EEO Database System - icomplaints



Similar documents
General Support System

Cloud 2 General Support System

Market Research in the Field v.1

UNITED STATES DEPARTMENT OF AGRICULTURE AGRICULTURAL MARKETING SERVICE DIRECTIVE /6/04 EQUAL EMPLOYMENT OPPORTUNITY PROGRAM

Privacy Impact Assessment

GSA ORDER. 3. Applicability. The handbook applies to all GSA associates, former associates, and job applicants.

Policy Directive September 22, Equal Employment Opportunity (EEO) Policy and Procedures

U.S. Nuclear Regulatory Commission

GUIDANCE REGARDING EEO PROCEDURES (1/25/2000)

WHAT YOU NEED TO KNOW ABOUT. EEO Publication 133 October 2012

Privacy Impact Assessment

Notification and Federal Employee Antidiscrimination and Retaliation Act Report. Fiscal Years United States Nuclear Regulatory Commission

Privacy Impact Assessment

U.S. DEPARTMENT OF TRANSPORTATION FEDERAL AVIATION ADMINISTRATION National Policy

US Department of Health and Human Services. Assistant Secretary for Administration and Management (ASAM) Office of Diversity Management and EEO (ODME)

The Federal EEO Process

Personal Information Collection and the Privacy Impact Assessment (PIA)

Wendy Musell Stewart & Musell, LLP

PRIVACY IMPACT ASSESSMENT (PIA) For the

Privacy Impact Assessment. For Personnel Development Program Data Collection System (DCS) Date: June 1, 2014

Appendix B EDR Forms

DEPARTMENT OF PUBLIC WORKS MANAGEMENT MANUAL

United States Trustee Program

Non-Discrimination and Anti-Harassment Policy OP 03.03

DEFENSE HUMAN RESOURCES ACTIVITY (DHRA) EQUAL EMPLOYEMENT OPPORTUNITY PROGRAM HANDBOOK

Equal Employment Opportunity (EEO) Complaint & Investigation Guideline Number b-AOG Responsible Office Human Resources Date Revised 01/30/2014

ADMINISTRATIVE INSTRUCTION

WORKFORCE INVESTMENT ACT GRIEVANCE AND COMPLAINT RESOLUTION PROCEDURES

United States Department of the Interior BUREAU OF LAND MANAGEMENT Wyoming State Office P.O. Box 1828 Cheyenne, Wyoming

U.S. EQUAL EMPLOYMENT OPPORTUNITY COMMISSION EQUAL EMPLOYMENT OPPORTUNITY MANAGEMENT DIRECTIVE FOR 29 C.F.R. PART 1614 (EEO-MD-110),

EQUAL EMPLOYMENT OPPORTUNITY MANAGEMENT DIRECTIVE EEO MD - 110

CITY OF LOS ANGELES SEXUAL ORIENTATION, GENDER IDENTITY, AND GENDER EXPRESSION DISCRIMINATION COMPLAINT PROCEDURE

Privacy Impact Assessment

Notification and Federal Employee Antidiscrimination and Retaliation (No FEAR) Act Training

Student Administration and Scheduling System

REMEDY Enterprise Services Management System

Canine Website System (CWS System) DHS/TSA/PIA-036 January 13, 2012

SOCIAL SECURITY Office of Human Resources March 28, 2014

DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT SALARIES AND EXPENSES, HOUSING AND URBAN DEVELOPMENT

Complaint Policy and Procedure

ATLANTA METROPOLITAN COLLEGE Consolidated Alternative Dispute Resolution Policies and Processes

Moreover, sexual harassment is a violation of federal, state and county fair employment laws.

Privacy Impact Assessment for Threat Assessments for Access to Sensitive Security Information for Use in Litigation December 28, 2006

TIPS FOR RESPONDING TO EEOC COMPLAINTS PRESENTED BY: RICHARD D. ALANIZ

Department of Homeland Security DHS Directives System Directive Number: Revision Number: 00. Issue Date: ANTI HARASSMENT POLICY

THE LAW. Equal Employment Opportunity is

COUNTY OF RIVERSIDE, CALIFORNIA BOARD OF SUPERVISORS POLICY. Policy Subject: Number Page. HARASSMENT POLICY AND COMPLAINT PROCEDURE C-25 1 of 3

Your Rights as an Employee

9/11 Heroes Stamp Act of 2001 File System

SEXUAL HARASSMENT POLICY

Introduction. 1 Note that not all informal complaints progress to the formal stage.

Crew Member Self Defense Training (CMSDT) Program

Michigan State University Office of Institutional Equity COMPLAINT PROCEDURES

Clearances, Logistics, Employees, Applicants, and Recruitment (CLEAR)

Procedure 1B.1.1 Report/Complaint of Discrimination/Harassment Investigation and Resolution

STATE OF MARYLAND JUDICIARY Policy on Equal Employment Opportunity and Harassment

Administrative Bulletin

COMPLAINTS IN RETIREMENT HOMES

PROCEDURES FOR THE ONEDOT SHARING NEUTRALS EQUAL EMPLOYMENT OPPORTUNITY and CIVIL RIGHTS ALTERNATIVE DISPUTE RESOLUTION PROGRAM

Dispute Resolution Procedures for Administrative/Professional and Clerical/Service Staff Members

Resolution Agreement Southern Virginia University Case Nos and

PERSONNEL All Staff Permanent Personnel Conditions of Employment Equal Employment Opportunity/Anti-Harassment

Chapter and SUPERSEDES MANAGEMENT BULLETIN 99-09

Sexual Harassment Awareness

Federal Trade Commission Privacy Impact Assessment

Privacy Impact Assessment. For. Non-GFE for Remote Access. Date: May 26, Point of Contact and Author: Michael Gray

PRIVACY IMPACT ASSESSMENT

Privacy Impact Assessment for the. Standardized Tracking and Accounting Reporting System- Financial Management System (STARS-FMS)

Introduction. Forums for Discrimination Complaints. Internally 1B.1 Administrative charge (MDHR, EEOC, OCR) Lawsuit

SUMMARY: The National Guard Bureau proposes to add a new system. of records, INGB 005, entitled Special Investigation Reports

Sam Houston State University A Member of The Texas State University System

Harry E. Owens, IPMA-CP Adjunct Faculty, University of Georgia. U.S. Equal Opportunity Commission 1

The World Bank Group Policy on Eradicating Harassment Guidelines for Implementation

Re: OCR Docket #

INTRODUCTION 2 WORKPLACE HARASSMENT

Town of Salisbury 5 Beach Road Salisbury, Massachusetts 01952

Advocating for Campus Survivors Using Title IX: A guide for advocates and attorneys. Amanda Walsh, Esq. Victim Rights Law Center

U.S. Equal Employment Opportunity Commission Program Evaluation Report. Social Security Administration Baltimore, MD

YMCA of High Point Whistleblower Policy and Procedure

TABLE OF CONTENTS. A. Equal Employment Opportunity Policy 41 C.F.R (a),

EMPLOYMENT DISCRIMINATION Get The Facts

How To Handle A Title Ix Complaint At Anorexic State University

Notice of Special Education Procedural Safeguards for Students and Their Families

Department of Defense DIRECTIVE

Managing in a Litigious World. Anna Elento-Sneed Alston Hunt Floyd & Ing

STATE OF VERMONT OFFICE OF THE ATTORNEY GENERAL CIVIL RIGHTS UNIT EMPLOYMENT DISCRIMINATION QUESTIONNAIRE

TITLE VI PUBLIC NOTICE OF RIGHTS / COMPLAINT PROCESS The Washington County Transportation Authority is herein referred to as the "WCTA

HEALTH CARE RIGHTS AND TRANSGENDER PEOPLE March 2012

How To Resolve A Complaint Of Discrimination In The United States

City & County of Honolulu Employment Discrimination Complaints. Desk Guide

Secretary-General s bulletin Prohibition of discrimination, harassment, including sexual harassment, and abuse of authority

Chicago Homeless Management Information System (HMIS) Privacy Packet

J.V. Industrial Companies, Ltd. Dispute Resolution Process. Introduction

Screening of Passengers by Observation Techniques (SPOT) Program

NLG SEXUAL HARASSMENT POLICY AND COMPLAINT PROCEDURE

STUDENT PROTECTION FROM DISCRIMINATION AND HARASSMENT

Regulations of Florida A&M University Non-Discrimination Policy and Discrimination and Harassment Complaint Procedures.

ANNUAL PRIVACY REPORT

PROTECTION & ADVOCACY INFORMATION PACKET EMPLOYMENT DISCRIMINATION & YOUR RIGHTS AS AN EMPLOYEE WITH A DISABILITY

WHISTLEBLOWER POLICY. a) Code means the TALIC's code of conduct as in force from time to time;

Transcription:

PRIVACY IMPACT ASSESSMENT OCTOBER 13, 2015 EEO Database System - icomplaints Does the CFPB use the information to benefit or make a determination about an individual? Yes. What is the purpose? Manage and Report EEO and Civil Rights complaints and cases. Are there controls to enforce accountability? Yes, all standard CFPB privacy protections and security controls apply. What opportunities do I have for participation? Appropriate opportunities for notice, consent, access, and redress.

Overview The Dodd-Frank Wall Street Reform and Consumer Protection Act (Act), Public Law No. 111-203, Title X (2010), established the Consumer Financial Protection Bureau (CFPB or Bureau). CFPB administers, enforces, and implements federal consumer financial protection laws, and, among other powers, has the authority to protect aggrieved persons or parties from unfair, deceptive, and abusive practices when obtaining consumer financial products or services. CFPB is committed to a work environment that promotes fairness and equality of opportunity for employees and job applicants on the basis of merit and without regard to race, color, religion, sex (including pregnancy, sexual orientation, transgender status, gender identity or expression, gender non-conformity, or sex stereotyping of any kind), national origin, disability, age (age 40 or older), genetic information, protected Equal Employment Opportunity (EEO) activity, or any other characteristic protected by federal law or executive order (collectively, EEO bases ). CFPB has zero tolerance for unlawful discrimination, harassment, or retaliation in the workplace. CFPB wishes to provide a neutral and impartial forum for employees, former employees, and applicants for employment to lodge complaints of discrimination based on any one or more of the protected EEO bases. Under 29 C.F.R. 1614.104 and the Equal Employment Opportunity Commission s (EEOC s) Management Directive 110 (MD-110), CFPB must provide individuals access to pre-complaint counseling and an alternative dispute resolution program, offering the parties an opportunity for an early resolution of disputes in a mutually-satisfactory fashion. If the parties fail to reach a resolution, an individual may file a formal complaint of discrimination. CFPB must investigate the complaint of discrimination under 29 C.F.R. Part 1614, MD-110, and related EEOC guidance and case law. This Privacy Impact Assessment (PIA) addresses the EEOC automated data processing system used by the CFPB icomplaints to store and track complaints by employees, former employees, and applicants for employment filed pursuant to 29 C.F.R. Part 1614. Data is not collected from members of the general public. icomplaints is used by the CFPB s Office of Civil Rights (OCR) to track EEO complaints. icomplaints is a commercial-off-the-shelf (COTS) webbased service, hosted by an off-site vendor, MicroPact Engineering, Inc. The federally mandated reports generated by the system are the Annual 462 Report and the Notification and Federal Employee Antidiscrimination and Retaliation Act of 2002 (No FEAR Act) Report. 2 PRIVACY IMPACT ASSESSMENT OCTOBER 2015

Individuals receive constructive notice from this PIA and the government-wide SORN EEOC/GOVT-1 Equal Employment Opportunity in the Federal Government Complaint and Appeal Records (July 30, 2002, 67 FR 49338, 49354-55). You can read the SORN here: http://www.gpo.gov/fdsys/pkg/fr-2002-07-30/pdf/02-18895.pdf Privacy Risk Analysis The primary privacy risks associated with this implementation of the EEO database system are risks related to: Data minimization Confidentiality Data Minimization: CFPB limits the scope of information collected in icomplaints to the amount of data necessary to act upon the complaints filed. Although the system stores PII provided in the complaint, this information is captured only where it is relevant to a complaint, claim, and/or an investigation. The information included in the EEO database system contains information collected directly from the individual who is filing a complaint, or people responding to, or with knowledge of, the complaint. Because the interactions that result in information collection are generally voluntary, and because the Bureau does not use any information collected through these process to deprive an individual of a right or benefit, the privacy risks associated with these collections are minimal. Complainants choose what and how much information they share with the Bureau and they have opportunities to change or update information that is erroneous or no longer accurate or relevant. Direct identifying PII is generally limited to names and contact information (address, phone, date of birth, email, professional affiliation or employer) which is required as part of the complaint process to process a complaint. Confidentiality: In the event of a breach of confidentiality, there is a risk of embarrassment or loss of reputation to both the individual and the Bureau. A breach of confidentiality could result in complainants suffering financial harm as a result of identity theft. The Bureau minimizes this risk by enforcing access controls to minimize the number of individuals who have access to the data and by storing data on systems that have been accredited as secure for this type of data. Staff is also trained on how to handle potential breaches to minimize negative impacts. 3 PRIVACY IMPACT ASSESSMENT OCTOBER 2015

The technical, physical, and administrative controls implemented to promote individual participation, minimization, and accountability are appropriate. Privacy Risk Management 1. Describe what information the CFPB collects, how the information is collected, and the sources from which the information is collected. Personal information collected by the system includes: Name Truncated SSN Employee Identification Number Date of Birth Mailing Address Work Phone Number Home Address Home Phone Number Disability Information Employment Information Education Records Date of Request for Alternate Dispute Resolution (ADR) Protected Class Information (e.g., race, age, national origin, color, disability, religion, sex (including sexual orientation), genetic information) Other identifying information as relevant to the matter Results of fact-based inquires (e.g., direct, comparative, and statistical evidence and information such as forms, sworn and/or unsworn statements of fact, reports and summaries) created and collected by counselors, investigators and EEO professionals responsible for the administrative processing of the allegations of discrimination are also input into the database. Over 500 data fields are captured in icomplaints giving CFPB the ability to identify the issues and basis of the complaints, the complainants, the witnesses, and other information necessary to analyze complaint activity and trends, but also the ability to track and monitor the location, status, and length of time elapsed at each stage of the complaint resolution process consistent with EEOC Management Directive (MD)-110. Although certain information is mandatory, most of the information collected is captured only where it is material and relevant to a complaint, claim, and/or an investigation. 4 PRIVACY IMPACT ASSESSMENT OCTOBER 2015

Information pertaining to the claims and issues raised within the complaint is collected primarily from persons filing complaints, co-workers, supervisors, witnesses and legal representatives with knowledge of the allegations. Because individuals who are not CFPB employees may file a complaint, information about non-cfpb employees may also be collected. 2. Describe CFPB s objective for the information. The information is collected for the administration, processing, and resolution of complaints. It is a requirement that the icomplaints system be able to accurately identify the individual who is making the complaint, and that the information to contact the complainant is accurate and up to date. icomplaints may also aggregate data (through basic and ad hoc search functions) in order to show trends (e.g., division data, fiscal year data, and case status data). Trend analyses require a statistically significant pool of archival data over the course of several years to properly assess the EEO climate and the effectiveness of process improvement and/or pilot programs. CFPB uses all of this information to determine the status of compliance with EEOC MD-110 and the EEOC Management Directive 715 standards for model EEO program status. The data stored in icomplaints may also be used by the Bureau for reporting and statistical purposes with personal identifiers removed. The CFPB may share the information contained in the complaint with a staff or third-party counselor, mediator or other neutral during either the informal or formal phases of the complaint process. The information provided will assist the neutral in conducting counseling or mediation, in order to attempt to resolve the complaint. If the complaint is not resolved informally (through ADR or otherwise) and the complaint meets the criteria for acceptance, the CFPB will conduct an investigation of the complaint, either with its staff or through the use of qualified third-party investigators, which will include a thorough review of the circumstances under which the alleged discrimination in employment occurred, along with evidence from which the ultimate factfinder is able to determine whether or not any violation of EEO laws has occurred. Investigators must be (and must maintain the appearance of being) unbiased, thorough, and objective. By gathering the relevant information and documentation, the EEO investigator plays a critical role in helping prepare the factual record, which allows a factfinder to draw factual conclusions as to whether discrimination has occurred. 5 PRIVACY IMPACT ASSESSMENT OCTOBER 2015

The conclusion of the EEO complaint process allows complainants an opportunity to elect a forum to have the merits of their case decided, i.e., a Final Agency Decision (FAD) issued by CFPB or a hearing before an EEOC Administrative Judge. Upon election of a FAD, Office of Civil Rights (OCR) may provide a third-party vendor with a redacted report of investigation (ROI) which always excludes social security numbers and PII not needed by the vendor. Upon election of a hearing, OCR provides the EEOC a redacted report of investigation (ROI) which always excludes social security numbers and PII not needed by the vendor. The complainant, his/her representative and persons within CFPB s Legal Division also receive a copy of the ROI. 3. Describe how CFPB shares any of the information with third parties with whom the CFPB shares the information for compatible purposes, e.g. federal or state agencies, the general public, etc. Information related to EEO complaint activity is shared with other federal and state authorities, such as the Office of Personnel Management (OPM), EEOC, Merit Systems Protection Board (MSPB), Department of Justice, and Congress. Disclosures are made in accordance with the Privacy Act and the applicable SORN, EEOC/GOVT-1 Equal Employment Opportunity in the Federal Government Complaint and Appeal Records (July 30, 2002, 67 FR 49338, 49354-55). If the complainant decides later to either appeal the matter to a federal appellate court, as appropriate, or to file a complaint of discrimination in a federal district court, the information may be shared with the federal court and consequently be a matter of public record. Aggregate EEO complaint data is also made available publically and is updated quarterly on the www.consumerfinance.gov website through No FEAR Act statistical data. The CFPB also provides comprehensive statistical EEO data to the EEOC on an annual basis. The CFPB provides an annual No FEAR Act Report containing statistical and analytical data to Congress and other federal agencies. 6 PRIVACY IMPACT ASSESSMENT OCTOBER 2015

4. Describe what opportunities, if any, individuals to whom the information pertains have to (a) receive notice regarding the CFPB s use of the information; (b) consent to such use; (c) access the information that pertains to them; or (d) obtain redress. icomplaints does not specifically require individuals to provide any of their personally identifying information; however, the processing of an EEO complaint is limited when contact information is not provided. The CFPB gives individuals the ability to request access and amendment to their personal information in accordance with the Privacy Act and the CFPB s Privacy Act regulations, at 12 C.F.R. 1070.50 et seq. Individuals may also file a request under the Freedom of Information Act. A Privacy Act notice is part of the investigation affidavit provided to all witnesses who are asked to give written testimony as part of the EEO investigation and is included in the ROI that the complainant receives. This notice ensures that the individual is aware that the collection of information will be included in an agency system of records. 5. Explain the standards and relevant controls that govern the CFPB s or any third party contractor(s) acting on behalf of the CFPB collection, use, disclosure, retention, or disposal of information. The Bureau complies with the Privacy Act of 1974, Right to Financial Privacy Act, and E- Government Act of 2002; voluntarily adopts Office of Management and Budget privacy-related guidance as a best practice 1 and applies National Institute of Standards and Technology risk management processes for privacy. The CFPB uses the following technical and administrative controls to secure the data and create accountability for the Bureau s appropriate collection, use, disclosure, and retention of the information: Audit Logs and Reviews 1 Although pursuant to Section 1017(a)(4)(E) of the Consumer Financial Protection Act, Pub. L. No. 111-203, the CFPB is not required to comply with Office of Management and Budget (OMB)-issued privacy guidance; it follows OMB privacy-related guidance as a best practice and to facilitate cooperation and collaboration with other agencies. 7 PRIVACY IMPACT ASSESSMENT OCTOBER 2015

CFPB Personnel Privacy Training CFPB Privacy Incident Response and Recovery Plan Compliance with CFPB cybersecurity policy and procedures Policy and Standard Operating Procedures Role-based Access Controls Records Schedule Submitted to/approved by National Archives and Records Administration: General Records Schedule 1, Item 25 (Equal Employment Opportunity Records) Personnel Security including background checks 6. Discuss the role of third party(ies) that collaborate or partner with the CFPB, if any. Identify any controls used to protect against inappropriate collection, use, disclosure, or retention of information. (This does not include third parties acting on behalf of the CFPB, e.g., government contractors discussed in Question 5.) Only CFPB employees or contractors acting on behalf of the CFPB will have access to the system. No other systems share or have access to the data in icomplaints. 8 PRIVACY IMPACT ASSESSMENT OCTOBER 2015

Document control Approval Ashwin Vasan Chief Information Officer Date: October 13, 2015 Claire Stapleton Chief Privacy Officer Date: October 13, 2015 Name M. Stacey Bach Assistant Director, Office of Civil Rights Date: October 13, 2015 9 PRIVACY IMPACT ASSESSMENT OCTOBER 2015

Change control Version Summary of material changes Pages affected Date of change 10 PRIVACY IMPACT ASSESSMENT OCTOBER 2015

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information