DEPARTMENT OF TRANSPORTATION
Federal Aviation Administration
PRIVACY IMPACT ASSESSMENT (PIA)
ATO Data Center Glenn Dale
(ATO DC GD)
Automated Distribution System (ADS)/Ecommerce Documentum
July 31, 2009
TABLE OF CONTENTS
System Overview
Information, Including Personally Identifiable Information (PII), in the System
Why ATO Data Center Glenn Dale Collects Information
Legal Authority for Information Collection
How ATO Data Center Glenn Dale Uses Information
How ATO Data Center Glenn Dale Shares Information
How ATO DC GD Provides Notice and Consent
How ATO DC GD Ensures Data Accuracy
How ATO DC GD Provides Redress
How ATO DC GD Secures Information
How Long ATO DC GD Retains Information
System of Records
System Overview
The Federal Aviation Administration (FAA), within the Department of Transportation (DOT), has been given the responsibility to carry out safety programs and is responsible for providing the safest, most efficient aerospace system in the world. The FAA is responsible for:
- Regulating civil aviation to promote safety;
- Encouraging and developing civil aeronautics, including new aviation technology;
- Developing and operating a system of air traffic control and navigation for both civil and military aircraft;
- Developing and carrying out programs to control aircraft noise and other environmental effects of civil aviation; and
- Regulating U.S. commercial space transportation.
One of the programs that helps FAA fulfill its safety mission is the Air Traffic Organization (ATO) Data Center Glenn Dale. The ATO Data Center Glenn Dale is a National Airspace System (NAS) mission support system, which directly supports Aviation System Standards, National Aeronautical Charting Office (NACO) functions, programs, and overall mission. The ATO Data Center consists of consolidation of servers and the infrastructure required in providing support and services to the FAA, NAS, and public customers through connectivity to the ATO Local Area Network (LAN), FAA network backbone, FAA Intranet, and the Internet.
Information, Including Personally Identifiable Information (PII), in the System
The Federal Aviation Administration (FAA), National Aeronautical Charting Office (NACO), publishes and distributes United States government civil aeronautical charts and flight information publications. Public sales of these charts and publications are available through ecommerce online sales. Both the public and FAA charting agents may purchase charts using major credit cards as form of payment through the NACO- Ecommerce WEB site. Credit card information although used in chart purchases is not stored in the system.
The ATO DC Center Glenn Dale application subsystems, Distribution Division Automated Distribution System (ADS) , and the DOCUMENTUM document content management systems process, transmit, or receive Personally Identifiable Information.
Automated Distribution System (ADS) The Federal Aviation Administration (FAA), National Aeronautical Charting Office (NACO), publishes and distributes United States government civil aeronautical charts and flight information publications. Public sales of these charts and publications are available through a network of Chart Agents conveniently located at or near principal civil airports. NACO is also responsible for the public distribution of National Geospatial-Intelligence Agency (NGA) (formerly the National Imagery and Mapping Agency (NIMA)) worldwide aeronautical charts and publications.
The NACO Distribution Division Automated Distribution System (ADS) is a subsystem to the ATO DC Glenn Dale and provides automated inventory and order fulfillment for NACO Aeronautical Charts and Publications, NOAA Nautical Charts, and NGA Public Sale Aeronautical and Nautical Charts and related products. The ADS/Ecommerce Online Sales WEB server system allows public and government agent customers to order and purchase products online. The ADS allows users to enter, ship, and track orders; manage inventory and customer data; generate invoices, customer statements, and subscription renewal notices; analyze sales data; process returns; and generate reports.
The DOCUMENTUM system is a subsystem to the ATO DC Glenn Dale and provides a central repository and management infrastructure for FAA electronic documents and other content. In addition to storage, versioning, and search functionality, DOCUMENTUM facilitates complete lifecycle management of each document through its designated workflow, from DOCUMENTUM creation to Document retirement.
Subsystems of the central DOCUMENTUM system facilitate Document creation, import, conversion, management, and collaboration services. Documents containing PII information are processed and then scanned into the DOCUMENTUM system.
The ATO Data Center Glenn Dale system contains Personally Identifiable Information (PII) pertaining to the following categories of individuals,
Members of the public such as:
- Authorized FAA Chart Agents,
- Internal FAA Customers,
- Government Agencies, libraries, schools,
- Pilots.
The ATO Data Center Glenn Dale system contains Personally Identifiable Information (PII):
- name,
- address,
- social security number (SSN),
- email,
- fax number,
- home telephone number,
- user names,
- passwords,
- publications ordered,
- checking accounts number,
- credit card account number.
Why ATO Data Center Glenn Dale Collects Information
Personally Identifiable Information may be collected to provide customers with aeronautical and nautical charts and related products that they requested; collect payment for customers' purchases; respond to customers' complaints, comments and questions; identify customers establishing subscription accounts; billing information; distribution purposes; and customer shipping addresses.
Legal Authority for Information Collection
The legal authority for collection of the data is 5 U.S.C. 301; 49 U.S.C. 322, 49 U.S.C. 40122(g), 49 U.S.C. 40101, 40 U.S.C. 1441, 5 U.S.C. 302.
How ATO Data Center Glenn Dale Uses Information
The information that ATO DC GD system applications process, store, and transmit is used to support FAA's mission, including files such as statements of policy and interpretations, manuals, guidelines, and aeronautical charts. The ATO DC GD stores a body of historic information in Oracle databases that are accessible to authorized users via the FAA's Intranet or through tools such as Business Objects. Information used in ATO DC GD Applications that is subject to the Privacy Act links to the following National Institute Standards and Technology Special Publication (NIST SP) 800-60 information and information types. The related ATO DC GD applications used to process transmit, and store the information are also provided.
- ADS is a subsystem of the ATO DC GD and provides automated inventory and order fulfillment for Aeronautical Charts and Publications, National Oceanic and Atmospheric Administration (NOAA) Nautical Charts, and of National Geospatial-Intelligence Agency (NGA) Public Sale Aeronautical and Nautical Charts and related products.
- Personal Identity and Authentication Information. Applicable ATO DC GD application: NACO Ecommerce.
- Payments Information. Applicable ATO DC GD application: NACO Ecommerce.
DOCUMENTUM is used to scan orders and other correspondence for customers related to the ADS and Ecommerce system. Documents scanned and stored in DOCUMENTUM document databases contains PII information such as names, social security numbers, customer account numbers, mailing addresses, telephone numbers, financial account information, web URLs, and e-mail addresses.
How ATO Data Center Glenn Dale Shares Information
ATO does not share ATO DC GD data with other FAA elements. When a customer pays electronically, the system supplies the Department of the Treasury with contact information it needs to process the transaction.
The system also supplies information to package and deliver order, to warehouse and shipping services.
Information is not shared with external recipients. Contact information (name, address, email, telephone, FAX) are provided to shipping services. Information is transmitted with encryption.
An agreement is in place with the Department of Treasury Pay.GOV and contains the appropriate security/privacy language.
How ATO DC GD Provides Notice and Consent
The following questions are directed at notice to the individual of the scope of information collected, the right to consent to uses of said information, and the right to decline to provide information. The NACO E-Commerce Website posts an accurate privacy policy that contains all the protections and advisories required by the E-Government Act. This system is covered under an existing SORN, DOT/ALL 13 Internet/Intranet Activity and Access Records.
A supplement Privacy Policy must be read by customers when they visit or transact business on the NACO E-Commerce Web Site. The supplement describes what information is collected, why the information is collected, how the information is used, how and with whom the information is shared, type of cookies employed, how password information is secured, information retention and validation, and alternative to share information.
Privacy risks were not identified; however, all FAA government and contractor staff are aware of penalties regarding improper use of information per On-the-Job training materials and Rules of Behavior.
How ATO DC GD Ensures Data Accuracy
Customers' information is checked and validated against information stored in the systems database.
How ATO DC GD Provides Redress
As provided for by the FAA Privacy Act System of Records notices individuals with questions about privacy and ATO DC GD may contact FAA directly. The posted privacy policy on the NACO E-Commerce Website additionally provides contact information for FAA's Privacy Officer. The NACO supplement Privacy Policy provides a list of contacts for the customer to do business transaction as an alternative to providing PII information online.
The supplemental Privacy Policy describes the process to keep accurate information and allow the customer to correct any information that is incorrect. Most of the information kept is available on the Online Catalog. If incorrect, some of the information can be corrected on the website, but for most of the information, customers are directed to a list of contacts to assist with making corrections.
How ATO DC GD Secures Information
The key ATO DC GD controls to assure that information is handled in accordance with its prescribed use include:
- Technical Controls
- Access Controls:
- Account Management ,
- Access Enforcement ,
- Separation of Duties,
- Least Privilege,
- Unsuccessful Login Attempts,
- System Use Notification,
- Session Lock,
- Supervision and Review -Account Control.
- Audit Controls:
- Auditable Events,
- Audit Analysis, Monitoring, and Reporting.
- Identification and Authentication:
- Authenticator Management.
- Access Controls:
- Management Controls
- Security Planning, Policy, and Procedures:
- Rules of Behavior.
- Systems and Services Acquisition Policy and Procedures:
- Software Usage Restrictions,
- Security Engineering Principles.
- Security Planning, Policy, and Procedures:
- Operational Controls
- Security Awareness and Training Policy and Procedures:
- Security Awareness,
- Security Training.
- Security Awareness and Training Policy and Procedures:
Implementation of these controls is documented in the ATO DC GD Information System Security Plan that addresses all of the areas identified above, including how employees are granted system access based upon their organizational role and need to know, authorizing officials, technical aspects of authentication management, software use and engineering, and the auditing of access files to ensure the protection of data maintained by FAA.
FAA is required to address continual statutory and Department-level requirements to substantiate that its handling of information is compliant with DOT/FAA policies. Furthermore, the FAA issued FAA Order 1600.75, Protecting Sensitive Unclassified Information (SUI) dated Feb. 1, 2005, and FAA Order 1280.1B, Protecting Personally Identifiable Information, dated December 17, 2008. From a technical perspective FISMA-mandated Continuous Monitoring requirements (NIST SP 800-53 as amended/CA-7) provide assurance that privacy-applicable controls are consistent with the ATO DC GD Certification and Authorization status.
How Long ATO Data Center Glenn Dale Retains Information
The electronic records generated by ATO DC GD are currently unscheduled with the National Archives and Records Administration (NARA). Until they are scheduled, the electronic records will be maintained indefinitely, as required by 36 CFR 1228.26(a)(1) and (2).
System of Records
The ATO Data Center Glenn Dale is a system that is subject to the Privacy Act. This system is covered under existing SORNs, DOT/ALL 13 Internet/Intranet Activity and Access Records and DOT/ALL 16 Mail Management System.
The last Certification & Authorization (C&A) was completed in 2007. ATO DC GD is currently undergoing C&A with a target date of re-Authorization slated for August 2009. Certification and Authorization occurs every three years unless a major architecture or security incident occurred then the system requires reauthorization.