As the ESTA application requires an applicant to divulge sensitive and private information, ensuring data privacy is one of the top most priority.
The information provided in the ESTA application is accessible only to personnel who have to process the application. The measures taken to ensure data security can be compared to the best in the industry.
The data shared is governed by the rules formulated under the privacy act system of records notice. There are a few exceptions under which the data is shared outside the framework of ESTA such as:
Duration of storing information secured via ESTA platform
The information provided in the ESTA application is active as long as the travel authorization is valid. This is usually for a period of 2 years but it can be shorter if the authorization lapses due any other reason such as passport expiration.
Once the travel authorization has lapsed, the US Department of Homeland Security will retain the information for a period of one year.
After the completion of one year, the data provided is archived for 12 years. The information is archived so that it can be made available whenever there is a need such as:
Information that has been archived is very rarely recalled and can be retrieved only under the above mentioned scenarios.
Any information provided in the ESTA application that has been furnished in order to replace the form I-94W, will be kept active for a period of 75 years.