Privacy Impact Assessment of Electronic Workpaper Program (EWP) Supervisory Systems. Electronic Workpaper Program (EWP) Supervisory Systems

Similar documents
Document Management System for the Division of Banking Supervision and Regulation and the Division of Consumer and Community Affairs (DMS)

Privacy Impact Assessment of Automated Loan Examination Review Tool

Privacy Impact Assessment Of the. Office of Inspector General Information Technology Infrastructure Systems

Privacy Impact Assessment of the Supervisory Enforcement Actions and Special Examinations Tracking System

Privacy Impact Assessment of the Nationwide Mortgage Licensing System and Registry

Privacy Impact Assessment of the CHAT Suite of Analysis Tools

Privacy Impact Assessment of. Personal Identity Verification Program

PRIVACY IMPACT ASSESSMENT

Privacy Act of 1974; Department of Homeland Security <Component Name> - <SORN. AGENCY: Department of Homeland Security, Privacy Office.

SUMMARY: The Office of the Secretary of Defense proposes to. alter a system of records notice DPFPA 02, entitled Pentagon

DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT. [Docket No.

9/11 Heroes Stamp Act of 2001 File System

Privacy Impact Assessment

California State University, Sacramento INFORMATION SECURITY PROGRAM

As required by the Privacy Act of 1974, 5 U.S.C. 552a(e), notice is hereby given

BERKELEY COLLEGE DATA SECURITY POLICY

FEDERAL DEPOSIT INSURANCE CORPORATION WASHINGTON, D.C. CALIFORNIA DEPARTMENT OF FINANCIAL INSTITUTIONS SAN FRANCISCO, CALIFORNIA

PBGC-19: Office of General Counsel Case Management System

Department of Homeland Security Web Portals

Privacy Impact Assessment. For. TeamMate Audit Management System (TeamMate) Date: July 9, Point of Contact: Hui Yang

28042 Federal Register / Vol. 75, No. 96 / Wednesday, May 19, 2010 / Notices

The FDIC s Response to Bank Secrecy Act and Anti-Money Laundering Concerns Identified at FDIC-Supervised Institutions

1. LIMITATIONS ON ACCESS TO, OR DISCLOSURE OF, PERSONALLY IDENTIFIABLE INFORMATION.

ADDRESSES SYSTEM LOCATION

In order to adjudicate an appeal, OPM requires claimants or their authorized representatives to submit the following information:

FEDERAL DEPOSIT INSURANCE CORPORATION WASHINGTON, D.C. ) ) ) ) ) ) ) )

SUMMARY: The Small Business Administration (SBA) proposes to add a new system

FEDERAL DEPOSIT INSURANCE CORPORATION WASHINGTON, D.C. CALIFORNIA DEPARTMENT OF FINANCIAL INSTITUTIONS SAN FRANCISCO, CALIFORNIA

Business Associate Agreement

HIPAA BUSINESS ASSOCIATE AGREEMENT

Data Leakage: What You Need to Know

Summary. Background and Justification

Health Partners HIPAA Business Associate Agreement

HIPAA BUSINESS ASSOCIATE AGREEMENT

Privacy Act of 1974; Department of Transportation, Federal Aviation Administration,

SUMMARY: The Office of the Secretary of Defense proposes to. alter a system of records notice DA&M 01, entitled Civil

General Support System

FEDERAL DEPOSIT INSURANCE CORPORATION WASHINGTON, D.C. ) CONSENT ORDER. ) FDIC b

Information Security Policy

7.0 Information Security Protections The aggregation and analysis of large collections of data and the development

Privacy Impact Assessment Consumer Complaint Management System II (CCMS II)

Bonds Online System (ebonds) - Phase One

Information Systems Security Policy

TABLE OF CONTENTS INTRODUCTION... 1 OVERVIEW... 1

ACTION: Notice of proposed new system of records; request for. SUMMARY: In accordance with the Privacy Act of 1974, as amended,

Federal Trade Commission Privacy Impact Assessment

PRIVACY IMPACT ASSESSMENT TEMPLATE

UNITED STATES OF AMERICA BEFORE THE BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM WASHINGTON, D.C.

Personal Information Collection and the Privacy Impact Assessment (PIA)

Federal Bureau of Prisons

INSTRUCTIONS FOR COMPLETING THE USPTO CERTIFICATE ACTION FORM

Department of Defense DIRECTIVE

FedLine Web Certificate Retrieval Procedures. User Guide

Privacy Impact Assessment

P Mobile Device Security.

PRIVACY IMPACT ASSESSMENT

SUMMARY: The Defense Health Agency proposes to alter an. existing system of records, EDTMA 02, entitled "Medical/Dental

AITKIN COUNTY GUIDELINES AND PROCEDURES FOR MINNESOTA GOVERNMENT DATA PRACTICES ACT. Aitkin County

PROPOSED PROCEDURES FOR AN IDENTITY THEFT PROTECTION PROGRAM Setoff Debt Collection and GEAR Collection Programs

WASHINGTON, D.C. SACRAMENTO, CALIFORNIA

INTERNATIONAL ASSOCIATION OF CHIEFS OF POLICE. Guiding Principles on Cloud Computing in Law Enforcement

PRIVACY IMPACT ASSESSMENT

United States Visitor and Immigrant Status Indicator Technology Program (US-VISIT)

Department of the Interior Privacy Impact Assessment

Career Connection, Inc. Data Privacy. Bringing Talent Together With Opportunity

Questions and answers for custodians about the Personal Health Information Privacy and Access Act (PHIPAA)

Customer Identification Program - Overview

CORPORATE TRAVEL MANAGEMENT PRIVACY POLICY

M&T BANK CANADIAN PRIVACY POLICY

This form may not be modified without prior approval from the Department of Justice.

CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. rny@crlaw.com Phone: (336)

Privacy Act of 1974; Department of Homeland Security, U.S. Customs and Border

UNITED STATES OF AMERICA BEFORE THE BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM WASHINGTON, D.C.

UNIVERSITY OF ROCHESTER INFORMATION TECHNOLOGY POLICY

ADMINISTRATIVE DATA MANAGEMENT AND ACCESS POLICY

GENOA, a QoL HEALTHCARE COMPANY, LLC WEBSITE PRIVACY POLICY

Gramm Leach Bliley Act. GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev. 7/1/2007

BUSINESS ASSOCIATE AGREEMENT

FHFA. Privacy Impact Assessment Template FM: SYSTEMS (SYSTEM NAME)

How To Protect Mental Health Information In Upb

IDENTITY THEFT PREVENTION PROGRAM (RED FLAGS)

SUMMARY: As required by the Privacy Act of 1974 (5 U.S.C. 552a(e)(4)), notice is

February 17, Federal Trade Commission 600 Pennsylvania Avenue, NW Washington, DC 20580

Data Management Policies. Sage ERP Online

Privacy Impact Assessment. For. Non-GFE for Remote Access. Date: May 26, Point of Contact and Author: Michael Gray

Privacy Impact Assessment for TRUFONE Inmate Telephone System

Data Compliance. And. Your Obligations

Department of Health and Human Services (HHS), Centers for Medicare & SUMMARY: In accordance with the requirements of the Privacy Act of 1974, we are

SUMMARY: In accordance with the requirements of the Privacy Act of 1974, as amended, 5

Index .700 FORMS - SAMPLE INCIDENT RESPONSE FORM.995 HISTORY

1. Contact Information. 2. System Information

Network Infrastructure - General Support System (NI-GSS) Privacy Impact Assessment (PIA)

IT Security Handbook. Incident Response and Management: Targeted Collection of Electronic Data

The privacy of DataLogic CRM, Inc. s customers and affiliates is important to us. Therefore:

United States Trustee Program

Automated Threat Prioritization Web Service

CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS. Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE. October 2, 2013

Questions and Answers About the Identity Theft Red Flag Requirements

Appendix A: Rules of Behavior for VA Employees

Privacy Impact Assessment for the Volunteer/Contractor Information System

Transcription:

Privacy Impact Assessment of Electronic Workpaper Program (EWP) Supervisory Systems Program or application name: Electronic Workpaper Program (EWP) Supervisory Systems System Owner: Board of Governors of the Federal Reserve System s ( Board ) Division of Banking Supervision and Regulation Contact information: System Owner: William G. Spaniel, Associate Director Organization: Division of Banking Supervision and Regulation Address: 20 th Street and Constitution Avenue, N.W. Washington, D.C. 20551 Telephone: (202) 452-3469 IT System Manager: Robert T. Ashman, Assistant Director Organization: Division of Banking Supervision and Regulation Address: 20 th Street and Constitution Avenue, N.W. Washington, D.C. 20551 Telephone: (202) 452-3528 Description of the IT system: EWP Supervisory Systems consist of multiple local software applications maintained by the Federal Reserve and utilized by examiners to create, review, store, and retrieve examiner-created documentation and documentation received from financial institutions during the supervisory process, which includes examination, inspection, surveillance and other processes. This documentation

includes: examination planning documents, workpapers, electronic or paper-based examiner line cards, correspondence with institutions, management information and other pertinent data from institutions, meeting notes, and examiner analyses. Appendix A contains a list of the EWP Supervisory Systems. 1. The information concerning individuals that is being collected and/or maintained: EWP Supervisory Systems are not designed to capture personal information. However, certain financial institution records that are requested, received, reviewed, and stored as part of the supervisory process may include personally identifiable information, such as: a. customer name; b. loan customer name; c. home address; d. social security number; e. tax payer identification number; f. driver s license number; g. birth date; h. place of birth; i. account numbers; j. loan account number; k. loan or account officer name; l. loan officer number; m. loan balances, interest rates and payment information; n. non-public confidential bank loan classifications; o. financial transaction data; p. non-public BSA/AML and OFAC documentation; q. non-public Suspicious Activity Reports (SARS); and r. subpoenas and related legal documentation. 2. Source(s) of each category of information listed in item 1. The information is provided by supervised financial institutions during the course of the supervisory process. 2

3. Purposes for which the information is being collected. The Federal Reserve uses the information to evaluate financial institutions safety and soundness and compliance with consumer and community affairs laws and regulations. Personally identifiable information obtained during the supervisory process is generally not specifically referenced by examiners, but may be used to support analyses and findings. For example, individual data may be used to support aggregate analysis of issues raised during the course of the examination or supervision process. 4. Who will have access to the information. The information maintained in the EWP Supervisory Systems is designated as confidential supervisory information and access to it is generally limited to authorized Federal Reserve employees and contractors who have a need for the information for official business purposes. The information may also be shared as needed for conducting joint supervisory initiatives with the Federal Financial Institution Examination Council staff of other bank regulatory agencies, including the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation, state banking regulators, and foreign banking regulators consistent with the Board s regulations as well as explicit information sharing agreements that require the implementation of access restrictions and security safeguards. In addition, the information may also be disclosed for enforcement, statutory and regulatory purposes; to another agency or a Federal Reserve Bank, to a Member of Congress; to the Department of Justice, a court, an adjudicative body or administrative tribunal, or a party in litigation; to contractors, agents, and others; and persons who are reasonably necessary to assist in connection with the Board s efforts to respond to the suspected or confirmed compromise of security or confidentiality and prevent, minimize, or remedy such harm; or to other agencies, entities, and persons reasonably necessary to assist the Board s efforts to respond to a suspected or confirmed compromise of security or confidentiality to prevent, minimize or remedy such harm. 5. Whether the individuals to whom the information pertains have an opportunity to decline to provide the information or to consent to particular uses of the information (other than required or authorized uses). Individuals do not have an opportunity to decline to provide the information or consent to particular uses of the information because the information is not 3

collected from the individual. The information is collected directly from the financial institution during the bank examination or supervision process pursuant to the institution s statutory obligation to provide any and all financial records to its federal regulator. The information is acquired by the financial institution from its customers as a routine business activity. 6. Procedure(s) for ensuring that the information maintained is accurate, complete, and up-to-date. All personally identifiable information in the EWP Supervisory Systems is obtained directly from the financial institution during the examination and supervision process. The examiner-in-charge, or a designee, is responsible for ensuring the accuracy and completeness of the information acquired from the financial institution. 7. The length of time the data will be retained, and how will it be purged. EWP Supervisory Systems serve as a repository for examination and supervision documents. Examination workpapers, including those stored in the EWP Supervisory Systems are typically maintained for five years; however, in the event of a supervisory or enforcement action initiated by the Board of Governors, information may be maintained for three years after termination of such supervisory or enforcement action. In some cases, aggregate or summary data may be held for longer periods to support business cycle analysis. Paper documents are destroyed by shredding and electronic documents are purged from the appropriate databases after the retention period expires. 8. The administrative and technological procedures used to secure the information against unauthorized access. The Federal Reserve uses a combination of methods to secure the information contained in EWP Supervisory Systems. For example, EWP Supervisory Systems are: (1) maintained in Federal Reserve restricted-access facilities, (2) stored on access-controlled servers, and (3) encrypted if they are downloaded to an examiner s workstation (that is, laptop). Information security configurations for EWP Supervisory Systems are regularly reviewed to ensure ongoing compliance with the requirements defined in the Board s Information Security Program. 4

9. Whether a new system of records under the Privacy Act will be created. (If the data is retrieved by name, unique number, or other identifier assigned to an individual, then a Privacy Act system of records may be created). No new system of records is required because any personally identifiable information maintained in connection with EWP Supervisory Systems is not retrieved by reference to an individual s name or other personal identifier. Reviewed: Raymond Romero /signed/ 06/27/2012 Chief Privacy Officer Date Sharon Mowry /signed/ 06/27/2012 Chief Information Officer Date

Appendix A The Federal Reserve currently deploys the following Electronic Workpaper Program Supervisory Systems: Electronic Workpaper Programs maintained by the Federal Reserve Bank of Atlanta, Federal Reserve Bank of Boston, Federal Reserve Bank of Chicago, Federal Reserve Bank of Minneapolis, Federal Reserve Bank of Richmond, Federal Reserve Bank of New York, Federal Reserve Bank of San Francisco, and Federal Reserve Bank of Cleveland; Supervisory Databases maintained by the Federal Reserve Bank of Boston, Federal Reserve Bank of Chicago, Federal Reserve Bank of Richmond, Federal Reserve Bank of New York, and Federal Reserve Bank of San Francisco; Examination Reports maintained by the Federal Reserve Bank of San Francisco; Electronic Documents maintained by the Federal Reserve Bank of San Francisco; International & Large Banking Group (ILBG) Notebooks maintained by the Federal Reserve Bank of San Francisco; Regional & Community Banking Organization Database maintained by the Federal Reserve Bank of San Francisco; Foreign Banking Organizations Database maintained by the Federal Reserve Bank of San Francisco; Report Tracking System maintained by the Federal Reserve Bank of Philadelphia; Consumer Compliance Notes Database maintained by the Federal Reserve Bank of San Francisco, Consumer Affairs application maintained by the Federal Reserve Bank of Richmond; Notes Work Databases maintained by the Federal Reserve Bank of Boston; Continuous Monitoring maintained by the Federal Reserve Bank of New York; Secure External Team Space maintained by the Federal Reserve Bank of Philadelphia; Electronic Workpapers maintained by the Federal Reserve Bank of Cleveland and the Federal Reserve Ban k of San Francisco; Electronic Applications maintained by the Federal Reserve Bank of 6

Atlanta; Electronic Applications maintained by the Federal Reserve Bank of Chicago; Kansas City Business Intelligence maintained by the Federal Reserve Bank of Kansas City; E-Apps maintained by the Federal Reserve Bank of Kansas City; Examination Reports maintained by the Federal Reserve Bank of San Francisco; and FBO Database maintained by the Federal Reserve Bank of San Francisco. WebExam Lotus Notes Database maintained by the Federal Reserve Bank of Richmond WebDocs Lotus Notes Database maintained by the Federal Reserve Bank of Richmond Teamroom Databases maintained by the Federal Reserve Bank of Boston 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information