PRIVACY IMPACT ASSESSMENT (PIA) For the. icompliants. Department of Defense Education Activity (DoDEA) - Headquarters

Transcription

1 PRIVACY IMPACT ASSESSMENT (PIA) Fr the icompliants Department f Defense Educatin Activity (DDEA) - Headquarters SECTION 1: IS A PIA REQUIRED? a. Will this Department f Defense (000) infrmatin system r electrnic cllectin f infrmatin (referred t as an "electrnic cllectin" fr the purpse f this frm) cllect, maintain, use, and/r disseminate PII abut members f the public, Federal persnnel, cntractrs r freign natinals emplyed at U.S. military facilities internatinally? Chse ne ptin frm the chices belw. (Chse (3) fr freign natinals). (1) Yes, frm members f the general public. (2) Yes, frm Federal persnnel' and/r Federal cntractrs. ~ (3) Yes, frm bth members f the general public and Federal persnnel and/r Federal cntractrs. (4) N * "Federal persnnel" are referred t in the 000 IT Prtfli Repsitry (DITPR) as "Federal emplyees." b. If "N," ensure that DITPR r the authritative database that updates DITPR is anntated fr the reasn(s) why a PIA is nt required. If the 000 infrmatin system r electrnic cllectin is nt in DITPR, ensure that the reasn(s) are recrded in apprpriate dcumentatin. c. If "Yes," then a PIA is required. Prceed t Sectin 2. DO FORM 2930 NOV 2008 Page 1 f 15

2 SECTION 2: PIA SUMMARY INFORMATION a. Why is this PIA being created r updated? Chse ne: New 000 Infrmatin System New Electrnic Cllectin Existing 000 Infrmatin System Existing Electrnic Cllectin Significantly Mdified 000 Infrmatin System b. Is this DD infrmatin system registered in the DITPR r the DD Secret Internet Prtcl Ruter Netwrk (SIPRNET) IT Registry? Yes,DITPR Yes, SIPRNET N Enter OITPR System Identificatin Number IL5_9_64 --' Enter SIPRNET Identificatin Number c. Des this DD infrmatin system have an IT investment Unique Prject Identifier (UPI), required by sectin 53 f Office f Management and Budget (OMB) Circular A-11? Yes IZl N If "Yes," enter UPI If unsure, cnsult the Cmpnent IT Budget Pint f Cntact t btain the UPI. d. Des this DD infrmatin system r electrnic cllectin require a Privacy Act System f Recrds Ntice (SORN)? A Privacy Act SORN is required if the infrmatin system r electrnic cllectin cntains infrmatin abut U.S. citizens r lawful permanent U.S. residents that is LeJ!ieved by name r ther unique identifier. PIA and Privacy Act SORN infrmatin shuld be cnsistent. Yes N If "Yes," enter Privacy Act SORN Identifier IEEOC/GOVT Cmpnent-assigned designatr, nt the Federal Register number. Cnsult the Cmpnent Privacy Office fr additinal infrmatin r access 000 Privacy Act SORNs at: ht1p:/iwww.defenselink.mil/privacy/ntices/ r Date f submissin fr apprval t Defense Privacy Office Cnsult the Cmpnent Privacy Office fr this date. DO FORM 2930 NOV 2008 Page 2 f 15

3 e. Des this DD infrmatin system r electrnic cllectin have an OMB Cntrl Number? Cntact the Cmpnent Infrmatin Management Cntrl Officer r 000 Clearance Officer fr this infrmatin. This number indicates OMS apprval t cllect data frm 10 r mre members f the public in a 12-mnth perid regardless f frm r frmat. DYes Enter OMB Cntrl Number Enter Expiratin Date N f. Authrity t cllect infrmatin. A Federal law, Executive Order f the President (EO), r DD requirement must authrize the cllectin and maintenance f a system f recrds. (1) If this system has a Privacy Act SORN, the authrities in this PIA and the existing Privacy Act SORN shuld be the same. (2) Cite the authrity fr this 000 infrmatin system r electrnic cllectin t cllect, use, maintain and/r disseminate PII. (If multiple authrities are cited, prvide all that apply.) (a) Whenever pssible, cite the specific prvisins f the statute and/r EO that authrizes the peratin f the system and the cllectin f PII. (b) If a specific statute r EO des nt exist, determine if an indirect statutry authrity can be cited. An indirect authrity may be cited if the authrity requires the peratin r administratin f a prgram, the executin f which will req uire the cllectin and maintenance f a system f recrds. (c) 000 Cmpnents can use their general statutry grants f authrity ("internal husekeeping") as the primary authrity. The requirement, directive, r instructin implementing the statute within the 000 Cmpnent shuld be identified. Cde f Federal Regulatin - Title 29 (Part ). Authrities in the SORN: 42 U.S.C. 2000e-16(b) and (c); 29 U.S.C. 204(f) and 206(d); 29 U.S.C. 633(a); 29 US.C. 791 : Rerg. Plan N.1 f 1978, 43 FR (May 9, 1978); Exec. Order N , 44 FR 1053 (Jan 3, 1979). DD FORM 2930 NOV 2008 Page 3 f 15

4 g. Summary f DD infrmatin system r electrnic cllectin. Answers t these questins shuld be cnsistent with security guidelines fr release f infrmatin t the public. (1) Describe the purpse f this 000 infrmatin system r electrnic cllectin and briefly describe the types f persnal infrmatin abut individuals cllected in the system. Cllected infrmatin is used fr the purpse f case management, tracking EEO statistical data, and meeting reprting requirements. The cllected infrmatin includes names, race/ethnicity, persnal cell telephne numbers, mailing/hme addresses, birth dates, religius preference, emplyment infrmatin, gender, persnal addresses, and disability infrmatin. (2) Briefly describe the privacy risks assciated with the PI! cllected and hw these risks are addressed t safeguard privacy. A user's identity culd be cmprmised using the afrementined infrmatin. Access t infrmatin is cntrlled by the applicatin and the data is stred behind netwrk access cntrls. h. With whm will the PII be shared thrugh data exchange, bth within yur DD Cmpnent and utside yur Cmpnent (e.g., ther DD Cmpnents, Federal Agencies)? Indicate all that apply. ~ Within the DD Cmpnent. D Other 000 Cmpnents. IDODEA DNlEO and General Cunsel ffices D Other Federal Agencies. D State and Lcal Agencies. ~ Cntractr (Enter name and describe the language in the cntract that safeguards PI!.) D IMicrpact Slutins Other (e.g., cmmercial prviders, clleges). DO FORM 2930 NOV 2008 Page 4 f 15

5 i. D individuals have the pprtunity t bject t the cllectin f their PII? DYes!XI N (1) If "Yes," describe methd by which individuals can bject t the cllectin f PII. (2) If "N," state the reasn why individuals cannt bject. j. D individuals have the pprtunity t cnsent t the specific uses f their PII? DYes!XI N (1) If "Yes," describe the methd by which individuals can give r withhld their cnsent. (2) If "N," state the reasn why individuals cannt give r withhld their cnsent. The cmplainants wn their cmplaints; therefre, shuld the cmplainant nt prvide PII data, such as hme address, cntact numbers, and addresses, the prsecutin f the cmplaint may be jepardized, and the case may be dismissed fr failure t respnd r prceed in a timely fashin. Scial security numbers are btained fr verificatin purpses in the event f duplicate names/change f address, and t pull persnnel dcumentatin, such as SF50s, adverse actins, r ther data frm their OPF. DD FORM 2930 NOV 2008 Page 5 f 15

6 k. What infrmatin is prvided t an individual when asked t prvide PI! data? Indicate all that apply. Privacy Act Statement Privacy Advisry ~ Other Nne Describe The Privacy Act statement is cited n the intake frm, the frmal cmplaint frm, and the Request fr each Reasnable Accmmdatin frm. Once the infrmatin is cmpleted by the cmplainant, the OMEO applicable emplyee/specialist assigned t the case enters data in icmplaints. frmat. Only emplyees frm OMEO r thse individuals wh are granted access by the OM EO Systems Administratr, such as General Cunsel representatives, have access t review r enter data int icmplaints. NOTE: Sectins 1 and 2 abve are t be psted t the Cmpnent's Web site. Psting f these Sectins indicates that the PIA has been reviewed t ensure that apprpriate safeguards are in place t prtect privacy. A Cmpnent may restrict the publicatin f Sectins 1 and/r 2 if they cntain infrmatin that wuld reveal sensitive infrmatin r raise security cncerns. DD FORM 2930 NOV 2008 Page 6 f 15