DEPARTMENT OF TRANSPORTATION
Research & Innovative Technology Administration
PRIVACY IMPACT ASSESSMENT
International Freight Data System (IFDS)
Interfacing with U.S. Customs and Border Protection’s
Automated Commercial Environment and International Trade Data System
February 10, 2009
TABLE OF CONTENTS
Overview of Privacy Management Process
Personally Identifiable Information (PII) & IFDS
Why IFDS Collects PII
How IFDS Uses PII
How IFDS Shares PII
How IFDS Provides Notice and Consent
How IFDS Ensures Data Accuracy
How IFDS Provides Redress
How IFDS Secures PII
How Long IFDS Retains PII
System of Records
The U.S. Department of Transportation (DOT) has a variety of international missions that are carried out by its Operating Administrations (OAs). These missions have a direct impact on the movement of international shipments and include ensuring that international shippers comply with all Federal laws and regulations; developing statistics on and analyzing the transportation of international freight into, from and through the United States; and creating policies to facilitate the safe transportation of these goods.
To enhance these efforts, several DOT OAs are forming a partnership to create the International Freight Data System (IFDS), a jointly-shared database that will interface with the U.S. Customs and Border Protection’s (CBP) Automated Commercial Environment (ACE) program. DOT’s Research and Innovative Technology Administration (RITA) is leading the development and management of the IFDS interface. Other participating OAs include: the National Highway Traffic Safety Administration (NHTSA), the Maritime Administration (MARAD), the Federal Aviation Administration (FAA), the Pipeline and Hazardous Materials Safety Administration (PHMSA), the Federal Motor Carrier Safety Administration (FMCSA), and the Federal Highway Administration (FHWA). Access (review and use the information) to the IFDS will be limited to the statutory authority of each DOT OA.
DOT OAs will use both personally identifiable information (PII) and non-PII downloaded from ACE via a new Government-wide system called the International Trade Data System (ITDS) to perform a range of agency functions. The ITDS will automate the collection and dissemination of information needed to enhance the Federal Government’s international trade and commercial transportation missions and will do so via a secure, integrated, Government-wide interface. Implementation of the IFDS will bring DOT into compliance with the requirements of Section 405 of the Security and Accountability for Every Port Act (Pub.L. 109-347, 10/13/06). This law mandates participation in the ITDS by all Federal agencies that require documentation for clearing or licensing the importation or exportation of cargo, including DOT.
When fully implemented, DOT/RITA’s IFDS will use ACE and ITDS to provide certain participating OAs with access to critical transactional-level data on all international cargoes, carriers and crews entering, leaving or transiting the United States. This will include PII on members of the public who engage in international commerce and hold licenses, registrations and/or other certifications that Federal statutes authorize the Department of Transportation to monitor and/or regulate. As such, privacy management will be a critical component of the development of IFDS.
The IFDS is scheduled to deploy in 2009 and 2010. As it is developed, RITA will update the Privacy Impact Assessment to reflect additional system functionality and any impacts on the handling of PII by participating OAs. DOT OAs receiving data containing PII via IFDS, also will be preparing and publishing PIAs for their systems. In addition, CBP and non-DOT Participating Government Agencies (PGAs) will be performing and publishing separate PIAs for the information they receive from ACE and ITDS.
The IFDS will contain PII and non-PII received from ACE/ITDS on the members of the public who:
- engage in international commerce and hold licenses, registrations and/or other certifications that Federal statutes authorize DOT to monitor and/or regulate;
- own, ship or transport international shipments of hazardous materials – whether by import, export or in-transit;
- import motor vehicles or motor vehicle equipment subject to Federal motor vehicle safety standards;
In addition to transactional-level shipment and conveyance information on these movements into, from or across the United States, the IFDS will contain the following PII and non-PII:
- corporate and individual names and addresses, and corporate contact information including corporate telephone numbers and titles;
- license numbers and the issuing entities;
- electronic signatures and signatories’ name, title, related information and date of signature;
- travel document numbers and issuing countries;
- nationalities of commercial parties (e.g., conveyance owners and/or operators);
- dates of births for commercial operators and/or crew members; and,
- corporate and individual license/registration/certificate numbers and types of licenses/ registrations/certificates.
The IFDS will obtain PII and non-PII from ACE/ITDS in order to support the enforcement, analytical, modeling and policy responsibilities of several DOT OAs in the area of international commerce and shipping. The initial collection of PII will occur in ACE and then the PII will be shared across the Federal Government through the ITDS.
For DOT, PII from ACE/ITDS will be made available automatically on a monthly, weekly, or daily basis into the IFDS for sharing among the participating DOT OAs. The PII in IFDS will improve the ability of certain participating OAs to carry out their enforcement responsibilities for:
- the safety of international shipments of hazardous materials;
- the compliance of imported motor vehicles and motor vehicle equipment with applicable safety standards;
The IFDS will host the secure data warehouse that participating DOT OAs will access to obtain information periodically provided by ACE and ITDS. Participating DOT OAs will have access rights only to those portions of the IFDS that contain information needed for their missions. IFDS will segregate enforcement data from analytical information as required by Federal law.
Authorized personnel at participating DOT OAs will use the PII and non-PII they receive from IFDS as follows:
(1) RITA: to perform statistical, analytical, modeling, forecasting, and policy activities. RITA will use PII to improve its surveys in terms of potential respondents;
- FAA: for enforcement efforts related to the oversight of international hazardous materials shipments by air as well as statistical, analytical and policy activities. FAA will use PII to enforce and assess compliance with regulations on the transportation of hazardous materials by air into, through, and from the United States;
- FHWA: to perform statistical, analytical, modeling and policy activities. FHWA has no current plans to collect PII;
- FMCSA: to provide enforcement support for commercial truck and bus safety and related requirements and for statistical, analytical, modeling and policy activities. FMCSA will use PII to target high–risk carriers and commercial motor vehicle drivers to prevent commercial motor vehicle-related fatalities and injuries;
- MARAD: to perform statistical, analytical, modeling and policy activities. MARAD has no current plans to collect PII ;
- NHTSA: in enforcement of importation requirements for motor vehicles and motor vehicle equipment subject to Federal motor vehicle safety standards. NHTSA will use PII to ensure that nonconforming vehicles temporarily imported into the United States are being imported for a statutorily authorized purpose and to ensure that nonconforming vehicles permanently imported into the United States are eligible for entry and are brought into compliance with all applicable safety standards before they are released into commerce; and
- PHMSA: to provide enforcement support for international hazardous materials shipments oversight as well as statistical, analytical and policy activities. PHMSA will use PII to determine if individuals who transport or offer for transport certain types or quantities of hazardous materials are registered with DOT according to the Hazardous Materials Registration Program.
Overall, for all participating DOT OAs, IFDS will improve their abilities to develop statistics, analyze and model the transportation of international shipments into, from and through the U.S.; set and/or tailor existing policies to facilitate the movement of these goods; and enhance the capabilities of those OAs with enforcement responsibilities.
PII and non-PII will be automatically and securely downloaded from ACE/ITDS to the IFDS database managed by RITA. The IFDS database will then make the information available to participating DOT OAs. Only those DOT OAs that have statutory authority to view the data in order to execute their international missions will be given access to the IFDS.
DOT, like other Participating Government Agencies, will only receive previously authorized information from ACE and ITDS. Thus, at present, no “new” additional information will be produced for or transferred to DOT. Normal data edits and verification processes are under development and are expected to help ensure and improve the accuracy of the collected information. The data elements to be shared by ACE and ITDS with IFDS will be described in detail in the technical documents governing the system (e.g., the Interface Control Documents, the Multi-Modal Manifest Data Elements Matrix, and the ACE Logical Data Model). No other sharing of PII will occur outside the PII contained in these documents. Moreover, neither ITDS nor the participating DOT OAs will share the PII with any external agencies; the PII will be used only by authorized employee and contractor personnel for the purposes described within this PIA.
In addition, the records contained in the ITDS are subject to the Privacy Act. As such, ITDS will share information only as permitted under the Privacy Act System of Records Notice (SORN) for this system. The Department has published a Privacy Act System of Records Notice in the Federal Register (see 73 Fed. Reg. 20084, April 14, 2008).
Because IFDS does not collect PII directly from the public, there are no opportunities for DOT OAs to provide notice to individuals to consent to particular uses of PII in IFDS. Therefore, this PIA and the PIAs prepared by the other participating OAs will serve as notice, as does the SORN. ACE is developing processes and procedures through which its commercial users can correct administrative and other errors that may occur in the system.
At present, private sector participation in ACE is voluntary. Because CBP mandates electronic filing of commercial information, as required by the 2002 Trade Act (Pub. L. 107-210, Section 343), commercial entities will have fewer opportunities to decline participation. Current ACE/ITDS goals target 2010/2011 for mandated electronic filing of all commercial imports, and 2011/2012 for all private commercial exports.
Because IFDS will not collect data directly from the public or corporations, data cannot be independently verified for accuracy. For data that is downloaded from ACE/ITDS, the IFDS will deploy normal data edits and verification processes (currently under development) to help ensure and improve the accuracy of the information that is received. IFDS also will receive periodic updates of the ACE/ITDS information; this information will be forwarded to participating OAs, so that their databases can be refreshed.
Since the collection of information occurs in ACE, individuals who have questions about redress should contact CPB. For further information about the redress process for ACE, please see CBP’s Privacy Impact Assessment for Automated Commercial Environment (ACE) e-Manifest: Trucks (ACE Release 4) and International Trade Data System, dated July 14 2006 (http://www.dhs.gov/xlibrary/assets/privacy/privacy_pia_cbp_aceitds.pdf). Section 2 of the PIA spells out the procedures for correcting erroneous information. The main point of contact is the Customer Satisfaction Unit, Office of Field Operations, US Customs and Border Protection, Room 5.5C, 1300 Pennsylvania Avenue NW, Washington, DC 20229, (202)344-1850.
As stated previously, DOT OAs will have access to only that IFDS data necessary to accomplish their enforcement, statistical, analytical, and policy missions. Each DOT OA’s statutory or regulatory responsibilities will determine each user’s database access. All DOT OAs must provide legal authority for the data they intend to access.
Access will be strictly controlled and will be documented in the IFDS system. All users will have background checks, and their access to the system will be limited by the roles they are assigned. All Federal IT and security requirements will be observed. Access to IFDS will be limited to authorized users of the system and the IFDS system administrator managing user IDs and passwords. Physical access to IFDS and manual system records will be restricted through security guards and access badges to enter the facility where IFDS equipment and records are located. Regular system maintenance and administrator controls by RITA personnel managing IFDS as well as at the OA levels will ensure that only authorized Federal employees have access to the data.
IFDS has an application pending with the National Records and Archives Administration. If the application is approved, IFDS plans to keep information stored in the database for 6 to 10 years before destroying. The retention schedules for each participating DOT OA will be described in their specific system PIAs.
Records contained in the ITDS are subject to the Privacy Act. The Department has published a Privacy Act System of Records Notice in the Federal Register (see 73 Fed. Reg. 20084, April 14, 2008). In addition, system security will be certified and accredited in accordance with DOT information technology security standard requirements as part of the design, test and deployment of IFDS that is expected to occur in 2009 and 2010.
To see the Privacy Impact Assessment for CBP’s ACE/ITDS program, visit: http://www.dhs.gov/xlibrary/assets/privacy/privacy_pia_cbp_aceitds.pdf.