Privacy Impact Assessment
for the
USCIS Enterprise Collaboration Network
DHS Reference No. DHS/USCIS/PIA-083
July 6, 2020
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 1
Abstract
The U.S. Department of Homeland Security (DHS), U.S. Citizenship and Immigration
(USCIS) uses SharePoint-as-a-Service (SharePoint), commonly referred to throughout the
agency as the Enterprise Collaboration Network (ECN), a web browser-based collaboration and
document management platform from Microsoft. The USCIS ECN is a secure space for USCIS
employees to create, manage, and share documents using customizable tools and services to
eliminate additional investments in duplicative collaborative technologies. The USCIS ECN
supports secure agency-wide collaboration and communication by connecting separate USCIS
Program Offices and Directorates located in various geographic areas through the use of a
common platform. USCIS is conducting this Privacy Impact Assessment (PIA) to assess the
privacy risks to the personally identifiable information (PII) collected, used, maintained, and
disseminated on the USCIS ECN.
Introduction
USCIS oversees lawful immigration to the United States. USCIS provides accurate and
useful information to its customers, grants immigration and citizenship benefits, promotes an
awareness and understanding of citizenship, and ensures the integrity of the immigration system.
With over 19,000 government employees and contractors located at over 200 offices
domestically and internationally, USCIS must be able to effectively manage information and
workflows, including the receipt, creation, distribution, tracking, and archiving of tasks,
assignments, inquiries, and other correspondence or data. The USCIS ECN provides a
collaborative environment for USCIS personnel located in various offices and multiple
geographic locations, to engage and act as partners working toward a common mission.
USCIS historically relied on the shared drive, personal drives, and emails to meet its
mission needs. While these tools offer a number of advantages, there are significant pitfalls to
effectively and efficiently managing and sharing documents. Generally, the use of these tools
causes duplicate and redundant documents, inaccessibility to information, lack of document
governance and control, and hinders cross-collaboration. To streamline information sharing,
document management, communication, and collaboration across USCIS domestic and
international offices, USCIS implemented the USCIS ECN. USCIS ECN is built using
SharePoint, which is a document management and collaboration tool developed by Microsoft.
SharePoint is a commercial off-the-shelf (COTS) cloud-based application that provides a
platform on which to build custom applications and features a suite of collaboration, document
management, and communication tools, as well as a high degree of integration with other
Microsoft Office products. SharePoint automates the matter tracking process, eliminating or
reducing the need to manually track emails and manage paper-based documents and forms, and
promotes a more efficient means of sharing, storing, searching, and reporting on agency
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 2
information. Used as a matter tracking tool, the SharePoint platform enables secure data entry,
standardizes the display of information, and supports data management and analysis by USCIS
personnel.
USCIS ECN Functions and Capabilities
ECN is a cloud-based platform that improves USCIS’ effectiveness by streamlining the
management of and access to data. Although USCIS primarily uses ECN as a document
repository, SharePoint offers additional capabilities and enhanced functionality. The following
provides a general description of USCIS’ use of ECN:
• Forms management: Users can create customized forms within ECN so that the
information gathered in the form can be stored in a list or library for organization and
analysis of data. These forms can access and display data from multiple sources to aid in
the collaboration and organization of information.
• Records management: ECN provides a method for systems to automatically archive or
expire content based on criteria set forth by the site administer. For example, a system
could delete items from a list if the items are labeled as “Status = Closed” and the items
are greater than three years old. Similarly, ECN can move items to a separate archive list
when they are better suited for long term retention.
• Reporting capabilities: A suite of reporting tools offers reporting and business
intelligence solutions while eliminating the need for writing custom code. These tools can
be used on specific SharePoint systems so that users can run regular or ad hoc reports that
suit their business needs. For example, reporting through SharePoint can be used to
manage employee workloads, manage budgets, align resources with operational needs, or
perform other trend-based or statistical reporting.
• Survey capabilities: SharePoint allows individuals to create surveys and polls and
contains recruitment features, such as the ability to email a link to prospective survey
participants. Surveys are an efficient and cost-effective way to collect information and
experiences from a large number of participants. Surveys are particularly useful for
collecting and processing quantifiable data because they generally contain closed-ended
questions that allow USCIS to more easily compare responses.
• Auditing capabilities: SharePoint automatically stores information on the identity of
system users and logs the actions users take while navigating throughout the
environment. Tools such as version history can be used on SharePoint pages, lists, or
libraries to determine whether any changes were made, which user made the changes, or
when the user made the changes.
• Microsoft Office integration: SharePoint ties in closely with Microsoft Office products in
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 3
an effort to bring some of the native capabilities of certain Microsoft Office products into
SharePoint sites and pages. For example, Excel provides the ability to present data from
an Excel spreadsheet on a SharePoint page or leverage Excel data in a SharePoint list for
configuring the data. This functionality can also help to present charts and graphs from
Excel in SharePoint which are automatically updated based on data changes that are
made in real time.
USCIS Users and Structure
USCIS is divided into Directorates and Program Offices.
1
Each Directorate and Program
Office maintains its own ECN site for their data collection, use, and dissemination, as well as
possible sub-sites for specific mission needs. Sites and sub-sites are managed by a site
administrator who is responsible for overseeing his or her respective ECN sites, including
confirming that any additional site facilitators are regularly maintaining, updating, and
monitoring both content and user access to their Directorate or Program Office site.
Access control of sites and specific content areas such as ECN lists and libraries is
achieved using SharePoint group security and the SharePoint targeted audience feature. This
enables access control over any content on a need-to-know basis. Users must be members of a
group assigned to the site. All libraries have unique permissions, and access to libraries is
through a smaller subset of groups allowed on the parent website.
USCIS is conducting this PIA to provide transparency on the agency’s use of ECN as a
document management tool, address its capabilities, and identify the broad categories of
information that may be maintained, the sources from which information is collected or derived,
and the safeguards implemented to mitigate privacy risks. In addition, this PIA uses the Fair
Information Practice Principles (FIPPs) to evaluate ECN’s privacy risks. The body of this PIA
will provide a high-level overview of USCIS’ overall use of ECN, while the appendices to this
PIA describe the specific USCIS Directorate and Program Office ECN purpose and uses, types
of data maintained, access controls, categories of individuals, sources of information, records
retention, and System of Records Notice (SORN) coverage for each individual USCIS
Directorate and Program Office. USCIS plans to update the appendices as new site or uses are
deployed or as changes to current sites take place.
Governance
USCIS Directorate or Program Offices are permitted to collect, use, store, and share both
PII and Sensitive PII (SPII) on ECN sites. However, prior to using any SPII on an ECN site,
Directorate and Program Offices are required to (1) provide a record of the activity and its
privacy requirements, (2) demonstrate compliance with privacy laws and regulations, and (3)
1
For more information, see https://www.uscis.gov/about-us/directorates-and-program-offices.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 4
document the inclusion of privacy considerations. This is generally done through the Privacy
Threshold Analysis (PTA) process, and each PTA is required to include the following details:
• The purpose for which the Directorate or Program Office is using ECN and how it
benefits USCIS business processes;
• The types of documents/information stored in the document library;
• Itemized categories of information that are collected, used, stored, and shared;
• Derivation of information (e.g., source systems, social media, external agency);
• Uses of information;
• Access rights and limitations; and
• Site administrator oversight responsibilities.
USCIS tracks and maintains an internal inventory of all collaboration sites that store S/PII and
ensures that visual cues are included on each site to denote which sites are authorized to maintain
SPII and which are not.
In addition to the PTA process, Directorates and Program Office site facilitators are
responsible for completing SharePoint training. Prior to using any USCIS system, individuals are
responsible for signing the USCIS Rules of Behavior, which indicates the employee has read,
understands, and acknowledges the rules of behavior while engaging with USCIS systems and
will comply with the guidelines. Employees cannot access restricted ECN sites without first
completing the rules of behavior. Once the site facilitator reviews the request and obtains
supervisory verification that the employee has a valid need-to-know, the individual is then
granted access to the requested site.
Categories of Information
USCIS ECN supports a variety of business functions in broad mission areas that may
include:
• Adjudications;
• Administrative and Mission Support;
• Community Relations;
• Legislative Affairs;
• Fraud Detection and National Security;
• Production Planning and Reporting;
• Quality Management and Assurance; and
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 5
• Records Management.
Any USCIS ECN site may include a variety of information about USCIS or DHS personnel,
contractors, and members of the public. This PIA covers different types PII, including employee
and contractor human resource and contact information, as well as SPII, such as Social Security
numbers (SSN), Alien Registration Numbers (A-Number), immigration information, criminal
history information, medical information, and financial data. USCIS ECN is not authorized to
collect, store, or maintain classified information. The specific information collected and
maintained depends on the nature and business process of the particular activity, project, or
program that the ECN is being used to support. The appendices to this PIA describe the
collection, use, and maintenance of PII by different USCIS Directorates and Program Offices.
All sites approved to maintain PII and SPII will be identified through a Warning Banner.
This banner provides visual notification of SPII storage approval in a red banner at the top of the
page. This applies to each page that contains SPII and not just the site.
Sources
Information contained within ECN is obtained from various sources. Similar to the
variances in categories of information, sources of information depend on the nature and business
process of the particular activity, project, or program for which the site is used. Information may
be collected directly from the individual or third parties, or derived from other sources (e.g.,
other paper-based or electronic systems). Other sources of information include other USCIS
Directorates and Program Offices; DHS Headquarters and Components; state, local, and foreign
government agencies; Congress; the White House; nongovernmental organizations; and
members of the public. Please refer to Directorate and Program Office appendices of this PIA for
specific sources of information.
Retention and Removal of Content
Records retention and disposition in ECN varies by the type of record collected. All
current records retention schedules requirements are being maintained, as required by the
National Archives and Records Administration (NARA). ECN provides a method for systems to
automatically archive or expire content based on criteria set forth by the business owner. Files
are also purged by the site owner and site facilitators as they age, in keeping with existing
required retention schedules, as well as when no longer needed. Please refer to Directorate and
Program Office appendices of this PIA for specific retention periods.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 6
Fair Information Practice Principles (FIPPs)
The Privacy Act of 1974
2
articulates concepts of how the Federal Government should
treat individuals and their information and imposes duties upon federal agencies regarding the
collection, use, dissemination, and maintenance of personally identifiable information. The
Homeland Security Act of 2002 Section 222(2) states that the Chief Privacy Officer shall assure
that information is handled in full compliance with the fair information practices as set out in the
Privacy Act of 1974.
3
In response to this obligation, the DHS Privacy Office developed a set of Fair
Information Practice Principles (FIPPs) from the underlying concepts of the Privacy Act to
encompass the full breadth and diversity of the information and interactions of DHS.
4
The FIPPs
account for the nature and purpose of the information being collected in relation to DHS’s
mission to preserve, protect, and secure.
DHS conducts Privacy Impact Assessments on both programs and information
technology systems, pursuant to the E-Government Act of 2002, Section 208
5
and the Homeland
Security Act of 2002, Section 222.
6
Given the particular technology and the scope and nature of
its use, USCIS conducted this PIA, within the construct of the FIPPs, to address the privacy risks
associated with USCIS ECN.
1. Principle of Transparency
Principle: DHS should be transparent and provide notice to the individual regarding its
collection, use, dissemination, and maintenance of PII. Technologies or systems using PII must be
described in a SORN and PIA, as appropriate.
The type of information maintained on USCIS ECN varies by the particular business
need established by each Directorate or Program Office. In most cases, USCIS ECN is used to
collect, maintain, and disseminate information in support of existing programs and processes.
ECN sites serve various purposes including adjudicative, human resource, or financial
management purposes and may include information about both USCIS employees and members
of the public. Many of the uses of existing programs and processes are covered under previously
published privacy compliance documentation that can be found at www.dhs.gov/privacy.
Additional notice about USCIS’ use of ECN is provided to the public through this PIA. The
underlying SORNs for Program Offices and Directorates provide further notice.
2
5 U.S.C. § 552a.
3
6 U.S.C. § 142(a)(2).
4
See Privacy Policy Guidance Memorandum 2008-01/Privacy Policy Directive 140-06, “The Fair Information
Practice Principles: Framework for Privacy Policy at the Department of Homeland Security,” available at
https://www.dhs.gov/privacy-policy-guidance
.
5
44 U.S.C. § 3501 note.
6
6 U.S.C. § 142.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 7
There is no significant privacy risk associated with notice. While individuals may not
know that their information is being maintained in USCIS ECN, the information collected is
already being used as part of existing programs and processes. USCIS ECN allows for the ability
to collaborate and manage the business process more efficiently. Specific notice of USCIS ECN
is provided through the publication of this PIA.
2. Principle of Individual Participation
Principle: DHS should involve the individual in the process of using PII. DHS should, to the
extent practical, seek individual consent for the collection, use, dissemination, and maintenance of PII
and should provide mechanisms for appropriate access, correction, and redress regarding DHS’s use of
PII.
The USCIS ECN does not collect information directly from the public. The Directorate or
Program Office collecting the information may provide the individual with the opportunity to
either consent, decline to provide information, or opt out through other established means and
processes. In certain circumstances, a Directorate or Program Office may create a form on ECN
to collect information directly from USCIS employees and contractors. This information is
generally collected only for Human Resources purposes.
An individual may gain access to his or her USCIS records by filing a Privacy Act or
Freedom of Information (FOIA) request. Only U.S. citizens, lawful permanent residents, and
individuals covered by the Judicial Redress Act of 2015 (JRA) may file a Privacy Act request.
7
Any person, regardless of immigration status, may file a FOIA request. If an individual would
like to file a Privacy Act or FOIA request to view his or her USCIS record, he or she may mail
the request to the following address:
National Records Center
FOIA/Privacy Act Program
P. O. Box 648010
Lee’s Summit, MO 64064-8010
Additional information about Privacy Act/FOIA requests for USCIS records is available at
https://www.uscis.gov/about-us/freedom-information-and-privacy-act-foia.
There is no privacy risk associated with individual participation. Individuals may access
or amend their information by filing a Privacy Act/FOIA request.
7
The Judicial Redress Act of 2015, 5 U.S.C. § 552a note, extends certain rights of judicial redress under the Privacy
Act to citizens of certain foreign countries or regional economic organizations; more information is available at
https://www.justice.gov/opcl/judicial-redress-act-2015
.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 8
3. Principle of Purpose Specification
Principle: DHS should specifically articulate the authority which permits the collection of PII
and specifically articulate the purpose or purposes for which the PII is intended to be used.
USCIS uses ECN to track, manage, review, and report on matters related to its mission
and statutory requirements. The specific purpose of an ECN site and the use of the information
maintained within depends on the nature of the Directorate or Program Office and the business
process for which the site is established. During the PTA process, Program Offices and
Directorates are required to specify their particular uses of ECN sites for the USCIS Office of
Privacy to verify that the uses are consistent with the relevant PIAs and SORNs. Additional
coverage beyond this PIA may be determined. PIA and SORN coverage for the collection and
use of the information is validated by the DHS Privacy Office through the adjudication of a PTA.
Privacy Risk: There is a risk that information collected, maintained, and used on a
USCIS ECN site may be used for purposes beyond supporting the USCIS mission.
Mitigation: This risk is mitigated. USCIS Office of Privacy requires the completion and
submission of a PTA prior to collecting, using, and storing any SPII on ECN. During the PTA
process, the site is evaluated to ensure the purpose of the site is compatible with the USCIS
mission.
USCIS Office of Privacy has also established a partnership with the USCIS Office of
Information Technology (OIT) ECN Support Team, who is responsible for enforcing the overall
SharePoint governance. The OIT ECN Support Team developed a governance plan that outlines
the policies and procedures used to ensure that the USCIS SharePoint environments provide a
consistently robust, stable working environment for its entire end user population. Both the OIT
ECN Support Team and the USCIS Office of Privacy Compliance Branch have global access to
the ECN sites. If the ECN Support Team identifies that a site or subsite is out of compliance
(e.g., contains SPII but does not contain the banner) the ECN Support Team will notify the site
facilitator of the violation and shut the ECN page down until the site becomes compliant (e.g.,
applies the banner and completes the appropriate privacy compliance documentation). The ECN
Support Team will also notify the Office of Privacy, who will access the site and determine
whether a PTA exists. If a PTA does not exist, the USCIS Office of Privacy will work with the
Directorate or Program Office to complete the documentation.
Furthermore, proper safeguards, including need-to-know and access restrictions, are
implemented in coordination with the site administrator to deter the unauthorized use and
dissemination of information beyond its official purpose.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 9
4. Principle of Data Minimization
Principle: DHS should only collect PII that is directly relevant and necessary to accomplish the
specified purpose(s) and only retain PII for as long as is necessary to fulfill the specified purpose(s). PII
should be disposed of in accordance with DHS records disposition schedules as approved by the National
Archives and Records Administration (NARA).
USCIS ECN provides a secure platform for more sophisticated access controls to the data
contained within the systems. USCIS ECN includes access controls specific to each Directorate
and Program Office site, depending on the business process for which the system is created and
the sensitivity of the information stored within it. These controls are placed on the system as a
whole, as well as specific files and items contained in the system so that only users with a need-
to-know have access to the data. Alternative methods, such as email or shared drive-based
solutions or other more rudimentary database management systems, do not typically provide
such controls.
For example, USCIS Fraud Detection National Security Directorate (FDNS) uses ECN to
manage internal policy and operational documents, content, and reports.
8
In the course of the
FDNS mission, FDNS is responsible for handling large amounts of PII while processing
immigration inquiries, investigative referrals, law enforcement requests, background checks, and
case determinations. Due to the sensitive nature of information that FDNS handles, the FDNS
site facilitator in coordination with the site owners is responsible for ensuring that only the
minimum information necessary is collected, used, and stored on the FDNS ECN sites. The types
of information collected, stored, and used are documented in the PTA.
Retention of data in the USCIS ECN environment is consistent with the approved
retention schedule for the original data collection. ECN is an extension of the systems already
identified in a SORN, and therefore the retention schedules applicable to the SORN apply to
particular IT system holding the data, in this case a particular ECN site. In the case of FDNS, it
was determined that a 15-year retention period was adequate to provide FDNS with access to
information that is critical to an investigation of fraud, criminal activity, egregious public safety,
and national security concerns. Users will follow the established data retention guidelines that
govern existing processes.
8
See DHS/USCIS/PIA-013-01 Fraud Detection and National Security Directorate, available at
https://www.dhs.gov/uscis-pias-and-sorns.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 10
5. Principle of Use Limitation
Principle: DHS should use PII solely for the purpose(s) specified in the notice. Sharing PII
outside the Department should be for a purpose compatible with the purpose for which the PII was
collected.
USCIS uses ECN to further support the USCIS immigration benefits mission. The
specific purpose of each Directorate and Program Office site is defined prior to the creation of
the site based on each unique business need and purpose. USCIS site administrators and
facilitators are responsible for determining the site requirements and user base and, once the site
is created, ensuring that it is used only for approved purposes. USCIS ECN enables site
administrators and facilitators to use built-in tools to provide more granular access controls than
what was previously available via email and shared drives. In addition, the use of ECN limits the
proliferation of data. ECN allows for data consolidation and eliminates or reduces the need for
USCIS Directorates and Program Offices to retain both paper and electronic copies of documents
or multiple electronic copies in more rudimentary database management systems.
Direct access to ECN is not available to external entities, and data stored in the systems is
not directly accessible by users or computer systems outside of the USCIS network. Any external
sharing of information contained within a USCIS ECN site is made pursuant to the Privacy Act
(5 U.S.C. Section 552a(b)).
6. Principle of Data Quality and Integrity
Principle: DHS should, to the extent practical, ensure that PII is accurate, relevant, timely, and
complete, within the context of each use of the PII.
Information that is collected and stored on USCIS ECN is generally not systematically
checked for accuracy and timeliness. The USCIS employee or contractor entering the
information into the ECN site is initially responsible for the accuracy of information. In general,
the site administrator or users have the responsibility of reviewing information maintained on the
ECN site to ensure the uses are consistent and complies with mission-related initiatives.
Directorates and Program Offices may take appropriate actions to ensure the information is
accurate, relevant, timely, and complete, within the context of each use of the ECN site.
Privacy Risk: There is a risk that USCIS ECN may contain inaccurate information that is
used as part of the adjudication process.
Mitigation: USCIS works to mitigate this risk in several ways. USCIS does not rely on
information found on USCIS ECN to make a determination as to whether or not an individual is
eligible for an immigration request. USCIS ECN is used as a collaboration tool that is used in
support of the adjudicative process. USCIS takes into account the totality of an immigration
requestor’s information prior to granting or denying an immigration request. This includes
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 11
information provided by the immigration requestor and information found in DHS and other
government databases. USCIS adjudicative personnel relies on the information found in the
authoritative source system in order to grant or deny an immigration request.
7. Principle of Security
Principle: DHS should protect PII (in all forms) through appropriate security safeguards against
risks such as loss, unauthorized access or use, destruction, modification, or unintended or inappropriate
disclosure.
USCIS ECN is available for USCIS personnel except under limited circumstances.
USCIS may extend limited access rights to certain DHS users for a particular use as outlined in
the Appendices. Users must have access to the USCIS network to gain access to ECN. Only
authorized users with a valid need-to-know who are required to perform the stated purpose of the
specific site will be granted rights to access and post data on the site. Users are trained on how to
use ECNs access controls, on a group or user-level, to systems, document libraries, and specific
documents and items.
USCIS personnel can gain access to a USCIS PII-restricted ECN site only after a site
administrator approves a particular user’s access. The site administrator allows members of
USCIS organizational entities to gain a higher level of permissions to ECN upon successful
completion of an exam and adherence to posted guidelines and rules of conduct. Site facilitators
and administrators have additional permissions that allow them to make data and user-based
modifications to a specific site they have been granted permission to manage. The USCIS OIT
ECN team keeps records of all site administrator nominations as well as where these individuals
have increased levels of permissions within the environment. The specific Directorate and
Program Office access controls are described in further detail in the appendices to this PIA.
In the event of a data incident—including misuse of data, unauthorized access to a
SharePoint application, unauthorized posting of PII, and inappropriate disclosure of PII from a
site—the incident will be reported and handled as a Privacy incident.
8. Principle of Accountability and Auditing
Principle: DHS should be accountable for complying with these principles, providing training to
all employees and contractors who use PII, and should audit the actual use of PII to demonstrate
compliance with these principles and all applicable privacy protection requirements.
USCIS ECN automatically stores information on the identity of system users and logs the
actions users take while navigating through the environment. Tools, such as version history,
provide visibility into where, when, and by whom changes are made in ECN pages, lists, and
libraries. If more in depth tracing is necessary, the USCIS ECN teams can reference the detailed
audit log files to determine when and who performed the specific actions in question within
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 12
ECN.
Furthermore, all USCIS employees and contractors are required to take annual Privacy
Awareness training, to reinforce the Privacy principles and remind staff of their responsibilities
as data stewards for the public.
Responsible Officials
Donald K. Hawkins
Privacy Officer
U.S. Citizenship and Immigration Services
(202) 272-8030
Approval Signature
Original, signed copy on file at the DHS Privacy Office.
________________________________
Dena Kozanas
Chief Privacy Officer
U.S. Department of Homeland Security
(202) 343-1747
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 13
ECN APPENDICES
Appendix A – National Records Center
Program/System:
USCIS, Immigration Records and Identity Services (IRIS), National Records Center (NRC)
Purpose and Use:
The NRC provides stakeholders with access to requested immigration records and
information. The NRC oversees the storage, management, and integrity of 74 million
immigration files and 18 million receipt files while supporting the largest Freedom of
Information Act (FOIA) program in the federal government. The NRC provides support to
USCIS, U.S. Customs Border Protection (CBP), U.S. Immigration and Customs Enforcement
(ICE), and other government agencies to assist with requests for immigration files.
The NRC leverages the ECN site as a business tool for document and project
management, and reporting dashboards. Some pages enable users to perform functions such as
approve documents, complete and submit forms, post announcements, and add calendar events.
The NRC uses the ECN site to streamline the information sharing internally across branches and
externally to other USCIS service centers. The NRC ECN site provides effective communication
among NRC branches and service centers allowing for a singular copy of the information and
access on a need-to-know basis. The NRC’s goal is to allow for knowledge management and
sharing in a most useful and accessible format.
The NRC consists of five Branches:
1. Immigration Records Contract Management Section (IRCMS)(RMOB)
2. Management Branch (MBR)
3. Freedom of Information Act (FOIA)
4. Information Management Liaison Section (IMLS)
5. Program Management Operations (PMO)
Each Branch has a page on the NRC ECN site dedicated to information sharing specific to their
branch. Each Branch is responsible for maintaining the information placed on their ECN page
and ensuring the information is accurate and does not contain PII, unless specifically authorized.
Immigration Records Contract Management Section (IRCMS)
The IRCMS is responsible for providing contract oversight for the records operations
contractor. The contract includes oversight at the NRC and the Harrisonburg File Storage
Facility (HBG). The IRCMS uses the ECN site to facilitate the sharing of data between the two
facilities and the other NRC divisions. The IRCMS also uses the ECN site for team discussions
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 14
and “Lunch and Learn” presentations.
Data Elements and Individuals Impacted
• The IRCMS ECN site collects the following information about federal employees
and contractors: name, work phone number, USCIS email address, and user ID.
SORN(s)
• OPM/GOVT-1 General Personnel Records, which covers general Federal
employee records.
• DHS/ALL-003 Department of Homeland Security General Training Records,
which covers training records for both Federal employees and contractors.
• DHS/ALL-021 Department of Homeland Security Contractors and Consultants,
which covers contractor information.
Management Branch (MBR)
The MBR is responsible for personnel functions, facilities management, and logistics.
The MBR uses the ECN site to collaborate with NRC Executive staff regarding the number of
MBR requests. These requests consist of IRIS tracking issues, Executive Section Tasking, and
NRC Branches. The MBR uses its ECN page to streamline information sharing internally across
all branches. The MBR page also contains links to OPM website resources to assist employees
with access to personnel information and benefits.
There are two pages within MBR’s ECN section that collect PII. The MBR is responsible
for parking at the NRC facilities, and the Vehicle Module is used to track and streamline the
analysis of changes in personnel vehicle parking. The other page is the Visitor Request Form,
which is accessible by all USCIS employees. Employees use this page for visitor entry approval
into the NRC. The PII input by USCIS employees is only accessible to MBR staff. PII is secured
and has the required header information clearly marking the site and describing the type of
information allowed on it.
Data Elements and Individuals Impacted
• The MBR ECN site collects the following information about the public: visitor
name, company/affiliation, vehicle model, license plate number, year, color,
phone number, visitor status (escorted/unescorted), and the visitor adjudication
outcome.
• The MBR ECN site also collects the following information about federal
employees: name, title, type of request, desk location, desk phone number and
extension, USCIS email address, supervisor’s name, entrance on duty date, grade,
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 15
photograph, license plate number, make, model, year, color, home address, home
telephone number, emergency contact name, and phone number.
• In addition, the MBR ECN site collects the following information about
contractors: name, title, USCIS email address, supervisor’s name, photograph,
license plate number, make, model, year, and color.
SORN(s)
• DHS/ALL-024 Department of Homeland Security Facility and Perimeter Access
Control and Visitor Management, which covers records associated with DHS
facility and perimeter access control, as well as visitor security and management.
Freedom of Information Act (FOIA) Branch
The mission of the FOIA Branch is to provide public access to agency records in
accordance with FOIA and the Privacy Act of 1974. The FOIA Branch uses the ECN site to
collaborate with Headquarters staff regarding the number of FOIA requests. Using the NRC
ECN site allows staff to not only meet the short deadlines, but also to track the Director’s
performance goals for the NRC. The FOIA ECN page is separated into different pages for each
operational unit within the FOIA branch: (1) FOIA Processing; (2) Significant Interest Group
(SIG); and (3) Quality Assurance and Customer Service (QA/CS).
FOIA Processing
The FOIA Processing Unit processes all A-File related FOIA requests. The use of the
ECN assists in processing FOIA and Privacy Act requests by providing exemption explanations,
final action letter templates, examples of the information withheld, samples of documents with
redactions, and flowcharts/diagrams. Under the FOIA Reference Links on the ECN there are
useful resources such as the Processing Guide, the FOIA/Privacy Act Assistant’s Guide, and
other FOIA/Privacy Act training materials.
Data Elements and Individuals Impacted
• PII is not stored on the FOIA Processing Unit’s section of the FOIA Branch’s
ECN page. Other resources on the FOIA ECN page include hoteling cubicle
reservations, calendars, and announcements.
SORN(s)
• No PII is stored on this section of the page and so no SORN is required.
Significant Interest Group (SIG)
SIG processes all non-A-File FOIA requests, such as procedural manuals, employment
selections, training manuals, and contracts. SIG has a PII-approved page under the FOIA ECN
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 16
page. All SIG cases are updated using a spreadsheet log called the Component Backlog Report.
Access to this page is controlled by the SIG ECN administrator and the page contains the
appropriate banners and notices.
Data Elements and Individuals Impacted
• The SIG ECN site collects the following information about the public: name, date
of birth, address, country of birth, Alien number, receipt numbers, temporary file
numbers, immigrant status, application/petition type, parents names, Social
Security number (or other number originated by a government that specifically
identifies an individual), photographic Identifiers (e.g., photograph image, x-rays,
and video tapes), driver’s license, biometric identifiers (e.g., fingerprint and
voiceprint), mother’s maiden name, vehicle identifiers (e.g., license plates), phone
numbers (e.g., phone, fax, and cell), certificates (e.g., birth, death, and marriage),
legal documents or notes (e.g., divorce decree, criminal records, or other), email
address, education records, financial records.
• The SIG ECN site collects the following information about federal employees and
contractors: name, work phone number, USCIS email address, and user ID.
SORN(s)
• DHS/ALL-001 Department of Homeland Security (DHS) Freedom of Information
Act (FOIA) and Privacy Act (PA) Record System, which covers records about
Freedom of Information Act and Privacy Act requests and appeals submitted to
the Department.
Quality Assurance and Customer Service (QA/CS)
The QA/CS Unit is responsible for doing trend analysis for FOIA processing functions.
They also develop and deliver training to FOIA personnel related to their position functions. The
QA/CS Unit maintains PII on its ECN page. This page will store three databases that contain PII:
(1) FOIA QA Case Auditing Database; (2) Case Create QA Auditing Database, and (3) FOIA
Support Team Database.
The QA/CS Unit maintains a FOIA QA Case Auditing database and a Case Create QA
Auditing database to keep track of processed cases that are audited for gathering statistical data
for trend analysis reports that are provided to management. The QA/CS Unit also maintains the
FOIA Support Team database to track FOIA staffing to identify training needs related to staffing
for files. These databases are access controlled on a “need-to-know” by the site administrator
based on the section supervisor’s request. The page displays the appropriate PII banners. Other
reference materials currently stored on the QA/CS ECN page are court decisions, policy
manuals, links to USCIS systems, and FOIA bulletins.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 17
Data Elements and Individuals Impacted
• The QA/CS ECN site collects the following information about federal employees
and contractors: name, work phone number, USCIS email address, and user ID.
SORN(s)
• DHS/ALL-001 Department of Homeland Security (DHS) Freedom of Information
Act (FOIA) and Privacy Act (PA) Record System, supports the collection and use
of information for FOIA management purposes.
Information Management Liaison Section (IMLS) Branch
The IMLS Branch provides 24/7 access to information from A-Files located at the NRC
and the Kansas City Federal Records Center (FRC) to USCIS, CBP, ICE, and other government
agencies. The IMLS Branch uses their NRC ECN page for information sharing among IMFS
staff members. The IMLS Branch uses the ECN site to post work schedules, links to manuals and
guides, training resources, and a document library with information that assists employees to
process cases.
Links to manuals and guides include Central Index System Quick Guide, Enforcement
and Removal Module (EARM), Systematic Alien Verification Entitlement ECN site, Enterprise
Document Management System (EDMS), EZ Ticket (IT Service Desk Help Tickets), and
Faxcom (Microsoft Windows based facsimile application). The training resources, such as “New
Hire Training,” “IMLS Overview,” “IMLS Policy,” “Weekly Tidbits,” and “How to Create an
A-File” help IMLS Branch staff perform their work duties. The Document Library contains a
variety of reference information that employees need when processing cases, such as the IMLS
Branch employee directory, electronic Classes of Admission chart, and a For Official Use Only
coversheet. It also contains important standard operating procedures related to national security,
handling classified files, and Deferred Action for Childhood Arrivals.
Data Elements and Individuals Impacted
• The IMLS ECN site collects the following information about federal employees
and contractors: name, work phone number, USCIS email address, and user ID.
SORN(s)
• DHS/USCIS/ICE/CBP-001 Alien File, Index, and National File Tracking System
of Records, which supports the sharing of A-File content.
Program Management Operations (PMO) Branch
The PMO Branch assists in building the NRC acquisition, program management, and
strategic planning capabilities. The PMO Branch focuses on costs, schedules, and performance
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 18
for project management within the NRC. The PMO Branch uses the ECN site to share NRC
space analysis project files, project tracking data, and budgetary data among PMO Branch staff
members.
The PMO Branch maintains PII on its ECN page. The PMO ECN site collects the
following information about federal employees and contractors: name, work phone number,
USCIS email address, and user ID.
System Access:
Access to PII restricted pages within the NRC ECN site is limited to NRC personnel. The
site administrator controls the permissions given to access the NRC ECN. Individuals requiring
access to a page containing PII must request access through the site administrator. The site
administrator reviews the request, obtains supervisory verification that the employee has a valid
need-to-know, and only then is the employee granted access to that particular page.
Sources of Information:
Information maintained on the NRC’s ECN site comes from redacted A-File materials
and documents, manual audit logs, Microsoft Access databases, FOIA Information Processing
System (FIPS), Freedom of Information Act Immigration Records System (FIRST), eSTAT,
Microsoft Excel workbooks, Microsoft Word documents, and Infopath forms.
Records Retention Period:
The NRC reviews the NRC ECN site on a monthly basis to ensure that documents that
follow the general records schedule of “delete when no longer needed” are disposed of within
three years. However, this will not be the case for all documents, such as policies and procedures
documents, training guides or documents that are for on-going projects, which may not change
every three years. Site owners and site facilitators are responsible for archiving and removing the
data from ECN. In accordance with the applicable record retention schedules (GRS 1.3, 2.2, 4.2,
and 5.6), the NRC will continuously audit all content in its site collection to ensure only the most
current information is stored and will archive any old files.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 19
Appendix B – Office of Security and Integrity
Program/System:
Office of Security and Integrity ECN Site
Purpose and Use:
Background:
In March 2007, U.S. Citizenship and Immigration Services (USCIS) Director Emilio
Gonzalez announced the creation of the Office of Security and Integrity (OSI) to enhance
existing USCIS functions that focus on management integrity, individual integrity, and security
of USCIS employees and facilities. OSI is divided into four distinct divisions: the OSI Front
Office, the Field Security Division, the Mission Integrity Division, and the Personnel Security
Division.
OSI Front Office provides: (1) overall fulfillment of all USCIS mission requirements for
security and integrity and for the strategic leadership and management of OSI; (2) leadership of
the overall ongoing management and operations of OSI; (3) a cohesive and unified single point
of contact for coordination and control of all issues, guidance, training, and communications
going into and coming out of the OSI; and (4) all of the administrative, financial, contracting,
and human capital services needed to run the OSI.
Field Security Division (FSD) provides physical and field security expertise and support
to USCIS personnel and facilities nationwide to include HQ. The work of the FSD is central to
achieving a core mission of USCIS by promoting the security and integrity of USCIS operations,
organization, and resources. The FSD is responsible for the active and passive measures
designed to prevent unauthorized access to personnel, equipment, facilities, assets, and
documents and to mitigate the disruption of the USCIS mission.
Mission Integrity Division (MID) provides security products and the development and
integration services for fulfilling the mandatory mission-level security, occupational safety and
health, continuity, and emergency management requirements for the USCIS enterprise. The
Chief of the Division serves as the Designated Agency Safety and Health Official (DASHO) as
well as the Agency Continuity Manager.
Personnel Security Division ensures all federal and contractor personnel have the
appropriate background investigations, to include investigations for suitability, fitness, security
clearances, and periodic reinvestigations.
Enterprise Collaborative Network (ECN)
OSI uses the Enterprise Collaborative Network (ECN) as a tool to improve collaboration
and communication with internal and external DHS stakeholders. ECN has become an integral
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 20
and mission critical part of OSI daily operations to manage documents and information using
SharePoint lists, libraries, surveys, and team calendars. OSI has also automated several business
processes to improve efficiency and transparency in the Office.
The OSI Web Management (OWM) is the site owner for the entire OSI ECN site
collection. Selected Divisions have assigned site facilitators which have completed the required
USCIS ECN Contributor and Facilitator training. These site facilitators are responsible for the
design as well as the content of their respective sites; and work closely with the OWM
administrators to ensure that data and information is properly stored and is accessible only by
authorized users. OSI OWM requires all OSI Division site facilitators to appropriately identify
and certify that they have SPII/PII data stored on their sites. SPII/PII stored must be directly
relevant and needed to meet mission requirements. Privacy and security practices are being
followed to monitor the ECN and ensure the appropriate handling and maintenance of SPII/PII.
The OSI OWM site owner and all OSI site facilitators are required to complete the PII training
and conduct monthly audits on ECN sites and permission groups to ensure the information being
shared conforms to the approved uses.
OSI has a critical need to store S/PII data on ECN sites to facilitate and improve daily
operations. The OSI ECN Site is broken into the following sub sites:
OSI Front Office
OSI site has created a list to comply with DHS/USCIS emergency or Continuity of
Operations Planning (COOP) requirements housing HQ OSI employees’ contact information and
emergency contact information. All personal information is inputted or edited directly by the
employee. Employees cannot view the information of other employees, but may only access their
own information. The list is located on the ECN in a secure environment. Full access to the list is
only given to key management personal and accessed only during an emergency and/or COOP
event when accountability of all personnel is necessary (i.e., a disaster or other life-threatening
event occurs).
Data Elements and Individuals Impacted
• The OSI Front Office site collects contact information about HQ OSI employees,
including employee name, office phone number, cell phone number, employee
home address, and employee personal phone number.
• The site also collects the name and phone number for an employee emergency
contact.
SORN(s)
• DHS/ALL-002 Department of Homeland Security (DHS) Mailing and Other Lists
System, which covers the collection and use of contact information.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 21
Federal Emergency Response Officials (FERO)
The purpose of the site is to support the designation/revocation process for appointment
of Federal Emergency Response Officials (FERO). The FERO process is carried out as part of
agency compliance with federal continuity directives (i.e., FCD1, FCD2). The online form which
is maintained by MID’s Emergency Management and Safety Branch, is based on DHS Form
11000-27 (Federal Emergency Response Official Designation Request). The information is not
shared outside the office. The function of the FERO process is to coordinate approval and then
notify the USCIS Identity Management Unit (IMU) to add or remove the FERO designation
label to the employee’s PIV card.
Data Elements and Individuals Impacted
• Personal identifiers, such as date of birth and home address, are required on the
DHS FERO form. The Identity Management Unit will use the personal identifiers
in the Information Security Management System (ISMS)
9
to identify the correct
applicant to process the designation.
SORN(s)
• DHS/ALL-014 Department of Homeland Security Personnel Contact Information,
which covers the collection and storage of emergency contact information, as well
as federal employee information for federal emergency response purposes.
Local Security Officer (LSO) Program
Field Security Division (FSD) manages the Local Security Officer (LSO) program for
USCIS. Volunteers are selected to serve as LSOs to help the Field Security Managers provide
security support to their respective offices. To help manage the program, FSD uses the site to
keep track of information, including the names of USCIS employees and contractors appointed
as LSOs, the date the LSO was appointed, and the date the LSO received training. The
information is entered in ECN by the FSD regional Program Support Analysts and the HQ
Senior Security Analyst who oversees the LSO program. Access to the ECN page is restricted to
FSD staff and the OSI site owners. Documents are posted on ECN until they are replaced by an
updated version or are no longer applicable. The Site Administrator is responsible for creating
and managing the ECN page and making sure that permissions are restricted to authorized
personnel only.
9
ISMS is a web-based case management tool designed to support the life cycle of DHS personnel security,
administrative security, and classified visit management programs. For more information, please see
DHS/ALL/PIA-038 Integrated Security Management System (ISMS), available at
https://www.dhs.gov/privacy-
documents-department-wide-programs.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 22
Data Elements and Individuals Impacted
• The FSO Program site collects the names of USCIS employees and contractors
appointed as LSOs.
SORN(s)
• DHS/ALL-014 Department of Homeland Security Personnel Contact
Information permits the collection and storage of emergency contact
information, as well as federal employee information for federal emergency
response purposes.
Facility Access Request (FAR)
The Field Security Division (FSD) manages the Facility Access Request (FAR) List for
the USCIS National Capital Region (NCR). When a contractor (e.g., plumber, electrician,
movers, painters, laborer or any other maintenance repair personnel) is scheduled to come to
work at a facility, facilities personnel or building management submits a request with the
contractor’s information to the OSI NCR Security Office.
Data Elements and Individuals Impacted
• The FAR ECN Site collects the following information from the requestor: Visitor
date and time of visit, Requestor’s name, Requestor’s phone number, Visitor’s
full name, Visitor’s date of birth, Visitor’s full SSN, Visitor’s company, Date
NCIC check was conducted, Approval status, Comments.
SORN(s)
• DHS/ALL-024 Department of Homeland Security Facility and Perimeter Access
Control and Visitor Management to collect and maintain records associated with
DHS facility and perimeter access control, as well as visitor security and
management.
Monthly Insider Threat Docket Report
MID’s Enterprise Risk Management Branch (ERMB) creates the monthly Insider Threat
Docket Report to inform the USCIS Office of Communication and senior leadership of the status
of serious criminal cases involving current and former USCIS employees, as well as selected
high-profile non-employee cases impacting the USCIS mission. The order of the cases is based
on the timing of upcoming event and the nexus between the offense and the USCIS mission.
The Insider Threat Docket Report is the official report of USCIS employee misconduct,
and the misconduct of other employees within DHS. The report is necessary to preserve the
chain of record cases that could ultimately assist in creating new policies, and to enhance training
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 23
at USCIS thus ensuring the integrity of the agency’s mission is not being compromised. All
information within this report comes from publicly-available court documents and covers insider
threat cases for awareness to USCIS stakeholders.
ERMB downloads case information on serious criminal cases involving current and
former USCIS employees and contractors, as well as selected high-profile non-employee cases
affecting the USCIS mission.
Data Elements and Individuals Impacted
• The following types of information are collected from current and former USCIS
employees as well as individuals involved in non-employee cases that impact the
USCIS mission: Alias, Associated Cases, Attorney, Case File Location, Case
Summary, Deadlines/Hearings, Docket Report, Filers, History/Documents, Party
(defendant, plaintiff, etc.), Related Transactions, Status, View a Document.
SORN(s)
• DHS/ALL-014 Department of Homeland Security Personnel Contact
Information permits the collection and storage of emergency contact
information, as well as federal employee information for federal emergency
response purposes
• DHS/ALL-020 DHS Internal Affairs permits the collection and storage of DHS
and USCIS personnel who are involved in cases of employee misconduct.
• DHS/ALL-038 Insider Threat Program System of Records, which covers the
management of insider threat inquiries, and identify and track potential insider
threats to DHS.
System Access:
OSI ECN users may include USCIS employees and in rare instances employees from
other DHS components. All OSI ECN sites have three primary permission groups: Owners,
Members, and Visitors. The Owners Group has ‘full control’ over specific ECN sites and sub-
sites. Site Owners are responsible for the design, security, and maintenance of their ECN team
sites, including permissions, site creation, web part creation and customization, and user training.
The Members Group has ‘contribute’ access with permission to view, add, update, and delete
select content within that site. The Visitors Group has ‘read’ access to the site, with permission
to view/read select content within that site. This group allows for cross site visibility with
restricted permissions. OSI ECN parent sites are visible to all OSI employees. Sub-sites with
designated site facilitators can be restricted to certain members. Depending on the sensitivity of
some information, permissions are set at the document level and only those with a need-to-know
can access it. OSI maintains strict security controls over sensitive information per direction from
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 24
USCIS. OSI ensures that all information on its ECN sites is protected and in compliance with
USCIS ECN governing policies and procedures.
Sources of Information:
Information contained in the OSI ECN sites is provided by USCIS Employees, federal
employees, members of the public, and public websites.
Records Retention Period:
OSI frequently reviews the OSI ECN site to ensure documents follow the general records
schedule of “delete when no longer needed,” and are disposed of within three years. However,
this will not be the case for all documents, such as policies and procedures documents, training
guides or documents that are for on-going projects, which may not change every three years. Site
owners and site facilitators are responsible for archiving and removing the data from ECN. In
accordance with the OSI Records Retention Schedule of 15 years, OSI will continuously audit all
content in its site collection to ensure only the most current information is stored and will archive
any old files.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 25
Appendix C – Fraud Detection and National Security Directorate
Program/System:
Fraud Detection and National Security Directorate ECN Site
Purpose and Use:
Background:
The Fraud Detection and National Security Directorate (FDNS) is a directorate within the
U.S. Citizenship and Immigration Services (USCIS), an agency within the U.S. Department of
Homeland Security (DHS). FDNS leads USCIS’ efforts to safeguard the integrity of the nation’s
lawful immigration system by spearheading agency efforts to combat fraud, detect national
security and public safety threats, and maximize law enforcement and Intelligence Community
(IC) partnerships. FDNS consists of the following offices and divisions: Front Office, Reports &
Analysis Branch (RAB), Facilities & Asset Management, Fraud Division, Immigration Vetting
Division (IVD), Intelligence Division, Social Media Division, National Security & Public Safety
Division (NSPSD), Systems Integration Division (SID), Mission Support Division, and Training
and Knowledge Management Division.
Enterprise Collaboration Network (ECN)
FDNS uses the Enterprise Collaboration Network (ECN) as a tool to improve
collaboration and communication with internal and external USCIS stakeholders. ECN has
become an integral and mission critical part of FDNS’s daily operations to manage documents
and information using SharePoint lists, libraries, surveys, and team calendars. FDNS has also
automated several business processes to improve efficiency and transparency within the
directorate.
The FDNS ECN Site is broken into several pages and collaborative workspaces. The
FDNS parent site collection includes administrative tracking and personnel lists. Each FDNS
division and organizational office maintains its own collection of pages and collaborative
workspaces within the ECN site collection, which may include both administrative records and
operational records.
Administrative and Personnel Records
The FDNS ECN site collection maintains records used for mission support and personnel
management, including personnel lists and calendars, hiring/onboarding actions, employee
dashboards, employee recognition and awards, telework agreements and work schedules, hiring
actions, detail or rotational assignment documents, organizational lists, and related documents.
FDNS also uses the ECN to comply with DHS/USCIS emergency or Continuity of Operations
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 26
Planning (COOP) requirements. The ECN site is also used to facilitate sensitive property
tracking, equipment tracking requests and asset management guidance, and related documents.
Data Elements and Individuals Impacted
• The FDNS ECN site maintains information about FDNS employees, including but
not limited to: name, position, photo, office phone number, work cell phone
number, work email address, personal email address, home address, and personal
phone number(s), awards, etc.;
• The site contains emergency contact person(s) for the employee and their contact
email address(es) and phone number(s); and
• The site also contains PII on members of the public applying to job vacancies,
including: name, address, title, grade and salary, employment history,
performance awards, military records, and education transcripts.
SORN(s):
• OPM-GOVT-1 General Personnel Records
10
covers the use and storage of FDNS
personnel PII for administrative purposes;
• OPM-GOVT-5 Recruiting, Examining, and Placement Records
11
covers the use
and storage of applicants and selectees for a FDNS vacancy;
• DHS/ALL-010 Department of Homeland Security Asset Management Records
12
covers the use and storage of FDNS employee assets; and
• DHS/ALL-014 Department of Homeland Personnel Contact Information System
of Records
13
covers the collection, use, and storage of FDNS emergency contacts.
Executive Secretariat Task Tracking
The FDNS Executive Secretariat Dashboard (ED) is a tool used to manage Executive
Secretariat taskings. ED has built in functionality to automatically assign tasks to designated
FDNS divisions for response or action. ED is used to coordinate internal document reviews and
facilitate collaboration. ED is also used to track responses to Freedom of Information Act
(FOIA) requests and may include internal taskers related to personnel actions; however, sensitive
10
See OPM/GOVT-1 General Personnel Records, 77 FR 73694, (December 11, 2012), available at
https://www.dhs.gov/system-records-notices-sorns
.
11
See OPM/GOVT-5 Recruiting, Examining, and Placement Records, 79 FR 16834, (March 26, 2014), available at
https://www.dhs.gov/system-records-notices-sorns
.
12
See DHS/ALL-010 Asset Management Records System of Records, 80 FR 58280, (September 28, 2015),
available at https://www.dhs.gov/system-records-notices-sorns
.
13
See DHS/ALL-014 Department of Homeland Security Personnel Contact Information, 83 FR 11780, (March 16,
2018), available at https://www.dhs.gov/system-records-notices-sorns
.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 27
personnel documents or those containing PII are not attached to the record in ED. ED is used
primarily for tracking purposes. FDNS uses permissioned links to ensure that only those with a
need-to-know see sensitive personnel information in the ED tracker.
Data Elements and Individuals Impacted
• ED collects names, email addresses, and telephone numbers of federal employees
and contractors; and
• ED also collects names of members of the public when that information is
included in a FOIA request.
SORN(s):
• DHS/ALL-016 Correspondence Records
14
covers the collection and maintenance
of correspondence records submitted by the general public, DHS personnel, and
others; and
• DHS/ALL-002 DHS Mailing and Other Lists System
15
covers the use, collection,
and storage of contact information included in the Executive Secretariat taskings.
Division and Organizational Office Sites
FDNS and its divisions also use the ECN to house internal, collaborative workspaces and
project trackers. FDNS maintains documents that include PII or sensitive PII on the following:
• Project workspaces, to include workspaces for specific projects managed by each
division; these workspaces include sensitive PII on U.S. Citizens and non-U.S. Citizens and may
include information relating to administrative investigations, background, identity or security
checks, external vetting, large scale fraud cases, site visit programs, social media assessments
16
,
and coordination during national security events, or other special projects;
• FDNS file review site for tracking Government Performance and Results Act (GPRA)
measures;
• Reports and analysis, such as fraud trends, studies, requests for statistics, field reporting,
and critical incident response reporting;
14
See DHS/ALL-016 Correspondence Records, 83 FR 48645 (September 26, 2018), available at
https://www.dhs.gov/system-records-notices-sorns
.
15
See DHS/ALL-002 Department of Homeland Security (DHS) Mailing and Other Lists System, 73 FR 71659
(November 25, 2008), available at https://www.dhs.gov/system-records-notices-sorns
.
16
The collection and use of social media information is compliant with DHS Instruction 110-001, Privacy Policy for
the Operational Use of Social Media and is detailed in a separate PIA. See U.S. D
EPARTMENT OF HOMELAND
SECURITY, U.S. CITIZENSHIP AND IMMIGRATION SERVICES, PRIVACY IMPACT ASSESSMENT FOR THE FRAUD
DETECTION AND NATIONAL SECURITY DIRECTORATE, DHS/USCIS/PIA-013-01(a) (2019), available at
https://www.dhs.gov/uscis-pias-and-sorns
.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 28
• Intelligence reporting, intelligence workflow management, and information used in
support of managing internal and external requests for information (RFIs); and
• Training materials, including “real world” examples used for training purposes that
contain PII such as digital copies of some Alien File (A-file) documents or printouts from
systems used to perform background checks.
Data Elements and Individuals Impacted
FDNS ECN sites maintain information on individuals associated with immigration
requests that have been reviewed by FDNS. This may include, but is not limited to, any of the
following data elements on non-U.S. persons and sometimes U.S. persons: name, date of birth
(DOB), place of birth, country of citizenship/nationality, immigration status, Passport number,
Alien Number (A-Number), receipt number, mailing addresses, telephone numbers, email
addresses, names of immediate family members, names of associates, marriage records, civil or
criminal history information, military and educational records, travel information, biometric
identifiers, other unique identifying numbers, and other information from the A-File or
immigration request form or from other sources of information dependent upon the situation.
SORN(s):
• DHS/USCIS-006 Fraud Detection and National Security Records (FDNS)
17
permits the collection and maintenance of PII associated with immigration
requests in the FDNS – Data System and other IT systems developed specifically
for FDNS, including the collaborative workspaces within the FDNS ECN site
collection.
System Access:
Only USCIS personnel assigned to unique SharePoint permission groups have access to
the FDNS ECN site collection and may not have access to the entire site, based on need-to-know.
The FDNS Training and Knowledge Management team serves as the lead contributors for any
directorate-wide needs on the FDNS ECN site collection which includes initial design and initial
management of access requirements.
To address specific requirements within each division’s ECN site, each division is
responsible for assigning a site facilitator who has completed the required USCIS ECN
contributor and facilitator training. The site facilitators work closely with the FDNS Training and
Knowledge Management team on the initial design and content of their respective sites and
provide technical support as needed. The site facilitators are also required to ensure that data and
information is properly stored and is accessible only to authorized users on their respective sites.
17
See DHS/USCIS-006 Fraud Detection and National Security Records (FDNS), 77 FR 47411 (August 8, 2012),
available at https://www.dhs.gov/system-records-notices-sorns
.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 29
All FDNS ECN sites have three primary permission groups: Owners, Members, and
Visitors.
1. Owners have ‘full control’ over specific ECN sites and sub-sites. They are responsible for
the design, security, and maintenance of their ECN team sites, including permissions, site
creation, web part creation and customization, and user training;
2. Members have ‘contribute’ access with permission to view, add, update, and delete select
content within that site; and
3. Visitors have ‘read’ access to the site, with permission to view/read select content within
that site. They can provide cross site visibility with restricted permissions.
FDNS ECN parent sites are visible to all FDNS employees who have been added to the FDNS
members permission group. Sub-sites with designated site facilitators can be restricted to certain
members. Depending on the sensitivity of some information, permissions are set at the document
level and only those with a need-to-know can access it. FDNS maintains strict security controls
over sensitive information with direction from USCIS. FDNS ensures that all information on its
ECN sites is protected and in compliance with USCIS ECN governing policies and procedures.
USCIS ECN Support performs routine auditing to confirm permissions are being appropriately
managed.
Sources of Information:
Much of the data collected in the FDNS ECN site is obtained from the immigration
benefit applications and forms submitted to USCIS by individuals or their authorized
representatives or preparers. Information is also collected from systems against which that data is
screened during the screening process. Information may be derived from multiple sources,
including DHS and USCIS systems, external systems, A-files, interviews and site visits.
Information on FDNS personnel is directly collected from personnel, personnel records,
or from DHS’s Global Address Listing (GAL).
Records Retention Period:
Retention periods will vary, depending on the content of the records. In general,
documents stored on FDNS ECN sites are retained until no longer needed for business purposes
and have a shelf life of three years before being archived to a shared drive. However, this will
not be the case for all documents, such as policies and procedures documents, training guides or
documents for ongoing projects, which may not change every three years. Site owners and site
facilitators must be familiar with retention requirements specific to their respective datasets and
are responsible for archiving and removing the data from ECN. In accordance with the
appropriate General Records Schedules and the FDNS Records Retention Schedule of 15 years,
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 30
FDNS will continuously examine content in its site collection to ensure only the most current
information is stored and will archive any old files.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 31
Appendix D – Headquarters Field Office Directorate (FOD) &
Service Center Operations Directorate (SCOPS)
Program/System:
Headquarters (HQ) FOD/SCOPS Consular Consolidated Database (CCD) Pilot ECN Site
Overview:
Field Operations Directorate (FOD)
The Field Operations Directorate (FOD) ensures the integrity of the immigration system
by making decisions on immigration benefit applications, petitions, and requests, including
naturalization and citizenship applications, through written correspondence and in-person
interviews with applicants, petitioners, and beneficiaries. FOD includes 88 field offices that
deliver immigration benefit services directly to applicants and petitioners in communities across
the United States and its territories. Further, a headquarters office, four regional offices, and 16
district offices provide oversight, direction, and support to the field offices, field support offices,
and the National Benefits Center (NBC).
Service Center Operations Directorate (SCOPS)
The Service Center Operations Directorate (SCOPS) provides services for persons
seeking immigration benefits while ensuring the integrity and security of the United States
immigration system. SCOPS provides decisions to individuals who request immigration benefits,
supports components at headquarters and service centers, and educates new immigrants and
citizens about the privileges and advantages of lawful presence in the United States. SCOPS
consists of five service centers that provide immigration benefits for petitioners and applicants
who do not require interviews. These five centers are the California Service Center (CSC),
Nebraska Service Center (NSC), Potomac Service Center (PSC), Texas Service Center (TSC),
and Vermont Service Center (VSC). Generally, the work performed by the service centers is
organized by these distinct product lines: business (immigrant (permanent) and nonimmigrant
(temporary) visa classifications); family (petitions for immediate family members and fiancés);
humanitarian benefits; students and exchange visitors (requests for employment authorization);
fraud detection (operational support, oversight and policy guidance for the Center Fraud
Detection Operations (CFDO) at each of the Service Centers); and National Security (oversight,
operational support, and policy guidance for the Background Check Units (BCU) at each of the
Service Centers).
HQ FOD/SCOPS leverage the CCD Pilot ECN Site as a business tool for document and
project management and reporting dashboards. Also, FOD/SCOPS use the CCD ECN site to
streamline the information sharing from field offices and service centers to the HQ FOD/SCOPS.
The ECN site’s goal is to allow for knowledge management and sharing in a most useful and
accessible format.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 32
Consular Consolidated Database
The Department of State (DOS), Bureau of Consular Affairs’ CCD is a data warehouse
that stores current and archived immigration data from all the Consular Affairs (CA) post
databases around the world. CCD provides CA and the interagency stakeholders a near real-time
aggregate of consular transaction activity collected domestically and at post databases
worldwide. CCD provides a database solution for centralized visa and American citizen services
(e.g. U.S. passports). The CCD is also the repository of data flows between the U.S. Department
of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), the Department of
Defense (DoD), and other federal agencies that provide input into the visa and passport review
and approval process.
18
The CCD stores immigration information about U.S. citizens and lawful
permanent residents as well as foreign nationals such as nonimmigrant and immigrant visa
applicants.
19
DHS and the DOS have an existing memorandum of agreement that allows for the
sharing of this type of immigration information between the two agencies using the CCD.
20
Moreover, a 2017 DHS memorandum implemented executive orders designed to provide border
security and immigration enforcement improvement policies, and instructed the director of
USCIS to review and enhance fraud detection, deterrence, and prevention measures heightening
screening and vetting of applicants for visas and other immigrant benefits, ensuring enforcement
of all laws for entry into the United States, and increasing transparency among departments and
agencies of the federal government and for the United States.
21
Purpose and Use:
FOD/SCOPS Enterprise Collaborative Network (ECN) CCD Pilot site
USCIS HQ FOD and SCOPS developed a pilot program that will leverage the dedicated
CCD ECN site as a tool to improve collaboration and communication with designated internal
field offices and service centers to evaluate the efficacy of conducting CCD checks. The CCD
18
See State-39 - Visa Records, 83 FR 28062 (June 15, 2018), available at
https://www.federalregister.gov/documents/2018/06/15/2018-12871/privacy-act-of-1974-system-of-records
.
19
See U.S. DEPARTMENT OF STATE, BUREAU OF CONSULAR AFFAIRS, PRIVACY IMPACT ASSESSMENT FOR THE
C
ONSULAR CONSOLIDATED DATABASE (CCD), available at https://www.state.gov/wp-
content/uploads/2019/05/Consular-Consolidated-Database-CCD.pdf .
20
See Memorandum of Agreement (MOA) between the U.S. Department of State (DOS) and the U.S. Department of
Homeland Security (DHS) Regarding the Sharing of Visa and Passport Records and Immigration and Naturalization
and Citizenship Records (2008), available at
https://www.federalregister.gov/documents/2003/09/30/03-
25023/report-to-the-congress-on-the-memorandum-of-understanding-between-the-secretaries-of-state-and.
21
See U.S. DEPARTMENT OF HOMELAND SECURITY, IMPLEMENTING THE PRESIDENT’S BORDER SECURITY AND
IMMIGRATION ENFORCEMENT IMPROVEMENTS POLICIES, (2017), available at
https://www.dhs.gov/sites/default/files/publications/17_0220_S1_Implementing-the-Presidents-Border-Security-
Immigration-Enforcement-Improvement-Policies.pdf.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 33
Pilot program is authorized to run from December 9, 2019, to approximately June 30, 2021 (end
date may be subject to change due to pandemic and other administrative factors).
USCIS CCD users will be able to view prior nonimmigrant visa (NIV) and immigrant
visa (IV) applications (along with certain supporting evidence), as well as information from
related USCIS visa petitions. This information is invaluable to USCIS, providing a holistic
picture of the immigration history of the applicant, petitioner, beneficiary, or requestor, as well
as the ability to compare the historical record contained in the CCD to current responses on
forms and during interviews, which identify inconsistencies that may suggest fraud,
misrepresentation, inadmissibility, or other ineligibilities. In addition, the CCD is also the only
repository that provides the true status of IV petitions that have been destroyed by DOS in paper
form. USCIS officers should be aware of this information prior to adjudicating open
applications. The consistent use of information maintained in the CCD by adjudicators allows
USCIS to identify inconsistent representations, better understand the terms and conditions of an
applicants’ visa, and improves the integrity of the immigration system.
Authorities and Other Requirements
The legal authority for USCIS to use information collected by DOS for visa processing
and issuance is found within the Immigration and Nationality Act (INA), 8 U.S.C. §§ 1101,
1103, 1201, 1202(f), and 1255.
In addition, this dedicated ECN PIA update outlines the use and collection of information
maintained on the individual ECN sites.
22
In addition, the Benefit Request Intake Process covers
information collected from the query of an external system (DOS CCD) to verify applicant
information and to ascertain eligibility before adjudicating a benefit.
23
Moreover, System of Records Notice (SORN) coverage is required as information is
retrieved by personal identifier (A-file number and/or Receipt Number), and it is provided by the
Alien File, Index, and National File Tracking System of Records, which covers the use,
collection, and storage of information pertaining to the applicant’s A-File, and covers
information sharing with DOS;
24
The Benefits Information System (BIS) SORN covers the
collection of applicant information to assist with adjudicating benefits, and Routine Use J covers
data sharing with DOS.
25
Uses of the Information
22
See supra note 1.
23
See U.S. DEPARTMENT OF HOMELAND SECURITY, U.S. CITIZENSHIP AND IMMIGRATION SERVICES, PRIVACY
IMPACT ASSESSMENT FOR THE BENEFIT REQUEST INTAKE PROCESS, DHS/USCIS/PIA-061 (2020), available at
https://www.dhs.gov/publication/dhs-uscis-pia-061-benefit-request-intake-process.
24
See DHS/USCIS/ICE/CBP-001-Alien File, Index, and National File Tracking System of Records, 82 FR 43556
(September 18, 2017), available at https://www.dhs.gov/system-records-notices-sorns
.
25
See DHS/USCIS-007 Benefits Information System (BIS), 84 FR 54622 (October 10, 2019), available at
https://www.dhs.gov/system-records-notices-sorns
.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 34
To that end, USCIS HQ FOD/SCOPS uses the Personally Identifiable Information (PII)-
protected ECN site to collect data gathered during the pilot program. The ECN site will allow
users to input real-time data on the use of CCD and its impact on each adjudication during the
pilot period. It will also allow for the regular reporting of results to leadership during and after
the pilot period. During the pilot program, USCIS offices will collect specific data during system
checks in the CCD website and enter the data on the ECN site. The offices participating in this
phase of the pilot will be a smaller and more focused group than before and include only the
Detroit Field Office, San Diego Field Office, Mt. Laurel Field Office, and the Jacksonville Field
Office.
Characterization of the Information
The Immigration Services Officers (ISO) will review active cases only that have not
previously been adjudicated, and used in the ECN documentation for pilot purposes (the normal
record of each case is compiled in the A-Files
26
) for immigration benefit applicants, and only
conduct CCD ECN checks if one or more ineligibility criteria is present at the time of
immigration application adjudication such as previous immigration violations, fraud, criminal,
national security concerns.
If one or more of the scenarios above were present, then the data entered in the ECN site
based on the above criteria would only include A-File Numbers, or Receipt Numbers if the A-
File number is not found, and answers to basic nonpersonal administrative questions such as:
• The amount of time taken to run checks and record the results;
• Whether there was relevant data in the CCD;
• Whether the CCD data resulted in a request for evidence, denial, fraud referral, approval,
or some other type of adjudicative action; and
• A list of contradictory information is found.
Access and Permissions
Access to the ECN site will be managed by trained ECN Site Facilitators and will be
limited only to those users who will need access to submit the data. All adjudicators from the
participating offices and their supervisors will have access to the ECN site. Additionally,
program managers within FOD HQ/SCOPS will have access to the ECN site to evaluate the data
collected above.
USCIS users will only have access to the CCD once they take the CCD Training and
26
A-Files are individual files identified by subject’s A-Number. An A-Number is a unique personal identifier
assigned to a noncitizen. A-Files became the official file for all immigration and naturalization records created or
consolidated since April 1, 1944.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 35
Rules of Behavior, which is a prerequisite before DOS grants/enables access. FOD and SCOPS
participants must also take the ECN 101 Contributor training and ECN 201 Facilitator Training.
Sources of Information
Information contained in the CCD ECN site is inputted directly by USCIS employees.
Records Retention Period:
The information collected will be deleted once analyzed, or by the end of the project,
whichever comes first, and in accordance with A-file and BIS SORNs.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 36
Appendix E – Human Capital and Training ECN Site
Program/System:
Human Capital and Training
Purpose and Use:
Background:
The Office of Human Capital and Training (HCT) provides oversight, direction, and
operational support for an integrated program of recruitment, hiring, training, leadership
development, performance management, employee benefits, and work-life programs for the
USCIS workforce. HCT also works in partnership with agency leaders and management to
develop strategic, effective, and efficient approaches to help USCIS fulfill its mission. HCT is
divided into nine divisions: Communications, Executive Resources & Services, Human Capital
Policy and Program, Human Resources Operations Center, Labor and Employee Relations,
Business Operations, Human Capital Strategy, Training & Career Development, and Human
Resources Information Technology. This HCT ECN Site provides coverage for the use of
Sensitive Personally Identifiable Information (SPII)/ Personally Identifiable Information (PII) on
ECN Sites to facilitate and improve HCT’s daily functions.
Enterprise Collaboration Network (ECN)
The HCT uses ECN as a tool for collaboration. The ECN Site is used for drafting
documents and communication before publishing articles to the USCIS Connect page and
Performance Learning Management System (PALMS),
27
tracking taskers, managing projects,
requesting administrative support, handling employee disciplinary and performance-based cases,
and the intake and review of training program applications.
HCT has a need to store SPII/PII to facilitate and improve HCT’s daily functions. Three
of the HCT Divisions have established ECN Sites to support their operations which are detailed
below. Employees from other HCT Divisions do not have access to the information contained in
other HCT Division ECN Sites. The HCT ECN Site is configured into the following subsites:
Training and Career Development Division
Training and Career Development Division maintains the Professional Development
Program (PDP) ECN which supports the PDP Program. The PDP provides funding to cover the
cost of eligible career-or-job-related training for USCIS employees. Each fiscal year, the PDP
can fund eligible online or instructor-led academic professional or technical training up to
$3,000 for individual full-time or part-time employees or $15,000 for duty-related group
27
See U.S. DEPARTMENT OF HOMELAND SECURITY, PRIVACY IMPACT ASSESSMENT FOR THE PERFORMANCE AND
LEARNING MANAGEMENT SYSTEM (PALMS), DHS/ALL/PIA-049 (2015 and subsequent updates), available at
https://www.dhs.gov/privacy-documents-department-wide-programs
.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 37
training. The purpose of collecting this information on ECN is to streamline the application and
funding process for employees and the PDP team. The ECN application form:
• Automates routing the application for required approvals;
• Allows the PDP team to receive, review, process, track, and store PDP applications in a
centralized location;
• Stores the information needed to contact the vendors to make the payments for the
employees; and
• Provides reporting capabilities such as the number of applicants per office and the use of
PDP funds.
The type of documents stored on the ECN Site include draft communications documents, policy
documents, PDP reports, PDP Individual Application forms, and PDP Archived Applications
from prior fiscal years. The data elements collected from the PDP forms include, name, work
email, work phone number, office, current duty location, office mailing address, current
position/title, grade, first line supervisor name, first line supervisor email, second line supervisor
name, second line supervisor email, and training coordinator email.
Data Elements and Individuals Impacted
• Employee name;
• Work email;
• Work phone number;
• USCIS office;
• Current duty location;
• Office mailing address;
• Current position/title;
• Grade;
• First line supervisor name;
• First line supervisor email;
• Second line supervisor name;
• Second line supervisor email;
• Training coordinator email; and
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 38
• Details on the course request including but not limited to: course name, course
Provider, date of course, and associated costs.
SORN(s):
• DHS/ALL-003 U.S. Department of Homeland Security General Training Records,
28
which covers the collection, use and storage of PDP form applications and archived
applications.
Labor and Employee Relations (LER) Division
Labor and Employee Relations Division maintains the USCIS Discipline Review Board
(DRB) ECN Site which temporarily stores documents related to employee disciplinary and
performance-based actions. Documents are grouped by the employee name into a case file for
review purposes, prior to a decision. The reviewers are different for each case. Permissions are
temporarily granted for each case file during the review phase based on the case type. The
reviewers may include the employee’s supervisor, USCIS managers, USCIS senior managers,
and USCIS attorneys assigned to the case. The purpose of the ECN Site is for collaboration and
strict access control. ECN permissions functionality provides the best method of maintaining
access control. The site Administrator will restrict access to the site to HCT-LER specialists and
HCT-LER managers. The site administrator will restrict access to each individual case file to
those have been selected to review those files.
Access to the case files needs to be strictly controlled. ECN’s permissions functionality
provides us with the best method of maintaining that control. Each case may involve over a
dozen individual .pdf, audio, and visual files, ranging in size from 1 megabyte (mb) to over 100.
[Audio and visual files may be included with an employee misconduct case (e.g., if an employee
was arrested)]. To distribute these files by e-mail would require breaking the files out over
several e-mails. Finally, posting them on the ECN Site ensures all reviewers and decision makers
receive the same materials and have ready access to them during the review period regardless of
what computer they are using. The USCIS DRB ECN Site contains diverse documentation
related to reports of employee misconduct and performance issues. Each case will include at
least one SF-50, which will include the employee’s name, Social Security number (SSN), and
date of birth, title, phone number, and other details specific to employee’s misconduct or
performance for each case. The type of files included will be reports of investigation from the
Office of Security and Investigations as well as management inquiries. These files may include a
wide range of information, including but not limited to attendance records, performance ratings,
computer forensic reports, and police reports. Information may be derived from sources within
and outside USCIS, depending upon the type of employee misconduct detailed, such as police
28
See DHS/ALL-003 Department of Homeland Security General Training Records, 73 Fed. Reg. 71656 (Nov. 25,
2008), available at https://www.dhs.gov/system-records-notices-sorns
.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 39
reports. Police reports may include information from individuals involved who are not USCIS
employees.
Data Elements and Individuals Impacted
• At least one SF-50, which will include the following:
o Employee’s name;
o SSN;
o Date of birth;
o Title; and
o Phone number,
•
Other details specific to employee’s misconduct or performance for each case
which may include:
o Attendance records;
o Performance ratings;
o Computer forensic reports; and
o Police reports (Note: police reports may include information from
individuals involved who are not USCIS employees).
SORN(s):
• DHS/ALL-018 U.S. Department of Homeland Security Grievances, Appeals, and
Disciplinary Action Records,
29
which covers the collection, use, and storage of
reports of investigation from the Office of Security and Investigations and
management inquiries;
• DHS/ALL-019 Payroll, Personnel, and Time and Attendance Records System of
Records,
30
which covers the collection, use, and storage of SF-50s which contain
employee information, such as, employee name and SSN.
• DHS/ALL-020 DHS Internal Affairs,
31
which covers the collection and use of PII
from members of the public for the purposes of conducting investigations into
employee misconduct.
29
See DHS/ALL-018 Administrative Grievance Records, 84 Fed. Reg. 18070 (April 29, 2019), available at
https://www.dhs.gov/system-records-notices-sorns.
30
See DHS/ALL-019 Payroll, Personnel, and Time and Attendance Records System of Records, 80 Fed. Reg. 58283
(September 28, 2015), available at https://www.dhs.gov/system-records-notices-sorns.
31
See DHS/ALL-020 Department of Homeland Security Internal Affairs, 79 Fed. Reg. 23361 (April 28, 2014),
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 40
Business Operations Division (HTCB)
Business Operations Division (HCTB) maintains the Non-Performance Awards Automation
ECN Site which enables HCTB to process the internal USCIS Form G-1109, Award Nomination
Form. USCIS may recognize deserving and eligible employees with monetary, non-monetary,
and honorary awards. The Office of Human Capital and Training uses Form G-1109, Award
Nomination Form, for program offices and directorates to request Special Act Awards, On-the-
Spot Awards, and Time Off Awards. Once submitted by the nominator, HCT will review the
Form G-1109 to ensure all required information has been provided and the award justification is
sufficient. The HTCB maintains the Non-Performance Awards Automation ECN Site which
enables HCTB to process the internal USCIS Form G-1109, Award Nomination Form.
Data Elements and Individuals Impacted
• Full Employee Name;
• Duty Location;
• Last four numbers of the employee SSN;
• Awarded dollar amount;
• Awarded hours for time off awards;
• Final Award disposition (approval or disapproval);
• Justification: Written narrative outlining the employee’s accomplishments and
contributions that support the award nomination;
• Directorate/Program Office of the employee;
• Current position title of the employee;
• Grade and step of the employee;
• 14-Digit Accounting Code of the fund from which the award monies will be drawn;
and
• Signatures of the Recommending Official, Approving Official, and Awards
Administrator.
SORN(s):
• DHS/ALL-011 Biographies and Awards System of Records,
32
which covers the
collection and use of biographical information about current and former DHS
available at https://www.dhs.gov/system-records-notices-sorns.
32
See DHS/ALL-011 Biographies and Awards System of Records, 83 Fed. Reg. 14652 (April 5, 2018), available at
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 41
employees, contractors, and other non-DHS individuals that attend Departmental
meetings or receive awards.
System Access: Selected Divisions have assigned site facilitators which have completed the
required USCIS ECN Contributor and Facilitator training. These site facilitators are responsible
for the design and content of their respective sites. Employees from other HCT Divisions do not
have access to the information contained in other HCT Division ECN Sites. Privacy and security
practices are being followed to monitor the ECN and ensure the appropriate handling and
maintenance of SPII/PII.
Sources of Information: Information contained in the HCT ECN Sites is provided by USCIS
employees (federal and contractors) and members of the public.
Records Retention Period: The PDP application forms remain stored on the PDP Site after
submission. At the end of each fiscal year, all PDP applications are archived to an archive list
on the PDP Site. After 5 years, the archive data will be removed from PDP ECN, exported to
an Excel file and stored on a restricted access team share drive.
The cases will be stored in the DRB ECN Site for the duration of the review which is
typically 2 weeks to a month. The LER specialist assigned to a case will remove the files from
the site when the case is complete. This will remove the reviewers’ permissions. The site
Administrator will monitor the Site to make sure files are removed when cases are complete.
The Form G-1109 information will be maintained for two years and destroyed in
accordance with the GRS 2.2 Employee Management Records.
33
https://www.dhs.gov/system-records-notices-sorns.
33
Disposition Authority DAA-GRS-2017-0007-0003 - Employee Incentive Award Records: Agency award files,
including recommendations, approved nominations, correspondence, and reports about agency-sponsored cash and
noncash awards (such as lump-sum cash awards, honorary awards, informal recognition awards, cost savings
awards, and time-off awards). Also, includes correspondence about awards from other Federal agencies or non-
Federal organizations and to form employees.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 42
Appendix F – Field Operations Directorate
Program/System:
Field Operations Directorate (FOD) COVID Arrival and Departure Information System (ADIS)
Reporting for International Travel Enterprise Collaboration Network (ECN) Site
Purpose and Use:
Background:
In response to the COVID-19 pandemic, the FOD COVID ADIS Reporting for
International Travel ECN
34
site will enable FOD staff to access and consolidate information on
applicant appointments and enable FOD to reschedule interviews for applicants who traveled
from international countries considered high risk by the Centers for Disease Control and
Prevention (CDC). To ensure USCIS is compliant with CDC guidelines in sustaining a safe
environment for employees and applicants and to prevent transmission of COVID-19, the
COVID ADIS Reporting for International Travel ECN site will provide access to advance travel
information from applicants with scheduled appointments at USCIS field offices. This will
enable all 86 USCIS field offices to review and reschedule interviews for applicants who
traveled from international countries considered high risk by CDC.
This advance travel information will be retrieved from the U.S. Customs and Border
Protection’s (CBP) ADIS.
35
A USCIS Electronic Immigration System
36
(USCIS ELIS) service
will query the DHS Office of Biometric Identity Management (OBIM) Automated Biometric
Identification System (IDENT)
37
for a Fingerprint Identification Number (FIN) for the
individuals with scheduled appointments at USCIS field offices. That FIN will then be used to
query ADIS for the advance travel information. USCIS ELIS then stores the retrieved data.
USCIS will use this information to compile the advance travel information into a usable report
34
See U.S. DEPARTMENT OF HOMELAND SECURITY, U.S. CITIZENSHIP AND IMMIGRATION SERVICES, PRIVACY
IMPACT ASSESSMENT FOR THE ENTERPRISE COLLABORATION NETWORK, available at https://www.dhs.gov/uscis-
pias-and-sorns.
35
See U.S. DEPARTMENT OF HOMELAND SECURITY, U.S. CUSTOMS AND BORDER PROTECTION, PRIVACY IMPACT
ASSESSMENT FOR THE ARRIVAL AND DEPARTURE INFORMATION SYSTEM, available at https://www.dhs.gov/privacy-
documents-us-customs-and-border-protection.
36
See U.S. DEPARTMENT OF HOMELAND SECURITY, U.S. CITIZENSHIP AND IMMIGRATION SERVICES, PRIVACY
IMPACT ASSESSMENT FOR THE USCIS ELECTRONIC INFORMATION SYSTEM, available at https://www.dhs.gov/uscis-
pias-and-sorns.
37
See U.S. DEPARTMENT OF HOMELAND SECURITY, OFFICE BIOMETRIC IDENTITY MANAGEMENT, PRIVACY IMPACT
ASSESSMENT FOR THE AUTOMATED BIOMETRIC IDENTIFICATION SYSTEM, available at https://www.dhs.gov/privacy-
documents-office-biometric-identity-management-obims. The successor system for IDENT is OBIM’s Homeland
Advanced Recognition Technology System (HART). See U.S. DEPARTMENT OF HOMELAND SECURITY, OFFICE
BIOMETRIC IDENTITY MANAGEMENT, PRIVACY IMPACT ASSESSMENT FOR THE HOMELAND ADVANCED RECOGNITION
TECHNOLOGY SYSTEM (HART) INCREMENT 1, available at https://www.dhs.gov/privacy-documents-office-
biometric-identity-management-obims.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 43
format and store the report on the COVID ADIS Reporting for International Travel ECN Site for
FOD staff to access.
This ECN site will protect the privacy of USCIS applicants and ensure that only FOD
staff, designated by FOD leadership and with a need-to-know will have access to the advance
travel information. In addition, this site will allow each field office and regional office to
operationalize this safety procedure by serving as a central repository of several reports to help
screen applicants based on their recent travel.
The reports provide consolidated information on National Appointment Scheduling
System (NASS)
38
appointments scheduled 14 days forward with ADIS travel history including
applicant contact information from USCIS’s Computer Linked Application Information
Management System 3 (CLAIMS 3)
39
and USCIS ELIS if available. Applicant contact
information from CLAIMS 3 and USCIS ELIS is retrieved via a query of the Enterprise
Citizenship and Immigration Services Centralized Operational Repository (eCISCOR)
40
using
the applicant’s name, date or birth, and A-Number.
Currently, there is a single compiled report for all USCIS ELIS and CLAIMS 3 based
applicant appointments that have been scheduled in NASS and cross referenced against ADIS
travel. However, additional reports are also provided, to include scheduling and contact
information for INFOPASS,
41
Application Support Centers (ASC),
42
and biometrics
appointments, should the individual USCIS Office choose to manually screen those individuals
using information within the Person Centric Query System (PCQS).
43
Reports will be refreshed
daily to ensure constant 14-day forward information on advance travel information from
applicants with scheduled appointments at USCIS field offices.
38
See U.S. DEPARTMENT OF HOMELAND SECURITY, U.S. CITIZENSHIP AND IMMIGRATION SERVICES, PRIVACY
IMPACT ASSESSMENT FOR THE NATIONAL APPOINTMENT SCHEDULING SYSTEM (NASS), available at
https://www.dhs.gov/uscis-pias-and-sorns
.
39
See U.S. DEPARTMENT OF HOMELAND SECURITY, U.S. CITIZENSHIP AND IMMIGRATION SERVICES, PRIVACY
IMPACT ASSESSMENT FOR THE COMPUTER LINKED APPLICATION INFORMATION MANAGEMENT SYSTEM (CLAIMS3)
UPDATE
, available at https://www.dhs.gov/uscis-pias-and-sorns.
40
See U.S. DEPARTMENT OF HOMELAND SECURITY, U.S. CITIZENSHIP AND IMMIGRATION SERVICES, PRIVACY
IMPACT ASSESSMENT FOR THE ENTERPRISE CITIZENSHIP AND IMMIGRATIONS SERVICES CENTRALIZED OPERATIONAL
REPOSITORY (eCISCOR) available at https://www.dhs.gov/uscis-pias-and-sorns.
41
See U.S. DEPARTMENT OF HOMELAND SECURITY, U.S. CITIZENSHIP AND IMMIGRATION SERVICES, PRIVACY
IMPACT ASSESSMENT FOR THE CUSTOMER SCHEDULING AND SERVICES, available at https://www.dhs.gov/uscis-pias-
and-sorns.
42
See U.S. DEPARTMENT OF HOMELAND SECURITY, U.S. CITIZENSHIP AND IMMIGRATION SERVICES, PRIVACY
IMPACT ASSESSMENT FOR THE NATIONAL APPOINTMENT SCHEDULING SYSTEM (NASS), available at
https://www.dhs.gov/uscis-pias-and-sorns
.
43
See U.S. DEPARTMENT OF HOMELAND SECURITY, U.S. CITIZENSHIP AND IMMIGRATION SERVICES, PRIVACY
IMPACT ASSESSMENT FOR THE PERSON CENTRIC QUERY SERVICE (PCQS), available at https://www.dhs.gov/uscis-
pias-and-sorns.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 44
Field offices will not be updating or adding information to the site. The field offices will
only be expected to retrieve and review the reports. The ECN site will be used until the COVID-
19 pandemic is officially deemed over or CDC no longer considers international travel a risk.
Reports will be maintained only as long as operationally necessary. Once the analysis of
comparing the ADIS information with the scheduled USCIS field office appointments and the
reports are completed, the advance travel data will be removed/deleted. All reports will be
deleted 5 months after they are generated.
Access to this ECN site will be managed by trained ECN Site Facilitators and will be
limited to only those users who need access to upload and manage reports; and users needing to
review reports to determine whether applicants need to have appointments rescheduled based on
their travel history.
Data Elements and Individuals Impacted
• The following information is collected from members of the public (U.S.
Persons and non-U.S. persons):
o Name;
o Address;
o Date of birth (DOB);
o A-Number;
o FIN;
o Email address;
o Phone number; and
o Travel information, which will include name of country the applicant
traveled from, as well as, the travel dates.
SORN(s):
• DHS/USCIS/ICE/CBP-001 Alien File, Index, and National File Tracking
System
44
permits the collection, and storage of the name, A-number, FIN, date
of birth, and country of birth of nonimmigrants;
• DHS/USCIS-007 Benefits Information System
45
permits the collection and
storage of immigration-related requested information, which includes name,
44
See DHS/USCIS/ICE/CBP-001-Alien File, Index, and National File Tracking System of Records, 82 Fed. Reg.
43556 (September 18, 2017), available at https://www.dhs.gov/system-records-notices-sorns
.
45
See DHS/USCIS-007 Benefits Information System, 84 Fed. Reg. 54622 (October 10, 2019), available at
https://www.dhs.gov/system-records-notices-sorns
.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 45
identification number(s), contact information (including address, telephone
number, email address);
• DHS/USCIS-018 Immigration Biometric and Background Check
46
permits the
collection and storage of biographical data such as, photographic facial images,
fingerprints; travel documentation; travel numbers; and case type to verify an
individual’s identity;
• DHS/USCIS VISIT-004 DHS Automated Biometric Identification System
(IDENT)
47
provides a DHS-wide repository of biometrics to aid in identifying
of an individual whether the name information is the same or different based on
biometrics data collected; and
• DHS/CBP-021 Arrival and Departure Information System
48
provides a
repository for tracking entry and exit data through the immigrant and non-
immigrant pre-entry, entry, status management and exit process.
System Access: Users to the COVID ADIS Reporting for International Travel ECN Site will
include FOD staff designated by FOD leadership with a need to know. Additionally, this site will
serve as a central repository for field and regional offices, with the implementation of the
appropriate safety measures to protect the privacy of the applicants, to assist with screening
applicants recent travel activity.
Sources of Information: This advance travel information will be retrieved from the CBP’s
ADIS. A USCIS ELIS service will query the DHS OBIM IDENT for a FIN for the individuals
(applicants) with scheduled appointments at USCIS field offices and that FIN will then be used
to query ADIS for the advance travel information. USCIS ELIS then stores the retrieved data.
Applicants contact information is collected from the USCIS’s CLAIMS 3 and USCIS
ELIS, if available. Applicant contact information is retrieved via a query of the eCISCOR using
the applicants’ name, DOB, and A-Number.
Records Retention Period: The ECN site will be used until the COVID-19 pandemic is
officially deemed over or CDC no longer considers international travel a risk. Reports will be
maintained only as-long-as operationally necessary or will be deleted 5 months after they are
generated. Once analysis and reports are complete, the data will be removed/deleted.
46
See DHS/USCIS-018 Immigration Biometric and Background Check (IBBC) System of Records, 83 Fed. Reg.
36950 (July 31, 2018) available at https://www.dhs.gov/system-records-notices-sorns
.
47
See DHS/USVISIT-004 DHS Automated Biometric Identification System (IDENT), 72 Fed. Reg. 31080 (June 5,
2007) available at https://www.dhs.gov/system-records-notices-sorns
.
48
See DHS/CBP-021 Arrival and Departure Information System (ADIS), 80 Fed. Reg. 72081 (November 18, 2015)
available at https://www.dhs.gov/system-records-notices-sorns
.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 46
Appendix G – Refugee, Asylum, and International Operations
Program/System:
Refugee, Asylum, and International Operations (RAIO), Terrorism Related Inadmissibility
Grounds (TRIG) Enterprise Collaboration Network (ECN) Site
Purpose and Use:
Background:
Terrorism Related Inadmissibility Grounds (TRIG) cases involve applicants who are
considered inadmissible as defined under the Immigration Nationality Act (INA)
212(a)(3)(B)(i)
49
because they have either aided or been associated with a terrorist organization
or have committed terrorist activity either willingly or under duress. Many TRIG cases are
subject to exercises of the discretionary exemption authority as defined in INA 212(d)(3)(B)(i)
50
signed by the Secretary of the U.S Department of Homeland Security (DHS) after consultation
with the U.S. Secretary of State and the U.S. Attorney General, or signed by the U.S. Secretary
of State, after consultation with the DHS and the U.S. Attorney General; some exemptions are
signed by both secretaries. As a general matter, the secretaries have delegated the authority to
apply such exemptions to USCIS adjudicating officers in the field. The USCIS TRIG Enterprise
Collaboration Network (ECN)
51
site provides operational guidance for these exemptions and
other guidance related to TRIG.
The TRIG ECN site has three tiers of access: Visitors; Program Office members; and
Working Group members.
Visitors
Visitors are full-time USCIS employees, who have requested access on an individual
basis or through their component’s TRIG point of contact (POC), related to their job duties. The
RAIO TRIG ECN administrator manually grants authorized Visitors read-only access to the
items on the TRIG Home Page only. This tier of the TRIG ECN is maintained to provide access
to information for adjudicators in the field to use while adjudicating cases involving TRIG. No
personally identifiable information (PII) is posted on this tier of the site.
TRIG Program Office
TRIG Program Office members are full-time USCIS direct hire staff of the RAIO TRIG
Program Office. At present, this consists of three Adjudication Officers, one Management and
49
USCODE-2011-title8-chap12-subchapII-partII-sec1182.pdf (govinfo.gov)
50
Nonimmigrant visa waiver: A nonimmigrant who is “known or believed” to be inadmissible under either INA § 212(a)(3)(B) or (3)(F) may
still be issued a visa despite the inadmissibility. The waiver requires a recommendation by the Secretary of State or a consular office and approval
by the Attorney General. For additional information see: USCODE-2011-title8-chap12-subchapII-partII-sec1182.pdf (govinfo.gov)
.
51
See U.S. DEPARTMENT OF HOMELAND SECURITY, U.S. CITIZENSHIP AND IMMIGRATION SERVICES, PRIVACY
I
MPACT ASSESSMENT FOR THE ENTERPRISE COLLABORATION NETWORK, available at https://www.dhs.gov/uscis-pias-and-sorns.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 47
Program Analyst, and a Program Office Chief. This tier of the ECN site captures certain
information about TRIG cases referred to USCIS by U.S. Immigration Customs and
Enforcement (ICE) for exemption consideration; there have been small numbers of cases per
year since Fiscal Year 2018 (FY18). The following information is captured in a location on
TRIG Program Office section of the TRIG ECN:
Data Elements and Individuals Contained in this Section Include but is no limited to:
• Applicant’s name;
• Alien Number (A-Number);
• Most recent address;
• Attorney of record;
• Name and designation of terrorist organization (if applicable);
• Statutory citation of specific ground of inadmissibility;
• Type of benefit sought;
• Type of exemption granted (if applicable);
• Description and explanation of inadmissibility;
• Applicable 212(a)(3)(B) subclauses;
• Conditions under which TRIG was committed (to determine duress, if applicable to
the exemption); and,
• Summary of results of unclassified security checks.
Data relating to the individual’s inadmissibility grounds is entered manually and may be derived
from the following types of applicant forms:
• Application for Asylum and for Withholding of Removal (Form I-589);
• Registration for Classification as Refugee (Form I-590);
• Application to Register Permanent Resident or Adjust Status (Form I-485);
• Refugee/Asylee Relative Petition (Form I-730);
• Application for Suspension of Deportation or Special Rule Cancellation of Removal
(NACARA, I-881);
• Application for Temporary Protected Status (I-821);
• Application for T Nonimmigrant Status (I-914); and
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 48
• Petition for U Nonimmigrant Status (I-918).
Generally, the information was originally provided to USCIS or the Executive Office for
Immigration Review (EOIR) by the applicant in their immigration benefit application. Relevant
documents may also be also scanned from the applicant’s case file, and may include any other
information presented on applications and supporting documents submitted to USCISScanned
documents may also include relevant items submitted to ICE or the Executive Office of
Immigration Review (EOIR) while a case was in immigration proceedings, and/or relevant items
issued by ICE or EOIR (such as immigration judge decisions, or written opinions from EOIR, if
any).
SORN(s):
• DHS/USCIS/ICE/CBP-001 Alien File, Index, and National File Tracking System of
Records, which supports and covers the sharing of A-file content;
• DHS-USCIS-007 Benefits Information System, which covers the collection of
application information to assist with the adjudicating benefits;
• DHS/USCIS-010 Asylum Information and Pre-Screening, which enables the collection
and maintenance of records pertaining to asylum applications;
• DHS/USCIS-017 Refugee Case Processing and Security Screening Information which
supports the sharing of refugee information when necessary to accomplish case
processing.
TRIG Working Group
The TRIG Working Group site is available only to TRIG Program Office members and
members of the USCIS TRIG Working Group who represent the following USCIS components:
• RAIO;
• Field Office Directorate (FOD);
• Service Center Operations Directorate (SCOPS);
• Office of Chief Counsel (OCC);
• Fraud Detection and National Security (FDNS); and
• Office of Policy and Strategy (OP&S).
This part of site maintains statistics on the TRIG cases currently in process across the
agency. Exemption statistics are gathered on a quarterly basis and are included in the agency’s
required annual report to Congress on exemptions granted. No PII is captured in these statistics.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 49
Documents related to cases considered for Individual Exemptions (scanned documents
from their paper format, such as relevant documents from the A-file) may be posted on the
Working Group section to allow Working Group members to review case materials as part of the
consideration of such cases for individual exemptions. These documents do contain PII and may
include the following data elements:
• A-number;
• Applicant/beneficiary’s date of birth;
• Most recent known address;
• Name and address of attorney, if any;
• Statutory citation of specific grounds of inadmissibility;
• Name and designation of terrorist organization (if applicable); and
• Country of origin.
SORN(s)
• DHS/USCIS/ICE/CBP-001 Alien File, Index, and National File Tracking System in,
which supports and covers the sharing of A-file content.
• DHS-USCIS-007 Benefits Information System, which covers the collection of
application information to assist with the adjudicating benefits.
• DHS/USCIS-010 Asylum Information and Pre-Screening, which enables the collection
and maintenance of records pertaining to asylum applications; and
• DHS/USCIS-017 Refugee Case Processing and Security Screening Information which
supports the sharing of refugee information when necessary to accomplish case
processing.
Individual exemptions are not routine, as each individual exemption must be signed by
the Secretary of Homeland Security, after consultation with the Department of State and
Department of Justice.
Due to the above-described PII that may be contained on the TRIG Working Group page,
RAIO will add a PII banner to identify that PII is permissible on the ECN site.
None of the inputs nor the outputs mentioned above are updated in any USCIS system,
nor is input stored in the A-file. Only the exemption worksheet, once an exemption is
adjudicated, and the results of unclassified security checks, are placed in the A-file. As described
above, this ECN site serves a necessary function in centralizing the TRIG adjudication and
reporting process.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 50
Access rights are and will continue to be limited primarily to read-only at the appropriate
level of access, with some USCIS Headquarters (HQ) identified points of contact granted
“Contribute” permissions to the Working Group section and all RAIO HQ TRIG Program Office
members granted “Design” permissions.
52
The site administrator is a Management and Program
Analyst in TRIG Program Office whose designated duties and roles will include protecting the
integrity of the data. The site administrator will be responsible for ensuring PII is properly
secured and will determine the level of access to grant USCIS staff. Officers from SCOPS, FOD,
OCC, FDNS, and RAIO Directorates have been provided read-only access to the functions on
the Home Page (which does not contain PII) after specifically requesting access. Additional
personnel will continue to be added on an individual basis for limited level of access only.
System Access: For the Visitor tier of access to the RAIO TRIG ECN, the site administrator will
manually grant Visitors read-only access to the items on the TRIG Home Page only. The TRIG
Working Group site is available only to TRIG Program Office members and members of the
TRIG Working Group who represent the USCIS components identified above. TRIG Working
Group members have Contribute access only to this site. TRIG Program Office members are full-
time USCIS direct hire staff of the RAIO TRIG Program Office. At present, this consists of three
Adjudication Officers, one Management and Program Analyst, and a Program Office Chief. To
ensure integrity of the data of the TRIG Program Office site, the RAIO TRIG ECN administrator
manually grants Design access to only TRIG Program Office employees; officers who no longer
work in this capacity or with the TRIG Program Office will have their access revoked
expeditiously.
Sources of Information: Information contained in this RAIO TRIG ECN site is provided by
USCIS employees (federal direct hire and contractors), DHS/ICE employees, EOIR, or
immigration benefit applicants.
Record Retention Period: The following NARA approved retention schedules cover the
information that may be captured in this ECN: DAA-566-0217-0011 - The official A-File record
may take three possible forms: (1) Records contained within the paper A-File; (2) records
contained within the electronic record from EDMS or USCIS ELIS; or (3) a combination of
paper and electronic records and supporting documentation.
• N1-566-08-11 - A-File records are maintained in accordance with this retention schedule.
DHS/USCIS transfers A-Files to the custody of NARA 100 years after the individual's
date of birth.
52
The RAIO HQ TRIG program office is a small team (5 individuals) who are oftentimes away on detail to another
office or unavailable due to work-related travel. While the site administrator is the primary employee managing the
TRIG ECN page, it is necessary for RAIO HQ TRIG program office members (5 individuals) to have Design
permissions to make necessary updates to the ECN when the site administrator is unavailable (due to work related
travel or detailed to another office).
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 51
• DAA-0566-2017-0011 - USCIS is responsible for the adjudication of the benefit program
established by Section 203 of the Nicaraguan Adjustment and Central American Relief
Act (NACARA). USCIS uses Forms I-589 (Application for Asylum and for Withholding
of Removal) and I-881 (Application for Suspension of Deportation or Special Rule
Cancellation of Removal) to process applications for asylum and cancellation of removal.
Withholding of removal requests are submitted to the Executive Office of Immigration
Review (EOIR) and considered by an Immigration Judge when submitted during
proceedings. USCIS does not adjudicate withholding of removal requests.
• DAA-0566-2019-0032 - This schedule applies to benefit requests and their supporting
forms and evidence, filed by or on behalf of individuals requesting humanitarian benefits.
At the time of this scheduling, the following forms are included:
o Form I-360, Petition for Amerasian, Widow(er) or Special Immigrant (when filed
on behalf of an abused family member of a USC or LPR, or on behalf of a Special
Immigrant Juvenile);
o Form I-914, Application for T Nonimmigrant Status; Form I-914, Supplement A,
Application for Family Member of T-1 Recipient and Supplement B, Declaration
of law Enforcement Officer for Victim of Trafficking in Persons;
o Form I-918, Petition for U Nonimmigrant Status; Form I-918, Supplement A,
Petition for Qualifying Family Member of U-1 Recipient and Supplement B, U
Nonimmigrant Status Certification; and
o Form I-929, Petition for Qualifying Family Member of a U-1 Nonimmigrant. This
schedule may also cover future forms with modified form names or numbers that
serve the same purpose.
• GRS - N1-085-96-001 - Forms related to Long-Term Family Based Adjustments of Status
(AOS) (and supporting documentation/evidence) may include, but are not limited to (this
list is not exhaustive and will include future forms or form name modifications, unless
noted on future forms):
o Form I-129F Petition for Alien Fiancé(e);
o Form I-130 Petition for Alien Relative;
o Form I-360 Petition for Amerasian, Widow(er), or Special Immigrant (those filed
for Amerasian, Widow(er), and VAWA cases);
o Form I-363 Request to Enforce Affidavit of Financial Support and Intent to
Petition for Legal Custody for P.L. 97-359 Amerasian; I-485 Application to
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 52
Register Permanent Residence or Adjust Status (those filed in support of family
benefits);
o Form I-730 Refugee/Asylee Relative Petition;
o Form I-751 Petition to Remove the Conditions of Residence; and
o Form I-817 Application for Family Unity Benefits.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 53
Appendix H – Office of Legislative Affairs (OLA)
Legislative Electronic Tracking System (LETS)
Program/System:
Office of Legislative Affairs (OLA)/Salesforce Tracking Activities and Relationships System
(STARS), Legislative Electronic Tracking System (LETS) ECN Site
Purpose and Use:
Background:
The USCIS Office of Legislative Affairs (OLA) is responsible for providing members of
Congress and their staffs with timely, accurate, and comprehensive information about the
agency’s operations, policies, and procedures. It also provides oral and written responses to
congressional inquiries on individual casework and institutional/policy issues regarding
immigration benefits processing, and responses to intradepartmental inquiries, requests for
information and formal recommendations on all immigration issues as well as allegations of civil
rights violations. To perform this mission, OLA relies on the Salesforce Tracking Activities and
Relationships System (STARS) Legislative Electronic Tracking System (LETS).
LETS went into production in February 2013 originally using the Microsoft Dynamics
Customer Relationship Management (CRM) platform. At the time, it was the first nationwide
platform for the congressional program that supported OLA’s efforts to provide prompt
responses to constituent concerns, proactive outreach on issues of interest, and ongoing
educational activities for members of Congress and their staff.
To increase functionalities to the existing system, LETS was re-platformed to STARS, a
cloud-based electronic system, used to enhance intake, tracking, and reporting of congressional
inquiries. Many of the existing functionalities from the legacy system are still available and
improved within STARS.
STARS LETS is used to establish a consistent mechanism to report on trends and
workload; identify duplicates (when a constituent asks multiple members of Congress for
assistance as well as historical responses on the same inquiry); allow for transfer of an inquiry
from one office to another; facilitate the exchange of information between regional/center leads;
increase transparency and consistency; reduce response times; assist with cross jurisdictional
inquiries; document responses more efficiently; meet USCIS privacy release policies; increase
data security and integrity; provide consistent system support; and assist with quality reviews. In
addition, STARS LETS allows for the creation and tracking of congressional activities between
USCIS and congressional offices.
STARS LETS offers three options to create an inquiry – manually through the web
option, automatically, or through the Congressional Web Portal. Congressional inquiries
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 54
received by mail, fax, or phone call by members of Congress and their staff are created manually
by using the web option to input information about the inquiry.
For inquiries that are submitted via email, users can create the inquiry automatically by
tracking the email from Microsoft Outlook into STARS LETS by using auto-create mechanism.
Auto-create copies the content of emails from Outlook and converts it into an inquiry in STARS
LETS. This process is initiated by the user from Microsoft Outlook. The auto-create only
processes emails from users that have active licenses in STARS LETS.
The third option to create an inquiry is through the Congressional Web Portal.
53
The
Congressional Web Portal is a web form where members of Congress and their staff can submit
immigration related inquiries from their constituents for USCIS staff review. The Congressional
Web Portal captures limited information from the congressional office and information about the
constituent related to an immigration related issue and is directly submitted from the
Congressional Web Portal into STARS LETS. Once the form is submitted by the congressional
staffer, they will receive a system generated email with a tracking number that memorializes that
the inquiry was submitted. Security protocols are implemented in the Congressional Web Portal
to ensure that no PII that is entered by a member of Congress or congressional staff into the form
on the USCIS’ congressional website is visible or accessible to anyone other than the staff
member who inputs the information. No PII is stored on the Congressional Web Portal. STARS
LETS will continue to be the system of record for all congressional inquiry information, and the
place where all the congressional inquiry information is stored for the period of required record
retention. Access to the Congressional Web Portal is limited to members and staff of the U.S.
House of Representatives and U.S. Senate offices by only allowing submissions from
government-issued email addresses (i.e., a ‘.gov’ email address).
This new enhancement will improve upon OLA’s ability to handle congressional
inquiries as it will cut down on data entry and ensure uniformity of data input into STARS LETS
since a form structures the received data in a way that makes it easier to handle and respond to.
In addition, this new method of submitting congressional inquiries to USCIS is more secure than
the current email-based method, as the entire transaction is on USCIS servers and behind the
DHS firewall.
Privacy Risk: There is a risk that PII may be inadvertently collected through the auto-
created copies of emails processed that STARS LETS does not need or intend to collect.
Mitigation: This is mitigated. The auto-copies process remains largely manual currently
and received emails are visually scanned to scrub unneeded data before it is uploaded to STARS
53
Privacy Releases, which are signed by constituents permitting USCIS to release their records to the
Congressperson, are typically collected from Congress at this point via the portal, unless they indicate that they are
awaiting receipt from the constituent or leveraging an existing release. There is a field in the portal to indicate the
status of the Privacy Release.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 55
LETS. Also, OLA limits access to the STARS congressional mailbox to the Service Desk team
and OLA Product Owner. Lastly, all emails in the STARS congressional mailbox are set to
automatically be deleted after 30 days.
STARS LETS ECN Site
OLA has an ECN site with two repositories used by the five divisions mentioned below.
The general OLA ECN site is used to house programmatic guidance, templates, training
materials, and various reference documents for those USCIS employees who are part of the
Congressional Liaison Corps. There is no PII collected or maintained in this ECN site.
The STARS LETS ECN site is used as a separate and secure repository with restricted
access for storing copies of confidentiality and privacy releases (third-party consent forms) and
other supporting documents, such as receipt notices from USCIS that are associated with STARS
LETS records. Each congressional inquiry in STARS LETS has a corresponding folder in the
STARS LETS ECN site that contains these documents for tracking and record-keeping purposes.
For context, USCIS follows the legal requirement that a written, signed, and notarized privacy
release, or one made under penalty of perjury
54
and/or written waiver of any immigration
specific confidentiality provisions, be obtained from the applicant or petitioner before any
information is released. Privacy releases should be obtained for all cases where OLA
Congressional Liaisons are providing case related information, such as case status. Any requests
for complete A-files should be handled through the Freedom of Information Act (FOIA) process.
In addition, USCIS will only accept a privacy release that specifies the release of information to
a specific congressional office. If there are any additional recipients authorized to receive the
information other than a specific congressional office, then USCIS will not accept that privacy
release. This policy is for the protection of not only the applicants and petitioners, but also
USCIS, the congressional offices, and their staff. The USCIS policy on dissemination of
information will help ensure that information is provided only to the congressional office which
requested it on behalf of its constituent and not to individuals or organizations which may be
seeking the information unlawfully.
55
System Access:
Access to the OLA ECN site is controlled only by the OLA employee site
administrator/owner(s). However, some divisions may assign a site facilitator. Individuals
requiring access to a site containing PII/SPII must request access through the site administrator
or site facilitator. The site administrator reviews the request, obtains supervisory verification that
the employee has a valid “need-to-know,” and only then is the employee granted access to the
site. Access to the STARS LETS ECN site is restricted, requires administrator approval, and
54
See 28 U.S.C. § 1746.
55
See 28 U.S.C. § 1746.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 56
authorized access is limited to only employees with an official “need-to-know” and that have
also been granted access to the STARS LETS.
Sources of Information:
The information maintained in the STARS LETS ECN site comes from the privacy
release forms and other communication with congressional staffers such as email, fax, and phone
calls.
Data Elements and Individuals Impacted:
Member of Congress:
• Name;
• Work telephone number;
• Work e-mail address;
• Work office address;
• State/district represented;
• Term start/end Date (year);
• Next election date (year);
• Political party; and
• Committee membership.
Congressional office staffers:
• Name;
• Work telephone number;
• Work e-mail address; and
• Member of Congress.
Constituents:
• Name;
• Date of birth;
• A-number (if applicable);
• Receipt number (if applicable);
• STARS LETS Congressional Web Portal (CWP) system-generated inquiry number; and
• And any other case specific information related to the inquiry.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 57
USCIS employees:
• Name;
• USCIS Office (worksite);
• USCIS Email address; and
• Phone and fax number.
SORN(s):
• DHS/ALL-002 Department of Homeland Security (DHS) Mailing and Other Lists
System,
56
which covers the use, collection, and storage of contact information included in
the congressional inquiries;
• DHS/ALL-004 General Information Technology Access Account Records (GITAAR),
which covers employee access to STARS LETS;
57
• DHS/ALL-016 Correspondence Records,
58
which covers the use, collection, and
maintenance of congressional inquiries; and
• DHS/USCIS/ICE/CBP-001 Alien File, Index, and National File Tracking System,
59
which covers the information maintained in an individual’s A-File. Additionally, Routine
Use B, covers the use, collection, and storage of applicant information shared with a
congressional office in response to an inquiry from that congressional office made at the
request of the individual to whom the record pertains.
Record Retention Period:
Information processed in STARS LETS to include documents are kept for a minimum of
5 years from the date of creation and comply with the Administrative Records Retention
Schedule N1-85-91-01.
56
See DHS/ALL-002 Department of Homeland Security (DHS) Mailing and Other Lists System, 73 FR 71659
(November 25, 2008), available at https://www.dhs.gov/system-records-notices-sorns
.
57
See DHS/ALL-004 General Information Technology Access Account Records (GITAAR), 77 FR 70792
(November 27, 2012), available at https://www.dhs.gov/system-records-notices-sorns
.
58
See DHS/ALL-016 Correspondence Records, 83 FR 48645 (September 26, 2018), available at
https://www.dhs.gov/system-records-notices-sorns
.
59
See DHS/USCIS/ICE/CBP-001-Alien File, Index, and National File Tracking System of Records, 82 Fed. Reg.
43556 (September 18, 2017), available at https://www.dhs.gov/system-records-notices-sorns
.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 58
Appendix I –
Identity and Information Management Division (IIMD)
Program/System:
Immigration Records and Identity Services (IRIS), Identity and Information Management
Division (IIMD) ECN Site
Purpose and Use:
Background:
The mission of IIMD is to provide policy and guidance for an ecosystem of over 100
million immigration records. IIMD will use the ECN as a business tool for document and project
management, and reporting dashboards. Some pages enable users to perform functions, such as
approve documents, complete, and submit forms, post announcements, and add calendar events.
IIMD will utilize the ECN to streamline the information sharing internally across branches and
externally to other offices within USCIS. The implementation of ECN provides effective
communication among the Branches, allowing for a singular copy of the information and access
on a “need-to-know” basis. IIMD’s goal is to facilitate knowledge management and share in a
useful and accessible format.
The IIMD ECN is comprised of libraries. The purpose of each library is to store and
share types of documents. Source of data, rights, and site administrator oversight for these sites
are addressed later in this appendix.
IIMD consists of the following Branches:
1. Business Operations Integration Branch (BOIB);
2. International and Interagency Information Sharing Branch (IISB);
3. Data and Information Governance Branch (DIGB);
4. Communication and Training Branch (CATB);
5. Policy and Analysis Branch (PAB);
6. Systems Integration and Modernization Branch (SIMB);
7. Resource Management Branch (RMB); and
8. Strategic Planning and Programming Office (SPPO).
Each Branch has a page on the IIMD ECN site dedicated to information sharing specific
to their Branch. Each Branch is responsible for maintaining the information placed on their ECN
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 59
page and ensuring the information is accurate and does not contain PII or SPII, unless
specifically authorized.
Business Operations Integration Branch (BOIB) ECN Page
The Business Operations Integration Branch will function as the primary conduit to field
operations. Current operational guidance will be communicated to the field through the
development of a community of practices and a copy of the box list (no non-citizen names are
listed). The box list includes a complete accounting of the A-Numbers stored in each box and the
electronic box list is submitted to the National Archives and Records Administration.
60
The
Records Officer’s staff prints the documents and places them in a folder; folders are labeled by
noting the transfer number and office name and are maintained in a locked file cabinet by fiscal
year. It is cost-effective for USCIS to start moving toward a paperless environment by creating
more electronic records. IIMD moved to Camp Springs, MD during the 2020 summer and there
is limited space to store paper records.
The Business Operations Integration Branch moves electronic records from a shared
drive to the existing ECN site. The goal is to store electronic copies of the A-Number box
list/manifest in a document library that has been created on the IIMD’s ECN site under the
Business Operations Integration Branch ECN site.
Due to the SPII on the box list, there will be restrictions on which USCIS employees will
have access to the library. Besides the site administrator, three individuals in IIMD will have
access to the library. The document library will be password protected, and only USCIS
employees with a need to know will have access.
Since the A-Numbers are part of the A-File, there might be a need to reference the box
list that will be maintained on the ECN site until the end of the A-File’s life cycle. The end of the
life cycle is when the A-File has met its 100-year retention and is permanently transferred to the
National Archives and Records Administration.
Business Operations Integration Branch staff will also be using the ECN site to store
various documents that include the following, but no PII or SPII is maintained. Documents could
include:
• File plans;
• Federal Records Center (FRC)
61
retirement examples for USCIS customers;
60
This accounting is provided via a manifest that only shows a range of A-file numbers within the box (e.g.,
Electronic A-Number Orders - A101 600 000 - A101 600 099 and A105 400 100 - A105 499 999).
61
The National Archives and Records Administration’s (NARA) Federal Records Center (FRC) are locations where
federal records are permanently stored.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 60
• Retention schedules to be referenced by USCIS customers when considering retirement
of records;
• Quick reference guides;
• Action items trackers;
• Site evaluation calendar for Business Operations Integration Branch staff;
• Records monitoring reports; and
• Records management best practice guides.
The Business Operations Integration Branch supports IIMD’s objective of strengthening
information sharing community of best practices (Communications and Knowledge
Management) and subsequent distribution of guidance and operational records management
support. Liaison Officers will be in regional offices to provide onsite support and serve as a
liaison to Policy and Modernization efforts.
Core Functions:
1. Develop a Communications and Knowledge Management center with embedded field
assets (Records Officer Liaisons) to better understand, analyze and evaluate root causes
of issues and provide solutions through effective policy, project plans and resources, and
by developing and perpetuating a community of best practices;
2. Project management to effectively execute solutions for the field (File Control Office
(FCO) alignment, partnership with external agencies, internal relations with sister
program elements);
3. Project development to address information and hybrid records management processes
(e.g., FCO project; Records Management Contracts; A-File decentralization project-
business rules);
4. Primary conduit to the National Records Center, National Archives and Records
Administration, and all other records lifecycle process partners; and
5. Business process management.
International and Interagency Information Sharing Branch:
The International and Interagency Information Sharing Branch will serve as USCIS’s
primary conduit to external USCIS partners to improve interoperability of identity and
immigration information systems and processes and provide historical expertise to USCIS and
the public. This branch supports IIMD’s objective of strengthening information sharing
agreements and partnerships in support of person centric identity management by engaging with
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 61
international and interagency stakeholders to establish and implement information sharing
agreements and improve processes that support the secure exchange of person centric identity
and immigration information.
Core Functions:
1. Building and maintaining strategic relationships with key external stakeholders, to
include interagency and foreign partners;
2. Serving as the home of USCIS’s professional historian and institutional library; and
3. Establishing agreements with all immigration network partners.
The International and Interagency Information Sharing Branch staff uses the ECN site to
store various documents that include the following:
• Memoranda of Understanding (MOUs) and other information sharing agreements;
• Organizational chart;
• Project plans and quarterly charts;
• Tracking sheets;
• Operations assessments and memos;
• Calendar;
• Integrate project teams or working groups (USCIS employee/contractor names);
• Meeting minutes;
• Policy documents (for group edits);
• International and Interagency Information Sharing Branch updates; and
• Employee contact list.
Data and Information Governance Branch:
The Data and Information Governance Branch will serve as the agency’s steward of
identity and operational immigration information governance. This Branch supports IIMD’s
objective of establishing a data governance framework to enhance and preserve the integrity of
immigration information by governing, defining, and classifying source information; analyzing
processes; and executing projects to improve data quality and integrity.
Core Functions:
1. Development of a Data Integrity and Resolution Strategy;
2. Creation and synchronization of a data governance framework; and
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 62
3. Automation of current manual data resolution/systems update activities.
The Data and Information Governance Branch staff will be using the ECN site to store
various documents that include the following, but no PII or SPII is maintained:
• Data governance documents; and
• Data analyses documents.
Communication and Training Branch (CATB):
The Communication and Training Branch will serve the premiere source of training
through a robust multi-modal training delivery methodology centered on a virtual learning
management platform and immigration information manager role certification program.
Curriculum will be developed to map to records management and IM roles and responsibilities
sensitive to identified areas of need (partially identified by systems, policy analysts and field
liaisons). The Branch will also be responsible for standardizing and ensuring responsive and
timely communication of initiatives, policy changes, or capabilities managed by the division.
Core Functions:
1. Develop and maintain an information management certification program with associated
curriculum addressing core competencies for job roles and systems training;
2. Develop a modernized virtual training platform with relevant training, communication,
and information;
3. Integrate policy, modernization efforts, community of best practices, and historical
immigration information operations in targeted, engaging, relevant and effective training
and standardized communication to the field;
4. Develop content and delivery methods to the field through all communication modes
(e.g., Records Forum, electronic content delivery, etc.); and
5. Certify Records Instructors to represent IIMD & Immigration Records and Identity
Services as the definitive source for immigration information management.
Communication and Training Branch staff use the ECN site to store various documents
that include the following, but no PII or SPII is maintained:
• Links to the fiscal year’s training schedule;
• Links to register for training and records course information;
• Training material for USCIS personnel that are assigned to perform records functions;
• Links to training manuals and job aids to help personnel who are assigned to perform
their records functions;
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 63
• Train-the-trainer training plan
62
;
• Links to training mailbox; and
• Links to virtual class schedule.
Policy and Analysis Branch:
The Policy and Analysis Branch will be responsible for the development of USCIS’s
Records Management policies. The Branch will also be USCIS’s centralized agreements
manager for data sharing with partner agencies and develop forward thinking guidance,
adaptable to the changing electronic environment. The Branch will also analyze reports and
relevant data to identify root causes of issues from the field to integrate enterprise policy
solutions. The Branch will also serve as the primary conduit to external agency partners, such as
the Department of State, Custom and Border Protection, and Immigration and Custom
Enforcement.
Core Functions:
1. Identify root causes and conducting data analysis using Statistical Analysis Software
(SAS),
63
Standard Management Analysis and Report Tool (SMART),
64
and other
analytical tool management for enterprise policy, technical, or training solutions;
2. Create centralized and standardized reporting mechanisms (across the enterprise) to
analyze performance gaps and propose policy solutions;
3. Solidify agreements with all relevant parties in the intake, management and sharing of
immigration information that include Service Level Agreements (SLA), Memorandum of
Understandings (MOU), Memorandum of Agreements (MOA); and
4. Liaise with USCIS’ Office of Policy & Strategy, Office of the Chief Counsel, and Office
of Privacy.
62
Train the trainer is a process or a model in which a person or a group passes on the skills, knowledge, and abilities
of course work to others so they may become educators, coaches, tutors, mentors, etc., to disseminate information,
material, and skills to others. Train the trainer skills are expected to help prepare the instructors within an
organization to convey all information effectively. Train the trainer is also a program designed to equip participants
with both the abilities and confidence needed to train others, and to understand best practices for training design,
delivery, and evaluation.
63
Statistical Analysis Software (SAS) is a statistical software suite developed for data management and advanced
analytics to facilitate creating reports and management decision-making.
64
The Standard Management Analysis and Reporting Tool (SMART) is a web-based reporting and analytics tool
that allows access to many data sets from source USCIS systems. SMART extracts data from multiple USCIS
records management systems and organizes and displays this data in pre-built standard dashboards and reports to
assist in management decision-making. See U.S. DEPARTMENT OF HOMELAND SECURITY, UNITED
STATES CITIZENSHIP AND IMMIGRATION SERVICE, PRIVACY IMPACT ASSESSMENT FOR THE
STANDARD MANAGEMENT ANALYSIS REPORTING TOOL (SMART), DHS/USCIS/PIA-050, available at
https://www.dhs.gov/uscis-pias-and-sorns
.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 64
Policy and Analysis Branch staff will be using the ECN site to store various documents
that include the following, but no PII or SPII is maintained:
• The Records Policy Manual that is the official policy governing immigration information
management that serves a guidance for the Branches and USCIS field offices;
• The Records Management Best Practices Guide provides recommendations on local
operational procedures that can assist offices;
• Other best practice guides;
• A “Frequently Asked Questions” reference document that provides guidance on missing
and lost files;
• Service level agency agreements;
• Guidance regarding classified files;
• Guidance on the proper use and control of A-Files and other immigration-related records;
and
• Customer service via the Records Policy Manual emails inbox to respond to USCIS
employees request for information.
Systems Integration and Modernization Branch:
The Systems Integration and Modernization Branch is responsible for information
management enterprise planning, modernization, and integration of systems and operations
efforts. The team will synchronize and integrate the staff aligned with larger Immigration
Records and Identity Services priorities of effort, through development of technical and
systematic capabilities. The Branch will ensure that IIMD’s systems and operations are in
alignment for immigration information management to achieve Immigration Records and
Identity Services goals and objectives to be the source of trusted immigration information.
Core Functions:
1. Lead initiatives to move away from form-based decision making to immigration
information and data-based decisions and processing, such as Person Centric Identity
Management.
2. Implement technical solutions for immigration information management (system
streamlining efforts, technical capability for A-File decentralization; Content
Management System; Person Centric and E-Processing foundations; data integration
solutions)
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 65
3. Drive system development through integration of business requirements for Immigration
Information
4. Project management and synchronization efforts to capitalize on synergies across systems
and technical efforts with a holistic enterprise view
5. Advise on system capabilities to potentially shape policy and business processes in the
most efficient and effective delivery of information to internal and external agency
partners.
The Systems Integration and Modernization Branch staff and associated developers use
the ECN site to store various documents related to the Person Centric Identity Services (PCIS)
machine learning initiative that will include PII and/or SPII within password protected
spreadsheets. The goal of PCIS is to improve how USCIS acquires, stores, manages, shares, and
uses person data to make the data accessible and usable to support USCIS processing and
decision-making activities. During the project, USCIS will be working to label and validate the
data fields within the spreadsheets. This involved the review of approximately 6,000 records.
Please note that a separate PCIS initiative PTA has been adjudicated by DHS Privacy to ensure a
detailed privacy analysis of the new initiative was conducted.
Only a limited number of USCIS employees with role-based access have access to the
information stored within the password protected spreadsheets. The PCIS initiative spreadsheets
only use and include the following data elements of PII/SPII:
• First name;
• Last name;
• Date of birth;
• Country of birth;
• Social Security number;
• Mother’s name;
• Father’s name;
• Gender; and
• Source system (e.g., Central Index System2 (CIS2),
65
Customer Profile Management
System (CPMS)
66
).
65
Central Index System2 (CIS2) is a large, centralized database containing summary data about the existence and
status of most aliens known to USCIS, the location of their A-Files, and the location of other information pertaining
to an alien in other mission-orient databases. See U.S. DEPARTMENT OF HOMELAND SECURITY, UNITED
STATES CITIZENSHIP AND IMMIGRATION SERVICE, PRIVACY IMPACT ASSESSMENT FOR THE
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 66
This data has already been collected by USCIS and is stored within CIS2, CPMS, and
case management systems (e.g., Electronic Immigration System (ELIS) 2,
67
Computer Linked
Application Information Management System 3 Local Area Network (CLAIMS3 LAN),
68
Global,
69
Camino
70
). IIMD needs to use live production data to assist in the development and
training of machine learning models to support the adjudication process. All machine learning
models development activities will occur outside of the ECN Site. The ECN Site will only be
used to store the spreadsheet containing small subsets of the production data (specific data
elements listed above), which are retained as needed to fulfill a business purpose but no longer
than a year.
Resource Management Branch:
The Resource Management Branch is responsible for personnel functions, facilities
management, and logistics. The Branch will use the ECN site to collaborate with the Division
Branch chiefs regarding the number of Resource Management Branch requests, which consist of
Immigration Records and Identity Services tracking issues. The Branch also uses the ECN site to
CENTRAL INDEX SYSTEM, DHS/USCIS/PIA-009, available at https://www.dhs.gov/uscis-pias-and-sorns.
66
Customer Profile Management System (CPMS) serves as the repository of all biometric data in USCIS. The
primary function of CPMS is to provide USCIS with the capability to store and reuse biometric images and
biographic information about USCIS applicants. This allows USCIS to obtain a person-centric view of interactions
between an individual and USCIS. See U.S. DEPARTMENT OF HOMELAND SECURITY, UNITED STATES
CITIZENSHIP AND IMMIGRATION SERVICE, PRIVACY IMPACT ASSESSMENT FOR THE CUSTOMER
PROFILE MANAGEMENT SYSTEM, DHS/USCIS/PIA-009, available at
https://www.dhs.gov/uscis-pias-and-
sorns.
67
USCIS operates ELIS to serve as an internal case management system for electronically filed benefit request
forms and certain paper forms along with providing services and system interconnections. ELIS is an end-to-end
digital case processing ‘system-of-services’ that offers a seamless user experience for USCIS employees to perform
highly complex processing and adjudicative tasks. See U.S. DEPARTMENT OF HOMELAND SECURITY,
UNITED STATES CITIZENSHIP AND IMMIGRATION SERVICE, PRIVACY IMPACT ASSESSMENT FOR
USCIS ELIS, DHS/USCIS/PIA-0060, available at https://www.dhs.gov/uscis-pias-and-sorns
.
68
The CLAIMS 3 LAN provides USCIS with a decentralized, geographically dispersed LAN-based mission support
case management system. CLAIMS 3 LAN tracks the receipting of applicant/petitioner remittances and produces
notices documenting the remittance. See U.S. DEPARTMENT OF HOMELAND SECURITY, UNITED STATES
CITIZENSHIP AND IMMIGRATION SERVICE, PRIVACY IMPACT ASSESSMENT FOR THE COMPUTER
LINKED APPLICATION INFORMATION MANAGEMENT SYSTEM, DHS/USCIS/PIA-015, available at
https://www.dhs.gov/uscis-pias-and-sorns
.
69
Global a case management system operating in a cloud-based environment to serves as the primary information
technology system for the administration of affirmative asylum cases and supports USCIS in the screening of
individuals during applicant interviews. Global also tracks asylum cases as they progress from application filing
through final determination/decision or referral to the U.S. Immigration Courts.
70
Case and activity Management for International Operations (CAMINO) is a system that supports the Refugee,
Asylum, and International Operations Directorate (RAIO). CAMINO is a secure, web-based, case management
application designed to facilitate the effective and efficient processing of immigration applications and petitions
received and/or adjudicated by overseas offices and domestic branches of USCIS RAIO. See U.S. DEPARTMENT
OF HOMELAND SECURITY, UNITED STATES CITIZENSHIP AND IMMIGRATION SERVICE, PRIVACY
IMPACT ASSESSMENT FOR THE CASE AND ACTIVITY MANAGEMENT FOR INTERNATIONAL
OPERATIONS (CAMINO), DHS/USCIS/PIA-009, available at https://www.dhs.gov/uscis-pias-and-sorns
.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 67
provide comprehensive administrative and subject matter expertise support in the areas of human
capital (workforce development, Labor Employee Relations (LER), recruitment, classification,
etc.), logistics, finance, and asset management. The Branch will also be responsible for special
programs, such as campaigns, safety, and Continuity of Operations Plan (COOP).
Core Functions:
1. Human capital management, LER management and support, performance management,
staffing, classification, recruitment, retention, workforce development, on-boarding
processes, training expertise;
2. Special Programs and campaigns, events, employee engagement (e.g., team and morale
building);
3. Financial Management, spend plan formulation expertise, budget execution, procurement
and acquisition operations (developmental for managers);
4. Asset management, automation, equipment, property, facilities; and
5. Safety, WebTA, travel management, and other administrative functions.
Resource Management Branch staff will use the ECN site to store various documents that
include the following:
• Employee first and last name
• Employee USCIS email addresses;
• Employee clearance level;
• Employee phone number;
• Employee date of birth; and
• Employee home address.
Note: The site ECN administrator grants employees access to the Resource Management
Branch ECN site based on supervisor request. This page is not visible to everyone as access must
be requested and approved.
Strategic Planning and Programming Office (SPPO):
The Strategic Planning and Programming Office’s Mission is to provide strategic
direction for the Identity and Information Management Division (IIMD) via the creation of
Strategic plans, road maps, and milestone schedules. SPPO will achieve this by creating multi-
year and annual high-level plans that provide an integrated vision for IIMD (ex. biometrics,
content, and identity) and multi-year and annual plans for major IIMD systems (ex. PCIS). SPPO
also engages in creating change management approaches into the overall strategy designs, to
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 68
ensure successful implementations and outcomes.
Core Functions:
• Creating Strategic Plans;
• Creating Program Roadmaps;
• Creating Engagement Strategies that include Change Management Plans;
• Managing Contract management documentation; and
• Incorporating Strategic Plans and Program Roadmaps into System Roadmaps.
Strategic Planning and Programming staff will utilize the ECN site to store various
documents that include the following, but limited to no PII is maintained:
• Strategic Plans;
• Program Roadmaps;
• Engagement Strategies & Change Management Plans; and
• Contract management documentation (note: may contain full names of contracted
corporate senior officers, contract company name, corporate HQ address).
System Access:
Access to the IIMD ECN is controlled by the site administrator that controls the
permissions given to access the sites. However, each Branch is assigned to a site facilitator.
Individuals requiring access to a site containing PII/SPII must request access through the site
administrator. The site administrator reviews the request, obtains supervisory verification that the
employee has a valid need to know, and only then is the employee granted access to the site. Site
administrators for the IIMD’s sites must adhere to the USCIS ECN Government policies.
Sources of Information:
Please note, this data was previously collected and stored within CIS2, CPMS, and case
management systems (e.g., ELIS, C3, C4, Global, Camino). Because IIMD needs to use live
production data to assist in the development and training of machine learning models to support
the adjudication process the data set contained on the spreadsheet is not being filtered to remove
special protected class data such as those protected by Section 1367 or Section 208.6. While
IIMD is not actively seeking information on these populations, it may be included within the
system data extracts. IIMD incorporated a SPC warning banner on the ECN Site Page to ensure
appropriate protections are applied in case SPC data is included within the data extract.
Data Elements and Individuals Impacted:
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 69
Members of the Public (U.S. Persons (U.S citizens or lawful permanent residents) and non-
U.S. Persons)
• First and last name;
• Date of birth;
• Country of birth;
• Social Security number;
• Mother’s name;
• Father’s name;
• Gender; and
• Source system (e.g., Central Index System 2, Customer Profile Management Service,
Case Management).
USCIS employees/contractors:
• Employee full name;
• Employee clearance level;
• Work phone number;
• USCIS email address;
• Home address;
• Home phone number; and
• Date of birth.
PIAs:
• DHS/ALL/PIA-059 DHS Employee Collaboration Tools,
71
which covers the agency’s
use of SharePoint.
• DHS/USCIS/PIA-083 USCIS Enterprise Collaboration Network, which covers the use
and collection of information maintained on the ECN site.
SORN(s):
71
See U.S. DEPARTMENT OF HOMELAND SECURITY, PRIVACY IMPACT ASSESSMENT FOR THE DHS
EMPLOYEE COLLABORATION TOOLS, DHS/ALL/PIA-059 (2017), available at
https://www.dhs.gov/privacy-
documents-department-wide-programs.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 70
• DHS/ALL-004 General Information Technology Access Account Records (GITAAR),
which covers employee access to the restricted IIMD ECN pages;
72
• DHS/ALL-002 Department of Homeland Security (DHS) Mailing and Other Lists
System,
73
which covers the use, collection, and storage of contact information for
processing and management of contracts;
• DHS/ALL-021 Department of Homeland Security Contractors and Consultants,
74
which
covers the collection and maintenance of records on DHS contractors and consultants.
• DHS/ALL-016 Correspondence Records,
75
which covers the use, collection, and
maintenance of congressional inquiries; and
• DHS/USCIS/ICE/CBP-001 Alien File, Index, and National File Tracking System,
76
Routine Use B, which covers the use, collection, and storage of applicant information
shared with a congressional office in response to an inquiry from that congressional
office made at the request of the individual to whom the record pertains.
Record Retention Period:
Information used and stored in the IIMD ECN Site are kept in accordance with each
Branche’s business needs and follows the specified records retention schedule(s) for the
information used for each category type:
• Internal administrative accountability and operational management control records
(DAA-GRS-2017-0008). These records are temporary – Destroy 1 year after submission
or when superseded, as appropriate, but longer retention is authorized if required for
business use.
• Employee Management Records (DAA-GRS-2017-0007). These records are temporary -
Destroy when 3 years old, but longer retention is authorized if required for business use.
• Public Customer Service Records (DAA-GRS-2017-0002). These records are temporary -
Destroy 1 year after resolved, or when no longer needed for business use, whichever is
appropriate.
72
See DHS/ALL-004 General Information Technology Access Account Records (GITAAR), 77 FR 70792
(November 27, 2012), available at https://www.dhs.gov/system-records-notices-sorns
.
73
See DHS/ALL-002 Department of Homeland Security (DHS) Mailing and Other Lists System, 73 FR 71659
(November 25, 2008), available at https://www.dhs.gov/system-records-notices-sorns
.
74
See DHS/ALL-021 Department of Homeland Security Contractors and Consultants, 73 FR 63179, (October 23,
2008)
available at https://www.dhs.gov/system-records-notices-sorns.
75
See DHS/ALL-016 Correspondence Records, 83 FR 48645 (September 26, 2018), available at
https://www.dhs.gov/system-records-notices-sorns
.
76
See DHS/USCIS/ICE/CBP-001-Alien File, Index, and National File Tracking System of Records, 82 Fed. Reg.
43556 (September 18, 2017), available at https://www.dhs.gov/system-records-notices-sorns
.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 71
Appendix J –
IRIS Directorate/National Records Center
Form G-1566 Request for a Certificate of Non-Existence
Program/System:
IRIS Directorate/ National Records Center (NRC) Form G-1566 Request for a Certificate of
Non-Existence (CNE)
Purpose and Use:
Background.
Form G-1566 Request for a Certificate of Non-Existence documents USCIS
determination whether naturalization records exist on an individual. USCIS receives requests
from individuals globally seeking to determine whether U.S. naturalization records, official
actions, or agency decisions exists on themselves or individuals that they represent. They may
also seek records for genealogy tracing and litigation purposes. Additionally, certain foreign
governments require individuals provide a CNE as part of their process for naturalizing in that
country. It is necessary to verify the authenticity of official USCIS records by attesting to the
nonexistence of an official file, document, or record relating to an individual. The instrument
used in such cases is the CNE.
USCIS will use the information collected on Form G-1566 to conduct searches of the
agency’s electronic and physical records to determine whether the subject of record listed on
Form G-1566 was naturalized as a U.S. citizen. If no record for the subject of record exists,
USCIS will provide a CNE of naturalization as a U.S. citizen for the listed subject of record.
Form G-1566, Request for a Certificate of Non-Existence
Form G-1566 will be available via the USCIS website at https://www.uscis.gov/forms/all-forms.
The form can be completed and saved electronically, but must be printed, signed, and mailed to
USCIS. Currently, the form is not available for electronic completion and submission.
Relative IT System
Upon receipt of the request, USCIS processes and stores the request in the following system:
1. Microfilm Digitization Application System (MiDAS), DHS/USCIS/PIA-017(a);
77
USCIS conducts the records search within the following systems:
2. Central Index System 2, DHS/USCIS/PIA-009(b);
78
77
See U.S. DEPARTMENT OF HOMELAND SECURITY, U.S CITIZENSHIP AND IMMIGRATION
SERVICES, PRIVACY IMPACT ASSESSMENT FOR THE MICROFILM DIGITIZATION APPLICATION
SYSTEM (MiDAS), DHS/USCIS/PIA-017(a), available at: https://www.dhs.gov/uscis-pias-and-sorns
.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 72
3. Person Centric Query Service, DHS/USCIS/PIA-010
79
4. Computer Linked Application Information Management System (CLAIMS 3) Associated
Systems, DHS/USCIS/PIA-016(d);
80
5. USCIS Electronic Information System (ELIS)(c), DHS/USCIS/PIA-056;
81
6. Content Management Services (CMS), DHS/USCIS/PIA-079;
82
7. DHS ICE Enforce Integrated Database (EID), ENFORCE Alien Removal Module
(EARM);
83
and
8. U.S. Department of State Consular Consolidated Database (CCD).
84
System Access:
USCIS personnel have access to process, store, and search submitted requests in the relative IT
systems.
Sources of Information:
The information contained in the form can be provided by the individual applicant, legal
representative, or business entity. If a business entity submits the form, the only information
collected is business contact information. In addition, the form may be submitted by another
individual, entity, or organization that is not the individual applicant. The form may be submitted
by family members, business entities conducting citizenship or genealogy services, or others
requesting information on behalf of the record subject. The form may be completed via paper or
electronically.
78
See U.S. DEPARTMENT OF HOMELAND SECURITY, U.S CITIZENSHIP AND IMMIGRATION
SERVICES, PRIVACY IMPACT ASSESSMENT FOR THE CENTRAL INDEX SYSTEM (CIS)
DHS/USCIS/PIA-009(b), available at: https://www.dhs.gov/uscis-pias-and-sorns
.
79
See U.S. DEPARTMENT OF HOMELAND SECURITY, U.S CITIZENSHIP AND IMMIGRATION
SERVICES, PRIVACY IMPACT ASSESSMENT FOR THE PERSON CENTRIC QUERY SERVICE,
DHS/USCIS/PIA-010(a), available at: https://www.dhs.gov/uscis-pias-and-sorns
.
80
See U.S. DEPARTMENT OF HOMELAND SECURITY, U.S CITIZENSHIP AND IMMIGRATION
SERVICES, PRIVACY IMPACT ASSESSMENT FOR THE COMPUTER LINKED APPLICATION
INFORMATION MANAGEMENT SYSTEM (CLAIMS 3) AND ASSOCIATED SYSTEMS DHS/USCIS/PIA-
016(d), available at: https://www.dhs.gov/uscis-pias-and-sorns
.
81
See U.S. DEPARTMENT OF HOMELAND SECURITY, U.S CITIZENSHIP AND IMMIGRATION
SERVICES, PRIVACY IMPACT ASSESSMENT FOR THE USCIS ELECTRONIC IMMIGRATION SYSTEM
(USCIS ELIS), DHS/USCIS/PIA-056(c), available at: https://www.dhs.gov/uscis-pias-and-sorns
.
82
See U.S. DEPARTMENT OF HOMELAND SECURITY, U.S CITIZENSHIP AND IMMIGRATION
SERVICES, PRIVACY IMPACT ASSESSMENT FOR THE CONTENT MANAGEMENT SERVICES (CMS),
DHS/USCIS/PIA-079, available at: https://www.dhs.gov/uscis-pias-and-sorns
.
83
See U.S. DEPARTMENT OF HOMELAND SECURITY, U.S CITIZENSHIP AND IMMIGRATION
SERVICES, PRIVACY IMPACT ASSESSMENT FOR THE COMPUTER LINKED APPLICATION
INFORMATION MANAGEMENT SYSTEM (CLAIMS 4) UPDATE, DHS/ICE-PIA-015(b), available at:
https://www.dhs.gov/privacy-documents-ice
.
84
See U.S. DEPARTMENT OF STATE PRIVACY IMPACT ASSESSMENT FOR THE CONSULAR
CONSOLIDATED DATABASE (CCD), available at:
https://www.state.gov/privacy-impact-assessments-privacy-
office/.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 73
Data Elements:
Data Elements and Individuals Impacted:
Information collected from members of the public
85
includes but is not limited to:
• Full Name of the Record Subject;
• Other Names Used;
• Date of Birth (state whether it is an approximate date)
o Any Additional Dates the Subject may have used
• Country of Birth
• Date of Entry into the United States (state whether it is an approximate date)
• Alien Registration Number (A-Number or USCIS Number)
o Any Additional Numbers found on USCIS or the former Immigration and
Naturalization Service (INS) documents
• Spouse’s Full Name
• Children’s Full Name
• Requestor’s Full Name
• Number of Certificates of Non-Existence Requested
• Email Address
• Mailing Address
• Verification of Identity and Subject of Consent
• Declaration Under Penalty of Perjury
o Signature
o Date of Signature
• Notarized Affidavit of Identity
o Signature
o Date of Signature
• Signature of Notary
o Date of Signature
These documents do contain PII and may include the following data elements:
• A-number; and
• Any other numbers found on documents issued by USCIS or the former Immigration and
Naturalization Service (INS)
USCIS will use the information to conduct searches of the agency’s electronic and physical
records to determine whether U.S. naturalization records, official actions, or agency decisions
exists on themselves or individuals that they represent. Individuals will be notified by a Privacy
85
Members of the public is defined as U.S. citizens or lawful permanent residents and non-U.S. persons.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 74
Act Statement posted on the website where the individual obtains the form.
SORN Coverage:
• DHS/USCIS/ICE/CBP-001 Alien File, Index, and National File Tracking System of
Records, September 18, 2017, 82 FR 43556
86
, which covers information regarding the
transactions of an individual as he or she passes through the U.S. immigration.
• DHS/USCIS-007 Benefit Information System, October 10, 2019, 84 FR 54622
11
, which
covers the processing of immigrant and nonimmigrant immigration related requests.
• DHS/USCIS-012 Citizenship and Immigration Data Repository (CIDR), May 1, 2018, 83
FR 19082
12
, which covers information related to administering and processing benefit
requests for all immigrant and nonimmigrant requestors.
• DHS/ICE-011 Criminal Arrest Records and Immigration Enforcement Records
(CARIER) System of Records, October 19, 2016, 81 FR 72080
13
, which covers
ENFORCE Alien Removal Module (EARM) immigration enforcement records on
individuals maintained by ICE and shared with USCIS.
Records Retention Period:
Information (data and electronic images) pertaining to correspondence with the public and
government requestors is retained and disposed every six years in accordance with the National
Archives and Records Administration (NARA) General Records Schedule (GRS) 4.2, item 020.
DAA-GRS-2016-0002-0001. These are temporary records.
Records from operating a customer call center or service center providing services to the public
are disposed after 1 year after resolved, or when no longer needed for business use in accordance
with GRS 6.5, item 010. DAA-GRS-2017-0002-0001. These are permanent records.
Information contained in MiDAS is retained and disposed of 180 days after the recordkeeping
copy has been produced in accordance with the schedule, N1-566-06-2, approved by NARA in
March 2006. These are permanent records.
Information pertaining to the Certificate of Non-Existence of USCIS records (including the
original request and any documentation prepared by USCIS) are disposed of no sooner than 10
years from the date of record creation in accordance with DAA-0566-2017-0036-0001. There are
86
See DHS/USCIS/ICE/CBP-001 Alien File, Index, and National File Tracking System of Records, 82 Fed. Reg.
43556 (September 18, 2017), available at https://www.dhs.gov/system-records-notices-sorns
.
11
See DHS/USCIS-007 DHS/USCIS-007 Benefits Information System, 84 Fed. Reg. 54622 (October 10, 2019),
available at https://www.dhs.gov/system-records-notices-sorns.
12
See DHS/USCIS-012 Citizenship and Immigration Data Repository (CIDR), 83 Fed. Reg. 19082 (May 1, 2018),
available at https://www.dhs.gov/system-records-notices-sorns.
13
See DHS/ICE-011 Criminal Arrest Records and Immigration Enforcement Records (CARIER) System of Records,
81 Fed. Reg. 72080 (October 19, 2016), available at https://www.dhs.gov/system-records-notices-sorns.
Privacy Impact Assessment
DHS/USCIS/PIA-083 Enterprise Collaboration Network (ECN)
Page 75
temporary records.
Information obtained from other source systems is retained in accordance with their individual
NARA-approved records retention schedules.
Retention of data in the ECN SharePoint environment is consistent with the approved retention
schedule for the original data collection. Directorate Data Stewards destroy and archive records
in compliance with the records retention schedule associated with the systems of records the data
is derived or the schedule for the “type” of data being managed.
CNE Records are examined annually to determine their last use. Files beyond the 10-year cutoff
are destroyed by secure shredding (pulverizing) at the NRC. Systems that manage the incoming
requests are examined within six months and six years, respectively, in accordance with their
separate records controls schedules or per the GRS.
