logs include a
unique transaction control number, date and time of transaction, machine identification number,
and employee identification number. This data is separate from, and cannot be tied to, the PII
collected at the ASC appointment. USCIS retains this data for billing purposes.
6.5
Privacy Impact Analysis: Related to Information Sharing
Privacy Risk: There is a privacy risk of unauthorized disclosure.
Mitigation: Because USCIS only retains the information for a short period of time, the
risk of unauthorized disclosure is very limited. This limited risk is mitigated in a number of ways.
First, all external partners are required to sign information sharing agreements or MOUs. These
documents outline the limitations on dissemination and the steps needed in order for parties to
appropriately disseminate information outside of the Department, if applicable. Additionally, all
users that handle the data associated with this project must conform to appropriate security and
privacy policies, follow established rules of behavior, and receive training regarding the security
of DHS systems.
Section 7.0 Redress
The following questions seek information about processes in place for individuals to seek redress which may
include access to records about themselves, ensuring the accuracy of the information collected about them, and/or
filing complaints.
7.1
What are the procedures that allow individuals to access their
information?
There is no long-term retention of records associated with this project. USCIS captures and
transmits the information on behalf of the partner country. Because USCIS does not retrieve the
information by personal identifier and it is purged after the partner country confirms the receipt of
the information, USCIS cannot provide the applicant with access to his or her requested
information. Therefore, USCIS recommends contacting the respective partner country directly.
Appendices to this PIA discuss these procedures.
7.2
What procedures are in place to allow the subject individual to
correct inaccurate or erroneous information?
See the appendices to this PIA for a detailed description of the respective partner country’s
redress policies.
�Privacy Impact Assessment Update
DHS/USCIS/PIA-048(a)
International Biometric Processing Services
Page 13
7.3
How does the project notify individuals about the procedures for
correcting their information?
See the appendices to this PIA for a detailed description of each partner country’s redress
policies.
7.4
Privacy Impact Analysis: Related to Redress
Privacy Risk: USCIS does not provide any redress to international immigration benefit
applicants.
Mitigation: USCIS cannot mitigate this risk because once the partner country notifies
USCIS that it received the information, USCIS deletes the individual’s information. What redress
a partner county provides is within that country’s control. To the extent possible, this risk is
mitigated by having each partner country provide its own form of redress to applicants.
Section 8.0 Auditing and Accountability
The following questions are intended to describe technical and policy based safeguards and security
measures.
8.1
How does the project ensure that the information is used in
accordance with stated practices in this PIA?
DHS security specifications require auditing capabilities that log the activity of each user
in order to reduce the possibility of misuse and inappropriate dissemination of information. In
accordance with DHS security guidelines, USCIS systems use auditing capabilities that log user
activity. All user actions are tracked via audit logs to identify audit information by employee
identification number, date, and time of transaction. These audit logs are also maintained to keep
track of monthly billing and reporting inquiries to each country.
8.2
Describe what privacy training is provided to users either generally
or specifically relevant to the project.
USCIS provides annual privacy and security awareness training to all employees and
contractors. The Culture of Privacy Awareness training addresses appropriate privacy concerns,
including Privacy Act obligations (e.g., SORNs and Privacy Act Statements). The Computer
Security Awareness training examines appropriate technical, physical, personnel, and
administrative controls to safeguard information. Additionally, all employees employed by the
receiving agency are given specific training on how to safeguard applicant data.
�Privacy Impact Assessment Update
DHS/USCIS/PIA-048(a)
International Biometric Processing Services
Page 14
8.3
What procedures are in place to determine which users may access
the information and how does the project determine who has
access?
Only USCIS ASC personnel with a valid need-to-know have access to the information they
collect as part of this project. All ASC personnel who collect information as part of this project
have security clearances that are documented by the USCIS Office of Security and the ASC
Program Office. Additionally, the comprehensive ASC SOPs outline in detail which personnel
have access to biometric collection devices.
8.4
How does the project review and approve information sharing
agreements, MOUs, new uses of the information, new access to the
system by organizations within DHS and outside?
USCIS has a formal review and approval process in place for new sharing agreements. Any
new sharing agreements, use of information, or new access requests for USCIS systems must go
through the USCIS change control process and must be approved by the proper authorities prior
to sharing information within and outside of DHS.
Responsible Officials
Donald K. Hawkins
Privacy Officer
U.S. Citizenship and Immigration Services
Department of Homeland Security
Approval Signature
Original signed copy on file with the DHS Privacy Office.
________________________________
Karen L. Neuman
Chief Privacy Officer
Department of Homeland Security
�Privacy Impact Assessment Update
DHS/USCIS/PIA-048(a)
International Biometric Processing Services
Page 15
Appendix A:
USCIS Biometric Capturing Support and Services to
UK Visa and Immigration (UKVI), Home Office
Purpose and Use:
USCIS ASCs collect applicant biometric and biographic information on behalf of the
UKVI, Home Office. UKVI, Home Office uses this information to assist it in determining whether
applicants are eligible to obtain visas or naturalization according to applicable U.K. laws.
MOU:
An MOU was signed on November 16, 2007, between the Director of Network Operations,
UKBA (now known as UKVI), and the Director, U.S. Citizenship and Immigration Services that
authorizes USCIS to collect biometrics and biographic data on behalf of the U.K. for visa
processing.
USCIS and UKVI have also drafted a Letter of Intent that will authorize USCIS to collect
biometrics and biographic data on behalf of the U.K. for naturalization.
Data Elements:
Applicants submit their biographic information via their immigration benefit application.
USCIS ASC personnel collect the biometric data from the appointment letters that each applicant
brings with him or her to the biometric collection appointment. Through this project, the following
categories of information are collected:
Limited biographic information: full name, date of birth, country of birth, gender, travel
document number, and nationality.
Biometrics: 10 fingerprints, photograph, and signature.
Transmission:
The transmission of biometric information to the UKVI, Home Office occurs immediately
after USCIS ASC personnel capture the biometrics through the secure electronic method. The ASC
transmits the information to the UK through ESB.
Additional Sharing:
The UKVI, Home Office has a separate agreement in place with OBIM to share biometric
and biographic data for identifying derogatory information. Refer to the IDENT PIA for further
details about this information exchange.12
12
See DHS/NPPD/USVISIT/PIA-002 IDENT PIA, available at www.dhs.gov/privacy.
�Privacy Impact Assessment Update
DHS/USCIS/PIA-048(a)
International Biometric Processing Services
Page 16
Notice:
UKVI’s website makes full disclosure of the need to provide biometrics for processing an
immigration benefit application. UKVI also provides notice to the applicant to appear at an ASC
for biometrics collection in the UKVI appointment letter. UKVI has provided additional
information for applicants on its website at: https://www.gov.uk/browse/visas-immigration.
Correction and Redress:
The UKVI, Home Office is solely responsible for granting or denying U.K. immigration
benefit applications. The UKVI, Home Office determines as a result of redress request whether to
change any of the information that was initially provided by a USCIS ASC, and whether the
request would have any impact on the adjudication process of the UKVI, Home Office. The
appeals process for handling inaccurate or erroneous information on behalf of the UKVI, Home
Office is solely the responsibility of the United Kingdom and is available on the UKVI, Home
Office website at https://www.gov.uk/browse/visas-immigration.
If UKVI, Home Office denies the immigration benefit, it will provide a letter of denial and
appeal to the applicant. The appeals process of the UKVI, Home Office varies based on the
circumstances of the denial. The denial letter details the process the applicant must follow to appeal
the decision. If UKVI, Home Office denies an immigration benefit, the applicant may refer to the
UKVI website at: https://www.gov.uk/browse/visas-immigration.
�Privacy Impact Assessment Update
DHS/USCIS/PIA-048(a)
International Biometric Processing Services
Page 17
Appendix B:
USCIS Biometric Capturing Support and Services to Immigration, Refugees and
Citizenship Canada (IRCC) formally known as Citizenship and Immigration Canada
(CIC)
Purpose and Use:
USCIS ASCs collect Canadian applicant biometric and biographic information on behalf
of IRCC. IRCC uses this information to determine whether (1) visa applicants for entry into
Canada are eligible to obtain visas or other travel documents, and (2) applicants meet the eligibility
criteria to receive Canadian permanent residence according to applicable Canadian laws.
MOU:
An MOU was initially signed on September 16, 2012, between the Deputy Minister of
Citizenship and Immigration Canada, and the Director of U.S. Citizenship and Immigration
Services. In 2018, Canada expanded the scope of biometrics collection to include applicants for
legal permanent residency and amended the MOU with USCIS to account for this new population.
Data Elements:
Applicants submit their biographic information via their Canadian immigration benefit
application. USCIS ASC personnel collect the biometric and limited biographic data on behalf of
the IRCC. Through this project, the following categories of information are collected:
Limited biographic information: full name, date of birth, country of birth, sex, and
nationality.
Biometrics: 10 fingerprints, photograph, and signature.
Transmission:
The transmission of biometric and limited biographic information to the IRCC occurs
immediately after USCIS ASC personnel capture the information through the prescribed secure
electronic method. The ASC transmits the information to Canada through ESB2 in an Electronic
Fingerprint Transmission Specification (EFTS), a National Institute of Standards and Technology
(NIST) standard file.
Data encoding – MIME attachment
Messaging protocol – SMTP
Transport – VPN tunnel
Physical Network – Internet
Additional Sharing:
�Privacy Impact Assessment Update
DHS/USCIS/PIA-048(a)
International Biometric Processing Services
Page 18
Currently, USCIS only provides the captured biometrics and associated limited biographic
data to Canada.
Notice:
The IRCC’s website provides notice to all of its applicants of his or her requirements to
provide biometrics in conjunction with applications for requested Canadian immigration
benefits.13 Furthermore, in July 2018, USCIS and Canada implemented “myBiometrics,” a service
that allows Canadian immigration benefit applicants residing in the U.S. to schedule their
biometrics appointments at an ASC. myBiometrics shares a Privacy Notice describing why USCIS
is collecting personal information from individuals seeking Canadian immigration benefits prior
to the collection of any information. This enhancement is discussed in the DHS/USCIS/PIA-057(a)
National Appointment Scheduling System PIA Update.14
Correction and Redress:
The IRCC is solely responsible for granting or denying IRCC applications. The IRCC
determines as a result of a redress request whether to make any changes or corrections to the
information collected by USCIS at its ASCs, and whether the redress or correction request would
have any impact on the adjudication process of the IRCC. The appeals process for handling
inaccurate or erroneous information on behalf of the IRCC is solely the responsibility of Canada.
Information related to the Canadian Correction/Redress process is available on the IRCC website
at http://www.cic.gc.ca/.
If the IRCC denies the Canadian immigration benefit, they will provide a letter of
immigration benefit denial and appeal to the applicant. The appeals process of the IRCC varies
based on the circumstances of the denial. The denial letter will detail the process the applicant
must follow to appeal the decision. If IRCC denies a Canadian immigration benefit, the applicant
may refer to the IRCC website at http://www.cic.gc.ca/ for more information.
13
14
See https://www.canada.ca/en/immigration-refugees-citizenship/campaigns/biometrics/facts.html.
See https://www.dhs.gov/publication/dhsuscispia-057-national-appointment-scheduling-system.
�
| File Type | application/pdf |
| File Title | DHS/USCIS/PIA-048(a) USCIS International Biometric Processing Services |
| Author | U.S. Department of Homeland Security Privacy Office |
| File Modified | 2018-08-09 |
| File Created | 2018-08-09 |