Privacy Impact Assessment – Electronic Learning System - Content
ELS - Content System Overview
This Privacy Impact Assessment is for the E-Learning ELS-Content server from within IRS and Treasury firewalls. The primarily purpose of this server will be for storing learning content that will consist of course content (.asp, .htl, audio, graphics) text-based mandatory briefings, PowerPoint slides, and video files. The course content will be for Smartforce, Intellenix, teach.com, and Skillsoft courses that can be accessed by all IRS/Treasury Employees. The employees will access the course through the main server ELS-WEB formally Sit-Web.
Data in the System
1. Describe the information (data elements and fields) available in the system in the following categories:
A. Taxpayer
B. Employee
C. Audit Trail Information (including employee log-in info)
D. Other (Describe)
A. No taxpayer data will be maintained.
B. No Employee information will be maintained.
C. The Audit Trail information elements gathered are:
Account Logon – Failed Attempts
Logon – Failed Attempts
D. The server will only contain course material.
2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.
A. IRS
B. Taxpayer
C. Employee
D. Other Federal Agencies (List agency)
E. State and Local Agencies (List agency)
F. Other third party sources (Describe)
A. None
B. None
C. Employee SSN, email address, name of employee’s manager, and manager’s email address are provided by individual IRS & Treasury employees who access the ELS-LMS server to create a new account or enroll and take on-line courses from the website. Once the employee has logged into the website and launch a course the ELS-Web server redirects to the ELS-Content server to retrieve the course material.
D. None
E. None
F. None
3. Is each data item required for the business purpose of the system? Explain.
Yes, Title 5 of the Code of Federal Regulation, Section 410.311 requires agencies to maintain record of training events. The date item that is required from this server is the course number/course material.
4. How will each data item be verified for accuracy, timeliness, and completeness?
Whether or not a course is actually completed is an integrity issue. We have to depend on the integrity of employees that they will mark their course complete only when this is true. None of the employee’s information will be stored on this server.
5. Is there another source for the data? Explain how that source is or is not used.
No. Individuals are responsible for the accuracy of their own data they use to create their E-Learning account.
6. Generally, how will data be retrieved by the user?
Each employee can only access their own E-learning account bb SSN via the main web site ELS-Web. Their account lists the on-line course titles they are enrolled in, completed and dropped.
7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier?
To access their E-learning account data, an employee must input their SSN, much like OPM’s Employee Express system. Only Systems, Database, Course and Web Administrators from ELS can access the Employee E-learning account database files.
Access to the Data
8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?
System Administrators
Course Administrators
Web Masters
Interface
Programmer
Database Administrator
9. How is access to the data by a user determined and by whom?
User (students of thee-learning Services and Support (ELS) can only access their own account. Web Masters have read, write, and edit privileges and access to the student, course, course launch databases, tables, and program files. Systems administrators have read and copy access to these files and the Course Administrators have read, write and edit privileges to the course database file and tables.
10. Do other IRS systems provide, receive, or share data in the system? If YES, list the system(s) and describe which data is shared. If NO, continue to Question 12.
NA This server contains course material only. Once users logs in via ELS-Web they are redirected to this server for the course content.
11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment?
Currently, in the process of certification with an estimated completion date of 4/1/03.
12. Will other agencies provide, receive, or share data in any form with this system? NO
Administrative Controls of Data
13. What are the procedures for eliminating the data at the end of the retention period?
All course material will be retained indefinitely with the exception of revised material and then the content will be replaced.
14. Will this system use technology in a new way? If "YES" describe. If "NO" go to Question 15. No
15. Will this system be used to identify or locate individuals or groups? If so, describe the business purpose for this capability. No
16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring.
No. The only “monitoring” capability is the Bookmark Feature the employee activates if they choose to do so.
17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently? Explain. No.
18. Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action? Not applicable.
19. If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors?
Cookies are only “per session” cookies, while the student’s browser is open. Nothing is saved or written to the hard drive of the user’s/student’s system.
|
