Enclosure (1) to COMDTINST 5260.4A
could include, but is not limited to, name, date of birth, mailing address, telephone
number, social security number, e-mail address, zip code address, facsimile number,
medical record number, bank account number, health plan beneficiary number, any other
account numbers, certificate/license number, vehicle identifier including license plate,
marriage record, civil or criminal history information, device identifiers and serial
number, uniform resource locators (URLs), education record, internet protocol addresses,
biometric identifiers, photographic facial image, or any other unique identifying number
or characteristic.
1.1.2
In some cases, a general summary of the information may be put in the first section and
an appendix with the full list may be added to the back of the PIA.
1.2
From whom is the information collected?
1.2.1
List the individual, entity, or entities providing the specific information identified above.
For example, is the information collected directly from the individual as part of an
application for a benefit, or is it collected from another source, such as commercial data
aggregators.
1.2.2
Describe why information from sources other than the individual are required. For
example, if a program is using data from a commercial aggregator of information, state
the fact that this is where the information is coming from and the in 1.3 indicate why the
program is using this source of data.
1.3
Why is the information being collected?
1.3.1
In responding to this question, you should include:
1.3.1.1 A statement of why this PARTICULAR personally identifiable information that is
collected and stored in the system is necessary to the component's or to DHS's mission.
Merely stating the general purpose of the system without explaining why particular types
of personally identifiable information should be collected and stored is not an adequate
response to this question.
1.3.1.2 For example, a statement that a system may collect name, date of birth and biometrics in
order to verify an individual's identity at the border is adequately specific. However,
stating that the above information will be collected to ensure border security is not
sufficient. It would be more appropriate to state that the information is collected to
compare to the terrorist watch list.
1.4
What specific legal authorities, arrangements, and/or agreements defined the
collection of information?
Privacy Impact Analysis: Given the amount and type of data being collected, discuss what
privacy risks were identified and how they were mitigated. For example, if during the design
process, a decision was made to collect less data, include a discussion of this decision.
11
Previous Page
