Privacy Impact Assessment Update
DHS/CBP/PIA-007(h) ESTA
Page 15
Data Retention by the Project
Applicants and representatives can start and stop the application at any time. CBP does not
begin processing the authorization until the payment is made. While the mobile application does
not retain any data, even on a temporary basis, the ESTA system will temporarily retain the data
for 7 days in a segregated database that is inaccessible by CBP vetting systems. After 7 days, the
data will be destroyed. Upon formal submission, the traveler’s application data, the passport photo,
and the “selfie” will be stored in the ESTA system. In addition, the Automated Targeting System
retains a copy of ESTA application biographic data and vetting results to identify individuals from
designated countries participating in the Visa Waiver Program who may pose a security risk. By
the end of 2023, CBP plans to include the photographs in the transmission of data from ESTA to
the Automated Targeting System. Finally, photographs are stored in the Traveler Verification
Service for 14 days.
Since the publication of DHS/CBP/PIA-007(g), NARA has approved an ESTA Retention
Schedule. CBP retains ESTA records for 15 years in accordance with DAA-0568-2019-0006. This
retention schedule allows CBP to address any follow-up inquiries or requests related to the
application, including inquiries related to law enforcement, public safety, national security,
Freedom of Information Act/Privacy Act matters, or correcting errors in the application.
Information Sharing
CBP will continue to share ESTA application information, including the biometric and
selfie photographs, with other federal government authorities, including Intelligence Community
partners (e.g., the National Counterterrorism Center), and CBP may share ESTA information on a
case-by-case basis to appropriate state, local, tribal, territorial, or international government
agencies.
Privacy Risk: There is a risk of CBP sharing biometric information, including the
photographs, improperly with external partners.
Mitigation: This risk is partially mitigated. There is an inherent risk to sharing information,
including biometric information, with partner agencies. However, absent any legal prohibitions, CBP
may share information from the ESTA application, including biometric information, with other
external partners who have an authorized purpose to access the information in performance of their
duties, possess the requisite security clearance (if applicable), and assure adequate safeguarding and
protection of the information. CBP carefully reviews and evaluates the sharing prior to disclosure of
information to an external partner. Disclosure of biometric information obtained from the ESTA
application must be compatible with the purposes for which the data was collected and authorized
under the Privacy Act of 1974, 5 U.S.C. § 552a(b)(3), specifically the routine uses set forth in the
ESTA and Automated Targeting System System of Records Notices or as otherwise permitted by the
Privacy Act. Additionally, for ongoing, systematic sharing, CBP completes an information sharing and