U.S. Department of Transportation
Federal Aviation Administration
PRIVACY IMPACT ASSESSMENT
April 5, 2007
Table of Contents
Overview of Federal Aviation Administration (FAA) privacy management process for Business/Historical Analysis Repository (B/HAR)
Personally-identifiable information and B/HAR
Why B/HAR collects information
How B/HAR uses information
How B/HAR shares information
How B/HAR provides notice and consent
How B/HAR ensures data accuracy
How B/HAR provides redress
How B/HAR secures information
System of records
The Federal Aviation Administration (FAA), within the Department of Transportation (DOT), has been given the responsibility to carry out safety programs. FAA is responsible for providing the safest, most efficient aerospace system in the world. One of the programs that helps FAA fulfill this mission is the Business/Historical Analysis Repository (B/HAR), which supports the agency’s ability to achieve financial accountability and reach human resource goals.
Under the President’s Management Agenda for eGovernment, the ePayroll Initiative was implemented at FAA. The agency migrated to the Department of Interior’s (DOI) Federal Personnel and Payroll System (FPPS) on October 16, 2005, in preparation to sunset multiple legacy computer systems that had previously supplied personnel and payroll data to business applications. Under FPPS, the DOT Interface Repository (DOT IR) was created to load data from the host system and provide a source for applications that need data through a computer interface. The FAA B/HAR data warehouse was established for the purpose of collecting data from the DOT IR and building a repository of “historical” personnel and payroll data. When lines of business and staff offices need historical data to identify trends and forecast future costs the B/HAR is the source of those data.
Privacy management is an integral part of the B/HAR system. DOT/FAA has retained the services of privacy experts to help assess its privacy management program, utilizing proven technology, sound policies and procedures, and proven methodologies.
The privacy management process is built upon a methodology that has been developed and implemented in leading companies around the country and globally. The methodology is designed to help ensure that DOT and FAA will have the information, tools, and technology necessary to manage privacy effectively and employ the highest level of fair information practices while allowing FAA to achieve its mission of protecting and enhancing a most important U.S. transportation system. The methodology is based upon the following:
The B/HAR system contains both personally identifiable information (PII) and non-personally identifiable information pertaining to financial accountability and human resource goals. For an individual’s PII to be included in B/HAR, that information must (1) reside in the DOT IR, which contains personnel and payroll data obtained from the DOI FPPS; and (2) be authorized by the memorandum of understanding (MOU) between the DOT IR and the B/HAR. PII data contained within the B/HAR include the name, date of birth, and social security number of current and former FAA employees. The only PII that pertains to members of the public is PII associated with former DOT/FAA employees who have left the Department and are considered members of the public because they are no longer employed by the Department.
The B/HAR does not collect any PII directly from current or former DOT/FAA employees. Instead, the B/HAR receives PII from the DOT IR for the purpose of warehousing the history of personnel and payroll transactions. Customers from various DOT/FAA lines of business and staff offices use specialized computer applications that interface to the data warehouse to access data.
The B/HAR is a data warehouse that stores historical personnel and payroll data. In that role the data are used by computer applications only as authorized by an existing MOU. The computer applications analyze historical personnel and payroll data for the purpose of identifying trends and forecasting future costs in support of the agency’s mission.
In order for any DOT/FAA line of business or staff office to get access to the B/HAR it must complete a MOU outlining the business case for gaining access to the data. In the routine usage of B/HAR, there is no exchange or sharing of any PII with non-DOT entities. Since B/HAR is a system of records under the Privacy Act, DOT may share information from B/HAR in accordance with, and as authorized by, law.
Since B/HAR does not directly collect information, there is no immediate notice given or consent collected from the individuals whose data are contained in the system. This PIA serves as notice to any members of the public, in this case retired or former DOT/FAA employees, whose information may be contained in the system. Only PII on current or former DOT employees is contained in B/HAR.
The B/HAR is a downstream data warehouse that loads data directly from the DOT IR via a computer interface. The data are derived from the DOI FPPS and are based upon Office of Personnel Management’s Standard Forms 50 and 52 (SF-50, Notification of Personnel Action, and SF-52, Request for Personnel Action, respectively). To ensure the integrity and accuracy of the data, the incoming data cannot be modified by DOT/FAA personnel. Users and administrators may only view, read, and print information. Since the mission of the B/HAR is to maintain historical data online for business applications data are kept for a minimum of five years and a maximum of seven years.
After reviewing their printed SF Form 50, Notification of Personnel Action, individuals are responsible for contacting their HR representative to have their data corrected in DOI FPPS. The corrected personnel and/or payroll data will be loaded through the computer interfaces from DOI FPPS into the DOT IR and ultimately flow downstream into the FAA B/HAR system. Again, B/HAR is used only by employees responsible for identifying trends and forecasting future costs in support of the agency’s mission. If individuals believe their records contain inaccurate information, they may contact the FAA Privacy Officer.
Only official Information Technology Systems with a current Security Certification and Authorization Packages (SCAP) completed, and an up-to-date Certification and Authorization (C&A) in place are authorized to interface to the B/HAR. Each application must be hosted on a server that is a member of the FAA Domain, which ensures secure connectivity. The "FAA Manager" responsible for making work assignments to the person requesting access is required to authorize access to the B/HAR for all employees needing it.
In addition, access to B/HAR PII is limited according to job function. FAA controls access privileges according to the following roles:
The following matrix describes the levels of access and safeguards around each of these roles as they pertain to PII.
B/HAR Levels of Access and Safeguards – Part 1 of 3
| ROLE | ACCESS |
SAFEGUARDS |
|---|---|---|
Program Oversight & Management Team |
|
The following safeguards also apply:
|
Data Integrity Team |
|
The following safeguards also apply:
|
B/HAR Levels of Access and Safeguards – Part 2 of 3
ROLE |
ACCESS |
SAFEGUARDS |
|---|---|---|
Oracle DBA Team |
|
The following safeguards also apply:
|
Server Administration Team |
|
The following safeguards also apply:
|
B/HAR Levels of Access and Safeguards – Part 3 of 3
ROLE |
ACCESS |
SAFEGUARDS |
|---|---|---|
Access Request & Tracking System Team |
|
The following safeguards also apply:
|
Interface Owner |
|
The following safeguards also apply:
|
Records stored in B/HAR are retained and disposed in compliance with the General Records Schedules, National Archives and Records Administration, Washington, DC.
B/HAR is subject to the Privacy Act, because it is searched by name and telephone number. Personally identifiable information in B/HAR is covered by OPM/GOVT-1 (General Personnel Records).
FAA has certified and accredited the security of B/HAR in accordance with DOT standard requirements.