DOC

Privacy Impact Assessment

By Angela Green,2014-10-17 14:26
7 views 0
Privacy Impact Assessment

    Privacy Impact

    Assessment

    Paycheck8

    Revision: [2]

    Forest Service

    Date: April, 2008

    Template Release 070606

    Appendix A: USDA FS Privacy Impact Assessment (PIA) Supplement

    USDA PRIVACY IMPACT ASSESSMENT FORM

    Agency:

    USDA Forest Service

    System Name:

    Paycheck8

    System Type: Major Application

     General Support System

     Non-major Application

    System Categorization (per FIPS 199): High

     Moderate

     Low

    Description of the System:

    Paycheck8 is a system to gather “time and attendance” data from the user, validate it with

    respect to the business rules, present it for user verification, and form it into files which

    are transferred to the NFC for processing in the production of payroll reports. These

    payroll reports are used to generate bi-weekly salary payments to USDA Forest Service

    employees.

    Who owns this system? (Name, agency, contact information)

    Name: Laree Edgecombe

    Title: Assistant Director, Human Capital Management Systems Agency: US Forest Service

    Address: 1601 N Kent St, Room 600, Arlington, VA 22209 Telephone Number: (703) 605-0820

    E-mail Address: ledgecombe@fs.fed.us

    Who is the security contact for this system? (Name, agency, contact information)

    Name: Paul Poplett

    Title: Human Resources Specialist, Human Capital Management Systems Agency: US Forest Service

    Address: 3900 Masthead NE Mail Stop 208, Albuquerque, NM 87109 Telephone Number: (505) 563-9421

    E-mail Address: ppoplett@fs.fed.us

    Who completed this document? (Name, agency, contact information)

    Name: C. Victor Havens

     Page 1 of 11

    USDA PRIVACY IMPACT ASSESSMENT FORM

    Title: Project Manager

    Agency: GDC Integration, Inc.

    Address: 710 North Tucker Boulevard, St. Louis, Missouri 63107

    Telephone Number: (314) 621-1866 x3

    E-mail Address: vhavens@gdcii.com

     Page 2 of 11

    USDA PRIVACY IMPACT ASSESSMENT FORM

    DOES THE SYSTEM CONTAIN INFORMATION ABOUT INDIVIDUALS IN AN

    IDENTIFIABLE FORM?

    Indicate whether the following types of personal data are present in the system

     QUESTION 1

    Does the system contain any of the following type of data as it relates to individual: Citizens Employees

    Name No Yes

    Social Security Number No Yes

    Telephone Number No No

    Email address No No

    Street address No No

    Financial data No No

    Health data No No

    Biometric data No No

    No Yes QUESTION 2

    Can individuals be uniquely identified using personal information such as a combination of gender, race, birth date, geographic indicator, biometric data, etc.?

    NOTE: 87% of the US population can be uniquely identified with a combination of 1gender, birth date and five digit zip code

    Are social security numbers embedded in any field? No No

    Is any portion of a social security numbers used? No Yes

    Are social security numbers extracted from any other source (i.e. system, paper, etc.)? No Yes

    If all of the answers in Questions 1 and 2 are NO,

    You do not need to complete a Privacy Impact Assessment for this system and the answer to

    OMB A-11, Planning, Budgeting, Acquisition and Management of Capital Assets,

    Part 7, Section E, Question 8c is:

    3. No, because the system does not contain, process, or transmit personal identifying information.

    If any answer in Questions 1 and 2 is YES, provide complete answers to all questions below.

    1 Comments of Latanya Sweeney, Ph.D., Director, Laboratory for International Data Privacy Assistant Professor of

    Computer Science and of Public Policy Carnegie Mellon University To the Department of Health and Human Services

    On "Standards of Privacy of Individually Identifiable Health Information". 26 April 2002.

     Page 3 of 11

    USDA PRIVACY IMPACT ASSESSMENT FORM

    DATA COLLECTION

    3. Generally describe the data to be used in the system.

    Data includes the subset of EmpowHR data used in properly creating the transmission file for the NFC, and the time and attendance data entered by the users. The PII data is the SSN and employee name.

    4. Is the use of the data both relevant and necessary to the purpose for which the system

    is being designed? In other words, the data is absolutely needed and has significant

    and demonstrable bearing on the system’s purpose as required by statute or by

    Executive order of the President.

     Yes

     No

    5. Sources of the data in the system.

    5.1. What data is being collected from the customer?

    The data that is entered consists of a series of records each of which includes a start and stop time, an accounting code (“Accounting Station” or “Override”) and billing code (“Job Code”), a classification (“Trans Code” or “Transaction Code”) and, in some cases, a prefix and/or suffix which is used to further specify the classification. The user may also add data peripheral to these records regarding their own circumstances as well as additional expenses or charges that are pertinent to their proper remuneration. These include, e.g., standard working schedule, meals received while on duty, etc.

    5.2. What USDA agencies are providing data for use in the system?

    Forest Service, NFC

    5.3. What state and local agencies are providing data for use in the system? None.

    5.4. From what other third party sources is data being collected?

    None.

    6. Will data be collected from sources outside your agency? For example, customers,

    USDA sources (i.e. NFC, RD, etc.) or Non-USDA sources.

     Yes

     No. If NO, go to question 7

     Page 4 of 11

    USDA PRIVACY IMPACT ASSESSMENT FORM

    6.1. How will the data collected from customers be verified for accuracy, relevance,

    timeliness, and completeness?

    The user enters data into the system using a web browser to access a form. The business rules limit and specify such things as the allowable combinations of codes and classifications, and hour or time limits. Field validation is done for data type, length, and acceptable ranges.

    Each set of user data must be verified and approved by another authorized Forest Service employee before it is provided to the NFC.

    6.2. How will the data collected from USDA sources be verified for accuracy,

    relevance, timeliness, and completeness?

    Business rules specify that data provided by EmpowHR and the NFC are definitive. The only verification is that the data must be formally correct, e.g., an SSN must be 9 digits. EmpowHR enlists a front end edit system that is looking for valid entries in required fields. EmpowHR passes the file off to the National Finance Center, where their system validates the records more thoroughly prior to applying to the database. The data transmitted from agencies to NFC is processed in NFC’s internal processing systems. These systems edit, reject/accept, retain/release transactions then update the database. Other internal systems (1) calculate payroll, (2) process adjustments, (3) produce output data that is disseminated to agencies and the Office of Personnel Management (OPM) and (4) prepare the database for the next pay period’s processing.

    Data that does not meet the validation rules is marked as suspense, and manual entry is required to clear the data to assure it is accurate.

    6.3. How will the data collected from non-USDA sources be verified for accuracy,

    relevance, timeliness, and completeness?

    NA

    DATA USE

    7. Individuals must be informed in writing of the principal purpose of the information

    being collected from them. What is the principal purpose of the data being collected? Time and attendance reporting

    8. Will the data be used for any other purpose?

     Yes

     No. If NO, go to question 9

     Page 5 of 11

    USDA PRIVACY IMPACT ASSESSMENT FORM

    8.1. What are the other purposes?

    9. Is the use of the data both relevant and necessary to the purpose for which the system

    is being designed? In other words, the data is absolutely needed and has significant

    and demonstrable bearing on the system’s purpose as required by statute or by

    Executive order of the President

     Yes

     No

    10. Will the system derive new data or create previously unavailable data about an

    individual through aggregation from the information collected (i.e. aggregating farm

    loans by zip codes in which only one farm exists.)?

     Yes

     No. If NO, go to question 11

    10.1. Will the new data be placed in the individual’s record (customer or

    employee)?

     Yes

     No

    10.2. Can the system make determinations about customers or employees that

    would not be possible without the new data?

     Yes

     No

    10.3. How will the new data be verified for relevance and accuracy?

    11. Individuals must be informed in writing of the routine uses of the information being

    collected from them. What are the intended routine uses of the data being collected? The data is transmitted to the NFC for T&A Reporting and that data becomes part of the record that the NFC maintains on each user.

    12. Will the data be used for any other uses (routine or otherwise)?

     Yes

     No. If NO, go to question 13

     Page 6 of 11

    USDA PRIVACY IMPACT ASSESSMENT FORM

    12.1. What are the other uses?

13. Automation of systems can lead to the consolidation of data bringing data from

    multiple sources into one central location/system and consolidation of

    administrative controls. When administrative controls are consolidated, they should

    be evaluated so that all necessary privacy controls remain in place to the degree

    necessary to continue to control access to and use of the data. Is data being

    consolidated?

     Yes

     No. If NO, go to question 14

    13.1. What controls are in place to protect the data and prevent unauthorized

    access?

    While Paycheck8 does consolidate data from other systems, the only data that is not publically available is the employee Social Security number (SSN) required by the NFC for T&A processing. All access to Paycheck is managed by the connectHR system with its Secure Single Signon which provides identification and authentication of the user. ConnectHR, in turn, allows the user to get eAuthentication from the USDA eAuthentication system.

    Paycheck8 is working on putting an Interconnection Security Agreement (ISA) in place with the (GDCI-owned and operated) connectHR.

    Paycheck users are allowed only to see their own SSN, no other user can see that data. There is no way in Paycheck8 to alter an SSN or a name.

    14. Are processes being consolidated?

     Yes

     No. If NO, go to question 15

    14.1. What controls are in place to protect the data and prevent unauthorized

    access?

DATA RETENTION

    15. Is the data periodically purged from the system?

     Yes

     No. If NO, go to question 16

     Page 7 of 11

    USDA PRIVACY IMPACT ASSESSMENT FORM

    15.1. How long is the data retained whether it is on paper, electronically, in the

    system or in a backup?

    Data is retained online, in backup or in archive indefinitely.

    15.2. What are the procedures for purging the data at the end of the retention

    period?

    GDCI, as a service to the USDA Forest Service, will retain Paycheck history indefinitely for historical reporting purposes. This approach provides the Forest Service with enhanced flexibility in researching issues in the future. Upon request from the Forest Service, GDCI will purge Paycheck history following agency policy and procedures.

    15.3. Where are these procedures documented?

    NA

    16. While the data is retained in the system, what are the requirements for determining if

    the data is still sufficiently accurate, relevant, timely, and complete to ensure fairness

    in making determinations?

    NA

    17. Is the data retained in the system the minimum necessary for the proper performance

    of a documented agency function?

     Yes

     No

    DATA SHARING

    18. Will other agencies share data or have access to data in this system (i.e. international,

    federal, state, local, other, etc.)?

     Yes

     No. If NO, go to question 19

    18.1. How will the data be used by the other agency?

    The only agencies with access to the data are the USDA FS HCM and the NFC. The NFC will use the data in the preparation of payroll records.

    18.2. Who is responsible for assuring the other agency properly uses of the data? The Payroll Department at NFC

     Page 8 of 11

Report this document

For any questions or suggestions please email
cust-service@docsford.com