Workload Management Systems (WMS)

Abstract

• The Workload Management Systems are a collection of workload systems used to manage resources in the Office of the Solicitor.
• The WMS contains in-house developed databases that tracks all significant legal activities referred by DOL client program agencies to the various components of the Solicitor's Office.
• The Solicitor’s Office (SOL) has assessed its Workload Management Systems (WMS) and evaluated privacy vulnerabilities and risks, and their implications on this information system.

Overview

The Workload Management Systems are a collection of workload systems used to manage resources in the Office of the Solicitor.   The WMS contains in-house developed databases that tracks all significant legal activities referred by DOL client program agencies to the various components of the Solicitor's Office.  Legal activities include case work (trial and appeals litigation) as well as other legal workload matters (legal opinion and advice, legislative reviews, and regulation and standards reviews).  Data collected through the workload systems are used to analyze the volume, diversity, trends, and impact of the workload in the SOL divisions and field offices.  These systems provide information needed to manage SOL resources, to monitor performance, and to provide SOL’s client agencies (DOL program offices) with updated information on the work being done in their respective program areas. 

Introduction

DOL is responsible for ensuring the confidentiality, integrity, and availability of the information contained within its information systems.  DOL must at times collect, use, analyze, and store PII from its employees and customers.  DOL remains vigilant in protecting all its information technology resources, but this is especially true of those systems containing PII.  Ideally, the PIA should be performed during the development phase of a system life cycle.  A PIA should also be conducted at any time when the system is significantly modified, or the sensitivity of the data contained within the system is changed.

Characterization of the Information

The following questions are intended to define the scope of the information requested and/or collected as well as reasons for its collection as part of the program, system, or technology being developed.
Specify whether the system collects personally identifiable information (PII) on DOL employees, other federal employees, contractors, members of the public (U.S. citizens), foreign citizens, or minor children.  

The Workload Management Systems contain protected/sensitive personally identifying information (PII).

• What are the sources of the PII in the information system?

The Workload Management Systems contain PII on members of the public.  This PII information includes SSN, name, mailing address, residential address, and place of work.  These members of the public include claimants (for injuries and medical conditions), judges, and appellants.

• What is the PII being collected, used, disseminated, or maintained?

. FOIA System

• residential address/mailing address for the individual filing the FOIA appeal (member of the public)
• Place of work for the individual filing the FOIA appeal (member of the public)
• Appellant name - Name of the individual filing the FOIA appeal (member of the public)
• Original Requestor - Name of the individual who filed the original FOIA request (member of the public)
• Denying Officer – name of the DOL program agency employee who denied the original FOIA request.

SOLAR

• SSN of the miner who filed the black lung claim (member of the public)
• SSN of the DOL employee who filed the workers compensation claim for which DOL will request reimbursement from the third party at fault
• Name of the DOL attorney assigned to the matter/case
• Name of the DOL associate attorney assigned to the matter/case
• Name of the judge presiding over the matter/case in court (member of the public)

Time Distribution
Name of DOL attorney and paralegal (not on screen but in database) that worked on a particular matter/case
Legislative Project Tracking System

• Name of the DOL attorney assigned to the legislative review matter
• Name of the DOL attorney (counsel) assigned to the legislative review matter
• Name (Retired by Whom) of the DOL employee that closed the legislative review matter
• How is the PII collected?

 PII is collected from DOL client program agencies.  

• How will the information be checked for accuracy?

PII information for a specific matter/case is reviewed by the supervisor assigned to the matter/case.

• What specific legal authorities, arrangements, and/or agreements defined the collection of information?

Various statutes that permit DOL program agencies to accomplish the agency mission.

• Privacy Impact Analysis

Privacy risks would result from a breach to WMS implemented security safeguards, which could subsequently compromise the confidentiality, integrity and availability of information that is collected through WMS.

The risk of data compromise, or the theft of backup tapes, is mitigated by several security controls.  Physical security, such as guards strategically positioned throughout the DOL FPB, access badges and surveillance cameras help ensure there is no unauthorized access to SOL offices.  Unauthorized access to the WMS is addressed by GSS (ECN/DCN and MSHA) network intrusion detection systems, port scans, firewall log monitoring, malware detection and correction software. WMS audit logs are reviewed on a weekly basis for indications of suspicious activity, or anomalies that may indicate misuse of system resources or access permissions. WMS data files are backed up by ECN/DCN GSS and MSHA GSS network personnel incrementally on a daily basis with a full backup created weekly.

SOL implements security controls per OCIO Security guidance, and as defined in the Federal Information Processing Standards (FIPS) Publication (PUB) 200, Minimum Security Requirements for Federal Information and Information Systems, and National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, Recommended Security Controls for Federal Information Systems. Implementation of these controls and associated risks and mitigation is reflected in the WMS System Security Plan (SSP), and Risk Assessment (RA).

Uses of the PII

The following questions are intended to clearly delineate the use of information and the accuracy of the data being used.

• Describe all the uses of the PII

FOIA System

SOLAR

Time Distribution

Legislative Project Tracking System

• What types of tools are used to analyze data and what type of data may be produced?

Crystal Reports is used to generate office level and management reporting. SSN is not reflected in any management reporting.

• Will the system derive new data, or create previously unavailable data, about an individual through aggregation of the collected information?

No.

• If the system uses commercial or publicly available data, please explain why and how it is used.

NA 

• Privacy Impact Analysis

The key security controls to ensure that PII is handled in accordance with the above described uses include:

Technical Class Controls

• Access Control (AC):
  • Account Management
  • Access Enforcement
  • Separation of Duties
  • Least Privilege
  • Unsuccessful Login Attempts
  • System Use Notification
  • Session Lock
  • Supervision and Review –Access
• Audit and Accountability (AU):
  • Auditable Events
  • Content of Audit Records
  • Audit Monitoring, Analysis, and Reporting
• Identification and Authentication:
  • Authenticator Management

• Planning (PL)
  • Security Planning, Policy, and Procedures
• Rules of Behavior
• System and Services Acquisition (SA)
• Systems and Services Acquisition Policy and Procedure
• Software Usage Restrictions
• Security Design Principles

Operational Class Controls

• Awareness and Training (AT)
• Security Awareness and Training Policy and Procedures
• Security Awareness
• Security Training

Implementation of the above security controls is documented in the WMS SSP, v1.5, December 28, 2007 that addresses all of the areas identified above, including how SOL employees are granted system access based upon their organizational role and need to know, authorizing officials, technical aspects of authentication management, software use and engineering, and the auditing of access files to ensure the protection of data maintained by the WMS.

WMS are required to continual address statutory and Department-level requirements to substantiate its handling of information through the workload systems and to ensure it is compliant.  From a technical perspective, continuous monitoring requirements provide assurance that privacy-applicable controls are consistent with DOL OCIO Security Certification and Accreditation.

Retention

The following questions are intended to outline how long information will be retained after the initial collection.

• How long is information retained in the system?

Data in WMS is retained indefinitely.

• Has the retention schedule been approved by the DOL agency records officer and the National Archives and Records Administration (NARA)?

Yes

• Privacy Impact Analysis

Whenever large amounts of personal data are stored for an extended period of time, and especially when tied to a system with the intelligence to tailor this data, there is a significant privacy risk. This risk is proportionally increased by the length of time in which the data are retained. In the case of WMS, the data are indefinitely retained, leading to a substantially high-level of risk of comprise. 

Internal Sharing and Disclosure

The following questions are intended to define the scope of sharing within the Department of Labor.

• With which internal organization(s) is the PII shared, what information is shared, and for what purpose?

SOLAR – PII is shared within SOL through management reporting.  SSN is not reflected in any management reporting.

TD – PII is shared within SOL through management reporting.

FOIA Appeals - PII is shared with the DOL program agency who originally denied the FOIA request.

• How is the PII transmitted or disclosed?

Through management reports, transmittal letters, and online screens

• Privacy Impact Analysis

The privacy risk lies in unauthorized disclosure based on methods of sharing.  The two methods and the mitigation of potential risks are as follows:

• E-mails used to transmit FOIA letters are subject to the GSS network (ECN/DCN and MSHA) infrastructure security controls, and DOL OCIO Appropriate Use: A Guide for Use of Personal Computers and Government Equipment Including E-mail and the Internet, June 2000, v1.0.

• Media protection controls are employed for management reports including media access, media labeling and media transport.

• Access controls are employed to limit on-line screen display such as session lock and session termination

External Sharing and Disclosure

The following questions are intended to define the content, scope, and authority for information sharing external to DOL which includes federal, state and local government, and the private sector.

• With which external organization(s) is the PII shared, what information is shared, and for what purpose?

            None

• Is the sharing of PII outside the Department compatible with the original collection? If so, is it covered by an appropriate routine use in a SORN? If so, please describe. If not, please describe under what legal mechanism the program or system is allowed to share the PII outside of DOL.

NA

• How is the information shared outside the Department and what security measures safeguard its transmission?

NA

• Privacy Impact Analysis

            NA 

Notice

The following questions are directed at notice to the individual of the scope of PII collected, the right to consent to uses of said information, and the right to decline to provide information.

• Was notice provided to the individual prior to collection of PII?

            Yes.  Federal  Register Volume 67: No. 67: SOLAR (DOL/SOL-7) and FOIA Appeals (SOL-9) only.

• Do individuals have the opportunity and/or right to decline to provide information?

            Yes.  Based on the invocation of the Privacy Act of 1974

• Do individuals have the right to consent to particular uses of the information? If so, how does the individual exercise the right?

            Yes. Based on the invocation of the Privacy Act of 1974

• Privacy Impact Analysis

The predominant privacy risk lies in improper disclosure. All SOL Federal and contractor support staff are aware of penalties regarding improper use of WMS information (e.g., system access notification, computer security awareness training Contractor Confidentiality/Non-Disclosure Agreement, Employee Computer Network (ECN)/Departmental Computer Network (DCN) Network Access Request Form and Rules of Behavior).

Access, Redress, and Correction

The following questions are directed at an individual’s ability to ensure the accuracy of the information collected about them.

• What are the procedures that allow individuals to gain access to their information?

Members of the public can gain access to their information via a FOIA request
The Freedom of Information Act (FOIA) provides that any person has the right to request access to federal agency records or information. Like all federal agencies, the Department of Labor (DOL) is required to disclose records requested in writing by any person. However, agencies may withhold information pursuant to nine exemptions and three exclusions contained in the statute.

• What are the procedures for correcting inaccurate or erroneous information?

Procedures are contained in the DOL Guide for Requesting FOIA Records (http://www.dol.gov/dol/foia.

• How are individuals notified of the procedures for correcting their information?

Notification is provided on the DOL website at http://www.dol.gov/dol/foia.

• If no formal redress is provided, what alternatives are available to the individual?

N/A.  Individuals may file an appeal with the DOL Office of the Solicitor.

• Privacy Impact Analysis

Privacy risks associated with unauthorized disclosure of information are mitigated through:

• Media protection controls are employed for management reports including media access, media labeling and media transport.
• Access controls are employed to limit on-line screen display such as session lock and session termination
• Unauthorized access is controlled by account management and access enforcement.

Technical Access and Security

The following questions are intended to describe technical safeguards and security measures.

• What procedures are in place to determine which users may access the system and are they documented?

SOL Access Control Family procedures are in place and documented in accordance with the DOL Computer Security Handbook.

• Will Department contractors have access to the system?

Yes. SOL development/support contractors have access to the system.

• Describe what privacy training is provided to users, either generally or specifically relevant to the program or system?

Privacy training is provided and included as part of the DOL annual Computer Security Awareness Training (CSAT)

• What auditing measures and technical safeguards are in place to prevent misuse of data?

The following in-place auditing measures and technical safeguards are applied to prevent misuse of data.  These controls include:

• Authenticator/Password Management -- Application and monitoring of initial distribution, composition, history, compromise, and change of default authenticators.

• Account Management -- Application and monitoring of account establishment, activation, modification, disabling, removal (including unnecessary/defunct accounts) and review.

• Access Enforcement -- Application and monitoring of access privileges.

• Least Privilege – Application for a user to perform his/her function.

• Unsuccessful Login Attempts – System automatically locks the account until released by a System Administrator when the maximum number of unsuccessful attempt is exceeded.

• Audit logs are reviewed weekly for identifying system misuse.

• Privacy Impact Analysis

Privacy risks associated with unauthorized disclosure of information are mitigated through implementation of technical controls associated with need-to-know and least privilege, ensuring that users have no more privileges to data than required to affect their official duties.  In addition, deterrent controls in the form of warning banners, rules of behavior, confidentiality agreements and auditing are in place.  Exit procedures for departing SOL employees include the prompt disabling of accounts. .

Technology

The following questions are directed at critically analyzing the selection process for any technologies utilized by the system, including system hardware, RFID, biometrics, and other technology.

• What stage of development is the system in, and what project development life cycle was used?

WMS is in the Operations and Maintenance Phase.  The project development life cycle used is the DOL Systems Development Life Cycle Management Guide.

• Does the project employ technology which may raise privacy concerns? If so please discuss their implementation?

No.
           
Determination

As a result of performing the PIA, what choices has the agency made regarding the information technology system and collection of information?

SOL has completed the PIA for WMS which is currently in operation. SOL has determined that the safeguards and controls for this moderate system adequately protect the information referenced in the WMS System Security Plan, v1.5, dated December 28, 2007.

SOL has determined that it is collecting the minimum necessary information for the proper performance of a documented agency function.