PIA - EBSA - Technical Assistance and Inquiries System (TAIS) 2009

Technical Assistance and Inquiries System (TAIS) 2009

Abstract

Name of the component and system: This system is called Technical Assistance and Inquiries System (TAIS).
Brief description of the system and its function: The TAIS consists of servers, Commercial-off-the-shelf software (COTS) software, and custom software. The TAIS supports the activities of the benefits advisors (BA) in the Office of Participant Assistance (OPA) and at the 15 Employee Benefits Security Administration (EBSA) field office locations. OPA employees and EBSA field office BAs and supervisors use TAIS to record, track, and process inquiries from plan participants, employers, and plan sponsors.
Explain why the PIA is being conducted: The PIA is being conducted because Personally Identifiable Information (PII) pertaining to inquiries is stored in the application-controlled database.

Overview

The system name and the name of the DOL component(s) which own(s) the system: This system is TAIS and is owned by the Office of Participant Assistance.
The purpose of the program, system, or technology and how it relates to the component's and DOL mission: The purpose of the TAIS is to serve as an inquiry tracking system in providing service to EBSA's customers by means of outreach, education, and technical assistance related to their pension, health, and other employee benefits. The system directly supports EBSA's mission as follows:
- Assist workers in getting the information they need to exercise their benefit rights.
- Assist plan officials to understand the requirements of the relevant statutes in order to meet their legal responsibilities.
A general description of the information in the system: TAIS contains data which is considered PII. This data includes items necessary to contact the individual who is making the inquiry. During the processing of an inquiry, TAIS users deal with data about the inquirer, the company, and plan; details about any financial recovery; and specific details about the complaint or question and its resolution. The case data is considered sensitive, not publicly disclosable, and is intended for viewing only by authorized users within the Agency. This information is given voluntarily and is used only for responding to the inquiry. Some data collected may be PII. This information is given voluntarily, is used only for responding to the inquiry, and is protected by personnel, technical, and operational controls.

In order to better track important data, a new social security number field was added to TAIS in September 2008. This number is automatically deleted by the application 60 days after the inquiry closing date. Benefits advisors are instructed not to enter the social security number anywhere else (such as in the free-form notes area where it is difficult to track and control).

A description of a typical transaction conducted on the system: A typical TAIS transaction would be inputting and storing an inquiry from the public about benefits. A benefits advisor would record the inquiry information and also record any action taken to create the response and deliver any response and information to the inquirer.
Any information sharing conducted by the program or system.

Information may be shared with other EBSA offices as needed to answer an inquiry. The Office of Enforcement can view TAIS information and enter information as they deem appropriate. The Office of the Chief Accountant also uses TAIS in this manner. OPA can assign letters to other offices for a response. As an example: OPA may determine that the Office of Regulations and Interpretations (ORI) should respond to an inquiry. OPA would enter the name, address, and phone number into TAIS under the ORI office number and give them the hardcopy. TAIS then closes the inquiry out.

An item may also be forwarded to another Agency. For example, if OPA receives an inquiry about a non-ERISA issue, OPA may forward the information to the appropriate government entity. In these instances, the correspondence is forwarded, which may contain PII, but the TAIS record is not forwarded.

A general description of the modules and subsystems, where relevant, and their functions.

TAIS is utilized as an inquiry tracking system by the EBSA Office of Participant Assistance in providing service to EBSA's customers by means of outreach, education, and technical assistance related to their pension, health, and other employee benefits.

PDRTS (Publication Hotline Request): Customer service representative enters requests for publications from the public from phone or written requests. There is a paper component to this system. Information in the correspondence is entered into the automated systems. The correspondence isn't officially saved as a record, but is destroyed within a month.

ORIRLS (ORI Reference Library System): The ORI Reference Library System is the intranet-based version of the ORI Desk Reference Set, which combines the various document formats into a single entity and provides indexing, searching, and pinning capabilities for the various documents. It also stores documents related to advisory opinions and congressional inquiries into a database and allowing text search to be executed.

OCAPHONE: Web based system to track incoming inquiries regarding general filing and compliance questions as well as EFAST specific questions.

COBRA appeals: In May 2009, a module was added to TAIS to assist with the processing of COBRA appeals, a new responsibility for EBSA. This system stores incoming requests and paperwork and allows them to be tracked as they are being resolved.

Where appropriate, a citation to the legal authority to operate the program or system.

26 U.S.C. 6058 and 29 U.S.C. 1135, 1137, and 1143 American Recovery and Reinvestment Act of 2009

Introduction

The initial Privacy Impact Assessment (PIA) was conducted for the Employee Benefits Security Administration (EBSA) on the Technical Assistance Inquiry System (TAIS) in March 2005. Version 1.0 was published in May 2005. Updates to the TAIS PIA were conducted in March 2006, August 2007, June 2008, September 2008, and now in August 2009. The certification and accreditation of the TAIS application was last completed in May 2008. An operating system change was made to the host system (LAN/WAN GSS) in FY06 but this change had no impact on PII or other data. This latest assessment was performed according to a new methodology, process, and template published by the U.S. Department of Labor (DOL), Office of the Chief Information Officer (OCIO) in November, 2008.

Characterization of the Information

The following questions are intended to define the scope of the information requested and/or collected as well as reasons for its collection as part of the program, system, or technology being developed.

Specify whether the system collects personally identifiable information (PII) on DOL employees, other federal employees, contractors, members of the public (U.S. citizens), foreign citizens, or minor children.

PII is collected during inquiries from plan participants, employers, and plan sponsors who are generally all members of the public (US citizens) but could include dependents of plan participants (minors), or foreign employees of a company sponsoring a plan.
What are the sources of the PII in the information system?

Inquirers and individuals contacted during the resolution of an inquiry.

What is the PII being collected, used, disseminated, or maintained?

Customer Name
Mailing Address
Phone Numbers
E-mail Address
Social Security Number (SSN) (records are NOT able to be searched by SSN)

Comments fields and Notes fields may contain PII including health condition, employment history, date of birth. Analysts were instructed not to include SSN in any comments or notes fields after September 22, 2008 when a separate SSN field was created.

How is the PII collected?

PII data contained in the system is given voluntarily by people who are submitting an inquiry to EBSA. PII is also sometimes collected from employers and plan sponsors during the processing of an inquiry, such as data about the inquirer, the company and plan; details about any financial recovery; and specific details about the complaint or question and its resolution.

Within the technical assistance arena, EBSA's benefit advisors respond to approximately 170,000 telephone, written, and electronic inquiries annually from plan participants, employers, and plan sponsors, assisting them in understanding their rights and obligations under the law and in obtaining benefits that may have been denied. The inquirer voluntarily provides the information either by phone, email, mail, by personal visit, or via the askebsa.gov web site.

How will the information be checked for accuracy?

This data does not normally change while the inquiry is being answered. Any changes would most likely be communicated by the individual inquirer. PII in a record is continually reviewed while the inquiry is open.

What specific legal authorities, arrangements, and/or agreements defined the collection of information?

EBSA is adhering to the Privacy Act of 1974 for PII that is contained within the TAIS.

PII is stored for the exclusive purpose of performing the duties of EBSA. The duties center on answering questions from the public or other government personnel about the Employee Retirement Income Security Act (ERISA) regulations.

Title III of the E-Government Act of 2002 — Federal Information Security Management Act (FISMA) — Public Law 107-347: A security plan must be developed and practiced throughout all life cycles of the agency's information systems.

Office of Management and Budget (OMB) Circular A-130, Management of Federal Information Resources: A System Security Plan (SSP) is to be developed and documented for each general support system (GSS) and major application (MA) consistent with guidance issued by the National Institute of Standards and Technology (NIST).

Federal Information Processing Standards (FIPS) Publication 199, Standards for Security Categorization of Federal Information and Information Systems: This document defines standards for the security categorization of information and information systems. System security categorization must be included in SSPs.

FIPS Publication 200, Minimum Security Requirements for Federal Information and Information Systems: This document contains information regarding specifications for minimum security control requirements for Federal information and information systems. Minimum security controls must be documented in SSPs.

NIST SP 800-53 Revision 2, Recommended Security Controls for Federal Information Systems: This document contains a list of security controls that are to be implemented into Federal information systems based on their FIPS 199 categorization. This document is used in conjunction with FIPS 200 to define minimum security controls, which must be documented in SSPs.

Privacy Impact Analysis

The PII stored in the TAIS represents a very small risk to EBSA because it is well protected by numerous security controls. Privacy data is also protected by ensuring that privacy awareness training is provided annually by the DOL Solicitor's Office (SOL). Privacy protection is also addressed in DOL's annual Computer Security Awareness Training (CSAT), which is administered annually to all users of DOL computer systems, including TAIS. Even without specific training, however, the risk of unauthorized access to the TAIS data is minimal due to the existing security controls in place and the limited use of PII.

Uses of the PII

The following questions are intended to clearly delineate the use of information and the accuracy of the data being used.

Describe all the uses of the PII

OPA employees and EBSA field office benefits advisors (BAs) and supervisors use TAIS to record, track, and process inquiries. They enter information related to these activities, and the information is used for the purpose of addressing the inquiries, and is the official database for EBSA inquiry statistics. During the processing of an inquiry, TAIS users deal with data about the inquirer, the company, and plan; details about any financial recovery; and specific details about the complaint or question and its resolution. An inquiry that yields the possibility of further investigative activity will be forwarded to the appropriate office within EBSA. TAIS does not track activity beyond this point.

What types of tools are used to analyze data and what type of data may be produced?

Separate from TAIS, BAs may make use of working files in the form of word processing documents or spreadsheet files stored on their local disks. Through an industry-standard database reporting tool, data is retrievable and can be stored on disks, hard drives, etc. These files are locally controlled and are not accessible through network applications. Sharing of the information is conducted solely at the discretion of the BA and only for the purpose of resolving the case.

Will the system derive new data, or create previously unavailable data, about an individual through aggregation of the collected information?

TAIS does not derive new data, or create previously unavailable data, about an individual through aggregation of the collected information.

If the system uses commercial or publicly available data, please explain why and how it is used.

TAIS does not use commercial or publicly available data.

Privacy Impact Analysis

The use of PII stored in the TAIS represents a very small risk to EBSA because it is well protected by numerous technical security controls. Privacy data is also protected by ensuring that privacy awareness training is provided annually by DOL. Training has also been given on Separation of Duties. Even without specific training, however, the risk of unauthorized access to the TAIS data is minimal due to the existing security controls in place and the limited use of PII.

Retention

The following questions are intended to outline how long information will be retained after the initial collection.

How long is information retained in the system?

Information in TAIS is currently retained indefinitely.

Has the retention schedule been approved by the DOL agency records officer and the National Archives and Records Administration (NARA)?

Yes

Privacy Impact Analysis

The PII stored and retained in the TAIS represents a very small risk to EBSA because it is well protected by numerous security controls. Inquiries that contain SSNs have that information purged 60 days after the inquiry is closed, beginning in September, 2008. Privacy data is also protected by ensuring that privacy awareness training is provided annually by DOL. Even without specific training, however, the risk of unauthorized access to the TAIS data is minimal due to the existing security controls in place and the limited use of PII.

Internal Sharing and Disclosure

The following questions are intended to define the scope of sharing within the Department of Labor.

With which internal organization(s) is the PII shared, what information is shared, and for what purpose?

How is the PII transmitted or disclosed?

See above.

Privacy Impact Analysis

The PII stored and shared in the TAIS represents a very small risk to EBSA because it is well protected by numerous security controls. Information is only shared internally for the purpose of answering an inquiry. Privacy data is also protected by ensuring that privacy awareness training is provided annually by DOL. Even without specific training, however, the risk of unauthorized access to the TAIS data is minimal due to the existing security controls in place and the limited use of PII.

External Sharing and Disclosure

The following questions are intended to define the content, scope, and authority for information sharing external to DOL which includes federal, state and local government, and the private sector.

With which external organization(s) is the PII shared, what information is shared, and for what purpose?

N/A Information is not shared outside the Department.

Is the sharing of PII outside the Department compatible with the original collection? If so, is it covered by an appropriate routine use in a SORN? If so, please describe. If not, please describe under what legal mechanism the program or system is allowed to share the PII outside of DOL.

N/A Information is not shared outside the Department.

How is the information shared outside the Department and what security measures safeguard its transmission?

N/A Information is not shared outside the Department

Privacy Impact Analysis

None. Information is not shared outside the Department.

Notice

The following questions are directed at notice to the individual of the scope of PII collected, the right to consent to uses of said information, and the right to decline to provide information.

Was notice provided to the individual prior to collection of PII?

PII data contained in the system is given voluntarily by people who are submitting an inquiry to EBSA.

If the issue relates to medical benefits, then the BAs work with the participant and tell them who needs the information to resolve the claim. If the participant wishes to remain anonymous or does not want to release the information, then the BA will stop working on the claim.

Do individuals have the opportunity and/or right to decline to provide information?

Yes, individuals submitting an inquiry to EBSA may decline to provide PII data.

Do individuals have the right to consent to particular uses of the information? If so, how does the individual exercise the right?

Individuals do not have access to TAIS or the right to consent to how information in the database is used once it has been given.

Privacy Impact Analysis

The PII stored in the TAIS represents a very small risk to EBSA because it is well protected by numerous security controls. Information is provided voluntarily by the person making an inquiry, and they are thus aware of the information they provide. Public notice is also given in the Federal Register. Privacy data is also protected by ensuring that privacy awareness training is provided annually by DOL. Even without specific training, however, the risk of unauthorized access to the TAIS data is minimal due to the existing security controls in place and the limited use of PII.

Access, Redress, and Correction

The following questions are directed at an individual's ability to ensure the accuracy of the information collected about them.

What are the procedures that allow individuals to gain access to their information?

There is a process in place for the public to ask to see information regarding their inquiry. Through FOIA and the Privacy Act, individuals may obtain a copy of any file maintained under their own name.

What are the procedures for correcting inaccurate or erroneous information?

Many application-specific errors are handled by the TAIS during data input. Errors introduced by EBSA users would be handled by notifying the user (via an application generated message) to correct the erroneous data before TAIS will accept it for storage in the database. An individual may ask a BA at any time to correct information that is known or suspected to be in error.

How are individuals notified of the procedures for correcting their information?

The information is published in the Federal Register entry for the system. They can also be informed by Benefits Advisors.

If no formal redress is provided, what alternatives are available to the individual?

N/A

Privacy Impact Analysis

The PII stored in the TAIS represents a very small risk to EBSA because it is well protected by numerous security controls. Access is restricted to authorized personnel within EBSA and information is only shared internally for the purpose of answering an inquiry. Individuals can receive a copy of information kept on their inquiry and can have it corrected if needed. Privacy data is also protected by ensuring that privacy awareness training is provided annually by DOL. Even without specific training, however, the risk of unauthorized access to the TAIS data is minimal due to the existing security controls in place and the limited use of PII.

Technical Access and Security

The following questions are intended to describe technical safeguards and security measures.

What procedures are in place to determine which users may access the system and are they documented?

EBSA has a policy in place which regulates the use of passwords. Username and password authentication is used at EBSA to restrict and control access to TAIS records. EBSA is working towards following all requirements and standards set forth by the Department of Labor and the National Institute of Standards and Technology (NIST).

Highlights of the EBSA procedures include:

assignment of unique account name and complex password
automatic enforcement of login by Windows Active Directory Services before execution of TAIS is possible
full login management and assignment of access level by TAIS
monthly review of inactive accounts
single sign on with Windows and subsequent TAIS authorization

Will Department contractors have access to the system?

Yes, TAIS is accessed by program developers who are authorized contractors of the Department of Labor, for the purpose of developing, testing, administering and operating the system.

Describe what privacy training is provided to users, either generally or specifically relevant to the program or system?

Mandatory Security Awareness Training is provided to all employees and contractors of EBSA.

There are formal rules for using TAIS which include the requirement that all employees, Federal and contractor, conform to the Privacy Act requirements. These rules and other Department of Labor and EBSA policies and procedures clearly delineate the responsibilities and expected behavior of all individuals with access to the LAN GSS and its hosted applications.

What auditing measures and technical safeguards are in place to prevent misuse of data?

Within TAIS there are specific roles defined which provide varying levels of access to data stored in TAIS tables. Critical functions are divided among different individuals. Most users are benefit advisors and are allowed to modify only the inquiries that they created. In accordance with EBSA business rules, benefit advisors and supervisors are allowed to view other workers' inquiries.

An auditing function exists within TAIS. Since March 1, 2005, every action of every user is recorded in a separate database audit log and backed up indefinitely. Information stored includes: type of change, update/insert/delete, time and date of change, username, office ID, complete text version of record when opened and when saved (i.e. "before" and "after") and the IP address of workstation to which user was logged in.

All transactions submitted to the TAIS are written to this audit log. This log is a separate database structure within the database that records each change to each record. The log record includes the information listed above. This information can be requested in near real time (e.g., within minutes of being recorded). This information is accessible only by TAIS technical support staff. The electronic audit log is protected from viewing by unauthorized users by the LAN GSS and TAIS security mechanisms (i.e., user ID and password).

No standard user has permission to view this audit log or access the audit log file. The database administrator (DBA) is the only person(s) who has these permissions. The DBA may have to modify or delete the audit log file for purposes of emergency repairs or system maintenance. Information captured by the TAIS audit module is backed up on a regular basis and stored off-site for the normal retention period.

Privacy Impact Analysis

PII stored on the TAIS is limited to information necessary for the Agency to carry out its duties and is well protected by numerous security controls, which are described in the TAIS security documentation. There is no direct connection between TAIS and the Internet. TAIS does not interface with any other systems except its host system, the LAN GSS. Sharing of the information is conducted solely at the discretion of the BA and only for the purpose of resolving the inquiry and is done with in the application and supporting LAN GSS controls.

Technology

The following questions are directed at critically analyzing the selection process for any technologies utilized by the system, including system hardware, RFID, biometrics, and other technology.

What stage of development is the system in, and what project development life cycle was used?

TAIS is in the operations and maintenance stage of it's development life cycle. All DOL major information systems are required to follow the computer security life cycle defined in the DOL System Development Life Cycle Management (SDLCM) Manual.

Does the project employ technology which may raise privacy concerns? If so please discuss their implementation?

No, TAIS consists of custom and commercial off-the-shelf (COTS) software. The custom software was developed and is maintained by a contractor and uses no technology which may raise security concerns.

Determination

As a result of performing the PIA, what choices has the agency made regarding the information technology system and collection of information?

EBSA has completed the PIA for Technical Assistance and Inquiries System (TAIS) which is currently in operation. EBSA has determined that the safeguards and controls for this moderate system adequately protect the information referenced in TAIS security documentation.
EBSA has determined that it is collecting the minimum necessary information for the proper performance of a documented agency function.