ERIC - A Guide to an Introduction



Similar documents
Privacy Impact Assessment. For. Non-GFE for Remote Access. Date: May 26, Point of Contact and Author: Michael Gray

Privacy Impact Assessment. For. Institute of Education Sciences Peer Review Information Management Online (PRIMO) Date: May 4, 2015

Privacy Impact Assessment For Management Information System (MIS) Date: September 4, Point of contact: Hui Yang

Privacy Impact Assessment. Date: April 18, Point of Contact: Jim Hibberd KratosLearning.com

Privacy Impact Assessment

Privacy Impact Assessment. For Person Authentication Service (PAS) Date: January 9, 2015

Privacy Impact Assessment. For. TeamMate Audit Management System (TeamMate) Date: July 9, Point of Contact: Hui Yang

Privacy Impact Assessment. For Rehabilitation Services Administration Management Information System (RSA-MIS) Date: November 19, 2014

Privacy Impact Assessment

Privacy Impact Assessment. For Education s Central Automated Processing System (EDCAPS) Date: October 29, 2014

Privacy Impact Assessment. For. Financial Management System (FMS) Date: January 6, Point of Contact: System Owner: Author:

Privacy Impact Assessment. For Personnel Development Program Data Collection System (DCS) Date: June 1, 2014

Privacy Impact Assessment For Central Processing System (CPS) Date: March 25, 2013

8. Does this system collect, display, store, maintain or disseminate Personally Identifiable Information (PII)? Yes

U.S. Securities and Exchange Commission. Mailroom Package Tracking System (MPTS) PRIVACY IMPACT ASSESSMENT (PIA)

Privacy Impact Assessment

A. SYSTEM DESCRIPTION

Canine Website System (CWS System) DHS/TSA/PIA-036 January 13, 2012

8. Does this system collect, display, store, maintain or disseminate Personally Identifiable Information (PII)? Yes

Privacy Impact Assessment

A. SYSTEM DESCRIPTION

U.S. Securities and Exchange Commission. Integrated Workplace Management System (IWMS) PRIVACY IMPACT ASSESSMENT (PIA)

A. SYSTEM DESCRIPTION

A. SYSTEM DESCRIPTION

A. SYSTEM DESCRIPTION

REMEDY Enterprise Services Management System

Taxpayers/Public/Tax Systems Employees/Personnel/HR Systems Other Source: State agencies provide payment information via EFTPS and SDT

Department of Homeland Security Web Portals

8. Does this system collect, display, store, maintain or disseminate Personally Identifiable Information (PII)? Yes

8. Does this system collect, display, store, maintain or disseminate Personally Identifiable Information (PII)? Yes

A. SYSTEM DESCRIPTION

8. Does this system collect, display, store, maintain or disseminate Personally Identifiable Information (PII)? Yes

8. Does this system collect, display, store, maintain or disseminate Personally Identifiable Information (PII)? Yes

A. SYSTEM DESCRIPTION

Department of the Interior Privacy Impact Assessment

A. SYSTEM DESCRIPTION

Department of State SharePoint Server PIA

A. SYSTEM DESCRIPTION

Privacy Impact Assessment. For ecampus-based System (e/cb) Date: April 26, Point of Contact: Calvin Whitaker

Federal Trade Commission Privacy Impact Assessment

Android Developer Applications

A. SYSTEM DESCRIPTION

US Federal Student Aid Datashare (SBU-PII) Application and Database

Federal Bureau of Prisons. Privacy Impact Assessment for the HR Automation System. Issued by: Sonya D. Thompson Deputy Assistant Director/CIO

A. SYSTEM DESCRIPTION

8. Does this system collect, display, store, maintain or disseminate Personally Identifiable Information (PII)? Yes

A. SYSTEM DESCRIPTION

Department of the Interior Privacy Impact Assessment

Student Administration and Scheduling System

Physical Access Control System

Department of the Interior Privacy Impact Assessment

FHFA. Privacy Impact Assessment Template FM: SYSTEMS (SYSTEM NAME)

U.S. DEPARTMENT OF COMMERCE UNITED STATES PATENT AND TRADEMARK OFFICE. Privacy Impact Assessment

A. SYSTEM DESCRIPTION

Issue Based Management Information System (Redesign) is a Small Other system/application sponsored by LB&I.

8. Does this system collect, display, store, maintain or disseminate Personally Identifiable Information (PII)? Yes

A. SYSTEM DESCRIPTION

INTERNational Connections Privacy Impact Assessment

Federal Trade Commission Privacy Impact Assessment for:

A. SYSTEM DESCRIPTION

Permit Power of Attorney (PoA) to establish an agreement on behalf of the taxpayer

Department of the Interior Privacy Impact Assessment Template

8. Does this system collect, display, store, maintain or disseminate Personally Identifiable Information (PII)? Yes

8. Does this system collect, display, store, maintain or disseminate Personally Identifiable Information (PII)? Yes

A. SYSTEM DESCRIPTION

A. SYSTEM DESCRIPTION

A. SYSTEM DESCRIPTION

Integrated Financial Management Information System (IFMIS) Merger

How To Understand The System Of Records In The United States

Commodity Futures Trading Commission Privacy Impact Assessment

Clearances, Logistics, Employees, Applicants, and Recruitment (CLEAR)

Privacy Impact Assessment

Department of Homeland Security Use of Google Analytics

Financial Management Service. Privacy Impact Assessment

8. Does this system collect, display, store, maintain or disseminate Personally Identifiable Information (PII)? Yes

Privacy Impact Assessment. For Debt Management and Collection System (DMCS) Date: June 30, 2014

Homeland Security Virtual Assistance Center

Financial Disclosure Management (FDM)

How To Understand The System'S Purpose And Function

Federal Trade Commission Privacy Impact Assessment. for the: Gilardi & Co., LLC Claims Management System and Online Claim Submission Website

Protected Critical Infrastructure Information Management System (PCIIMS) Final Operating Capability (FOC)

A. SYSTEM DESCRIPTION

United States Department of State Privacy Impact Assessment Risk Analysis and Management

How To Use An Ipod For A Police Department

A. SYSTEM DESCRIPTION

U.S. Securities and Exchange Commission. Easy Lobby PRIVACY IMPACT ASSESSMENT (PIA)

Department of the Interior Privacy Impact Assessment

Privacy Impact Assessment

Privacy Impact Assessment

Accounting Package (ACCPAC)

United States Department of State Privacy Impact Assessment IIP Content Management System (CMS ITAB Number 600)

A. SYSTEM DESCRIPTION

Federal Trade Commission Privacy Impact Assessment. for the: Analytics Consulting LLC Claims Management System and Online Claim Submission Website

Federal Trade Commission Privacy Impact Assessment. for the: Secure File Transfer System

Personal Information Collection and the Privacy Impact Assessment (PIA)

Privacy Considerations In The SMART World

**MT op» ^chv. Adapted Privacy Impact Assessment. Google Analytics. March 19, Contact

A. SYSTEM DESCRIPTION

Virginia Systems Repository (VSR): Data Repositories DHS/FEMA/PIA 038(a)

Quality Assurance Recording System

Transcription:

Privacy Impact Assessment for Education Resources Information Center (ERIC) Date: April 29, 2011 Point of Contact: Luna Levinson, (202) 208-2321luna.levinson@ed.gov System Owner: Sue Betka, (202)219-2236, sue.betka@ed.gov Author: Luna Levinson, (202) 208-2321, luna.levinson@ed.gov Office of Institute of Education Sciences (IES) U.S. Department of Education 1

1. System Information. Describe the system - include system name, system acronym, and a description of the system, to include scope, purpose and major functions. Education Resources Information Center (ERIC) provides a comprehensive, easy-to-use, searchable, Internet-based bibliographic and full-text database of education research and information for educators, researchers, and the general public. The ERIC digital library is available at http://www.eric.ed.gov and through commercial services such as Cambridge Scientific Abstracts, EBSCO, and through Google, Yahoo, and MSN. The ERIC library activities include collection development, content authorizations and agreements, acquisitions and processing, database and Web site operations, and communications. To protect privacy, we follow Office of Management and Budget (OMB) recommendations regarding Internet privacy for Federal Government Web sites. We strive to make clear the kinds of information we collect, explain why we collect information, how we use it, and whether it will be shared with others. 2. Legal Authority. Cite the legal authority to collect and use this data. The authority for ERIC is section 172(d)(2)(B)(ii) of the Education Sciences Reform Act of 2002. The ERIC database of journal articles and other published and unpublished education materials is enhanced through the addition of free full-text documents and by providing electronic links to commercial sources. An agreement form, reviewed by OGC in April 2004, provides the structure for the agreements. As required by the Copyright Act of 1976, ERIC only posts electronic copies of documents and journal articles for which we have specific permission from copyright holders. 3. Characterization of the Information. What elements of PII are collected and maintained by the system (e.g., name, social security number, date of birth, address, phone number)? What are the sources of information (e.g., student, teacher, employee, university)? How is the information collected (website, paper form, on-line form)? Is the information used to link or cross-reference multiple databases? The Agreement Management System (AMS) collects information for business contacts of a publisher for which we have an agreement to obtain and publish their content in ERIC. ERIC collects the name and business contact information, business telephone number and business email address, for the individual responsible for the agreement with ERIC. ERIC also has the name and business contact information for the technical side of providing the content to ERIC in electronic format. The contact information collected is similar to the information contained on a business card. Information for AMS is collected on a paper form. This information is not used to link or cross reference multiple databases. Information collected is used to facilitate contact with the publisher regarding the agreement to provide content to ERIC or discuss technical issues with the data feed provided by the publisher. For the MyERIC system, a user of the eric.ed.gov web site can voluntarily create a MyERIC account after creating a user name of their choice, a password of their choice, and an email address that can be used to inform the MyERIC account holder of changes and enhancements to the system. A MyERIC account user can also submit their research papers to ERIC for review and inclusion into the ERIC collection. ERIC informs the MyERIC user if their research work has been accepted or rejected using the email address provided. Information for MyERIC is collected through the web site. This information is not used to link or cross reference multiple databases. 2

For MyERIC, the user name and password is used to validate the user when accessing their MyERIC account. The email address is used to communicate with the MyERIC account holder about changes to the system or their account. If the user has submitted material to be included in the ERIC collection, the email address is also used to convey information regarding the status of their submission. ERIC does not collect personal information when one visits the Web site unless a user chooses to provide it. 4. Why is the information collected? How is this information necessary to the mission of the program, or contributes to a necessary agency activity. Given the amount and any type of data collected, discuss the privacy risks (internally and/or externally) identified and how they were mitigated. The MyERIC system is a section of the ERIC web site that allows users that create an account to: submit content to ERIC for inclusion in the collection; save searches; and offers users other functionality. In order to facilitate proper use of the MyERIC account an email address is used to handle changes to password or other search functions that require interaction with the ERIC user when disconnected from the web site. The AMS system information is collected to enable quick access to contact information necessary to support the regular collaboration that is required with the thousands of business entities with which ERIC interacts. Being required to look up this information from a public source for each interaction would introduce significant overhead and cost to the process involved. Information collected for the AMS and MyERIC systems is not shared internally or externally. The type of information collected does not pose any privacy risks. 5. Social Security Numbers - If an SSN is collected and used, describe the purpose of the collection, the type of use, and any disclosures. Also specify any alternatives that you considered, and why the alternative was not selected. ERIC does not collect SSNs. 6. Uses of the Information. What is the intended use of the information? How will the information be used? Describe all internal and/or external uses of the information. What types of methods are used to analyze the data? If the system uses commercial information, publicly available information, or information from other Federal agency databases, explain how it is used. The users of ERIC include government, researchers, educators, librarians, students, parents, and administrators. Information is collected only if the user creates a MyERIC account and is used to validate the user at login. Use of the ERIC web site for searching or full text access does not require a user name and password for access. Data collected for the MyERIC system is not analyzed. Data collected for AMS is publically available as the information collected can be found on publisher web sites, business correspondence, or business cards. ERIC uses this information to contact a publisher to establish agreements, collaborate on issues with agreements or content delivery. 3

7. Internal Sharing and Disclosure. With which internal ED organizations will the information be shared? What information is shared? For what purpose is the information shared? MYERIC account information is not shared within ED. 8. External Sharing and Disclosure. With what external entity will the information be shared (e.g., another agency for a specified programmatic purpose)? What information is shared? For what purpose is the information shared? How is the information shared outside of the Department? Is the sharing pursuant to a Computer Matching Agreement (CMA), Memorandum of Understanding or other type of approved sharing agreement wit another agency? MYERIC account information is not shared outside of ED. 9. Notice. Is notice provided to the individual prior to collection of their information (e.g., a posted Privacy Notice)? What opportunities do individuals have to decline to provide information (where providing the information is voluntary) or to consent to particular uses of the information (other than required or authorized uses), and how individuals can grant consent? The Privacy Notice for ERIC is posted at: http://www.eric.ed.gov/ericwebportal/resources/html/about/privacy.html and ERIC is located at http://www.eric.ed.gov/. 10. Security. What administrative, technical, and physical security safeguards are in place to protect the PII? Examples include: monitoring, auditing, authentication, firewalls, etc. Has a C&A been completed? Is the system compliant with any federal security requirements? ERIC monitors network traffic to identify unauthorized attempts to damage the Web site or to upload or change information on ERIC's servers. In support of Web site security, ERIC's Web operating system collects information that could help identify a possible threat. This is the only instance in which ERIC collects personal information and/or monitors user activity without asking the permission of, or giving prior notice to, an ERIC user. The ERIC system was successfully completed a C&A and ATO in 2008, and it is currently on schedule to renew the C&A. 11. Privacy Act System of Records. Is a system of records being created or altered under the Privacy Act, 5 U.S.C. 552a? Is this a Department-wide or Federal Government-wide SORN? If a SORN already exists, what is the SORN Number? A system of record notice is not needed because the information collected from ERIC is not retrieved by any personal identifiers. Therefore, a system of record as defined by the Privacy Act is not being created and the reporting requirements of OMB Circular A-130 do not apply. 12. Records Retention and Disposition. Is there a records retention and disposition schedule approved by the National Archives and Records Administration (NARA) for the records created by the system development lifecycle AND for the data collected? If yes provide records schedule number: Yes, GRS 20-9, Electronic indexes, lists, registers, and other finding aids used only to provide access to records authorized for destruction by the GRS or a NARA-approved SF 115, EXCLUDING 4

records containing abstracts or other information that can be used as an information source apart from the related records. Retention: Delete with related records or when the agency determines that they are no longer needed for administrative, legal, audit, or other operational purposes, whichever is later. 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information