DEPARTMENT OF TRANSPORTATION
Office of the Secretary of Transportation (OST)

PRIVACY IMPACT ASSESSMENT

Workers� Compensation Information System (WCIS)

May 11, 2009

TABLE OF CONTENTS

Overview of Privacy Management Process
Personally Identifiable Information (PII) & WCIS
Why WCIS Collects Information
How WCIS uses information
How WCIS Shares Information
How WCIS Provides Notice and Consent
How WCIS Ensures Data Accuracy
How WCIS Provides Redress
How WCIS Secures Information
How Long WCIS Retains Information
System of Records

Overview of Privacy Management Process

The Office of the Secretary (OST) oversees the formulation of national transportation policy and promotes intermodal transportation. Other responsibilities include negotiation and implementation of international transportation agreements, assuring the fitness of US airlines, enforcing airline consumer protection regulations, issuance of regulations to prevent alcohol and illegal drug misuse in transportation systems and preparing transportation legislation.

The Workers� Compensation Information System (WCIS) is the Department of Transportation (DOT) Information Technology system used to manage the Department�s workers� compensation program by providing features and functions to allow authorized personnel to transmit workers� compensation claims and to monitor the status of workers� compensation cases established with the United States Department of Labor (DOL) under the Federal Employee Compensation Act (FECA).

Privacy management is an integral part of the WCIS system. OST has retained the services of privacy experts to help assess its privacy management program, utilizing proven technology, sound policies and procedures, and established methodologies.

The privacy management process is built upon a methodology that has been developed and implemented in leading companies around the country and globally. The methodology is designed to help ensure that DOT and OST will have the information, tools and technology necessary to manage privacy effectively and employ the highest level of fair information practices while allowing OST to achieve its mission of protecting and enhancing the U.S. transportation system. The methodology is based upon the following steps:

Establish priority, authority, and responsibility. Appointing a cross-functional privacy management team to ensure input from systems architecture, technology, security, legal, and other disciplines necessary to ensure that an effective privacy management program is developed.
Assess the current privacy environment. This involves interviews with key individuals involved in the WCIS system to ensure that privacy risks are identified, addressed and documented.
Organize the resources necessary for the project�s goals. Internal OST resources, along with outside experts, are involved in reviewing the technology, data uses, and associated risks. They are also involved in developing the necessary redress systems and training programs.
Develop the policies, practices, and procedures. The resources identified in the paragraph above work to develop effective policies, practices, and procedures to ensure that fair information practices are complied with. The policies are designed to protect privacy effectively while allowing OST to achieve its mission.
Implement the policies, practices, and procedures. Once the policies, practices, and procedures are developed, they must be implemented. This involves training all individuals who will have access to and/or process personally identifiable information (PII). It also entails working with vendors to ensure that they maintain the highest standard for privacy while providing services to the OST project.
Maintain policies, practices, and procedures. Due to changes in technology, personnel and other aspects of any program, effective privacy management requires that technology and information be available to the privacy management team to ensure that privacy policies, practices, and procedures continue to reflect actual practices. Regular monitoring of compliance is required.
Manage exceptions and/or problems with the policies, practices, and procedures. This step involves the development and implementation of an effective redress and audit system to ensure that any complaints are effectively addressed and corrections made, if necessary.

Personally Identifiable Information (PII) & WCIS

As a leader in transportation-related oversight, DOT�s OST provides useful information to other agencies responsible for transportation oversight activities. OST does not use the WCIS website to share information on oversight provider contacts, debarment/suspension/conviction, and successful audit/investigation techniques.

The WCIS modules will contain and publicly post the following information:
& & & WCIS does not publicly post any PII information.

Why WCIS Collects Information

WCIS collects information to provide an automated computer system to allow workers� compensation specialists and managers to enter Workers� Compensation Claim forms (CA-1 and CA-2) and monitor the status of workers� compensation cases established with DOL under the Federal Employee Compensation Act (FECA). The claimant volunteers to share PII through a paper form submitted to their supervisor and ultimately to the WCIS specialist for entry with the goal of being compensated for their injury or illness.

How WCIS Uses information

WCIS uses the information within an automated computer system to provide the timely and accurate transmission of Workers� Compensation Claims (CA-1 and CA-2) through the WCIS to the Department of Labor (DOL) and allow workers� compensation specialists and managers to monitor the status of those cases established with DOL under the Federal Employee Compensation Act (FECA).

WCIS also provides online and ad-hoc reporting, to allow WCIS users to effectively monitor and track claims and associated costs.

How WCIS Shares Information

The WCIS specialist entering data and monitoring claims, will have access to PII of individuals in the group they are responsible for.

The WCIS claims, containing PII information, are transmitted daily, over an SFTP to DOL for processing.

WCIS shares PII data with one FAA system, the Safety Management Information System (SMIS). WCIS shares data with the FAA Cost Accounting System (CAS) via a series of Oracle database views, but the data is not PII.

How WCIS Provides Notice and Consent

WCIS displays the DOT approved system warning banner to alert users of notice and consent to monitoring prior to login.

How WCIS Ensures Data Accuracy

WCIS is updated with personnel information for DOT employees from FPPS. This information, if available for the claimant, is used to pre-fill the claimant�s request.

WCIS uses dropdown selection when possible and performs some validation of fields by using tables and applying business rules when appropriate.

The workers� compensation claim paper form is filled out by the claimant. The WCIS specialist is responsible for data accuracy and completeness.

How WCIS Provides Redress

Validation checks are built into the application software that both prompt the user that an incorrect entry has been entered and must be corrected, and that a user has successfully input data.

WCIS has a technical help desk that can verify information and make some changes if necessary and approved by WCIS lead and/or system owner or instruct the user about the appropriate way to correct data.

How WCIS Secures Information

WCIS takes appropriate security measures to safeguard PII and other sensitive data. WCIS applies DOT security standards, including but not limited to routine scans and monitoring, back-up activities, and background security checks of technical employees and contractors.

FAA has implemented security controls and technology features that fully incorporate protection of privacy. FAA has complied with Federal Information Security Management Act (FISMA), and mitigated privacy risks through the following methods:

Access to the system is controlled through role-based user accounts.
The system is protected by a series of intrusion detection devices centrally monitored by FAA�s Cyber Security Management Center.
The system strictly controls the transmission and storage of information.
All government and contract personnel are required to complete privacy training.

The WCIS system is audited by FAA Security Personnel to ensure FISMA compliance through an annual assessment utilizing standards and guidance provided by the National Institute of Standards and Technology (NIST). The WCIS system has met all requirements and has been certified and accredited to operate by the authority of DOT/FAA.

WCIS takes appropriate security measures to safeguard PII and other sensitive data. The WCIS system is housed in a controlled computer center within a secure facility.

Physical access to the WCIS is limited to appropriate personnel through photo badges, building key cards, and room-access key pads.

In addition to physical access, electronic access to PII in WCIS is limited according to job function. FAA controls access privileges according to the following roles:

WCIS Specialist user
Administrative user
Production control user

The matrix below describes the levels of access and safeguards around each of these roles as they pertain to PII.

ROLE	ACCESS	SAFEGUARDS
WCIS Specialist (User)	Fills out access request form which must be signed by applicant, approved by supervisor and then approved by the system owner. Changes to profile information are also requested and approved by supervisor and system owner Changes own password Access is limited to an assigned group based on admin and region	User ID and password: Passwords expire after a set period. Minimum length of password is 8 characters. Passwords must be a combination of alpha, numeric and special characters. Accounts are locked after a set number of incorrect log-in attempts. Sessions time out after a set amount of inactivity.
Administrative User	Changes own password Views claims and history Creates new user ids and profiles Resets user accounts that are locked or the user has forgotten the password Can not see user�s password Adds and views tracking data Can view all claims and on occasion can make changes to data Access to all reports and creating ad-hoc reports	Administrative Users have access with two sets of user IDs and passwords, one for the system and one for the application. The following safeguards apply: Passwords expire after a set period. Sessions are terminated after a set period of inactivity. Minimum length of password is 8 characters. Passwords must be a combination of alpha, numeric and special characters. Accounts are locked after a set number of incorrect attempts.
Production Control	Can not change own password Able to load personnel, claim and cost data Transmit and receive data via a secure FTP	Production Control Users are set up as users by System Managers. The following safeguards apply: Passwords expire after a set period. Minimum length of password is 8 characters. Passwords must be a combination of alpha, numeric and special characters. Accounts are locked after a set number of incorrect attempts.

How Long WCIS Retains Information

Personnel and claim information are retained indefinitely.

System of Records

WCIS contains information that is part of existing System of Records subject to the Privacy Act, because it is searched by an individual�s SSN or Name. In some cases, such as DOT/OST 101, the Department of Transportation controls the data and maintains System of Records responsibilities. In other cases, other government entities providing WCIS source data control the data and retain Privacy Act responsibilities.

The DOT is in process to certify and accredit the security of WCIS in accordance with DOT information technology security standard requirements.