Privacy considerations are integrated into CBP operations through its privacy compliance documentation, including Privacy Threshold Analyses (PTAs), Privacy Impact Assessments (PIAs), and Systems of Records Notice (SORN). The Privacy and Diversity Office (PDO) develops and updates all of CBP's privacy compliance documentation, in conjunction with DHS to assess all new, modified, or proposed programs, systems, technologies or rule-makings for privacy risks, and recommends privacy protections and alternative methods for handling personally identifiable information (PII) to mitigate privacy risks. PDO will also issue memoranda and directives to offer component offices detailed guidance on best practices to ensure privacy protections.
CBP shares data with other federal, state, local, and international law enforcement agencies who have authority to receive the data DHS pursuant to a routine use. Requests for CBP data from these entities can be made on an ad hoc basis or pursuant to an Information Sharing Access Agreement/Memorandum of Understanding by submitting a written request to the CBP Privacy Mailbox privacy.cbp@DHS.gov.
CBP PDO investigates reports of data breaches relating to individuals’ personally identifiable information from a CBP System of Records and provides guidance to individuals as well as DHS and CBP Systems Operations to mitigate and remediate potential vulnerabilities to PII exposed from this compromise, loss or unauthorized disclosure.
To ensure transparency of data collection and use throughout DHS/CBP, PDO contributes to a number of DHS Privacy reports to Congress, including an Annual Report, Quarterly Section 803 Reports, Data Mining Reports, and PNR Reviews.