PRIVACY IMPACT ASSESSMENT

Similar documents
PRIVACY IMPACT ASSESSMENT

PRIVACY IMPACT ASSESSMENT

How To Use The Fdic External Service For Mortgage Servicing Rights

PRIVACY IMPACT ASSESSMENT

PRIVACY IMPACT ASSESSMENT

PRIVACY IMPACT ASSESSMENT

PRIVACY IMPACT ASSESSMENT

PRIVACY IMPACT ASSESSMENT

PRIVACY IMPACT ASSESSMENT

PRIVACY IMPACT ASSESSMENT

PRIVACY IMPACT ASSESSMENT

PRIVACY IMPACT ASSESSMENT

PRIVACY IMPACT ASSESSMENT

PRIVACY IMPACT ASSESSMENT

PRIVACY IMPACT ASSESSMENT

PRIVACY IMPACT ASSESSMENT

PRIVACY IMPACT ASSESSMENT

PRIVACY IMPACT ASSESSMENT

How To Understand And Understand The Role Of Reverse Mortgage Solutions

The Bureau of the Fiscal Service. Privacy Impact Assessment

Privacy Impact Assessment

The Bureau of the Fiscal Service. Privacy Impact Assessment

Privacy Policy Last Modified: April 3,

Office of Audits Report No. AUD The FDIC s Privacy Program 2011

The Bureau of the Fiscal Service. Privacy Impact Assessment

Facial Recognition Data Collection Project

Privacy Impact Assessment

General Support System

Secure Gateway (EMSG)

Zubi Advertising Privacy Policy

The Bureau of the Fiscal Service. Privacy Impact Assessment

The Bureau of the Fiscal Service. Privacy Impact Assessment

A. SYSTEM DESCRIPTION

Abilities Centre collects personal information for the following purposes:

Privacy Impact Assessment. For Personnel Development Program Data Collection System (DCS) Date: June 1, 2014

PRIVACY IMPACT ASSESSMENT

Department of State SharePoint Server PIA

Privacy Impact Assessment For Management Information System (MIS) Date: September 4, Point of contact: Hui Yang

National Customer Service Center

Family, Career and Community Leaders of America, Inc. Privacy Policy

Federal Trade Commission Privacy Impact Assessment. for the: Analytics Consulting LLC Claims Management System and Online Claim Submission Website

PRIVACY IMPACT ASSESSMENT (PIA) GUIDE

Federal Trade Commission Privacy Impact Assessment. for the: Gilardi & Co., LLC Claims Management System and Online Claim Submission Website

Personal Information Collection and the Privacy Impact Assessment (PIA)

Privacy Impact Assessment. For. Institute of Education Sciences Peer Review Information Management Online (PRIMO) Date: May 4, 2015

January 2008 Report No. EVAL Evaluation of Contract Rationalization

Permit Power of Attorney (PoA) to establish an agreement on behalf of the taxpayer

PRIVACY IMPACT ASSESSMENT (PIA) For the

Cloud 2 General Support System

Privacy Impact Assessment

Privacy Impact Assessment

USAJOBS Privacy Impact Assessment

Privacy Statement. What Personal Information We Collect. Australia

Privacy Impact Assessment. For Education s Central Automated Processing System (EDCAPS) Date: October 29, 2014

U.S. Securities and Exchange Commission. Mailroom Package Tracking System (MPTS) PRIVACY IMPACT ASSESSMENT (PIA)

The privacy of DataLogic CRM, Inc. s customers and affiliates is important to us. Therefore:

Department of the Interior Privacy Impact Assessment

U.S. Securities and Exchange Commission. Integrated Workplace Management System (IWMS) PRIVACY IMPACT ASSESSMENT (PIA)

Issue Based Management Information System (Redesign) is a Small Other system/application sponsored by LB&I.

PRIVACY IMPACT ASSESSMENT (PIA) For the

EEO Database System - icomplaints

Department of the Interior Privacy Impact Assessment

Name of System/Application: E8(a) Program Office: Government Contracting and Business Development

U.S. Department of the Interior PRIVACY IMPACT ASSESSMENT

Department of the Interior Privacy Impact Assessment Template

I. U.S. Government Privacy Laws

Privacy Impact Assessment

A. SYSTEM DESCRIPTION

Customer Scheduling and Services

US Federal Student Aid Datashare (SBU-PII) Application and Database

The Bureau of the Fiscal Service. Privacy Impact Assessment

A. SYSTEM DESCRIPTION

Canine Website System (CWS System) DHS/TSA/PIA-036 January 13, 2012

How To Get A Deposit From A Bank With A Liboration Program Account

Privacy Impact Assessment

ERIC - A Guide to an Introduction

Chemical Security Assessment Tool (CSAT)

Corporate Property Automated Information System CPAIS. Privacy Impact Assessment

8. Does this system collect, display, store, maintain or disseminate Personally Identifiable Information (PII)? Yes

SECURITY IMPLICATIONS OF CROSS- AGENCY BIG DATA APPROACHES FOR TAX COMPLIANCE

Privacy Charter. Protecting Your Privacy

Introduction to The Privacy Act

Privacy Impact Assessment Update for the

Virginia Systems Repository (VSR): Data Repositories DHS/FEMA/PIA 038(a)

Privacy Impact Assessment

8. Does this system collect, display, store, maintain or disseminate Personally Identifiable Information (PII)? Yes

TSA Advanced Imaging Technology

FHFA. Privacy Impact Assessment Template FM: SYSTEMS (SYSTEM NAME)

IT Support Center Call Handling Metrics Week Beginning: January 3, 2016

05.0 Application Development

Privacy Policy. Effective Date: November 20, 2014

corporate.ford.com/jobs Privacy Statement

Digital Mail Pilot Program

WHAT DOES HARLEY-DAVIDSON FINANCIAL SERVICES, INC. DO WITH YOUR PERSONAL INFORMATION?

Privacy Impact Assessment. For. Financial Management System (FMS) Date: January 6, Point of Contact: System Owner: Author:

Web application security Executive brief Managing a growing threat: an executive s guide to Web application security.

Biodefense Knowledge Management System v. 2.0 (Supporting IC and LE users)

A. SYSTEM DESCRIPTION

VES Privacy Policy Effective Date: June 25, 2015

PII Compliance Guidelines

Transcription:

PRIVACY IMPACT ASSESSMENT Customer Communication and Tracking System December 2012 FDIC Internal System Table of Contents System Overview Personally Identifiable Information (PII) in CCATS Purpose & Use of Information in CCATS Sources of Information in CCATS Notice & Consent Access to Data in CCATS Data Sharing Data Accuracy in CCATS Data Security for CCATS System of Records Notice (SORN) Contact Us

System Overview In the course of fulfilling its mission, the FDIC receives, responds to, tracks, and reports on a wide range of complaints regarding financial institutions, as well as requests and inquiries from the public and banking industry. Within FDIC, the Division of Depositor and Consumer Protection (DCP), Division of Administration (DOA), and Division of Insurance Research (DIR) are responsible for processing such complaints, requests, and inquiries. To do so, it is necessary for these divisions to track all written correspondence and telephone calls with the public and banking industry and meet related reporting needs. Previously, DOA and DIR used the Customer Inquiry System (CusIS) and DCP used the Specialized Tracking and Reporting System (STARS) to track such complaints, requests, and inquiries. These two disparate systems relied on obsolete technology, making for a challenging and time-consuming process to provide accurate, consolidated, and coherent information and reporting about FDIC s communications with the public and bankers. For example, a significant percentage of the calls to the DOA call center were transferred to DCP for resolution. These calls were entered into both CusIS and STARS and made it difficult to track all calls to final resolution. To remedy this process as well as improve response time and customer service, the FDIC has developed the Customer Communication and Tracking System. CCATS is an enterprise-wide system for tracking communications to the FDIC received via email, mail, fax, the DOA Call Center, and the official FDIC website (www.fdic.gov). In the Phase 1 Release, CCATS replaced the previous CuSIS service for DOA and DIR and the STARS application for DCP; in a future Phase 2 Release, CCATS will also support the remaining FDIC Divisions and Offices. This PIA addresses the initial Phase 1 Release of CCATS and will be updated at the appropriate time to reflect future development efforts involving DCP and other FDIC divisions and offices. Personally Identifiable Information (PII) in CCATS CCATS will contain personally identifiable information (PII) and non-pii from members of the public and banking industry such as: requestor/customer Type (i.e., academic, banker, consumer), name, email address, home address, title or position, organization, work phone, fax, home phone, case number, and inquiry type. Sensitive PII is not required by DOA or DIR to process an incoming complaint, request, or inquiry. Therefore, the CCATS database does not contain any fixed fields to record sensitive PII elements, such as Social Security Numbers (SSNs), personal bank account or financial information, or date of birth. However, this information can occasionally be included within the correspondence sent by an individual. In this case, DOA or DIR staff scans and upload the attachment to the individual s case record in CCATS. Purpose & Use of Information in CCATS The data in CCATS is both relevant and necessary for the purpose for which the system was designed, namely to support the FDIC s mission and legal requirement to 1

receive, respond to, track, and report on complaints, request and inquiries from the public and banking industry. Customers are not required to provide their personal information unless they request a written response from the FDIC. Sources of Information in CCATS Information in CCATS is derived from a wide range of sources, including: Members of the Public and Bankers: Complaint, request, and inquiry information that are stored in CCATS are collected from members of the public and banking industry. The information in CCATS is collected in a variety of ways, including phone calls to the DOA Central Call Center, mail, email, fax, and an online Questions, Suggestions and Request form found on www.fdic.gov. If the inquiry comes into CCATS via the online web form, CCATS automatically routes the case to the appropriate DOA or DIR function area. DOA Public Information and Call Center Staff: DOA staff and contractors are also sources of information for CCATS. For example, when a telephone call comes into the Central Call Center via the Corporation s 1-800 number, CCATS automatically creates a record that is pre-populated with a case number, date of call, and the caller s telephone number. The call is then routed by CCATS to a DOA Central Call Center Agent, who asks the caller for certain information (i.e., name, email, address, customer type, inquiry type) and populates the record in CCATS. The agent uses CCATS to route the case to the appropriate FDIC subject matter expert (SME) for response. FDIC Employees and Analysts: These individuals are located in various FDIC Divisions and serve as the SMEs responsible for reviewing and responding to the inquiry. As such, they may input information about the resolution of the issue into an individual case record as well as the following information, as necessary: name, email, address, customer type, and inquiry type. Notice & Consent Individuals are able to opt out of providing their information for inclusion in CCATS. Customers initiate contact with FDIC by submitting suggestions, inquiries, requests, or complaints regarding financial institutions. At any point during this process, the customer can choose to remain anonymous and opt-out of providing any PII. However, in order to receive a written response from the FDIC, the individual must provide the necessary PII, so that the FDIC may mail or email them a response. Access to Data in CCATS Authorized FDIC employees in DIR, DOA, and other Divisions and Offices are granted access to the CCATS data, in order to respond to an inquiry or manage the system. This includes users, managers, and system administrators. DOA Central Call Centre Contractors also have restricted access to data, in order to receive, respond, and route inquiries to the appropriate FDIC Division or Office for response. 2

Access to the CCATS data is determined by the data owner in DOA or DIR. Only FDIC employees and contractors with a need to know are granted access to case records, in order to process the complaint, request, or inquiry in a timely manner. Data Sharing Other Systems that Share or Have Access to Data in the System: System Name Avaya FDIC Structure Information Management System (SIMS) Call Report Data FDIC.gov System Description Computer-telephone integration, in support of the Call Center operations. SIMS retrieves necessary bank structure data, such as classification and ownership. No PII is contained in this system. Retrieves financial institution total asset data. No PII is contained in this system. Customers submit inquiries, complaints, and suggestions via an online form that feeds directly and securely into CCATS. Type of Information Processed Customer-provided data (may or may not be PII) Bank structure data Financial institution total asset data Customer-provided data (may or may not be PII) Data Accuracy in CCATS Data collected by CCATS on a web form protects against cross-site scripting and malicious code injections. The FDIC Division of Information Technology (DIT) Information Security team has conducted an assessment of the web form to ensure that data collected is accurate and protected. Data in CCATS is collected from individual members of the public and bankers via phone calls, emails, faxes, and online forms. These individuals are responsible for the accuracy of the information provided. Also, CCATS contains software to ensure that each case record is populated with the correct formatted information provided by the individual. Data Security for CCATS CCATS is operated at one site by a third-party vendor, using their secure web-based platform. The vendor has specific physical and logical controls in accordance with FDIC s stringent security and privacy requirements. Access to the system is limited only to authorized users on a need to know basis; users must take mandatory FDIC Security and Privacy Awareness Training and abide by system-specific rules of behavior. The vendor must abide by stringent FDIC security and privacy requirements. 3

System of Records Notice (SORN) The current Phase 1 Release of CCATS does not operate as a Privacy Act System of Records (SOR). Contact Us To learn more about the FDIC s Privacy Program, please visit: http://www.fdic.gov/about/privacy/. If you have a privacy-related question or request, email Privacy@fdic.gov or one of the FDIC Privacy Program Contacts. You may also mail your privacy question or request to the FDIC Privacy Program at the following address: 3501 Fairfax Drive, Arlington, VA 22226. 4

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information