PRIVACY IMPACT ASSESSMENT

Investigations Tracking System (ITS)

September 1, 2004

Table of Contents

Overview of OST (OST) privacy management process for ITS
Personally-Identifiable Information (PII) and ITS
Why ITS collects information
How ITS uses information
How ITS shares information
How ITS provides notice and consent
How ITS ensures data accuracy
How ITS provides redress
How ITS secures information
System of records

Overview of OST (OST) privacy management process for ITS

The Office of the Secretary (OST), within the Department of Transportation (DOT), has been given the responsibility of formulating national transportation policy and promoting intermodal transportation. Other responsibilities include negotiation and implementation of international transportation agreements, assuring the fitness of US airlines, enforcing airline consumer protection regulations, issuing regulations to prevent alcohol and illegal drug misuse in transportation systems, improving the security of the national transportation system, and preparing transportation legislation.[1]

As part of its support function for DOT, OST is responsible for ensuring that employees and contractors receive the appropriate background checks, investigations, and security clearances. To help fulfill this need, OST uses a Web-enabled system, Investigations Tracking System (ITS). ITS records, tracks, and provides reporting on employee and contractor investigations pertaining to security background checks and clearances.

Privacy management is an integral part of the ITS project. DOT/OST has retained the services of privacy experts to help assess its privacy management program, utilizing proven technology, methodologies, and sound policies and procedures.

The privacy management process is built upon a methodology that has been developed and implemented in leading companies around the country and globally. The methodology is designed to help ensure that DOT and OST will have the information, tools, and technology necessary to manage privacy effectively and employ the highest level of fair information practices while allowing OST to achieve its mission of protecting and enhancing all U.S. civil transportation systems. The methodology is based upon the following:

Establish priority, authority, and responsibility. Appoint a cross-functional privacy management team to ensure input from systems architecture, technology, security, legal, and other disciplines necessary to ensure that an effective privacy management program is developed.
Assess the current privacy environment. This involved interviews with key individuals involved in the ITS system to ensure that all uses of Personally Identifiable Information (PII), along with the risks involved with such use, are identified and documented.
Organize the resources necessary for the project’s goals. Internal DOT/OST resources, along with outside experts, are involved in reviewing the technology, data uses and associated risks. They are also involved in developing the necessary redress systems and training programs.
Develop the policies, practices, and procedures. The resources identified in the paragraph immediately above work to develop an effective policy or policies, practices, and procedures to ensure that fair information practices are complied with. The policies effectively protect privacy while allowing DOT/OST to achieve its mission.
Implement the policies, practices, and procedures. Once the policies, practices, and procedures are developed, they must be implemented. This involves training of all individuals who will have access to and/or process personally identifiable information. It also entails working with vendors to ensure that they maintain the highest standard for privacy while providing services to the OST project.
Maintain policies, practices, and procedures. Due to changes in technology, personnel, and other aspects of any program, effective privacy management requires that technology and information be available to the privacy management team to ensure that privacy policies, practices and procedures continue to reflect actual practices. Regular monitoring of compliance with privacy policies, practices, and procedures is required.
Manage exceptions and/or problems with the policies, practices, and procedures. This step involves the development and implementation of an effective redress and audit system to ensure that any complaints are effectively addressed and corrections made if necessary.

Personally-Identifiable Information (PII) and ITS

As a necessary condition of employment, DOT employees and contractors must agree to an investigation appropriate to their job role and its sensitivity. Also, as employee or contractor job roles change, it is sometimes necessary for that individual to receive additional checks or clearances. The ITS system uses both PII and non-PII data to record, track, and manage the investigation process for DOT employees and contractors. ITS also retains data on former DOT employees and contractors who have separated from the organization.

PII in ITS may include name, social security number, date of birth, place of birth, employment status, and results of fingerprint tests. For contractors, ITS contains home addresses. There are no home addresses in ITS for federal employees. In addition, for each employee or contractor record, ITS may also include dates of requested checks, results, and ITS staff notes on the investigation process. The ITS PII data can not be manipulated, only the background check information is accessible for editing.

In addition, ITS uses logon names and passwords to control access. Therefore, ITS will not allow entry into the system if incorrect information is provided by the OST user.

An individual’s PII enters the ITS system through regular downloads from the Consolidated Personnel Management Information System (CPMIS), or through data entry by designated ITS staff from paper forms submitted through DOT’s Human Resources functions or investigations organizations.

Why ITS collects information

ITS collects information in order to assist OST to record, track, and take action on DOT employee and contractor investigations that are a necessary condition of employment. The ITS system collects PII only when an individual is involved in a contracting or employment relationship with DOT.

How ITS uses information

Information in ITS is used by OST to track and report on the DOT employee and contractor investigation process. OST uses ITS PII to log stages in the investigation process, track the progress and results of investigations, and pass on the information to appropriate entities.

How ITS shares information

DOT employees and contractors sign a required release form for the investigation, along with their PII, to DOT’s HR or security departments. In the case of DOT employees, PII transmits through CPMIS to ITS. In the case of contractors, ITS staff manually enters data from paper forms. In both cases, individuals submitting to an investigation may use, a Web-enabled Office of Personnel Management (OPM) system, called Electronic Questionnaires for Investigations Processing (EQIP), to submit additional background information necessary to conduct the investigation in question. After the individual completes the information in EQIP, ITS staff members print EQIP information and mail to OPM, which in turn conducts the investigation. Then, OPM provides ITS staff the investigation results, which are manually entered into ITS.

ITS staff may use PII in the system to contact individuals undergoing an investigation and gather additional information necessary for the process.

ITS is also a Privacy Act system of records (SOR) and complies with the information sharing practices described in the Routine Uses section of its SOR notice.

How ITS provides notice and consent

Investigations are a necessary condition for employment or contracting with DOT. Also, as a SOR, ITS provides a SOR notice in the Federal Register. DOT does not use ITS PII for any other purpose, except as allowable by law.

How ITS ensures data accuracy

Designated ITS staff enter data into the system and are responsible for accurate data entry. ITS PII is received from CPMIS data, or through manual input of forms filled out by the individual in question. Periodically, ITS staff members compare ITS data to CPMIS updates. If there are inaccuracies, the ITS staff members work to reconcile the differences. Though designated ITS staff may catch and correct errors, there are no other formal data accuracy measures. If an OST analyst finds a data inaccuracy, he or she may contact the individual or conduct additional research and enter corrections to the data.

At any time, an individual may request a copy of his or her security file, if one exists, to view his or her PII. These requests may be made in person, or by email, telephone, letter, or fax. ITS staff members have authentication procedures in place to verify identity before making requested changes or providing access.

How ITS provides redress

At any time, an individual may contact an ITS staff member or the ITS System Owner, as designated in the Privacy Act system of records notice, for redress of privacy issues.

How ITS secures information

The ITS system is housed in Washington, DC. Personnel with physical access have all undergone and passed DOT background checks. In addition, OST has obtained signed affirmations that all individuals accessing ITS have read and understand a terms and conditions statement that describes privacy expectations. ITS staff has been properly trained of privacy measures in ITS. This has been noted as a deficiency and is being addressed.

In addition to physical access, electronic access to PII in ITS is limited according to a matrix of job function and accounting activities. Different users are provided different levels of access.

OST controls access privileges through the following roles:

Personnel Security Specialist
Personnel Security Coordinator
Administrator

The following matrix describes the privileges and safeguards around each of these roles as they pertain to PII.

ROLE	ACCESS	SAFEGUARDS
Personnel Security Specialist	Initiate, read and update record.	The following safeguards apply: Passwords expire after a set period. Accounts are locked after 20 minutes of inactivity. Minimum length of passwords is eight characters. Accounts are locked after a set number of incorrect attempts.
Personnel Security Coordinator	Read only access.	The following safeguards apply: Passwords expire after a set period. Accounts are locked after a set period of inactivity. Minimum length of passwords is eight characters. Accounts are locked after a set number of incorrect attempts.
Administrator	Read, update, and delete data. Also, assign roles and privileges in system.	The following safeguards apply: Passwords expire after a set period. Accounts are locked after a set period of inactivity. Minimum length of passwords is eight characters. Accounts are locked after a set number of incorrect attempts.

ROLE

ACCESS

SAFEGUARDS

Personnel Security Specialist

Initiate, read and update record.

The following safeguards apply:

Passwords expire after a set period.
Accounts are locked after 20 minutes of inactivity.
Minimum length of passwords is eight characters.
Accounts are locked after a set number of incorrect attempts.

Personnel Security Coordinator

Read only access.

The following safeguards apply:

Passwords expire after a set period.
Accounts are locked after a set period of inactivity.
Minimum length of passwords is eight characters.
Accounts are locked after a set number of incorrect attempts.

Administrator

Read, update, and delete data. Also, assign roles and privileges in system.

The following safeguards apply:

Passwords expire after a set period.
Accounts are locked after a set period of inactivity.
Minimum length of passwords is eight characters.
Accounts are locked after a set number of incorrect attempts.

Access for all ITS users must be granted by an Administrator, who also sets privileges.

System of records

ITS is a Privacy Act system of records, because it is searched by an individual’s name and social security number. The Privacy Act system of records notice that applies to ITS is DOT/OST 035 Personnel Security Record System, found in the Federal Register. OST has certified and accredited ITS in accordance with DOT requirements.

[1] http://www.dot.gov/ost/