Litigation Support Systems (LSS)

EXECUTIVE SUMMARY REPORT

INTRODUCTION TO THE PIA

Abstract

• The scope of this PIA addresses includes the Litigation Support Systems (LSS).  There is a separate application database for each trial litigation case.
• Each databases designed to assist with the legal processes of discovery and trial litigation for a particular litigation case.
• The PIA is being conducted to meet DOL security requirements and to ensure that there are adequate safeguards to protect PII and sensitive information.

Overview

The Litigation Support Systems (LSS) is a collection of in-house developed Microsoft Access databases designed to assist with the legal processes of discovery and trial litigation. There is a separate application database for each trial litigation case.  Each application is totally independent and has no relationship to any other database. Each application is hosted on either the ECN/DCN or MSHA network.  There is no interconnectivity to any other application. Each Microsoft Access database is nothing more then a collection of case related data placed in an organized manner to facilitate analysis. The life of the application is equal to the life of the case they support. Any number of applications may be active at any one time to support on-going discovery and litigation. Individual databases may be active for years since information may be subject to court orders or renewed investigations.  Once the case is closed, the application is removed from the network and archived permanently.

The system owner is the Deputy Associate Solicitor of Management and Administrative Legal Services (MALS) within the Office of the Solicitor (SOL).  The users are the SOL attorneys and paralegals supporting the case.  
The two major processes supported by the system are the loading of evidence documents, the viewing of documents, and analysis of documents through full-text searching. The technology supporting these processes includes Adobe Acrobat Reader (viewing), dtSearch (searching) and MS Access (database). The databases contain evidence documents such as birth certificates, educational records, payroll records, medical records, financial account records, At a given point in time, some information may be considered privileged.  These evidence documents may contain PII.
SOL represents the Secretary of Labor and DOL agencies in all legal proceedings and in all federal courts, except the Supreme Court, in cases arising under statutes giving attorneys for the Secretary of Labor independent litigating authority. Litigation is performed within various statutes that permit DOL program agencies to accomplish their agency mission.  LSS contains evidence documents to support specific trial litigation cases.

Introduction

DOL is responsible for ensuring the confidentiality, integrity, and availability of the information contained within its information systems.  DOL must at times collect, use, analyze, and store PII from its employees and members of the public.  DOL remains vigilant in protecting all its information technology resources, but this is especially true of those systems containing PII.  LSS is in the Operations and Maintenance Phase of the systems development life cycle.  The PIA is reviewed annually, or when the system is significantly modified, or the sensitivity of the data contained within the system is changed as a result of a new litigation case.

Characterization of the Information

The Litigation Support Systems contain protected/sensitive personally identifying information (PII).

• What are the sources of the PII in the information system?

Evidence documents received as part of the discovery and trial litigation process are from parties to a case - plaintiff (claimants, complainants, beneficiaries, and survivors), defendant, opposing counsel and witnesses; and the DOL program agency who requested litigation support.

• What is the PII being collected, used, disseminated, or maintained?
• First and last name
• Date of birth
• Place of birth
• SSN
• Residential address
• Business address
• Medical records
• Education records
• Financial account records
• Certificates (e.g., birth, death, marriage)
• Legal documents
• Payroll records

• How is the PII collected?

Evidence documents containing PII are collected as part of the discovery and trial litigation process through depositions, interrogations, interviews, and court ordered exchange of information.
 

• How will the information be checked for accuracy?

PII is contained within the evidence document.  In many instances the accuracy of the information is validated as part of the litigation process and sometimes attested under oath as accurate by a party to the case.

• What specific legal authorities, arrangements, and/or agreements defined the collection of information?

PII is collected as part of the discovery and litigation process. SOL represents the Secretary of Labor and DOL agencies in all legal proceedings and in all federal courts, except the Supreme Court, in cases arising under statutes giving attorneys for the Secretary of Labor independent litigating authority. Litigation is performed within various statutes that permit DOL program agencies to accomplish their agency mission.

• Privacy Impact Analysis

Privacy risks associated with unauthorized access which may lead to unauthorized disclosure of information are mitigated through implementation of technical controls, management and operational controls. A breach could compromise the confidentiality of information stored in LSS.  Unauthorized disclosure presents the greatest risk as some of the information in LSS may be privileged whose disclosure may present an unfair advantage to opposing counsel.

The risk of data compromise or the theft of PII is mitigated by several security controls in the access control, authentication and identification, audit reporting, media protection and physical and environmental protection security control families of NIST SP 800-53.  User id, passwords and folder permissions at the application (LSS) and network (ECN/DCN and MSHA) levels limit access to the system.  Only the users (attorneys and paralegals) associated with the specific litigation case are allowed access to the system. Screen saver timeouts and limited access attempt controls are also employed.

At rest data on laptops and desktops are encrypted.  At rest data on portable media may or may not be encrypted depending on the nature of the data. SOL has an exemption from PointSec media encryption related to data at rest on portable media including CD/DVD, thumb drives and external hard drives.  The exemption applies to SOL's ability to file documents with courts and administrative tribunals and engage in discovery regarding electronic information. The exemption increases exposure to unauthorized disclosure of PII.

The networks mitigate unauthorized access (leading to unauthorized disclosure) through employment of network penetration and vulnerability scans, firewalls, security configurations, and virus and intrusion detection software. Application and network level audit logs are reviewed for indications of suspicious activity, or anomalies that may indicate misuse of system resources or access permissions. Data files are backed up by ECN/DCN GSS and MSHA network incrementally on a daily basis with a full backup created weekly. Backups are also maintained off-site. Physical security, such as guards strategically positioned throughout the DOL FPB, access badges and surveillance cameras limit unauthorized access to SOL offices.  Users are accountable for their compliance with the Rules of Behavior (ROB) and must take Computer Security Awareness Training (CSAT) annually,

SOL implements security controls per OCIO Security guidance as defined in the DOL Computer Security Handbook and more specifically as defined by National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, Recommended Security Controls for Federal Information Systems. Implementation of these controls and associated risks and mitigation is reflected in the LSS System Security Plan (SSP), and Risk Assessment (RA), and the Plan of Action and Milestone (POA&M). Continuous monitoring is performed throughout the accreditation life cycle to ensure the implemented controls are operating effectively.

Uses of the PII

• Describe all the uses of the PII

• What types of tools are used to analyze data and what type of data may be produced?

The tool used to analyze the evidence documents containing PII is dtSearch.  This product is a full-text search engine.  The data produced by the search is a list of match hits (items that satisfy the search criteria) with the ability to navigate to the specific match hit within the document.

• Will the system derive new data, or create previously unavailable data, about an individual through aggregation of the collected information?

No. The system does not perform these tasks.

• If the system uses commercial or publicly available data, please explain why and how it is used.

An evidence document containing PII could be a document that is commercially or publicly available such as a marriage certificate.  This information may be used as part of the discovery or trial litigation process.

• Privacy Impact Analysis

Privacy risks associated with unauthorized disclosure of information are mitigated through implementation of technical, management, and operational controls.

• Technical Controls
• Access Control (AC)
• Audit and Accountability (AU)
• Identification and Authentication (IA)

• Management Controls

• Planning (PL) - Rules of Behavior

• Operational Controls
• Awareness and Training (AT)
• Media Protection (MP)
• Physical and Environmental Protection (PE)

A breach could compromise the confidentiality of information stored in LSS.  Unauthorized disclosure presents the greatest risk as some of the information in LSS may be privileged whose disclosure may present an unfair advantage to opposing counsel.

The risk of data compromise or the theft of PII is mitigated by several security controls in the access control, authentication and identification, audit reporting, media protection and physical and environmental protection security control families of NIST SP 800-53.  User id, passwords and folder permissions at the application (LSS) and network (ECN/DCN and MSHA) levels limit access to the system.  Only the users (attorneys and paralegals) associated with the specific litigation case are allowed access to the system. Screen saver timeouts and limited access attempt controls are also employed.

At rest data on laptops and desktops are encrypted.  At rest data on portable media may or may not be encrypted depending on the nature of the data. SOL has an exemption from PointSec media encryption related to data at rest on portable media including CD/DVD, thumb drives and external hard drives.  The exemption applies to SOL's ability to file documents with courts and administrative tribunals and engage in discovery regarding electronic information. The exemption increases exposure to unauthorized disclosure of PII.

The networks mitigate unauthorized access (leading to unauthorized disclosure) through employment of network penetration and vulnerability scans, firewalls, security configurations, and virus and intrusion detection software. Application and network level audit logs are reviewed for indications of suspicious activity, or anomalies that may indicate misuse of system resources or access permissions. Data files are backed up by ECN/DCN GSS and MSHA network incrementally on a daily basis with a full backup created weekly. Backups are also maintained off-site. Physical security, such as guards strategically positioned throughout the DOL FPB, access badges and surveillance cameras limit unauthorized access to SOL offices.  Users are accountable for their compliance with the Rules of Behavior (ROB) and must take Computer Security Awareness Training (CSAT) annually.

SOL implements security controls per OCIO Security guidance as defined in the DOL Computer Security Handbook and more specifically as defined by National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, Recommended Security Controls for Federal Information Systems. Implementation of these controls and associated risks and mitigation is reflected in the LSS System Security Plan (SSP), and Risk Assessment (RA), and the Plan of Action and Milestone (POA&M). Continuous monitoring is performed throughout the accreditation life cycle to ensure the implemented controls are operating effectively.

Retention

The following questions are intended to outline how long information will be retained after the initial collection.

• How long is information retained in the system?

Each LSS application is for a specific litigation case.  The application is maintained on the network as long as the case is active.  At the conclusion of the case, the database is removed from the network and archived once administrative closeout procedures have been completed.

• Has the retention schedule been approved by the DOL agency records officer and the National Archives and Records Administration (NARA)?

Yes.

• Privacy Impact Analysis

The privacy risks associated with the PII in LSS and how the risk is mitigated through implementation of security controls is addressed at item 3.4 Privacy Risk Assessment.  These controls are in place while the litigation case is active and the associated LSS is hosted on the ECN/DCN and MSHA networks.  Once the case is closed and administrative closeout procedures have been completed, the LSS database is removed from the network and archived to portable media (CD, DVD).  This portable media is stored off-site in the SOL MSH office located in Arlington, Virginia.

The risk of unauthorized disclosure of PII information still exists.  To mitigate risk the portable media is stored in a locked file cabinet in the MSH office. One onsite attorney and the MALS litigation support coordinator have the key.  An inventory of the contents of the file cabinet is conducted annually and discrepancies are reported to the SOL Security Officer.  PointSec media encryption was implemented in November 2007. Any case closed after this time will be evaluated for media encryption.  Evidence data that is public during or after the close of the trial will not be encrypted.  Protected PII data and data that is still privileged at the close of the trial will be maintained on a separate portable media with encryption.

Internal Sharing and Disclosure

• With which internal organization(s) is the PII shared, what information is shared, and for what purpose?

Evidence document that may contain PII may be shared internally with the DOL program agency that requested the litigation and SOL attorneys and paralegals assigned to the case.  The evidence information is shared as part of the legal processes of discovery and trial litigation for a particular litigation case.

• How is the PII transmitted or disclosed?

On a limited basis evidence documents may be shared via email with the DOL program agency that requested the litigation. Users of the LSS database include attorneys and paralegals assigned to the case. These users view the evidence data that may contain PII from on-line screens. Evidence documents and search results can be printed from the LSS database. Portions of the database may be extracted for presentation at trial.

• Privacy Impact Analysis

E-mails used to transmit evidence documents are subject to the GSS network (ECN/DCN and MSHA) infrastructure security controls, and DOL OCIO Appropriate Use: A Guide for Use of Personal Computers and Government Equipment Including E-mail and the Internet, June 2000, v1.0. Access controls are employed to limit on-line screen display such as session lock and session termination.Identification and Authentication controls are employed to limit access to only authorized users with valid user ids and passwords.All report printing requests (print of evidence document or search results) are automatically recorded in the audit log. Printed material is retrieved promptly from the printers.Data extracts are manually recorded in the audit log through an input screen. This control does not fully satisfy the requirement because it is not automated.

External Sharing and Disclosure

• With which external organization(s) is the PII shared, what information is shared, and for what purpose?

Evidence documents which may contain PII are shared externally with the federal court system, administrative tribunals, and other parties to the litigation case.

• Is the sharing of PII outside the Department compatible with the original collection? If so, is it covered by an appropriate routine use in a SORN? If so, please describe. If not, please describe under what legal mechanism the program or system is allowed to share the PII outside of DOL.

The sharing of PII that may be contained in evidence documents is compatible with the original collection.  Electronic copies of evidence documents cannot be modified in any way as the integrity of the information must be maintained. A Privacy Act System of Record Notices (SORN) has been published in the Federal Register.

• How is the information shared outside the Department and what security measures safeguard its transmission?

Evidence documents that may contain PII are shared with the federal court system, administrative tribunals through document filings that are made via email or through the court’s electronic filing system.

• Privacy Impact Analysis

Privacy risk is unauthorized disclosure of PII through transmission of information or through theft or loss of portable media (CD, DVD, flash drive, external drive) or portable devices (laptop).E-mails used to transmit evidence documents are subject to the GSS network (ECN/DCN and MSHA) infrastructure security controls, and DOL OCIO Appropriate Use: A Guide for Use of Personal Computers and Government Equipment Including E-mail and the Internet, June 2000, v1.0. The security of the court’s electronic filing systems has not been assessed.  It is assumed that they have some type of security protections.  Protections may vary by court location.SOL has an exemption from PointSec media encryption related to data at rest on portable media including CD/DVD, thumb drives and external hard drives.  The exemption applies to SOL's ability to file documents with courts and administrative tribunals and engage in discovery regarding electronic information. The exemption increases exposure to unauthorized disclosure of PII.

Notice

The following questions are directed at notice to the individual of the scope of PII collected, the right to consent to uses of said information, and the right to decline to provide information.

• Was notice provided to the individual prior to collection of PII?

Yes. A Privacy Act System of Record Notices (SORN) has been published in the Federal Register. Do individuals have the opportunity and/or right to decline to provide information?

No. SOL represents the Secretary of Labor and DOL agencies in all legal proceedings and in all federal courts, except the Supreme Court, in cases arising under statutes giving attorneys for the Secretary of Labor independent litigating authority. SOL has the right to subpoena information as part of the litigation process.

• Do individuals have the right to consent to particular uses of the information? If so, how does the individual exercise the right?

No. SOL represents the Secretary of Labor and DOL agencies in all legal proceedings and in all federal courts, except the Supreme Court, in cases arising under statutes giving attorneys for the Secretary of Labor independent litigating authority. SOL has the right to subpoena information as part of the litigation process and to use the information as appropriate to support the SOL litigation strategy.

• Privacy Impact Analysis

Notice is provided to individuals via the SORN published in the Federal Register. Based on SOL’s authority to litigate, to subpoena information, and to refuse FOIA request based on FOIA and Privacy exemptions associated with litigation, individuals may have limited control on the uses of their information and the right to decline to provide information.

Access, Redress, and Correction

The following questions are directed at an individual's ability to ensure the accuracy of the information collected about them.

• What are the procedures that allow individuals to gain access to their information?

Members of the public can gain access to their information via a FOIA request.
The Freedom of Information Act (FOIA) provides that any person has the right to request access to federal agency records or information. Like all federal agencies, the Department of Labor (DOL) is required to disclose records requested in writing by any person. However, agencies may withhold information pursuant to nine exemptions and three exclusions contained in the statute.

• What are the procedures for correcting inaccurate or erroneous information?

Procedures are contained in the DOL Guide for Requesting FOIA Records (http://www.dol.gov/dol/foia).

• How are individuals notified of the procedures for correcting their information?

Notification is provided on the DOL website at http://www.dol.gov/dol/foia.

• If no formal redress is provided, what alternatives are available to the individual?

NA.  Individuals may file an appeal with the DOL Office of the Solicitor.\

Privacy Impact Analysis

Redress is available to individuals if their information is inaccurate. Security breaches may lead to unauthorized modification causing information to be inaccurate. The same controls that apply to unauthorized access apply to unauthorized modification.

The risk of data compromise or the theft of PII is mitigated by several security controls in the access control, authentication and identification, audit reporting, media protection and physical and environmental protection security control families of NIST SP 800-53.  User id, passwords and folder permissions at the application (LSS) and network (ECN/DCN and MSHA) levels limit access to the system.  Only the users (attorneys and paralegals) associated with the specific litigation case are allowed access to the system. Screen saver timeouts and limited access attempt controls are also employed.

At rest data on laptops and desktops are encrypted.  At rest data on portable media may or may not be encrypted depending on the nature of the data. SOL has an exemption from PointSec media encryption related to data at rest on portable media including CD/DVD, thumb drives and external hard drives.  The exemption applies to SOL's ability to file documents with courts and administrative tribunals and engage in discovery regarding electronic information. The exemption increases exposure to unauthorized disclosure of PII.

The networks mitigate unauthorized access (leading to unauthorized disclosure) through employment of network penetration and vulnerability scans, firewalls, security configurations, and virus and intrusion detection software. Application and network level audit logs are reviewed for indications of suspicious activity, or anomalies that may indicate misuse of system resources or access permissions. Data files are backed up by ECN/DCN GSS and MSHA network incrementally on a daily basis with a full backup created weekly. Backups are also maintained off-site. Physical security, such as guards strategically positioned throughout the DOL FPB, access badges and surveillance cameras limit unauthorized access to SOL offices.  Users are accountable for their compliance with the Rules of Behavior (ROB) and must take Computer Security Awareness Training (CSAT) annually.

SOL implements security controls per OCIO Security guidance as defined in the DOL Computer Security Handbook and more specifically as defined by National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, Recommended Security Controls for Federal Information Systems. Implementation of these controls and associated risks and mitigation is reflected in the LSS System Security Plan (SSP), and Risk Assessment (RA), and the Plan of Action and Milestone (POA&M). Continuous monitoring is performed throughout the accreditation life cycle to ensure the implemented controls are operating effectively.

Technical Access and Security

The following questions are intended to describe technical safeguards and security measures.

• What procedures are in place to determine which users may access the system and are they documented?

SOL Access Control Family procedures are in place and documented in accordance with the DOL Computer Security Handbook.

• Will Department contractors have access to the system?

Yes. SOL development/support contractors have access to the system.

• Describe what privacy training is provided to users, either generally or specifically relevant to the program or system?

Privacy training is provided to employees and contractors and included as part of the DOL annual Computer Security Awareness Training (CSAT).

• What auditing measures and technical safeguards are in place to prevent misuse of data?

• Authenticator/Password Management -- Application and monitoring of initial distribution, composition, history, compromise, and change of default authenticators.

• Account Management -- Application and monitoring of account establishment, activation, modification, disabling, removal (including unnecessary/defunct accounts) and review.


• Access Enforcement -- Application and monitoring of access privileges.

• Least Privilege – Application for a user to perform his/her function.


• Unsuccessful Login Attempts – System automatically locks the account until released by a System Administrator when the maximum number of unsuccessful attempt is exceeded.

• Audit logs are reviewed weekly for identifying system misuse.

Privacy Impact Analysis

Privacy risks associated with unauthorized disclosure of information are mitigated through implementation of technical controls, management and operational controls.Privacy risks associated with unauthorized access which may lead to unauthorized disclosure of information are mitigated through implementation of technical controls, management and operational controls.

A breach could compromise the confidentiality of information stored in LSS.  Unauthorized disclosure presents the greatest risk as some of the information in LSS may be privileged whose disclosure may present an unfair advantage to opposing counsel.

The risk of data compromise or the theft of PII is mitigated by several security controls in the access control, authentication and identification, audit reporting, media protection and physical and environmental protection security control families of NIST SP 800-53.  User id, passwords and folder permissions at the application (LSS) and network (ECN/DCN and MSHA) levels limit access to the system.  Only the users (attorneys and paralegals) associated with the specific litigation case are allowed access to the system. Screen saver timeouts and limited access attempt controls are also employed.

At rest data on laptops and desktops are encrypted.  At rest data on portable media may or may not be encrypted depending on the nature of the data. SOL has an exemption from PointSec media encryption related to data at rest on portable media including CD/DVD, thumb drives and external hard drives.  The exemption applies to SOL's ability to file documents with courts and administrative tribunals and engage in discovery regarding electronic information. The exemption increases exposure to unauthorized disclosure of PII.

The networks mitigate unauthorized access (leading to unauthorized disclosure) through employment of network penetration and vulnerability scans, firewalls, security configurations, and virus and intrusion detection software. Application and network level audit logs are reviewed for indications of suspicious activity, or anomalies that may indicate misuse of system resources or access permissions. Data files are backed up by ECN/DCN GSS and MSHA network incrementally on a daily basis with a full backup created weekly. Backups are also maintained off-site. Physical security, such as guards strategically positioned throughout the DOL FPB, access badges and surveillance cameras limit unauthorized access to SOL offices.  Users are accountable for their compliance with the Rules of Behavior (ROB) and must take Computer Security Awareness Training (CSAT) annually.

SOL implements security controls per OCIO Security guidance as defined in the DOL Computer Security Handbook and more specifically as defined by National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, Recommended Security Controls for Federal Information Systems. Implementation of these controls and associated risks and mitigation is reflected in the LSS System Security Plan (SSP), and Risk Assessment (RA), and the Plan of Action and Milestone (POA&M). Continuous monitoring is performed throughout the accreditation life cycle to ensure the implemented controls are operating effectively.

Technology

The following questions are directed at critically analyzing the selection process for any technologies utilized by the system, including system hardware, RFID, biometrics, and other technology.

• What stage of development is the system in, and what project development life cycle was used?

LSS is in the Operations and Maintenance Phase.  The project development life cycle used is the DOL Systems Development Life Cycle Management Guide.

• Does the project employ technology which may raise privacy concerns? If so please discuss their implementation?

No.

Determination

As a result of performing the PIA, what choices has the agency made regarding the information technology system and collection of information?

• SOL has completed the PIA for LSS which is currently in operation. SOL has determined that the safeguards and controls for this moderate system adequately protect the information referenced in the LSS System Security Plan V3.1, September 30, 2007.

• SOL has determined that it is collecting the minimum necessary information for the proper performance of a documented agency function.