From EPIC.org:
The U.S. Customs and Border Protection, a component within the Department of Homeland Security, issued a final rule approving Global Entry, a traveler screening program, despite the substantial privacy and security risks brought to the agency’s attention. Under the Global Entry program, the CBP collects detailed personal information, including social security numbers and biometric information, that should be subject to Privacy Act safeguards. However, the agency rejected EPIC’s recommendations that it comply with the Privacy Act by limiting the distribution of information to only those that need the information for screening purposes. In EPIC’s comments, EPIC also noted that CBP violated federal law by not conducting a Privacy Impact Assessment before implementing the new Global Entry program. For more information, see: EPIC: Global Entry.