July 29, 2004
Table of Contents
Overview of Federal Railroad Administration (FRA) privacy management process for CCM
Personally identifiable information (PII) and CCM
Why CCM collects information
How CCM uses information
How CCM shares information
How CCM provides notice and consent
How CCM provides redress
How CCM secures information
System of records
The Federal Railroad Administration (FRA), within the Department of Transportation (DOT), has been given the responsibility to carry out safety programs. FRA is responsible for promulgating and enforcing rail safety regulations; administering railroad assistance programs; conducting research and development in support of improved railroad safety and national rail transportation policy; providing for the rehabilitation of Northeast Corridor rail passenger service; and consolidating government support of rail transportation activities. The Controlled Correspondence Manager (CCM) system helps FRA fulfill this mission by providing automated assistance in tracking workflow. The CCM system provides FRA with the ability to track and control correspondence, Freedom of Information Act (FOIA) requests, complaints, waivers, one-time movements, and train horn quiet zones in a timely fashion.
Privacy management is an integral part of the CCM system. DOT/FRA has retained the services of privacy experts to help assess its privacy management program, utilizing proven technology, sound policies and procedures, and proven methodologies.
The privacy management process is built upon a methodology that has been developed and implemented in leading companies around the country and globally. The methodology is designed to help ensure that DOT and FRA will have the information, tools, and technology necessary to manage privacy effectively and employ the highest level of fair information practices while allowing FRA to achieve its mission of protecting and enhancing a most important U.S. transportation system. The methodology is based upon the following:
FRA is committed to maintaining timely responses to correspondence and other types of requests. CCM allows FRA to track responses and workload associated with requests, as well as maintain records of correspondence. FRA uses PII in CCM to contact individuals requesting responses, track status on responses and work associated with requests, and maintain records on some types of requests, such as FOIA requests.
CCM uses PII solely for the purpose of tracking and responding to correspondence, waivers, one-time movements, etc. FRA does not disseminate the data to other agencies nor does it release the data to outside stakeholders, except as allowed by law.
Only designated FRA employees and contractors have access to CCM data and then only as pertinent to their jobs and roles. At this time, FRA employees are granted access by one or more managers and are provided a password and logon, and a system administrator must load an application on that individual’s computer and assign him or her the appropriate privileges. In the future, CCM will become a Web-enabled system, accessed by designated FRA employees and contractors through an Intranet Website.
FRA does not share information with external agencies or other interested parties. All data that is containedwithin the CCM application is used for internal purposes only.
As a Privacy Act System of Records, CCM will provide notice of practices through its Privacy Act System of Records Notice. FRA does not use PII in CCM for any secondary purposes that might require consent.
Under the provisions of the Privacy Act, individuals may request searches of the CCM file to determine if any records have been added that may pertain to them. This is accomplished by sending a written notarized request directly to the CCM System Manager that contains name, and authentication information. FRA does not allow public access to the information stored in CCM except as allowed by law.
Under the provisions of the Privacy Act, individuals may contact the CCM system manager, as listed in the Privacy Act System of Records notice, with privacy questions and grievances.
The CCM system resides in a secure facility accessible only by designated employees who have undergone a background check.
In addition, access to CCM PII is limited according to job function. FRA controls access privileges according to the following roles:
The following matrix describes the levels of access and safeguards around each of these roles as they pertain to PII.
ROLE |
ACCESS |
SAFEGUARDS |
---|---|---|
Read Only |
|
Read Only user must have network password, manager permission and system administrator set-up. The following safeguards also apply:
|
Routing |
|
Routing user must have network password, manager permission and system administrator set-up. The following safeguards also apply:
|
Data Entry |
|
Data Entry must have network password, manager permission and system administrator set-up. The following safeguards also apply:
|
Administrator |
|
Data Entry must have network password, manager permission and system administrator set-up. The following safeguards also apply:
|