DEPARTMENT OF TRANSPORTATION
Federal Aviation Administration
Office of Human Resources

PRIVACY IMPACT ASSESSMENT

SWIFT (Selections WithIn Faster Times)

Date – February 6, 2008

TABLE OF CONTENTS

Overview of Privacy Management Process
Personally Identifiable Information (PII) and SWIFT
Why SWIFT Collects Information
How SWIFT Uses Information
How SWIFT Shares Information
How SWIFT Provides Notice and Consent
How SWIFT Ensures Data Accuracy
How SWIFT Provides Redress
How SWIFT Secures Information
How Long SWIFT Retains Information
System of Records

Overview of Privacy Management Process

The Federal Aviation Administration (FAA), within the Department of Transportation (DOT), has been given the responsibility to carry out safety programs to ensure the safest, most efficient aerospace system in the world. The FAA is responsible for:

Regulating civil aviation to promote safety;
Encouraging and developing civil aeronautics, including new aviation technology;
Developing and operating a system of air traffic control and navigation for both civil and military aircraft;
Developing and carrying out programs to control aircraft noise and other environmental effects of civil aviation; and
Regulating U.S. commercial space transportation.

One of the programs that helps the FAA fulfill this mission is Selections WithIn Faster Times (SWIFT), a suite of automated personnel processing programs that support the FAA's personnel processes.

SWIFT simplifies and streamlines personnel processes by using secure Information Technology to automate the processing of job applications, announcing vacancies, and providing position documentation. Modules within the suite are able to create and store position documentation under FAA's special compensation systems; create and post vacancy announcements; and rate, rank, and refer candidates for employment.

Privacy management is an integral part of the SWIFT system. DOT/FAA has retained the services of privacy experts to help assess its privacy management program, utilizing proven technology, sound policies and procedures, and proven methodologies.

The privacy management process is built upon a methodology that has been developed and implemented in leading companies around the country and globally. The methodology is designed to help ensure that DOT and FAA will have the information, tools, and technology necessary to manage privacy effectively and employ the highest level of fair-information practices. The methodology is based upon the following:

Establish priority, authority, and responsibility. Appointing a cross-functional privacy management team to ensure input from systems architecture, technology, security, legal, and other disciplines ensures that an effective privacy management program is developed.
Assess the current privacy environment. This involves interviews with key individuals involved in the SWIFT system to ensure that privacy risks are identified and documented.
Organize the resources necessary for the project’s goals. Internal DOT/FAA resources, along with outside experts, are involved in reviewing the technology, data uses, and associated risks. They are also involved in developing the necessary redress systems and training programs.
Develop the policies, practices, and procedures. The resources identified in the paragraph above work to develop effective policies, practices, and procedures to ensure that fair information practices are complied with. The policies are designed to protect privacy effectively, while allowing DOT/FAA to achieve its mission.
Implement the policies, practices, and procedures. Once the policies, practices, and procedures are developed, they must be implemented. This involves training all individuals who will have access to and/or process personally identifiable information. It also entails working with vendors to ensure that they maintain the highest standard for privacy while providing services to the FAA project.
Maintain policies, practices, and procedures. Due to changes in technology, personnel, and other aspects of any program, effective privacy management requires that technology and information be available to the privacy management team to ensure that privacy policies, practices, and procedures continue to reflect actual practices. Regular monitoring of compliance with privacy policies, practices, and procedures is required.
Manage exceptions and/or problems with the policies, practices, and procedures. This step involves the development and implementation of an effective redress and audit system to ensure that any complaints are effectively addressed and corrections made if necessary.

Personally Identifiable Information (PII) and SWIFT

The SWIFT system contains both personally identifiable information (PII) and non-personally identifiable information pertaining to FAA employees and other citizens (both employees and members of the general public who apply for employment with the FAA). PII collected in the SWIFT system includes:

Social Security Number
Full Name
Mailing Address
Telephone Numbers (Home, Work, Other)
Email Address
Date of Birth
Place of Birth
Citizenship Status
Education Records
Military Status and Records
Employment Status and Records
Race, National Origin, and Disability information

As part of a Government-wide effort, the necessity for use of the Social Security Number is being evaluated. The FAA has the authority to collect and maintain SSN in SWIFT under 5 U.S.C. 1302, 3109, 3301, 3302, 3304, 3305, 3306, 3307, 309, 3313, 3317, 3318, 3319, 3326, 4103, 4723, 5532, and 5533 5 U.S.C. 7201; Sections 4A, 4B, 15A(1) and (2), 15B(11), and 15D(11), Uniform Guidelines on Employee Selection Procedures (1978) (43 FR 38297 et seq. (August 25, 1978)); 29 CFR 720.301; and 29 CFR 1613.301.

An individual’s PII is entered into the SWIFT system voluntarily by the applicant, who creates a profile by manually entering name, date of birth, social security number, telephone number, email address, citizen/military service/veteran status, and employment status and records. Applicants create a user ID, password, and secret question for continued access to their PII. The applicant has access to all provided personal information and can change profile information, including contact information, at any time.

In addition, each time an applicant applies for a job, the applicant may elect to provide Race, National Origin, and Disability information, which is used for statistical purposes only.

Why SWIFT Collects Information

By definition, SWIFT’s goal of linking applicants with FAA jobs demands some degree of information collection and sharing. With this in mind, applicants volunteer to share PII through the SWIFT Web site so that FAA Human Resource (HR) Administrative Users and Selection Officials may assess their qualifications and consider them for applicable positions. The PII within SWIFT is used to maintain the categories of records listed above, as well as for the uses listed below. Also, FAA uses PII in SWIFT to contact references, verify applicant statements, and facilitate communication with applicants.

Authority for maintenance of the SWIFT system and collection of the PII data is provided by: 5 U.S.C. 1302, 3109, 3301, 3302, 3304, 3305, 3306, 3307, 309, 3313, 3317, 3318, 3319, 3326, 4103, 4723, 5532, and 5533 5 U.S.C. 7201; Sections 4A, 4B, 15A(1) and (2), 15B(11), and 15D(11), Uniform Guidelines on Employee Selection Procedures (1978) (43 FR 38297 et seq. (August 25, 1978)); 29 CFR 720.301; and 29 CFR 1613.301.

How SWIFT Uses Information

Information in an identifiable form is used to provide FAA and volunteer applicants with an enhanced, efficient hiring process. FAA does not use PII in SWIFT for any purposes outside of the hiring process.

The SWIFT system collects PII only with the express permission of applicants, and only for activities associated with the hiring process. SWIFT is a system of records that is subject to the Privacy Act. The General Routine Uses are outlined in the Systems of Records Notice OPM/GOVT – 5 Recruiting, Examining, and Placement Records and Systems of Records Notice OPM/GOVT -07 Applicant Race, Sex, National Origin, and Disability Status Records. https://www.opm.gov/feddata/Federalr.txt

How SWIFT Shares Information

FAA HR Administrative Users and Selection Officials responsible for making hiring decisions may have access to all or some of the PII that SWIFT contains. During the selection process, these personnel may share data contained in SWIFT with personnel staffing specialists and other authorized employees of the FAA, other federal agencies and organizations, employers, schools, and law enforcement agencies for the purpose of verifying application information and obtaining necessary clearances prior to final selection. FAA does not share SWIFT personally-identifiable information in any other way.

How SWIFT Provides Notice and Consent

For an individual’s PII to be included in SWIFT, that individual must have personally created a profile and applied for employment with the FAA by entering information into SWIFT and attesting to its accuracy. The individual is advised through the posted Privacy Act Statement on the login screen that the information entered through the application is provided voluntarily, will be used to process the application for employment and, if not provided, will preclude the individual from being considered for employment.

How SWIFT Ensures Data Accuracy

SWIFT allows applicants to access their PII and change that information within the SWIFT database at any time. Applicants access their own PII through the FAA Jobs Web site, which authenticates applicants through applicant-provided user ID and password.

As a final step in completing each application for an FAA position, the applicant is required to assert that all information within the application, including PII, is correct and complete.

How SWIFT Provides Redress

At any time, a user may review the Privacy Policy online at (www.faa.gov/privacy). For inquiries relating to privacy and SWIFT, a letter should be sent to the system manager at the address specified below:

Office of the Assistant Administrator for Human Resource Management
SWIFT Program Manager
Federal Aviation Administration
800 Independence Avenue, SW
Washington, DC 20591

Individuals with concerns about privacy may also email the FAA Privacy Officer via the contact information provided in the privacy policy on the FAA’s web site (www.faa.gov/privacy).

This information is provided in the Privacy Policy, posted visibly on the FAA Web site, www.faa.gov.

How SWIFT Secures Information

FAA has implemented security controls and technology features that fully incorporate protection of privacy. FAA has complied with Federal Information Security Management Act (FISMA), and mitigated privacy risks through the following methods:

Access to the system is controlled through role-based user accounts.
The system is protected by a series of intrusion detection devices centrally monitored by FAA’s Cyber Security Management Center.
The system strictly controls the transmission and storage of information.
All government and contract personnel are required to complete privacy training.

The SWIFT system is audited by FAA Security Personnel to ensure FISMA compliance through an annual assessment utilizing standards and guidance provided by the National Institute of Standards and Technology (NIST). The SWIFT system has met all requirements and has been certified and accredited to operate by the authority of DOT/FAA.

SWIFT takes appropriate security measures to safeguard PII and other sensitive data. The SWIFT system is housed in a controlled computer center within a secure facility.

Physical access to the SWIFT system is limited to appropriate personnel through photo badges, building key cards, and room-access key pads.
In addition to physical access, electronic access to PII in SWIFT is limited according to job function. FAA controls access privileges according to the following roles:

Applicant
HR Administrative User
Selection Official
System Manager

The matrix below describes the levels of access and safeguards around each of these roles as they pertain to PII.

ROLE	ACCESS	SAFEGUARDS
Applicant	Creates own profile After profile is created, the first 5 digits of the social security number are masked on all pages and screens where they appear Accesses and changes own profile information Changes own password Applies for jobs Accesses and changes own applications Views jobs and status	User-set user ID and password: Passwords expire after a set period. Minimum length of password is 8 characters. Passwords must be a combination of uppercase, lowercase, and special characters. Accounts are locked after a set number of incorrect log-in attempts.
HR Administrative User	Changes own password Creates a job announcement Views a case file Views applications submitted on a case Reviews all applicant information except user ID and password The first 5 digits of the social security number are masked on all pages and screens where they appear Changes the following applicant information when requested by the applicant: Name Address Telephone numbers Date of Birth Place of Birth Email address Adds and views tracking data Creates referral lists Makes selections Views aggregate Race/National Origin reports	HR Administrative Users are set up as users by System Managers and have two sets of user IDs and passwords, one for the system and one for the application. The following safeguards apply: Passwords expire after a set period. Accounts are locked after a set period of inactivity. Minimum length of password is 8 characters. Passwords must be a combination of uppercase, lowercase, and special characters. Accounts are locked after a set number of incorrect attempts.
Selection Official	Changes own password Views all applicant records as sent by HR Administrative User. The applicant record may include name, address, citizen status, home address, telephone numbers, resume, and all included information, and answers to qualifying questions The first 5 digits of the social security number are masked on all pages and screens where they appear	Selection Officials are set up as users by System Managers and have two sets of user IDs and passwords, one for the system and one for the application. The following safeguards apply: Passwords expire after a set period. Accounts are locked after a set period of inactivity. Minimum length of password is 8 characters. Passwords must be a combination of uppercase, lowercase, and special characters. Accounts are locked after a set number of incorrect attempts.
LOB Administrator User	Changes own password Creates a job announcement Views referral lists Views applications associated with referral lists Enters actions on open referral lists Does not have access to applicant social security numbers	LOB Administrator Users are set up as users by System Managers and have two sets of user IDs and passwords, one for the system and one for the application. The following safeguards apply: Passwords expire after a set period. Accounts are locked after a set period of inactivity. Minimum length of password is 8 characters. Passwords must be a combination of uppercase, lowercase, and special characters. Accounts are locked after a set number of incorrect attempts.
Tracking User	Changes own password Adds and views tracking data The first 5 digits of the social security number are masked on all pages where they appear	Tracking Users are set up as users by System Managers and have two sets of user IDs and passwords, one for the system and one for the application. The following safeguards apply: Passwords expire after a set period. Accounts are locked after a set period of inactivity. Minimum length of password is 8 characters. Passwords must be a combination of uppercase, lowercase, and special characters. Accounts are locked after a set number of incorrect attempts.
System Manager	Sets up HR Administrative Users and Selection Officials user IDS and temporary passwords Views all user information, including user ids and social security number Resets passwords Changes the following applicant information as specifically requested by the applicant: Name Address Phone numbers Date of Birth Place of Birth Email address The first 5 digits of the social security number are masked on all System Manager reports.	System Managers have two sets of user IDs and passwords, one for the system and one for the application. The following safeguards apply: Passwords expire after a set period. Accounts are locked after a set period of inactivity. Minimum length of password is eight characters. Passwords must be a combination of uppercase, lowercase, and special characters. Accounts are locked after a set number of incorrect attempts.

How Long SWIFT Retains Information

Records in this system are retained for varying lengths of time, ranging from a few months to 5 years, e.g., most records are retained for a period of 1 to 2 years. Some records, such as individual applications, become part of the person's permanent official records when hired, while some records (e.g., non-competitive action case files) are retained for 5 years. Some records are destroyed by shredding or burning, while magnetic tapes or disks are erased.
Paper records generated by SWIFT will be retained in accordance with the current version of FAA Order 1350.15, Records Organization, Transfer and Destruction Standards. https://employees.faa.gov/tools_resources/orders_notices. The electronic records generated by SWIFT are currently unscheduled with the National Archives and Records Administration (NARA). Until the records are scheduled, the electronic records will be maintained indefinitely, as required by 36 CFR 1228.26(a)(1) and (2).

System of Records

SWIFT is governed by the Privacy Act, as it is searched by name and unique identifier. The applicable Privacy Act System of Records is: OPM/GOVT-5, Recruiting, Examining, and Placement Records. FAA has certified and accredited SWIFT under DOT Information Assurance requirements.
The race and ethnicity information collected as part of the SWIFT application process is in accordance with routine uses found in Privacy Act System of Records: OPM/GOVT-7, Applicant Race, Sex, National Origin, and Disability Status Records.