Privacy
Impact Assessment
for the
Background Investigation Contract Services
Dictaphone Express
March 30, 2007
Prepared by Anna Adams for
Maurice Jon Hayes
Security Division
703/762-3604
Reviewing Officials
Patrick W. Kelley
Privacy and Civil Liberties Officer
Federal Bureau of Investigation
Jane C. Horvath
Chief Privacy and Civil Liberties Officer
Department of Justice
Introduction
The
FBI, through the Background Investigation Contract
Services (BICS) Unit, provides timely and thorough
background investigation (BI) and reinvestigation
lead coverage to ensure that the FBI is staffed
with personnel who meet FBI employment suitability
criteria, and whose trustworthiness is sufficient
for access to the classified and sensitive information
necessary to perform their duties. Additionally,
the BICS Unit conducts BI leads on the following
by agreement: High level employees of the Department
of Justice (DOJ) (including the Office of the Pardon
Attorney and Assistant U.S. Attorneys); Administrative
Office of the U.S. Courts; Nuclear Regulatory Commission
(NRC); Department of Energy (DOE); and other Federal
Government entities when appropriate; Joint Terrorism
Task Force (JTTF) detailees, other Joint Task Force
(JTF) detailees, Law Enforcement Executives and
Elected Officials (LEO Program), Foreign Intelligence
Surveillance Act (FISA) personnel, Classified Information
Procedures Act (CIPA) personnel, and miscellaneous
other personnel categories, including investigations
relative to the security of employees of other government
agencies.
The
BICS Unit has developed an automated system, Background
Investigation Contract Service Dictaphone Express
(BDE), for collecting and managing interviews and
other information assembled by the Contract Special
Investigators (SIs) that are pertinent to background
investigations. BDE is maintained on a stand-alone
server connected to the Internet through a secure
local area network and is used for dictation and
transcription of SI reports of investigation. BDE
captures reports of interviews and other background
information that are dictated as a voice file and
then permits a contract typist to retrieve the file
and prepare a transcription of the report in the
proper format. The reports of interviews or other
transcribed data are then sent via Law Enforcement
Online (LEO) as an email attachment to employees
in the Background Investigation Case Support Unit
(BICS) for further action.
This
Privacy Impact Assessment, conducted pursuant to
Section 208 of the E-Government Act and FBI policy,
describes the privacy implications of the BDE tool.
Section
1.0
The
System and the Information Collected and Stored
Within the System
1.1
What information is to be collected? The BDE
system is a temporary storage medium for information
collected by SIs in connection with background investigations.
With respect to the information that is recorded,
in addition to containing basic identifying data
about an applicant, candidate or employee (including,
but not limited to name, date of birth, address,
telephone number and social security number), the
information that is stored electronically for transcription
typically is obtained as a result of analysis (and
with consent of the applicant) of credit reports,
school transcripts, medical records, and public
source materials, and from interviews. These interviews
are obtained from friends, neighbors and relatives
who are asked about the applicant's fitness for
employment, from the applicant who is interviewed
as part of the background investigation, and from
employment references and educational associates.
1.2
From whom is information collected? The underlying
information is provided by the applicant/candidate
and by individuals knowledgeable about the applicant/candidate/employee,
such as current and former employers, friends, relatives
and associates and is collected from commercial
sources such as credit bureaus and public record
checks.
Section
2.0
The
Purpose of the System and the Information Collected
and Stored within the System
2.1
Why is the information being collected? The
purpose of the system is to facilitate the transcription
of information collected for compilation into formal
reports concerning the suitability and trustworthiness
of individuals for access to national security information.
Section
3.0
Use
of the System and the Information
3.1
Describe all the uses of the information. The
information is used solely to prepare investigative
reports for clients to be used in the adjudication
of suitability inquiries. Information is formatted
into a voice file on BDE. Thirty days after transcription,
the voice file is purged. All that remains is a
log entry listing the job number and the fact that
it was completed. SI reports that are converted
to hard copy are reviewed for accuracy by the BICS
Unit, serialized and uploaded into the FBI's case
management system, where access is strictly limited.
Section
4.0
Internal
sharing and disclosure
4.1
With which internal organizations is the information
shared? Initial
reports of transcribed interviews are shared within
the FBI with the Personnel Security Investigation
and Personnel Security Adjudication Sections. Finished
products are shared with client agencies; therefore,
DOJ would be provided with a finished product.
Section
5.0
External
sharing and disclosure
5.1
With which external organizations is the information
shared? The
information is shared with BICS clients (listed
in the introductory section of this PIA). The information
that is shared is limited to data pertinent to the
individuals employed or under contract to those
agencies and organizations for which BI services
have been performed.
Section
6.0
Notice
6.2
Do individuals have an opportunity and/or right
to decline to provide information? Individuals
have the right, in the first instance, to decline
to provide information that is necessary for a background
investigation. Without their consent to the release
of information, however, a background investigation
cannot be conducted.
6.3
Do individuals have the right to consent to particular
uses of the information, and if so, how does the
individual exercise the right? Information in
the BDE system is used for background investigations
only and individuals consent in advance to the use
of all information for that purpose.
Section
8.0
Technical Access and Security
8.9
Privacy Impact Analysis: Given access and security
controls, what privacy risks were identified and
describe how they were mitigated.
In order to ensure non-disclosure of sensitive information
to anyone outside of the BICS work process and compliance
with FBI policies, the BDE system requires double
password access for all administrators. Dictators
and transcribers are required to use unique FBI-issued
user identification codes and passwords to access
the BDE system. Passwords must be changed every
90 days in compliance with FBI security requirements.
The BDE allows SIs to complete their work in a secure
electronic environment where it can be retrieved
by contract typists and converted from a voice file
to hard copy. Information on the system is routinely
purged 30 days after completion of the transcription
and this process has been automated to ensure purging
occurs. The system is configured to allow for transcription
but does not permit queries based on personally
identifying information. Moreover, indexing or cross-referencing
is used in connection with this system. All these
attributes protect privacy.
The
text files created from information placed in BDE
are forwarded to the BICS Unit using encryption
software. The files are verified for accuracy by
BICS Unit personnel and are ultimately maintained
in a closed area of the FBI's case management system
where internal access is strictly limited. BDE logs
system activity, including all users, and discrepancies
(such as an unknown user) can be identified and
resolved quickly.
The
system has been analyzed for security, which included
an accreditation of the technology and evaluation
of the facility housing the system. Access to the
system is limited to administrators and personnel
who have a need for it in order to perform their
responsibilities. Privacy and information security
training are required on a yearly basis and anyone
involved in the overall BICS Program, which includes
BDE employees, executes a Rules of Behavior Acknowledgment
Form. Any effects on personal privacy of creating
a voice file which can be retrieved electronically
for transcription are mitigated by the strong system
controls and rules that govern BDE.
Responsible
Officials/Signatures
_________________________/s/
4/9/07_______________________ (Sign Date)
Maurice Jon Hayes
Project Manager, Security Division
Federal Bureau of Investigation
Approval
Officials/Signatures
_________________________/s/
4/12/07______________________ (Sign Date)
Patrick W. Kelley
Privacy and Civil Liberties Officer
Federal Bureau of Investigation
____________________________________________
(Sign Date)
Jane C. Horvath
Chief Privacy and Civil Liberties Officer
Department of Justice
|