PRIVACY IMPACT ASSESSMENT

System Approach to Safety Oversight (SASO)

July 20, 2004

Table of Contents

Overview of Federal Aviation Administration (FAA) privacy management process for SASO
Personally Identifiable Information (PII) and SASO
Why SASO collects information
How SASO uses information
How SASO shares information
How SASO provides notice and consent
How SASO ensures data accuracy
How SASO provides redress
How SASO secures information
System of records

Overview of Federal Aviation Administration (FAA) privacy management process for SASO

The Federal Aviation Administration (FAA) within the Department of Transportation (DOT) has been given the responsibility of civil aviation safety. FAA is responsible for:

Regulating civil aviation to promote safety;
encouraging and developing civil aeronautics, including new aviation technology;
developing and operating a system of air traffic control and navigation for both civil and military aircraft;
researching and developing the National Airspace System and civil aeronautics;
developing andoperating programs to control aircraft noise and other environmental effects of civil aviation; and
regulating U.S. commercial space transportation.

One of the proposed programs that would help FAA fulfill this mission is the System Approach to Safety Oversight (SASO) system... Though still in the early planning stages, SASO would integrate three basic flight standards functions into one system:

Certification
Investigation
Surveillance

The proposed SASO system would use a Web interface for all of the above components, and to support the Paperwork Reduction and E-Government Act priorities, it may include a public Web site for some appropriate activities.

The SASO planning process, now underway, first conducts a re-engineering of the flight standards business processes. Then, once these processes are re-engineered, the SASO planning team will consider the SASO Information Technology requirements.

Some or all components of five major existing systems, plus multiple smaller ones, may form the basis of the new SASO. The major related existing systems are: Air Transportation Oversight system, Operations Specifications Subsystem, Safety Performance Analysis, Integrating Rating Application, and OASIS-PENS.

Privacy management is an integral part of the SASO system. DOT/FAA has retained the services of privacy experts to help assess its privacy management program, utilizing proven technology, sound policies and procedures, and proven methodologies. In addition, the SASO planning team includes participation by FAA’s Privacy Officer. This individual assists the SASO team to consider all the fair information practices and applicable laws when making decisions that may affect privacy.

The privacy management process is built upon a methodology that has been developed and implemented in leading companies around the country and globally. The methodology is designed to help ensure that DOT and FAA will have the information, tools, and technology necessary to manage privacy effectively and employ the highest level of fair information practices while allowing FAA to achieve its mission of protecting and enhancing a most important U.S. transportation system. The methodology is based upon the following:

Establish priority, authority, and responsibility. Appointing a cross-functional privacy management team to ensure input from systems architecture, technology, security, legal, and other disciplines necessary to ensure that an effective privacy management program is developed.
Assess the current privacy environment. This involves interviews with key individuals involved in the SASO system to ensure that privacy risks are identified and documented.
Organize the resources necessary for the project’s goals. Internal DOT/FAA resources, along with outside experts, are involved in reviewing the technology, data uses, and associated risks. They are also involved in developing the necessary redress systems and training programs.
Develop the policies, practices, and procedures. The resources identified in the paragraph above work to develop an effective policy or policies, practices, and procedures to ensure that fair information practices are complied with. The policies are designed to protect privacy effectively while allowing DOT/FAA to achieve its mission.
Implement the policies, practices, and procedures. Once the policies, practices, and procedures are developed, they must be implemented. This involves training all individuals who will have access to and/or process personally identifiable information (PII). It also entails working with vendors to ensure that they maintain the highest standard for privacy while providing services to the FAA project.
Maintain policies, practices, and procedures. Due to changes in technology, personnel, and other aspects of any program, effective privacy management requires that technology and information be available to the privacy management team to ensure that privacy policies, practices, and procedures continue to reflect actual practices. Regular monitoring of compliance s is required.
Manage exceptions and/or problems with the policies, practices, and procedures. This step involves the development and implementation of an effective redress and audit system to ensure that any complaints are effectively addressed and corrections made if necessary.

Personally Identifiable Information (PII) and SASO

Depending on the results of the business re-engineering process, SASO may contain or use less, more, or different data than the existing related systems. The SASO team, specifically the FAA Privacy Officer, will work to ensure that the minimum amount of personally identifiable information is collected and handled, and in accordance with the privacy fair information practices. It should be noted that Integrated Airman Certification and/or Rating Application (IACRA), one of the current systems that may form a part of SASO, falls under the Privacy Act: The Airman Records, DOT/FAA 847. This Airman Records System of Records lists IACRA as a system that feeds into the Airman Records system. For an individual’s PII to be included in SASO, that individual must be involved in flight safety surveillance, investigation, or certification. PII on airmen may be included in SASO. Similarly, names and business contact information on air carriers, flight schools, repair stations, and other organizations may be included in SASO.

Why SASO collects information

FAA is responsibility for maintaining flight safety. Therefore, FAA must review and take action on flight safety measures pertaining to airmen and other factors. PII in SASO will assist FAA staff to track certifications, conduct safety investigations and inspections, and understand flight surveillance measures. This PII may be used to evaluate safety, contact participants in the flight safety process, and track activities.

How SASO uses information

SASO is planned as an internal and external capability to analyze safety data, manage time-intensive processes such as airman certification, and share information with appropriate people and organizations. FAA intends to use PII in SASO only for these primary purposes. In addition, SASO may include a logon function to protect the data. If this is the case, SASO will also hold and use PII for authorized users of the system, such as name and password, in order to manage permissions and access.

How SASO shares information

Until the SASO planning team completes business process re-engineering, the team is unable to predict how SASO will share information. It is expected that some portions of SASO PII will be shared within and outside the organization. However, the SASO team will ensure that Memorandums of Understanding (MOU) are in place to govern this process, and it will set up review processes to make sure that those MOU requirements are met.

How SASO provides notice and consent

In the case that SASO may include a limited public Web site interface to facilitate some online transactions, the Web site will post an accurate privacy policy that contains all the sections required by the E-Government Act of 2002. In addition, after the planning team reviews the results of the business process re-engineering, the team will work to ensure that adequate and clear notice is provided and that the public has the option to choose whether or not to participate in any optional, secondary uses of personal data.

How SASO ensures data accuracy

SASO will apply data retention standards as appropriate to the type of data, as defined by data retention laws. When possible, SASO will collect PII directly from the individual in question. In addition, the SASO team will consider the possibility of regular updates, data reviews, and other means of ensuring data accuracy.

Under the provisions of the Privacy Act, individuals may request searches of some SASO data to determine if any records have been added that may pertain to them. This is accomplished by sending a written notarized request directly to the responsible SASO staff member(s) that contains name, designee number, and information regarding the request.

How SASO provides redress

As provided for by the Representatives of the Administrator System of Records notice under the Privacy Act, individuals with questions about privacy and SASO may contact FAA directly. If SASO also includes a public Web site section, the posted privacy policy will additionally provide contact information for FAA’s Privacy Officer.

How SASO secures information

SASO will take appropriate security measures to safeguard PII and other sensitive data. SASO will apply DOT security standards, including but not limited to routine scans and monitoring, back-up activities, and background security checks of FAA employees and contractors.

In addition, access to SASO PII will be limited according to job function. FAA will control access privileges according to the “minimum necessary” rule, with the most sensitive data, such as social security number, accessible only to one or more system administrators as necessary.

The following access safeguards will also be implemented:

Passwords expire after a set period.
Accounts are locked after a set period of inactivity.
Minimum length of passwords is eight characters.
Passwords must be a combination of letters and numbers.
Accounts are locked after a set number of incorrect attempts.

System of records

SASO will contain information that is part of an existing system of records subject to the Privacy Act, because it will be searched by name and possibly other unique identifier. At the appropriate time, FAA will either update the existing Privacy Act System of Records notice (Airman Records. DOT/FAA 847), or create a new Privacy Act System of Records, as needed. You can find the system of records notice that applies to one system that may be eventually contained under SASO at http://cio.ost.dot.gov/policy/records.html.

FAA will certify and accredit the security of SASO in accordance with DOT standard requirements.