Document Management System for the Division of Banking Supervision and Regulation and the Division of Consumer and Community Affairs (DMS)



Similar documents
Privacy Impact Assessment of Electronic Workpaper Program (EWP) Supervisory Systems. Electronic Workpaper Program (EWP) Supervisory Systems

Privacy Impact Assessment of Automated Loan Examination Review Tool

Privacy Impact Assessment of the Nationwide Mortgage Licensing System and Registry

Privacy Impact Assessment of the Supervisory Enforcement Actions and Special Examinations Tracking System

Privacy Impact Assessment Of the. Office of Inspector General Information Technology Infrastructure Systems

Privacy Impact Assessment of the CHAT Suite of Analysis Tools

Privacy Impact Assessment of. Personal Identity Verification Program

California State University, Sacramento INFORMATION SECURITY PROGRAM

PRIVACY IMPACT ASSESSMENT

Privacy Impact Assessment

Privacy Impact Assessment

DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT. [Docket No.

PBGC-19: Office of General Counsel Case Management System

BERKELEY COLLEGE DATA SECURITY POLICY

ADMINISTRATIVE DATA MANAGEMENT AND ACCESS POLICY

General Support System

Privacy Impact Assessment. For. Non-GFE for Remote Access. Date: May 26, Point of Contact and Author: Michael Gray

Automated Threat Prioritization Web Service

The FDIC s Response to Bank Secrecy Act and Anti-Money Laundering Concerns Identified at FDIC-Supervised Institutions

United States Visitor and Immigrant Status Indicator Technology Program (US-VISIT)

SECURITY and MANAGEMENT CONTROL OUTSOURCING STANDARD For NON-CHANNELERS

UNIVERSITY OF ROCHESTER INFORMATION TECHNOLOGY POLICY

1. LIMITATIONS ON ACCESS TO, OR DISCLOSURE OF, PERSONALLY IDENTIFIABLE INFORMATION.

7.0 Information Security Protections The aggregation and analysis of large collections of data and the development

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT

PRIVACY IMPACT ASSESSMENT TEMPLATE

Privacy Impact Assessment. For. TeamMate Audit Management System (TeamMate) Date: July 9, Point of Contact: Hui Yang

UNITED STATES OF AMERICA BEFORE THE BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM WASHINGTON, D.C.

Summary. Background and Justification

PRIVACY IMPACT ASSESSMENT

Privacy Act of 1974; Department of Homeland Security <Component Name> - <SORN. AGENCY: Department of Homeland Security, Privacy Office.

MEMORANDUM OF UNDERSTANDING

Department of Homeland Security Web Portals

Personal Information Collection and the Privacy Impact Assessment (PIA)

Privacy Impact Assessment

Federal Trade Commission Privacy Impact Assessment

P Mobile Device Security.

As required by the Privacy Act of 1974, 5 U.S.C. 552a(e), notice is hereby given

Business Associate Agreement

PRIVACY IMPACT ASSESSMENT

DEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY

Work Plan ongoing and planned audit and evaluation projects. Current as of June 5, 2015

M&T BANK CANADIAN PRIVACY POLICY

Order. Directive Number: IM Stephen E. Barber Chief Management Officer

9/11 Heroes Stamp Act of 2001 File System

1.02 Authorized Recipient means an entity authorized by statute to receive background check information for noncriminal justice purposes.

SUMMARY: The Office of the Secretary of Defense proposes to. alter a system of records notice DPFPA 02, entitled Pentagon

BUSINESS ASSOCIATE AGREEMENT

Bonds Online System (ebonds) - Phase One

Gramm Leach Bliley Act. GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev. 7/1/2007

FEDERAL DEPOSIT INSURANCE CORPORATION WASHINGTON, D.C. CALIFORNIA DEPARTMENT OF FINANCIAL INSTITUTIONS SAN FRANCISCO, CALIFORNIA

Security of Student Information: Family Educational Rights and Privacy Act (FERPA)

ACTION: Notice of proposed new system of records; request for. SUMMARY: In accordance with the Privacy Act of 1974, as amended,

FedLine Web Certificate Retrieval Procedures. User Guide

Data Leakage: What You Need to Know

Data Processing Agreement for Oracle Cloud Services

BUSINESS ASSOCIATE AGREEMENT TERMS

Bank Secrecy Act E-Filing. Privacy Impact Assessment (PIA) Bank Secrecy Act E-Filing. Version 1.5

M E M O R A N D U M. Revised Information Technology Security Procedures INFORMATION TECHNOLOGY SECURITY PROCEDURES. I. General

SYSTEM NAME: Digital Identity Access Management System (DIAMS) - P281. SYSTEM LOCATION: U.S. Department of Housing and Urban Development, 451 Seventh

PINAL COUNTY POLICY AND PROCEDURE 2.50 ELECTRONIC MAIL AND SCHEDULING SYSTEM

The Bureau of the Fiscal Service. Privacy Impact Assessment

Health Partners HIPAA Business Associate Agreement

LITIGATION SUPPORT SYSTEM (SYSTEM NAME)

AITKIN COUNTY GUIDELINES AND PROCEDURES FOR MINNESOTA GOVERNMENT DATA PRACTICES ACT. Aitkin County

Excerpted from Federal Register: Sept. 9, 2014 (Volume 79, Number 174)

Summary. 1 percent chance of flooding in any given year, as designated by FEMA.

WASHINGTON, D.C. SACRAMENTO, CALIFORNIA

MEMORANDUM OF UNDERSTANDING

Document Title: System Administrator Policy

United States Trustee Program

KESWICK MULTI-CARE CENTER, INC. NOTICE OF PRIVACY PRACTICES

Customer Identification Program - Overview

The Ten privacy principles and our commitment to them are as follows:

PRIVACY AND SECURITY POLICY

Career Connection, Inc. Data Privacy. Bringing Talent Together With Opportunity

Evaluation Report. Office of Inspector General

Public Law th Congress An Act

Privacy Impact Assessment

FHFA. Privacy Impact Assessment Template FM: SYSTEMS (SYSTEM NAME)

Information Systems Security Policy

SEC Adopts Rules on Compliance Programs for Funds & Advisers

PROCEDURE. The permission rights assigned to allow data custodians to view, copy, enter, download, update or query data.

MICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL

PBGC-10: Administrative Appeals File

PROGRAM PARTICIPANT (STUDENT PARTICIPANT OR FACULTY PARTICIPANT) SIGNS:

The Bureau of the Fiscal Service. Privacy Impact Assessment

FEDERAL DEPOSIT INSURANCE CORPORATION WASHINGTON, D.C. ) ) ) ) ) ) ) )

GENOA, a QoL HEALTHCARE COMPANY, LLC WEBSITE PRIVACY POLICY

Index .700 FORMS - SAMPLE INCIDENT RESPONSE FORM.995 HISTORY

The Bureau of the Fiscal Service. Privacy Impact Assessment

Appendix : Business Associate Agreement

Terms and Conditions Relating to Protected Health Information ( City PHI Terms ) Revised and Effective as of September 23, 2013

Privacy Impact Assessment for the. Standardized Tracking and Accounting Reporting System- Financial Management System (STARS-FMS)

Department of the Interior Privacy Impact Assessment

Questions and Answers About the Identity Theft Red Flag Requirements

Schedule 14 CDS Data Center Hosting Agreement

AML & Mortgage Fraud Compliance Program v ANTI-MONEY LAUNDERING & MORTGAGE FRAUD COMPLIANCE PROGRAM

Privacy Impact Assessment Consumer Complaint Management System II (CCMS II)

Transcription:

Board of Governors of the Federal Reserve System seal Privacy Impact Assessment of Document Management System for the Board of Governors of the Federal Reserve System s Division of Banking Supervision and Regulation and Division of Consumer and Community Affairs Program or application name: Document Management System for the Division of Banking Supervision and Regulation and the Division of Consumer and Community Affairs (DMS) System Owner: Board of Governors of the Federal Reserve System s (Board) Division of Banking Supervision and Regulation and Division of Consumer and Community Affairs. Contact information: System Owner: William G. Spaniel, Associate Director Organization: Division of Banking Supervision and Regulation Address: 20 th Street and Constitution Avenue, N.W. Washington, DC 20551 Telephone: (202) 452-3469 IT System Manager: Michael J. Kraemer, Associate Director Organization: Division of Banking Supervision and Regulation Address: 20 th Street and Constitution Avenue, N.W. Washington, DC 20551 Telephone: (202) 973-5093

Description of the IT system: The DMS consists of multiple local applications (or computer programs) maintained by the Federal Reserve System to track and to store electronic documents and/or images of paper documents. (Appendix A contains a list of these applications.) The DMS supports business processes through the creation, storage, organization, transmission, retrieval, manipulation, update, and eventual disposition of documents to fulfill the mission and responsibilities of the supervision function. DMS includes search engines capable of indexing a wide variety of repositories and data types such as web sites, relational databases, notes databases, document management systems, and fileshares. Once the data are indexed, DMS is searchable through simple or advanced search interfaces. The Division of Banking Supervision and Regulation (BS&R) of the Federal Reserve System operates the DMS system on behalf of BS&R and the Division of Consumer and Community Affairs (DCCA.) 1. The information concerning individuals that is being collected and/or maintained: The DMS is not designed to capture personally identifiable information. Certain financial institution records, however, that are requested, received, reviewed and stored as part of the supervision process may include personally identifiable information, and may include: a. customer name; b. loan customer name; c. home address; d. social security number; e. taxpayer identification number; f. driver s license number; g. birth date; h. place of birth; i. account numbers; j. loan account number; k. loan or account officer name; l. loan officer number; m. loan balances, interest rates and payment information; n. non-public confidential bank loan classifications; o. financial transaction data; 2

p. non-public Bank Secrecy Act/Anti-Money Laundering and Office of Foreign Asset Control documentation; q. non-public Suspicious Activity Reports; and r. subpoenas and related legal documentation. 2. Source(s) of each category of information listed in item 1. The information maintained in the DMS is provided by supervised financial institutions, federal and state banking regulatory agencies and international banking regulatory entities that are involved in the supervisory process. 3. Purposes for which the information is being collected. The Federal Reserve uses the information maintained in the DMS to evaluate financial institutions safety and soundness and compliance with consumer and community affairs laws and regulations. Personally identifiable information obtained during the supervisory process is generally not specifically referenced by examiners, but may be used to support analyses and findings. For example, individual data may be used to support aggregate analysis of issues raised during the supervision process. 4. Who will have access to the information. The information maintained in the DMS is designated as confidential supervisory information and access to the information is generally limited to authorized Federal Reserve employees and contractors who have a need for the information for official purposes. The information may also be shared as needed for conducting joint supervisory initiatives with the Federal Financial Institutions Examination Council staff of other banking regulatory agencies, including the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation, state banking regulators, and foreign banking regulators consistent with the Board s regulations as well as explicit information sharing agreements that require the implementation of access restrictions and security safeguards. In addition, the information may be disclosed where a suspected or confirmed compromise of security or confidentiality exists and to prevent, minimize, or remedy such harm that may occur. 3

5. Whether the individuals to whom the information pertains have an opportunity to decline to provide the information or to consent to particular uses of the information (other than required or authorized uses.) Individuals do not have an opportunity to decline to provide the information or consent to particular uses of the information maintained in DMS. The information is not collected from the individual, but directly from the financial institution during the supervisory process pursuant to the institution s statutory obligation to provide any and all financial records to its federal regulator. The information is acquired by the financial institution from its customers as a routine business activity. 6. Procedure(s) for ensuring that the information maintained is accurate, complete and up-to-date. All personally identifiable information collected as part of examination documentation and stored in DMS is obtained directly from financial institutions during the supervisory process. The examiner-in-charge or his/her designee is responsible for ensuring to the extent possible the accuracy and completeness of the information acquired from the financial institution. 7. The length of time the data will be retained and how will it be purged. The DMS serves as a repository for examination and inspection documents. Examination workpapers, including those stored in the DMS, are typically maintained for five years; however, in the event of a supervisory or enforcement action initiated by the Board of Governors, information may be maintained for three years after termination of such supervisory or enforcement action. In some cases, aggregate or summary data may be held for longer periods to support business cycle analysis. Paper documents are destroyed by shredding and electronic documents are purged from the appropriate databases after the retention period expires. 4

8. The administrative and technological procedures used to secure the information against unauthorized access. The Federal Reserve System uses a combination of methods to secure the information contained in DMS. For example, DMS databases are: (1) maintained in the Federal Reserve System s restricted-access facilities, (2) stored on access-controlled servers, and (3) encrypted if they are downloaded to an examiner s laptop, or mobile storage device. Informati security configurations for DMS are regularly reviewed to ensure ongoing compliance with the requirements defined in the Board s Information Security Program. In addition, under information sharing agreements wit other banking regulatory agencies, any data that is shared with these agencies must use encrypted devices to ensure safe handling of sensitive P data. 9. Whether a new system of records under the Privacy Act will be created. (If the data are retrieved by name, unique number or other identifier assigned to an individual, then a Privacy Act system of records may be created.) No new system of records is required because the personally identifiable information maintained in DMS is not retrieved by reference to an individual s name or other personal identifier. Reviewed: Charles S. Struckmeyer /signed/ Chief Privacy Officer 09/14/2010 Date Maureen Hannan /signed/ Chief Information Officer 09/15/2010 Date 5

Appendix The Federal Reserve System currently deploys the following DMS systems: Domino.doc maintained by the Federal Reserve Bank Boston, Federal Reserve Bank Chicago, Federal Reserve Bank Dallas, Federal Reserve Bank Philadelphia, and the Federal Reserve Board; Open Text DMS maintained by the Federal Reserve Bank Minneapolis, Federal Reserve Bank Atlanta, Federal Reserve Bank Kansas City, Federal Reserve Bank San Francisco, and Federal Reserve Bank St Louis; Central Document & Text Repository (CDTR) maintained by the Federal Reserve Board; Integrated Imaging Document Management System utilizing Input Accel as a pass-through Imaging System maintained by the Federal Reserve Bank New York; and Autonomy document indexing system maintained by the Federal Reserve Bank New York. Enterprise Search Infrastructure maintained by the Federal Reserve Bank of New York. 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information