Privacy Impact Assessment Updatefor theAir Cargo Security RequirementsNovember 12, 2008Contact PointVictor ParkerBranch Chief, Policy and Strategic Planning, Air CargoTransportation Security Administration(571) 227-3664Reviewing OfficialsPeter PietraDirector, Privacy Policy and ComplianceTransportation Security [email protected] Teufel IIIChief Privacy OfficerDepartment of Homeland Security(703) 235-0780

Privacy Impact Assessment UpdateTransportation Security AdministrationAir Cargo Security RequirementsPage 1AbstractThe Transportation Security Administration (TSA) is making several changes to its air cargo program thatinvolve the collection of personally identifiable information (PII) and the addition of new populations forwhich information will be collected. First, for TSA conducted security threat assessments (STAs) onindividuals participating in its air cargo programs, TSA is requiring the submittal of contact and employerinformation for all participants so TSA can contact the individual in the adjudication process. Second, TSAwill allow non-citizens who do not have an Alien Registration Number to provide a Form I-94Arrival/Departure number. Third, TSA is creating a new Certified Cargo Screening Program (CCSP),expanding the population of individuals who will need to provide PII for TSA-conducted STAs. A newautomated collection STA Tool will be deployed to support the collection of PII from the CCSP population.Fourth, TSA is updating the records retention schedule and redress processes applicable to all populationssubmitting PII for STAs under its air cargo programs. In accordance with Section 222 of the HomelandSecurity Act of 2002, TSA is issuing this update (PIA Update) to the Air Cargo Security Requirements PIApublished on April 14, 2006, to incorporate these changes. The April 14, 2006 PIA remains in effect to theextent that it is consistent with this update. This update should be read together with the 2006 PIA.IntroductionConsistent with the requirements established in the Implementing the Recommendations of the 9/11Commission Act (Pub. L. 110-53, 121 Stat. 266, 478, Aug. 3, 2007) (9/11 Act), TSA is developing asystem to screen 50 percent of cargo transported aboard passenger aircraft by February 2009 and 100percent of such cargo by August 2010.In accordance with air cargo regulations issued in 2006, 71 FR 30478 (May 26, 2006), TSA currentlyconducts security threat assessments on several categories of individuals. One category consists of certainindividuals who have, or are applying for, unescorted access to air cargo. Another category consists ofindividuals who are a sole proprietor, general partner, officer or director of an Indirect Air Carrier (IAC) oran applicant to be an IAC. An additional category consists of individuals who, in addition to havingunescorted access to cargo, also have responsibilities for screening cargo under 49 CFR parts 1544, 1546and 1548. The collection of PII from these individuals was described in an Air Cargo SecurityRequirements PIA dated April 14, 2006.To meet the 9/11 Act requirements, TSA is establishing a new voluntary CCSP under which TSA will certifyfacilities to screen cargo intended for transport on a passenger aircraft. Under this program, TSA-approvedvalidation firms will be used to assess the security of each certified cargo screening facility (CCSF). As partof the CCSP, TSA will collect personal data from specified CCSF personnel and validation firm personnel, asdescribed below.Reason for the PIA UpdateThis PIA Update discusses the expanded set of PII necessary to process the STAs for the population ofindividuals discussed in the April 14, 2006 PIA. It also provides express notice to all individuals in theCCSP who are required to undergo an STA. Additionally, the PIA Update provides notice of revised dataretention and redress policies applicable to all populations covered by TSA’s air cargo security programs.

Privacy Impact Assessment UpdateTransportation Security AdministrationAir Cargo Security RequirementsPage 2Unless otherwise noted, the information provided in the April 14, 2006 PIA remains in effect for allpopulations required to submit STA data under TSA’s air cargo security programs. This PIA Updateprovides a summary of key sections of the April 14, 2006 PIA for ease of understanding by the CCSPpopulation. Individuals are encouraged to read both the April 14, 2006 PIA and this PIA Update to have acomplete understanding of TSA’s privacy analysis of its PII collection activities for its air cargo securityprograms.Privacy Impact AnalysisThe System and the Information Collected and Stored within the SystemExpanded Data –In addition to the data elements discussed in the April 14, 2006 PIA necessary forcompleting the STA, TSA will now require all individuals requesting an STA to submit their daytimetelephone numbers and the names, addresses, and telephone numbers of the individuals’ employers. Thisinformation is very helpful in the adjudication process if the applicant has failed to submit completeinformation or TSA needs additional information to complete the STA. Adjudicators often contactapplicants by telephone with questions, and this typically saves time and expense for the applicant and TSAby facilitating immediate resolution of the issues.For non-U.S. citizens who do not have an Alien Registration Number, TSA will collect the Form I-94Arrival/Departure Number. For non-U.S. citizens, TSA must have either the Alien Registration Number orthe Form I-94 number to identify the immigration status of a non-citizen, including whether a non-citizenis working in the U.S. beyond his or her authorized stay. This collection allows for more accuratedeterminations of lawful immigration status, reducing potential risk to the air cargo supply chain andimproving the accuracy of the STA result.New Program – Under the CCSP, TSA will require STAs for the following categories of individuals (CCSPIndividuals): CCSP individuals with unescorted access to screened cargo. CCSP individuals performing or supervising screening. The senior manager or representative in control of the operations of a CCSF. Employees of validation firms supervising, performing, or assisting in validations. Security coordinators and their alternates of certified cargo screening facilities and validation firms.These individuals play important roles in securing cargo transported on passenger aircraft. TSA willconduct an STA to determine whether the individuals are ineligible or may pose a threat to national ortransportation security before allowing them to perform specified functions under the CCSP.TSA will use the STA Tool, a secure web tool, to facilitate the collection, processing, and retention of thefollowing information on all CCSP individuals on whom an STA is conducted:1. Legal name, including first, middle, and last; any applicable suffix; and any other names used.

Privacy Impact Assessment UpdateTransportation Security AdministrationAir Cargo Security RequirementsPage 32. Current mailing address, including residential address if different than current mailing address, andall other residential addresses for the previous five years and email address, if applicable.3. Gender.4. Date and place of birth.5. Social security number (SSN) 1 .6. Citizenship status and date of naturalization if the individual is a naturalized citizen of the UnitedStates.7. Alien registration number or Form I-94 Arrival/Departure Number, if the individual is not a U.S.citizen.8. Daytime phone number.9. Name, address, and telephone number of the individual’s employer.In addition to the information listed above, TSA may collect and maintain information that an individualchooses to submit in connection with an appeal of a TSA determination, such as letters from a prosecutor,documents from a board of pardons, police documents, or other relevant documents.In some cases, an individual may have successfully completed an STA conducted by another governmentagency, and this STA may be acceptable for the air cargo program. If the individual asserts completion of acomparable threat assessment in lieu of a new security threat assessment, the individual should submit thename of the program for which the comparable threat assessment was conducted and the date on which itwas completed.In the future, TSA may exercise its authority under 49 CFR part 1540 to require fingerprint-based criminalhistory records checks (CHRC) for individuals who work for CCSFs or TSA-approved validator’s, and whohave responsibility to screen cargo. TSA may require CHRCs to identify whether the individual has beenconvicted of a disqualifying crime, such as interference with air navigation, aircraft piracy, espionage, orany of the other enumerated crimes listed at 49 CFR § 1544.229(d). If TSA exercises this authority,individuals will have to provide fingerprints and associated biographic data to TSA to conduct CHRCs.Fingerprints may also be shared within the Department of Homeland Security (DHS) using DHS’s UnitedStates Visitor and Immigrant Status Indicator Technology (US-VISIT) Automated Biometric IdentificationSystem (IDENT) system in order to perform enhanced immigration checks.Uses of the System and the InformationThe uses of the system and information in support of the CCSP are consistent with the processes discussedin more detail in the April 14, 2006 PIA. The STA information is being collected to carry out TSA’sstatutory mandate to secure the air cargo supply chain. CCSF personnel and TSA-approved validators arecritical links in securing cargo transported in aircraft. TSA uses the information provided to conduct STAson TSA-approved validators and on employees and agents of CCSFs to determine whether they pose asecurity risk. STAs consist of checks of Federal terrorism, law enforcement, and immigration databases. Ifthe CHRC requirement is implemented, TSA may enroll fingerprint and associated biographic data withinDHS’s IDENT system. Finally, TSA may verify the accuracy of SSN with the Social Security Administration,with the consent of the individual.1Althoughprovision of one’s social security number is voluntary, failure to provide a social security number may result in delays orprevent completion of the security threat assessment.

Privacy Impact Assessment UpdateTransportation Security AdministrationAir Cargo Security RequirementsPage 4Individual information may be shared with third parties during the course of an STA or adjudication of awaiver or appeal, to the extent necessary to obtain information pertinent to the assessment or adjudicationof the applicant or in accordance with the routine uses identified in the system of records notice for theTransportation Security Threat Assessment System (T-STAS) DHS/TSA-002, November 5, 2005, 70 FR67731 System of Records Notice (SORN).RetentionThe following is an update to the records retention discussion provided in the April 14, 2006 PIA andapplies to all populations on whom an STA is conducted. Since that date, the National Archives andRecords Administration (NARA) has approved TSA’s schedule.TSA will retain the information in accordance with the National Archives and Records Administration(NARA) records schedule approved March 8, 2007, Transportation Threat Assessment and Credentialing.The approved NARA schedule contains the following dispositions: TSA will delete or destroy information contained in the Subject Database System one year after it isnotified by the airport that the individual’s credential or access privilege, which was granted basedupon the STA, is no longer valid. In addition, for those individuals who may originally haveappeared to be a match to a government watch list, but are later determined not to pose a threat totransportation or national security, retained information will be destroyed seven years aftercompletion of the STA, or one year after any credential or access privilege granted based on theSTA is no longer valid, whichever is longer. Information contained in the Subject Database System on individuals that are actual matches to agovernment watch list or otherwise pose a threat to transportation or national security, will bedeleted or destroyed ninety-nine years after completion of the STA, or seven years after TSA learnsthat the individual is deceased, whichever is shorter.Internal Sharing and DisclosureAs discussed in more detail in the April 14, 2006 PIA, information will be shared within DHS with thoseofficials and employees who have a need for the information in the performance of their duties. In theordinary course, information will be shared within TSA with the Office of Transportation ThreatAssessment and Credentialing (TTAC), Office of Intelligence in the event of a match or possible match,Office of Chief Counsel for enforcement action or other investigation, Office of Security Operations foroperational response and compliance inspection, and the Office of Transportation Sector NetworkManagement (TSNM) for program management. Information may also be shared with the TSA Office ofCivil Rights and Liberties, TSA Privacy Office, TSA Ombudsman, and TSA Legislative Affairs to respond tocomplaints or inquiries. All information will be shared in accordance with the provisions of the PrivacyAct, 5 U.S.C. § 552a. It is also expected that information will be shared with Immigration and CustomsEnforcement (ICE) and U.S. Citizenship & Immigration Service (USCIS) for immigration issues.TSA will also share fingerprints and associated biographic information with DHS’s IDENT system as part ofthe STA. Further information about IDENT can be found in the IDENT PIA publicly available on the DHSwebsite.TSA minimizes the potential privacy risks that personal information may be disclosed to unauthorizedindividuals using a set of layered privacy safeguards that include physical, technical, and administrative

Privacy Impact Assessment UpdateTransportation Security Administratio