DEPARTMENT OF TRANSPORTATION
Office of the Secretary (OST)
PRIVACY IMPACT ASSESSMENT
June 7, 2008
TABLE OF CONTENTS
Overview of privacy management process for the GSS
Personally Identifiable Information (PII) and the GSS
Why the GSS collects PII
How the GSS uses PII
How the GSS shares PII
How the GSS provides notice and consent
How the GSS ensures data accuracy
How the GSS provides redress
How the GSS secures information
System of records
The mission of the Departmental Office of Civil Rights is to eliminate unlawful discrimination in Federal employment on the basis of race, color, national origin, sex, age, religion, sexual orientation, and disability. Civil rights laws also protect individuals from reprisal/retaliation for bringing discriminatory conduct to the attention of the appropriate officials, participating in an investigation, or opposing discriminatory practices. In addition, various Federal laws prohibit discrimination based on race, color, national origin, age, and disability in programs or activities receiving Federal financial assistance. It is our mission to ensure the Department’s adherence to internal and external civil rights laws, regulations, and Executive Orders.
As part of its support function for DOT, DOCR responsible for investigating and tracking discrimination complaints as mandated by Title VI and VII of the Civil Rights Act of 1964. To help fulfill this need, DOCR uses a Web-enabled system, the GSS, which records, tracks, and provides reporting on discrimination complaints against DOT. The GSS is managed by DOCR and is used and accessed by authorized Civil Rights personnel throughout DOT.
Privacy management is an integral part of the GSS. DOCR has retained the services of privacy experts to help assess its privacy management program, utilizing proven technology, methodologies, and sound policies and procedures.
The privacy management process is built upon a methodology that has been developed and implemented in leading companies around the country and globally. The methodology is designed to help ensure that DOCR will have the information, tools, and technology necessary to manage privacy effectively and employ the highest level of fair information practices while allowing DOT to achieve its mission of protecting and enhancing all U.S. civil transportation systems. The methodology is based upon the following:
Establish priority, authority, and responsibility. Appoint a cross-functional privacy management team to ensure input from systems architecture, technology, security, legal, and other disciplines necessary to ensure that an effective privacy management program is developed.
Assess the current privacy environment. This involved interviews with key individuals involved in the GSS system to ensure that all uses of Personally Identifiable Information (PII), along with the risks involved with such use, are identified and documented.
Organize the resources necessary for the project’s goals. Internal DOT/OST resources, along with outside experts, are involved in reviewing the technology, data uses and associated risks. They are also involved in developing the necessary redress systems and training programs.
Develop the policies, practices, and procedures. The resources identified in the paragraph immediately above work to develop an effective policy or policies, practices, and procedures to ensure that fair information practices are complied with. The policies effectively protect privacy while allowing DOT/OST to achieve its mission.
Implement the policies, practices, and procedures. Once the policies, practices, and procedures are developed, they must be implemented. This involves training of all individuals who will have access to and/or process personally identifiable information. It also entails working with vendors to ensure that they maintain the highest standard for privacy while providing services to the OST project.
Maintain policies, practices, and procedures. Due to changes in technology, personnel, and other aspects of any program, effective privacy management requires that technology and information be available to the privacy management team to ensure that privacy policies, practices and procedures continue to reflect actual practices. Regular monitoring of compliance with privacy policies, practices, and procedures is required.
Manage exceptions and/or problems with the policies, practices, and procedures. This step involves the development and implementation of an effective redress and audit system to ensure that any complaints are effectively addressed and corrections made if necessary.
The GSS system uses both PII and non-PII data to record, track, and manage discrimination complaints against DOT. DOT takes discrimination seriously, and it tracks and investigates complaints submitted by DOT employees, applicants, disadvantaged business enterprises, and members of the general public. DOCR must respond to discrimination complaints against DOT and respond to each complaint within 180 days. DOCR uses necessary PII (name, address, phone numbers) to investigate complaints as needed. In addition, DOCR must submit period reports on the status of its Civil Rights program to the EEOC and Department of Justice (DOJ).
An individual’s PII enters the GSS system when that person (1) files a discrimination complaint, (2) is a witness to an alleged discriminatory act, or (3) has been named as committing an alleged discriminatory act. For all three categories of individuals, PII in the GSS includes the name, last four digits of a filer’s social security number, mailing address. It may also include the individual’s email address, home telephone number, and similar PII contained in related legal documents.
In addition, the GSS uses login credentials to control access by authorized DOT personnel. Therefore, the GSS also contains the name, phone number, and organization of each DOT user and associates the data with that individual.
DOT is required by law to conduct investigations on complaints of discrimination. The GSS collects PII in order to assist DOT with its investigations and meet Federal reporting requirements. The GSS is a standalone system; it does not interface with any other DOT information technology (IT) system or other external systems. The GSS system collects PII only when an individual is involved in a discrimination complaint.
PII in the GSS is used by DOT to investigate discrimination complaints and create yearly and quarterly reports to meet Federal reporting requirements. During the investigation process, DOT may use the GSS PII to contact individuals, research facts, and pass on appropriate information to judges, attorneys, and other parties directly involved in the investigation and only on a need-to-know basis.
Only Civil Rights personnel access and use PII in the GSS. In addition, DOCR may share PII through system generated reports with Administrative judges, Federal judges, attorneys, and others involved with a discrimination complaint. GSS system administrators and authorized personnel in each operating Administration have access to complaint information containing PII.
The GSS complies with the information sharing practices described in the Routine Uses section of its Privacy Act system of records notice – EEOC/GOVT-1 (Equal Employment Opportunity in the Federal Government Complaint and Appeal Records (July 30, 2002, 67 FR 49338).
Entry of PII into the GSS is a necessary condition of involvement with a discrimination complaint. Individuals involved with a complaint are made to understand, through an interview process, that they are providing PII for a complaint. DOCR does not use the GSS PII for any other purpose.
PII is received through an initial interview with an investigator, either from the individual directly or through the interview about another individual involved in the complaint. Authorized Civil Rights personnel located in each Operating Administration enter data into the system and are responsible for the accuracy of those data. If any inaccuracies are noted, designated Civil Rights personnel will conduct further research and enter corrections to the data. At any time, an individual may contact his or her investigator to review his or her personal data and request changes, as appropriate.
A complainant may request that his or her investigator address privacy questions or concerns. Also, a complainant (or complainant representative) may contact the system owner for redress of privacy issues. Anyone with a privacy concern also may contact the DOT Privacy Office at privacy@dot.gov.
The GSS system is hosted and administered by personnel having passed required DOT background checks. The system was certified and accredited by an independent entity in May of 2008.
Electronic access to PII in the GSS is limited depending upon job function and accounting activities. Different users are provided different levels of access. Access for all the GSS users must be granted by an Administrator, who also sets privileges.
DOCR controls access privileges through the following roles:
The following matrix describes the privileges and safeguards around each of these roles as they pertain to PII.
| ROLE | ACCESS |
SAFEGUARDS |
|---|---|---|
Case Manager |
Add, view, update, and assign complaints. |
The following safeguards apply:
|
Case Processor |
Add, view, and update complaint information. |
The following safeguards apply:
|
Investigator |
Read-only data for cases assigned to him or her. |
The following safeguards apply:
|
Regional Director |
Enter and update cases assigned to his or her region. |
The following safeguards apply:
|
Administrator |
Assign roles and privileges in system, view case information. |
The following safeguards apply:
|
Super User |
Assign roles and privileges in system, view, add, change all information. |
The following safeguards apply:
|
Complaints stored in the GSS are generally maintained for seven years, after which they are permanently archived in electronic and paper format.
The GSS is covered by the following Privacy Act System of Records Notices: