DEPARTMENT OF TRANSPORTATION
Federal Highway Administration

PRIVACY IMPACT ASSESSMENT

Federal Highway Administration Organization Information System (FOIS)

March 6, 2007

Table of Contents

Overview of FHWA Privacy Management Process for FOIS.
PII and FOIS.
Why FOIS Collects Information.
How FOIS Will Share Information.
How FOIS Initialization Provides Notice and Consent.
How FOIS Ensures Data Accuracy.
How FOIS Provides Redress.
How FOIS Secures Information.
How Long FOIS Retains Information
System of Records

Overview of FHWA Privacy Management Process for FOIS

The Federal Highway Administration (FHWA), within the Department of Transportation (DOT), has been given the responsibility for enhancing the movement of people and goods from one place to another, while also ensuring the safety of the traveling public, promoting the efficiency of the transportation system, and protecting the environment.

To support and facilitate its management and human resource operations, FHWA maintains the FHWA Organization Information System (FOIS).  FOIS is a Web-based application that contains several modules related to the different FHWA program divisions.  One specific module, Emergency Contacts, contains and displays personally identifiable information (PII) on members of the public.  The FOIS Emergency Contacts module allows authorized FHWA users to maintain emergency contact information for all employees.  Because FHWA employees provide their own emergency contact information, the contact information in FOIS may include members of the public, such as  the employee’s spouse and two additional emergency contacts.  

The protection of the contact person’s privacy is a priority for FHWA.  Therefore, privacy management is an integral part of FOIS.  Privacy management utilizes proven technology, sound policies and procedures, and proven methodologies.  The FHWA and DOT Privacy Offices and FHWA Information System Security Officer (ISSO) have been involved in on-going privacy and security reviews of the current environment.  This involves interviews with key individuals involved with FOIS to ensure that all uses of personally identifiable information (PII), along with the risks involved with such use, are identified and documented. 

The privacy management process is built upon a methodology that is designed to help ensure that DOT and FHWA will have the information, tools, and technology necessary to manage privacy effectively and employ the highest level of fair information practices while allowing FHWA to achieve its mission of protecting and enhancing a most important U.S. transportation system.  The methodology is based upon:  establishing priority, authority, and responsibility; and using a cross-functional privacy management team to ensure input from systems architecture, technology, security, legal, and other disciplines necessary to ensure that an effective privacy management program is developed.

Internal DOT/FHWA resources will be involved in reviewing the technology, data uses, and associated risks.  They will also be involved in developing the necessary redress systems and training programs as well as developing effective policy, practices, and procedures to ensure that fair information practices are complied with.  The policies will effectively protect privacy while allowing DOT/FHWA to achieve its mission.

Once the policy, practices, and procedures are developed, they must be implemented.  This involves training of all individuals who will have access to and/or process personally identifiable information.  Due to changes in technology, personnel, and other aspects of any program, effective privacy management requires that technology and information be available to the privacy management team to ensure that privacy policies, practices, and procedures continue to reflect actual practices.  Regular monitoring of compliance with privacy policies, practices, and procedures will be required.  This step involves the development and implementation of an effective redress and audit system to ensure that any complaints can be effectively addressed and corrections made if necessary.

PII and FOIS

The PII displayed in the FOIS Emergency Contacts module includes the FHWA employee name, home mailing address, cell phone number, home telephone number, name of the employee’s spouse and two designated emergency contacts, who may be members of the public.  The information is provided by the FHWA employee via an online form on the FHWA internal employee web site.  Although the data is displayed in FOIS, the actual PII is stored in another FHWA system called the User Profile and Access Control System (UPACS) database.  A Privacy Impact Assessment for UPACS may be found at http://www.dot.gov/pia/fhwa_upacs.htm

Why FOIS Collects Information

FOIS collects PII and non-PII to allow for emergency contact of FHWA employees or their designated next-of-kin (e.g., spouse and two designated emergency contacts).  FOIS does not use PII for any secondary purposes that might require consent unless otherwise authorized by law. 

How FOIS Uses Information

The PII contained in FOIS will be used solely for the purpose of emergency contact of FHWA employees or their designated next-of-kin by authorized individuals with FHWA and DOT.  FHWA does not normally disseminate the data to other agencies nor does it normally release the data to outside parties.  However, in cases in which other Federal agencies records or interests are involved, consultation with or referral to those agencies may require transfer of the request-specific PII. 

How FOIS Will Share Information

FOIS does not share PII in any way with external agencies or entities, except as described above, or as required by law.  Only approved FHWA staff and contractors have regular access to the system. 

How FOIS Initialization Provides Notice and Consent

FOIS does not use PII for any secondary purposes that might require consent unless otherwise authorized by law.  This PIA serves as notice to any members of the public, in this case the FHWA employee’s spouse or other designated next-of-kin for emergency contact purposes, whose information may be contained in the system.

How FOIS Ensures Data Accuracy

The PII that is maintained in FOIS is updated periodically by the FHWA employee in order to ensure integrity and accuracy of the data.   In addition, FOIS has an email notification process which advises FHWA program co-coordinators to review and make updates to the system.  It is their responsibility to work with the employees to ensure the data accuracy.  As noted above, the PII is stored in UPACS and each employee is responsible for reviewing and updating their own information.   

How FOIS Provides Redress

At any time, an individual may contact the FHWA Privacy Office through the public web site and ask questions on privacy.  This contact information is provided in the Privacy Policy posted visibly on the FHWA web site.

How FOIS Secures Information

Physical access to the server that houses FOIS is limited to appropriate personnel through building key cards and room-access keypads. Personnel with physical access have all undergone and passed DOT background investigations.  Access to PII in the system is limited according to job function.

FOIS has taken all required security measures to safeguard PII and other sensitive data.  FOIS has applied all DOT security standards, including but not limited to, routine scans and monitoring, back-up activities, and background security checks.  FOIS will control access privileges according to the “minimum necessary” rule.  

Access to the FOIS modules, including Emergency Contacts, is controlled from the FOIS Access Rights page in the User Profile and Access Control System (UPACS) database.  As indicated above, a Privacy Impact Assessment for UPACS may be found at http://www.dot.gov/pia/fhwa_upacs.htm.  The FOIS Access Rights page has a section for every module in FOIS and individuals are granted access by the System Owner(s).

ROLE

ACCESS

SAFEGUARDS

User (Level 1)

  • Users can View, Update, and Print PII information within specified Organization(s).
  • Passwords expire after a set period
  • Minimum length of passwords is 8 characters
  • Passwords must be combination of alpha/numeric/special characters
  • Accounts are locked after a set number of incorrect log-in attempts

User (Level 2)

  • Users can View, Update, and Print PII information for all FHWA offices.
  • Passwords expire after a set period
  • Minimum length of passwords is 8 characters
  • Passwords must be combination of alpha/numeric/special characters
  • Accounts are locked after a set number of incorrect attempts

How Long FOIS Retains Information

FHWA will retain information for employees in the FOIS Emergency Contacts module for as long as they are employed at FHWA.  Once the employee leaves FWHA, the record is deleted.

System of Records

FOIS has been reviewed and it has been determined that a system of records notice, subject to the Privacy Act, is applicable.  DOT is currently in the process of complying with the requirements of the Privacy Act, including posting a Privacy Act System of Records Notice (SORN) that will cover this and similar systems within DOT.