U.S. Securities and Exchange Commission (IWMS) PRIVACY IMPACT ASSESSMENT (PIA) March 21, 2013
General Information 1. Name of Project or System. (IWMS) 2. Describe the project and its purpose or function in the SEC s IT environment. The IWMS using the idrawing (v4.2) software, which is a web-based application providing automated tools enabling the SEC to manage its real property, capital assets and facilities more effectively. This reduces facilities operations and maintenance costs, and achieves greater efficiencies in the use of their capital assets and real property. The application will retain SEC facility blueprints drawings including detailed floor plan layouts and SEC employee and contractor office location. Data related to Station Place, Operations Center and the region offices will be retained in this system. The software uses employee contact and location (ECL) data for association with office space being tracked by the space management element of the software. 3. Requested Operational Date? 2/26/2013 4. System of Records Notice (SORN) number? SEC-37, Automated Personnel Management Information System; and SEC-46, Identification Cards, Press Passes, and Proximity Access Control Cards. 5. Is this an Exhibit 300 project or system? No Yes 6. What specific legal authorities, arrangements, and/or agreements allow the collection of this information? 5 U.S.C. 302 Specific Questions SECTION I - Data in the System 1. What data about individuals could be collected, generated, or retained? Name, Mailing Address, Telephone Number, E-mail Address, Employee Type, Teleworking 3 or more days, Scale, Occ Series, Grade, Position Title OPM, Employee Common ID, Enrollment ID 2. Does the project/system use or collect the social security number (SSN)? (This includes truncated SSNs) No. Yes. If yes, provide the function of the SSN and the legal authority to collect. 3. What are the sources of the data? Extracts of data from HSPD-12 and from DataMart (DOI system) are used to associate SEC employees and contractors with office locations. 4. Why is the data being collected? The data being collected will be used in the management of space allocation at Station Place and all other SEC regional offices. 1
5. What technologies will be used to collect the data? Data will be manually downloaded from sources and uploaded to the application via spreadsheet. SECTION II - Attributes of the Data (use and accuracy) 1. Describe the uses of the data. The collection of the data allows the system to perform accurate space planning by Facilities Management. Information will allow for mapping of right size, office type and location based on grade, function and employee type (employee or contractor). Also, while the system is not directly associated with employee moves, it will facilitate the process by serving as an accurate record of office personnel locations that is available to divisions and offices whenever they plan to relocate staff. 2. Does the system analyze data to assist users in identifying previously unknown areas of note, concern or pattern? No Yes If yes, please explain: Patterns of space usage. The analyzed data does not relate to or identify individuals. 3. How will the data collected from individuals or derived by the system be checked for accuracy? The data is taken as-is from the source systems. However, Facilities management team will conduct routine walkthroughs to verify that the location of employees/contractors is accurate as listed in the system. SECTION III - Sharing Practices 1. Will the data be shared with any internal organizations? No Yes If yes, please list organization(s): Space planning (Facilities Management), reporting of aggregate data (OCOO). 2. Will the data be shared with any external organizations? No Yes If yes, please list organizations(s): How is the data transmitted or disclosed to external organization(s)? 3. How is the shared data secured by external recipients? N/A 4. Does the project/system process or access PII in any other SEC system? No Yes. If yes, list system(s). HSPD-12 Badging System and DOI. In the future the application may connect to Active Directory and mailroom package tracking system (MPTS). SECTION IV - Notice to Individuals to Decline/Consent Use 1. What privacy notice was provided to the different individuals prior to collection of data? (Check all that apply) Privacy Act Statement System of Records Notice Privacy Impact Assessment Web Privacy Policy Notice was not provided to individuals prior to collection 2. Do individuals have the opportunity and/or right to decline to provide data? Yes No N/A 2
Please explain: Information in this system is not collected directly from individuals. The SEC-37, Automated Personnel Management Information System and SEC-46, Identification Cards, Press Passes, and Proximity Access Control Cards Systems of Records Notices adequately cover how information is used. No additional notice or consent is required. 3. Do individuals have the right to consent to particular uses of the data? Yes No N/A Please explain: Information in this system is not collected directly from individuals. The SEC-37, Automated Personnel Management Information System and SEC-46, Identification Cards, Press Passes, and Proximity Access Control Cards Systems of Records Notices adequately cover how information is used. No additional notice or consent is required. SECTION V - Access to Data (administrative and technological controls) 1. Has the retention schedule been established by the National Archives and Records Administration (NARA)? No If no, please explain: Yes If yes, list retention period: Building plan files, surveys, and other records utilized in agency space planning, assignment, and adjustment will be maintained until they become inactive, at which time they will be retired or destroyed 2 years after termination of assignment, or when lease is canceled, or when plans are superseded or obsolete. (GRS 11, 1952, item 2a) Correspondence with and reports to staff agencies relating to agency space holdings and requirements, including Standard Form (SF) 81, Request for Space, and related documents, etc. will be maintained until they become inactive, at which time they will be retired or destroyed when 2 years old. (GRS 11, 1952, item 2b1). However copies in subordinate reporting units and related work papers may be destroyed when 1 year old. (GRS 11, 1952, item 2b2. 2. Describe the privacy training provided to users, either generally or specifically relevant to the program or system? All SEC staff and contractors receive annual privacy awareness training, which outlines their roles and responsibilities for properly handling and protecting PII. 3. Has a system security plan been completed for the information system(s) supporting the project? Yes If yes, please provide date C&A was completed: C&A has been conducted and results will be available on or about 2/12/2013. No If the project does not trigger the C&A requirement, state that along with an explanation. 4. Is the system exposed to the Internet without going through VPN? No Yes. If yes, is secure authentication required? No Yes If yes, is the session encrypted? No Yes 5. Are there regular (i.e., periodic, recurring, etc.) PII data extractions from the system? No Yes If yes, please explain: Lookups will be performed within the system to determine employee/contractor locations. Data can be extracted in the form of reports and/or spreadsheets be analyzed for space planning purposes. 3
6. Which user group(s) will have access to the system? Facilities Branch personnel will access the application. Each user will be given access to modules within the application based on their needs/assignments. For example a user can be given access to data and drawings for a specific building or department. The four roles available within the application are: Administrator, Facility User, Module Administrator and Division Administrator. Users are only granted access to the modules they have permission to view. 7. How is access to the data by a user determined? The facilities branch will assign roles to users based on a need-to-know and other policy provisions i.e. to manage a specific, floor, building or department. Users are only granted access to the modules they have permission to view. Are procedures documented? Yes No 8. How are the actual assignments of roles and rules verified. The electronic records are protected from unauthorized access through password identification, limited role-based access, firewalls and other system-based protections. 9. What auditing measures/controls and technical safeguards are in place to prevent misuse (e.g., unauthorized browsing) of data? Data will be protected through the use of accounts at the application level which will be assigned to individual users. Data transmission is protected through the use of SSL between the application server and the client application. The application contains logging information which can be used to determine any actions undertaken by users of the system. SECTION VI - Privacy Analysis Given the amount and type of data being collected, discuss what privacy risks were identified and how they were mitigated. Privacy risks associated with the collection of the data include potential release to unauthorized users and modification of data by unauthorized personnel. These privacy concerns are mitigated by limited role-based access, password authentication, and data transmission via SSL. Reports will only contain aggregate data with no PII. 4