DEPARTMENT OF TRANSPORTATION
Federal Highway Administration
PRIVACY IMPACT ASSESSMENT
September 14, 2006
Table of Contents
Overview of Federal Highway Administration (FHWA) privacy management process for Freedom of Information Act Tracking System
Personally-identifiable information and Freedom of Information Act Tracking System
Why Freedom of Information Act Tracking System collects information
How Freedom of Information Act Tracking System uses information
How The Freedom of Information Act Tracking System will share information
How Freedom of Information Act Tracking System provides notice and consent
How Freedom of Information Act Tracking System ensures data accuracy
How Freedom of Information Act Tracking System Files provides redress
How Freedom of Information Act Tracking System secures information
System of records
Federal Highway Administration (FHWA), within the Department of Transportation (“DOT”), has been given the responsibility for enhancing the movement of people and goods from one place to another, while also ensuring the safety of the traveling public, promoting the efficiency of the transportation system, and protecting the environment.
The Freedom of Information Act (FOIA) tracking system contains records and related correspondence on individuals who have filed requests for information under the provisions of the FOIA, including requests for review of initial denials of such requests; copies of requested records; and records under administrative appeal. The system permits FHWA management and personnel to track and monitor FOIA requests, input processing data, and produce reports.
Privacy management is an integral part of the FOIA Tracking System. Privacy management utilizes proven technology, sound policies and procedures, and proven methodologies. The FOIA Tracking System has gone through a thorough privacy management review process completed by the FHWA privacy office and ISSO.
The privacy management process is built upon a methodology that is designed to help ensure that DOT and FHWA will have the information, tools, and technology necessary to manage privacy effectively and employ the highest level of fair information practices while allowing FHWA to achieve its mission of protecting and enhancing a most important U.S. transportation system. The methodology is based upon the following:
The FOIA tracking system contains both Personally-Identifiable Information (PII) and non-PII pertaining to FOIA requests. The PII contained within the system is name, mailing address, telephone number, and email address.
The FOIA tracking system allows FHWA to maintain timely responses to FOIA correspondences. FHWA tracks the responses and workload associated with each request, as well as maintain records of correspondence. FHWA uses PII in the FOIA tracking system to contact individuals requesting responses, track status on responses, and other work associated with requests, and maintain records.
FOIA tracking system uses PII solely for the purpose of tracking, reporting, and responding to FOIA requests. FHWA does not normally disseminate the data to other agencies nor does it normally release the data to outside parties. However, in cases in which other Federal agencies records or interests are involved, consultation with or referral to those agencies requires transfer of the request-specific PII. Further, FOIA requests for other than first-party information are themselves available under FOIA; first-party requests are available only under the Privacy Act.
Only approved FHWA staff have regular access to The FOIA tracking system. Affected Program or Chief Counsel staff may be consulted and PII shared to allow proper handling of FOIA requests or appeals.
The FOIA tracking system does not share personally identifiable information in any way with external agencies, except as described above.
As a Privacy Act System of Records, the FOIA tracking system provided notice of practices through its Privacy Act System of Records Notice (DOT/ALL 17). The FOIA system does not use PII for any secondary purposes that might require consent unless authorized by law.
The FOIA tracking system users receive PII directly from individuals contacting FHWA through correspondence or requests. Also, FHWA receives PII from individuals sending correspondence on behalf of another individual. FHWA authorized data entry personnel enter PII into the system and are responsible for the data accuracy. If FHWA staff members become aware of inaccuracy in PII, FHWA may contact the individual in question and correct the inaccuracy.
Under the provisions of the Privacy Act, individuals may request searches of the FOIA tracking system to determine if any records have been added that may pertain to them. This is accomplished by sending a written notarized request directly to the System Manager that contains name, and authentication information.
At any time, a user may contact a FHWA privacy representative through the public Web site and ask questions on privacy questions. This contact information is provided in the Privacy Policy, posted visibly on the Web site.
Physical access to the server that houses the FOIA tracking system is limited to appropriate personnel through building key cards and room-access keypads. Personnel with physical access have all undergone and passed DOT security checks.
In addition to physical access, the access rights administered by the User Profile and Access Control System (UPACS) is a key component in the FHWA security program. UPACS is the security control system that manages User authentication and associated access rights for individuals who need entry into one of FHWA applications, including the FOIA Tracking System. Access to PII in the FOIA Tracking system is limited according to job function. FWHA controls access privileges according to the following roles:
The following matrix describes the privileges and safeguards around each of these roles as they pertain to personally identifiable information.
ROLE |
ACCESS |
SAFEGUARDS |
---|---|---|
User |
|
|
System Owner |
|
|
System Administrator |
|
User-set user name and password, according to DOT standards:
Must access system from limited number of computers, each of which also has user name/password access control. |
Freedom of Information Act Tracking System is a system of records under the Privacy Act of 1974 and the Department of Transportation has published a System of Records Notice (DOT/ALL17) in the Federal Register.