Privacy
Impact Assessment for the
Atlanta Division’s Bank Robbery Database
September 7, 2006
Contact
Point
I.A. Douglas H. Jones
Atlanta Division
Field Intelligence Group
(404) 417-3849
Reviewing Officials
Patrick W. Kelley
Privacy and Civil Liberties Officer
Office of the General Counsel
Federal Bureau of Investigation
Department of Justice
Jane
C. Horvath
Chief Privacy Officer and Civil Liberties Officer
Department of Justice
Introduction
Microsoft
Access is a relational database management system widely
used by computer programmers to create databases in which
data can be easily manipulated for multiple purposes. Using
data derived from FBI reports, the Atlanta Division, Field
Intelligence Group (FIG), intends to create a Microsoft
Access database to enhance its information resources for
investigations and analysis. The database will facilitate
the work of the Atlanta Division in tracking bank robbery
trends and patterns of activity and in preparing statistical
analyses. Because the information to be included in the
database is derived from data already maintained by the
FBI, and because the database will be used for internal
purposes only, there are no significant privacy risks associatedwith
the creation of this database.
Section
1.0
The System and the Information Collected and Stored within
the System.
1.1
What information is to be collected?
The database will store data derived from FD-430s and “Letter
Head Memorandums” (LHM) prepared by Special Agents
(SA) as part of bank robbery investigation. More specifically,
the information to be collected includes: bank name and
type, street address, and city; modus operandi; day of the
week; time of day; robbery subject description, name if
available, weapon description, method of escape; note contents
and characteristics (as applicable), loss amount, and case
file number.
1.2
From whom is the information collected
FBI Special Agents are required to complete FD-430s and
LHMs in connection withthe investigation of bank robberies.
These forms document all relevant facts of the robbery and
would be used as the primary source of data entered into
the Access database.
Section
2.0
The Purpose of the System and the Information Collected
and Stored within the System.
2.1
Why is the information being collected?
The data stored in the Access database will be used to support
bank robbery investigations. The information/data, otherwise
maintained in the Central Records Systems primarily in the
91 classification, and accessible internally through the
Automated Case Support system, is derived from FD-430s and
LHMs and is entered into the Access database for investigatory
and statistical reporting purposes. For example, the data
could be used to identify serial bank robbers by linking
similar modus operandi, similar physical descriptions, and
similar “get-away” vehicle descriptions.
Section
3.0
Uses of the System and the Information.
3.1
Describe all uses of the information.
The Access database will provide the ability to conduct
data inquiries pertaining to:
Bank name, street address, and city;
Modus Operandi; (Day of the week; time of day; subject’s
actions, method of escape)
Verbal statements made by robbery subject;
Note contents and characteristics;
Robbery subject description, number of subjects, or
subject name(s);
Weapon description;
Case file number; and
Loss amount.
The database will also provide a variety of reports for
statistical purposes. For example, reports could be produced
on the number of cases assigned to a specific SA; number
of robberies that have occurred in a specific year, month,
or day, as well as the number of robberies that have occurred
to a specific bank or in a specific city.
Section
4.0
Internal Sharing and Disclosure of Information within the
System.
4.1
With which internal components of the Department is the
information shared?
The database will be accessible by those individuals who
have authorized access to the “Bank Robbery Squad’s”
(Squad 7) file located on the Atlanta Division’s “S-Drive.”
Reports resulting from analyses may be shared internally
with those who have a need for the information in the performance
of their duties.
Section
5.0
External Sharing and Disclosure
5.1
With which external (non-DOJ) recipient(s) is the information
shared?
None.
Section 6.0
Notice Section 6.0Notice
6.2 Do individuals have an opportunity and/or right to
decline to provide information?
Information about individuals involved in bank robberies,
to the extent is available, is collected in order to complete
FBI reports. The same data is used to populate this database.
There is no opportunity or right to decline to provide
the information except, of course, by declining to participate
in a bank robbery. .2 Do individuals have an opportunity
and/or right to decline to provide information?
6.2.1
Can the person from or about whom information is collected
decline to provide the information and if so, is there
any penalty or denial of service that is the consequence
of declining to provide the information?
N/A
6.3 Do individuals have an opportunity to consent to particular
uses of the information, and if so, what is the procedure
by which an individual would provide such consent?
N/A
Section 8.0
8.9
Privacy Impact Analysis : Given access and security controls,
what privacy risks were identified and describe how they
were mitigated. For example, were decisions made to encrypt
certain data sets and not others?
The
Atlanta Division’s Bank Robbery relational database
management system uses an FBI-approved, common computer
software program, “Microsoft Access.” The
data that will be entered and stored on this system is
derived from approved FBI documents -- FD-430s and “Letter
Head Memorandums” (LHM) -- which are completed in
all bank robbery investigations and which are otherwise
maintained in the Central Records System under the appropriate
classification(s). Information about bank robberies is
accessible within the FBI through the “Automated
Case Support” system for which security controls
are in place. The Access database at issue in this PIA,
therefore, does not significantly change the privacy risks
associated with the data. Instead, it simply allows Atlanta
Division personnel to use that data in a manner that is
more efficient and permits improved analysis.