Introduction
WebTA is replacing the FBI’s
current paper-based collection system with a
commercial off-the-shelf (COTS) product providing
Bureau employees with an online, web-based system
to record their time and attendance data. It
will interface with several legacy FBI systems,
as well as generate an automated interface with
the National Finance Center (NFC).
The following are the primary goals of FBI's
WebTA project:
- Provide an online, easy-to-use, intranet-based
time and attendance system, deployed world-wide
to every FBI facility, with which all Bureau
employees will record their time and attendance
information, including Time Utilization and Record
Keeping (TURK) information.
- Give supervisors the capability to review and
certify their employees' electronic timesheets
online;
- Eliminate paper-based timecards;
- Eliminate the need for entry clerks to enter
employees' time and attendance data;
- Retire the current Automated Time Capture System
(ATCS);
- Interface with the existing Mainframe TURK
System; and,
- Interface with the National Finance Center
(NFC) for offsite payroll processing.
Below is an assessment of the privacy impact of
WebTA.
Section 1.0 Information collected and maintained
1.1 What information is to be collected?
WebTA will collect time and attendance (T&A)
and time utilization and recordkeeping (TURK) data
for FBI personnel. The personally identifiable
information being collected includes: name; social
security number; date of birth; Bureau and home
addresses; and employee telephone numbers. To assist
agents with entering their TURK data, the system
stores the activity classification types and major
case types so that agents can correlate their work
hours to the workload of the Bureau. These categories
are pre-defined by the Director's staff and are
provided from the legacy system.
1.2 From whom is information collected?
All FBI employees and detailees who receive a direct salary from the Bureau
must provide the information. Non-FBI employees under contract are not included.
Section
2 The Purpose of the System and the Information
Collected and Stored within the System
2.1 Why is the information being collected?
The information is collected to ensure an accurate payroll distribution and to
collect TURK data required for Congressional reporting of agent resource utilization.
2.2 What specific legal authorities/arrangements/agreements define the collection
of information?
The collection of data is required by general recordkeeping statutes, 5 U.S.C.
301 and 44 U.S.C. 3101, and is in accordance with 5 U.S.C. Chapters 61 and 63
as well as 5 C.F.R. Part 630. TURK data is collected under the authority of 31
U.S.C. 66a.
Section 3.0 Uses of the system and the information
3.1 Describe all the uses of information.
The information collected supports two principle functions: (1) Payroll Administration
(that is, pay and leave administration); and (2) TURK Congressional reporting
provided annually to Congress on special agent resource utilization and workload
activity. The data may also be used to perform aggregate workforce analyses and
to provide details in individual instances involving internal investigations
or other personnel management matters.
3.2 Does the system analyze data to assist users in identifying previously unknown
areas of note, concern, or pattern (sometimes referred to as data mining)?
The primary function of WebTA is to support pay and leave administration and
facilitate TURK reporting. No tools to perform data mining are specifically built
into the system. As noted in the previous response, however, aggregate workforce
analyses can be performed using WebTA and external analytical tools.
3.3 How will the information collected from individuals or derived from the system
be checked for accuracy?
Because employees enter their own data, and because pay and benefits depend on
accuracy, there is an incentive to ensure that the information is correct. The
data are also verified by a supervisor or designated time administrator. In addition,
the data are screened by the NFC for anomalies to ensure data integrity required
for payments. Similarly, TURK data relies on individual reporting for accuracy,
but can be verified at the supervisor level.
3.4 What is the retention period for the data in the system. Has the applicable
retention schedule been approved by the National Archives and Records Administration
(NARA)?
For T&A data electronically transmitted to the NFC, the Bureau must maintain
the certified T&A report (printout and worksheet) and all appropriate supporting
documentation for a six-year period in compliance with the National Archives
and Records Administration (NARA) General Records Schedule (GRS)-2, Item 8, and
the Government Accountability Office audit requirements. The NFC will maintain
the personal payment history required in Fair Labor Standard Act cases and court
ordered restorations as cited in the supplemental authorization NC1-16-79-5 to
GRS-2. WebTA will not be storing and retaining TURK data; after collection, it
is transferred to the TURK system each pay period. In that system, electronic
records are retained for a period of three years and hard copy records are retained
in accordance with GRS 8, Items 7 and 8.
3.5 Privacy Impact Analysis: Describe any types of controls that may be in place
to ensure that information is handled in accordance with the above described
uses and describe why the information is being retained for the indicated period.
For example, is appropriate use of information covered in training for all users
of system? Are strict disciplinary programs in place if an individual is found
to be inappropriately using the information?
WebTA will be subject to periodic audits to ensure that the data are being handled
in accordance with established protocols. Procedures are in place to discipline
individuals who misuse the data in the legacy T&A system and these procedures
will apply to WebTA. Because the system is built on role-based access, individual
employees should not have access to more than their own information and timekeepers
and supervisor access will be strictly on a need-to-know basis.
Section 4.0 Internal Sharing and
Disclosure of Information within the System
4.1 With which internal organizations of the Department is the information shared?
The information is shared internally where there is a need to know. Accordingly,
it is shared each pay period with the Payroll Administration and Processing Unit
(Finance Division) and the Human Resources Management Section (Human Resources
Division) depending on need. The Inspection Division and Office of Professional
Responsibility may also obtain access on an ad hoc basis. As the primary office
that provides administrative support services to the Department of Justice (DOJ),
the DOJ Justice Management Division also has access to the data.
4.2 For each component or office, what information is shared and for what purpose?
All data in WebTA is available to the Payroll Administration and Processing Unit
staff for the purpose of providing employee customer service regarding error
corrections and reconciliation of leave balances at NFC, should a processing
error occur. The Human Resource Management Section employees need the data to
perform their core functions supporting personnel line of business practices.
The Inspection Division and Office of Professional Responsibility may obtain
access to individual accounts to conduct inquiries or for oversight purposes.
The Justice Management Division has access to support its overall administrative
functions.
4.3 How is the information transmitted or disclosed?
The information is transmitted each pay period as an electronic file. Other reports
may be transmitted by printout or in electronic format.
4.4 Privacy Impact Analysis: Considering the extent of internal information sharing,
discuss what privacy risks were identified and how they were mitigated. For example,
if another Departmental component, office, or organization has access to the
system that your office controls, discuss how access controls have been implemented
and whether audit logs are regularly reviewed to ensure appropriate sharing of
information.
The T&A data in WebTA has been determined to be sensitive but unclassified
information (SBU). The data for TURK are classified at the secret level. The
data are entered, processed and stored on a secret level system due to the TURK
interface. To ensure the privacy of the information, role-based access is employed
so that only those who need access to the information have access to it. Audit
logs will be generated and periodically reviewed to ensure compliance.
Section 5.0
External sharing and disclosure
5.1 With which external (non-DOJ) recipients is the information shared?
The T&A data are shared with the US Department of Agriculture, National Finance
Center, Personnel and Payroll Center. The TURK data are shared primarily through
aggregate, non-identifying reports to the Congress, the Government Accountability
Office and the Office of Management and Budget.
5.2 What information is shared and for what purpose?
The T&A data are shared with NFC for the purpose of processing and disbursing
employee payroll. The data consists of time codes that represent different T&A
work hour activities used over one pay period of time (two weeks) and personally
identifiable information to associate the codes with an individual employee or
detailee. The shared TURK data consist of hours spent on specific case-related
activities and are shared for reporting and oversight purposes. These data are
not sent to NFC.
5.3 How is the information transmitted or disclosed?
The T&A data are transmitted via a secure virtual private network (VPN) established
between the FBI and the DOJ Justice Data Center (JDC). The JDC is connected to
the NFC. The FBI data is transmitted using an automated feature called "Direct
Connect" that delivers data files directly to the NFC in a secure manner.
TURK data are not transmitted. Information dissemination is primarily in written
reports.
5.4 Are there any agreements concerning the security and privacy of the data
once it is shared? If possible, include a reference to and quotation from any
MOU, contract, or other agreement that defines the parameters of the sharing
agreement.
The DOJ has an Interagency Agreement with the NFC for the purposes of processing
all DOJ personnel and T&A data. As a component of the DOJ, the FBI is not
required to establish a separate agreement. The sharing of TURK data that occurs
does not require an MOU. Information security is governed by the following NFC
security policies and standards:
a. External Laws and Regulations
1. Public Law 100-235, “Computer Security Act of 1987”
2. Public Law 93-579, “Privacy Act of 1974”
3. Public Law 93-502, “Freedom of Information Act”
4. Public Law 99-474, “Computer Fraud and Abuse Act”
5. OMB Circular No. A-130 Appendix III, “Security of Federal Automated
6. OMB Circular No. A-123, “Management Accountability and Control,” June
29,1995
b. USDA Internal Regulations
1. R 3140-001, “USDA Information Systems Security Policy” dated may
15, 1996
c. NFC Title: VII, Management and Administrative Directives Manual
1. Chapter: 11 – “Information Systems Management”
5.6 What type of training is required for users from agencies outside the FBI
prior to receiving access to the information?
NFC employees must attend mandatory information security training and attain
FBI trusted-partner security clearances. They also are required to attend training
on subjects prescribed in their individual development plans (IDP). The IDP varies
per employee depending on the employee's knowledge, skill and ability to perform
payroll functions.
5.7 Privacy Impact Analysis: Given the external sharing, what privacy risks were
identified and describe how they were mitigated. For example, if a decision was
made to limit external sharing, include such a discussion.
Development of the WebTA system aligns with the President's E-Payroll Initiative
to standardize and consolidate government-wide Federal civilian payroll services
and processes to better integrate payroll, human resources, and finance functions.
Risks from the external sharing of data have been identified and mitigated by
development of appropriate architecture to permit secure transmission of the
data to the NFC and by protocols at the NFC for handling the data. Because the
TURK data are shared externally primarily through aggregate reporting, the impact
on privacy is minimal.
Section 6.0 Notice
6.1 Was any form of notice provided to the individual
prior to collection of information?
A communication plan has been developed to ensure that employees are fully
aware of the implementation of the WebTA system. The plan includes dissemination
of printed material and email communications.
6.2 Do individuals have an opportunity and/or right to decline to provide information?
Individuals can decline to provide information in WebTA, but in consequence,
their paychecks, leave balances and other administrative accounts may be inaccurate.
Because it is generally agreed that some form of workload measurement system
is necessary, providing information in TURK for those employees covered by
that system is mandatory.
6.3 Do individuals have an opportunity to consent to particular uses of the
information? If such an opportunity exists, what is the procedure by which
an individual would provide such consent?
Participation in WebTA signifies consent on the part of an individual that
the information can be shared for payroll and related purposes. Acceptance
of a position covered by TURK reporting requirements signifies consent to provide
timekeeping information.
6.4 Privacy Impact Analysis: Conspicuous and transparent notice allows individuals
to understand how their information will be used and disclosed. Describe how
notice for the system was crafted with these principles in mind or if notice
is not provided, what was the basis for this decision.
There is little risk to employees based on lack of notice because a comprehensive
communication plan has been developed to ensure that employees are adequately
apprised of the system and their role in participating in it.
Section 7.0 Individual Access, Redress and Correction
7.1 What are the procedures that allow individuals the opportunity to seek access
to or redress of their own information?
All relevant recorded information is made available to employees in their bi-weekly
pay stubs. Individuals have access to their data via a secure connection using
personal identification and passwords. Any discrepancies in the data are reported
to the individual’s supervisor; the timekeeper can submit a corrected record
if necessary. The TURK data is similarly available to employees for input, verification
and correction purposes.
7.2 How are individuals notified of the procedures for seeking access to or amendment
of their information?
Notification is part of the communications plan and training that will be provided
to employees as part of the deployment of the system. New employees will be informed
at the time of their hiring.
7.3 If no opportunity to seek amendment is provided, are any other redress alternatives
available to the individual?
N/A
7.4 Privacy Impact Analysis: Discuss any opportunities or procedures by which
an individual can contest information contained in this system or actions taken
as a result of agency reliance on information in the system.
As the foregoing indicates, individual employees have ample opportunity to ensure
the accuracy of their T&A and TURK data and can make corrections as necessary.
It is in the interest of individual employees and the Bureau as a whole to have
accurate data in this system.
Section 8.0 Technical Access and Security
8.1 Which user group(s) will have access to the system? (For example, FBI program
managers, IT specialists, analysts, task force members, etc.)
Each FBI employee will have access only to his or her own data in the system,
and user IDs and passwords will be required to prevent unauthorized access. Timekeepers
and supervisors will also have access to the data for verification purposes.
The Payroll Administration and Processing Unit staff will have access for the
purpose of providing employee customer service and the Human Resource Management
Section will have access in order to accomplish their personnel functions. The
Inspection Division and Office of Professional Responsibility may also obtain
access to individual accounts to conduct inquiries or for oversight purposes.
8.2 Will FBI contractors have access to the system? If so, please submit a copy
of the contract describing their role along with this PIA.
No
8.3 Does the system use “roles” to assign privileges
to users of the system?
Yes.
8.4 What procedures are in place to determine which users may access the system
and are those procedures documented?
Role-based access following the doctrine of least privilege is documented in
the concept of operations for WebTA.
8.5 How are the actual assignments of roles and rules verified according to established
security and auditing procedures?
The WebTA system resides on the Application Server Farm (ASP) and assigned roles
and access controls for individuals are described in the ASP System Security
Plan, dated February 16, 2005. User profiles are employed to ensure appropriate
assignment of roles and are updated as necessary to accommodate personnel and
system changes.
8.6 What auditing measures and technical safeguards are in place to prevent misuse
of data?
A daily audit log is maintained by the WebTA application and reviewed by the
Information System Security Officer (ISSO) of the application. The ISSO will
alert the Information System Security Manager (ISSM) of any abnormal consequences
when monitoring the logs. Audit logs can be maintained until no longer needed,
according to NARA, GRS 20. While the data will be retained for six years, the
logs will be kept for one year, or pending system administration review, whichever
is later.
8.7 Describe what privacy training is provided to users either generally
or specifically relevant to the functionality of the program or system?
Privacy and security training is provided to all FBI employees as a condition
of employment and specific training is provided for FBI employees with access
to sensitive data.
8.8 Is the data secured in accordance with FISMA requirements?
If yes, when was Certification & Accreditation last completed?
Yes. The initial Certification and Accreditation is in process and will be completed
before the system is implemented.
8.9 Privacy Impact Analysis: Given access and security controls, what privacy
risks were identified and describe how they were mitigated. For example, if a
decision was made to tighten access controls by restricting access to specific
users, include such a discussion.
Both T&A data and TURK information is sensitive and highly personal. Rules
have therefore been established to limit access strictly to those with a need-to-know.
Sharing is permitted primarily to facilitate payroll business processes.
Section 9.0 Technology
9.1 Was the system built from the ground up or purchased and installed?
The WebTA system is a modified commercial-off-the-shelf (COTS) product acquired
from Kronos Software; it was purchased and installed by the FBI Office of Information
Technology Program Manager.
9.2 Describe how data integrity, privacy, and security were analyzed as part
of the decisions made for your system.
Because data integrity, privacy and security are integral to the successful operation
of WebTA, the decision to use Kronos Software, as modified for Bureau use, was
guided by these factors. The COTS product, WebTA used for the collection of T&A
data, uses an Oracle database to store the data. The Oracle database, under the
control of the FBI is a secure data center. All data transfers to or from the
Oracle database must be certified and accredited and granted "Authority
to Operate" before being enabled.
9.3 What design choices were made to enhance privacy?
To enhance privacy, the system design was required to provide role-based security
and user ID and password access in a configuration that would be under the control
of the FBI. In addition, the creation of a secure VPN to transmit data to the
FBI was added to ensure the privacy and security of the information.
Section 10.0 Data flow map
Provide a data flow map which depicts the information collected and how it is
maintained, used, and disseminated by the system and/or program.
See Appendix A.
Conclusion
Conversion of the Bureau's paper-based time and attendance and TURK reporting
systems to a secure and easy-to-use web-based system will streamline internal
Bureau business processes and simplify payroll, finance and reporting requirements.
In developing WebTA, the FBI was mindful of the sensitivity of the data at issue
and the privacy and security concerns attendant to the data. WebTA was structured
in ways to mitigate any adverse effects on privacy and security.
|