AUTHORITY: 49 USC § 114(f)(15); 6 USC §§ 1136(a), 1167, and 1183.
PRINCIPAL PURPOSE(S): This information will be used to grant individuals access to EXIS.
ROUTINE USE(S): This information may be shared in accordance with the Privacy Act of 1974, 5 USC § 552(a), for routine uses identified in the DHS system of records, DHS/ALL-004 General Information Technology Access Account Records System and DHS/ALL 002 DHS Mailing and Other Lists System, or as further described in the Privacy Impact Assessment, DHS/ALL/PIA-006 DHS General Contact Lists and subsequent updates, available at
DISCLOSURE: Furnishing this information is voluntary; however, failure to provide the requested information will prevent TSA from being able to grant an individual's access request to EXIS.
This collection of information is voluntary pursuant to Implementing Recommendations of the 9/11 Commission Act of 2007. It is estimated that the time to design and conduct an exercise is approximately 3.5 hours and the time to complete the survey is .25 hours. An agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a valid OMB control number. The OMB control number assigned to this collection is 1652-0057, which expires 04/30/2018. Send comments regarding this burden estimate or any other aspect of this collection of information including suggestions for reducing this burden to TSA PRA Officer, 601 S. 12th Street, Arlington, VA 20598-6011. ATTN: PRA 1652-0057.
EXIS collects Information that can be classified under two different categories: personal Information and technical Information. Personal Information is data that can identify you as an individual, while technical Information is data that can identify the device you are using to access the EXIS application. Personal Information is provided by the individual. No Information is collected from an individual until they have registered for an account.
During the account registration process, the individual must complete an interactive form in order to receive access to the EXIS application. The individual must provide the following Information in order to complete the form: first name, last name, preferred transportation sector, employer, job title, physical address, phone numbers, email address, login information, and security questions.
After you have registered for an account, the EXIS application automatically begins collecting technical Information. Specifically, the following technical Information is collected and stored: your IP address; your operating system; your device type; your web browser; the datetime of your access; the content you viewed, visited, or downloaded; and the domain or referral source from which you accessed the EXIS application.
The Office of Management and Budget (OMB) Memorandum M-10-22,
Furthermore, OMB Memorandum M-17-06,
Policies for Federal Agency Public Websites and Digital Services, requires federal information systems to participate in the General Services Administration's (GSA) Digital Analytics Program (DAP). DAP is a free analytics service that measures digital services for the federal government. The program offers a website analytics tool, a scalable infrastructure for measuring website traffic, training, and support to federal agencies. Moreover, DAP utilizes Google Analytics: a third-party analytics service provided by Google. The EXIS application has implemented DAP and Google Analytics in order to provide a better user experience that is based around user needs with data-driven analysis influencing management and development decisions. For more information on our implementation of Google Analytics, refer to the "Contact Us" section below.
The EXIS application collects the minimum amount of Information necessary in order to provide, maintain, improve the services that the EXIS application offers. Per the "Information Collected" section above, the collected personal Information is solely used to maintain your account, while the collected technical Information is solely used improve the user experience. For more information on our use of collected Information, refer to the "Contact Us" section below.
The EXIS application shares collected Information internally with DHS and TSA for the purposes of compliance, reporting, research, and analytics. Due to the implementation of Google Analytics, the EXIS application shares collected Information with this third-party. Specifically, the only Information that is actually shared with this third-party is the Information that is required for the EXIS application to be compliant with the requirements enforced by DHS and GSA's DAP. For more information on GSA's DAP and our implementation of Google Analytics, refer to the "Contact Us" section below.
website. After EXIS has determined your Information to be passed the applicable retention period, your Information will be securely deleted and/or destroyed with technology that is in accordance with NIST SP 800-88,
Guidelines for Media Sanitization.
The program takes a variety of precautions to ensure the confidentiality and integrity of your Information by implementing a variety of technical controls (e.g. account access controls, technical access controls, information security and privacy training to personnel, encryption of data-at-rest and data-in-transit, etc.); furthermore, the program has implemented a variety of automated technical controls to further increase the security of your Information (e.g. next-generation firewalls, intrusion detection systems and intrusion prevention systems, etc.). Lastly, OMB Memorandum M-08-05,
Implementation of Trusted Internet Connections, requires federal information systems to implement a Trusted Internet Connection (TIC) to further increase the security of network access and encryption. EXIS utilizes the OneNet TIC to help ensure the confidentiality and integrity of all collected Information.
You can update, correct, and delete Information about you at any time by logging into your online account or by contacting us directly. If you wish to delete or deactivate your account, then email us at
email@example.com. It should be noted that we may retain Information as required by federal law or for other legitimate business purposes. Also, we may retain cached or archived copies of your Information for a defined period of time. Ultimately, you reserve the right to your Information and can have it deleted at any time. For more information on your rights, refer to the "Contact Us" section below.
website. It should be noted that removing or rejecting browser cookies can affect the availability and functionality of the EXIS application.
In order to exercise your rights regarding your Information, or if you have any questions regarding this Policy, contact the EXIS helpdesk by emailing
firstname.lastname@example.org or by calling (855) 447-8392. It should be noted that any Information that is provided to us over email is subject to use in accordance with the methods explicitly defined in this Policy. As an information system under the
Department of Homeland Security and the
Transportation Security Administration, you can direct any questions regarding their own privacy policies by clicking their respective links.