EXECUTIVE SUMMARY REPORT
INTRODUCTION TO THE PIA
Purpose
This privacy impact report seeks to identify the essential components of
the LONGSHORE CASE MANAGEMENT SYSTEM to ensure that personally identifiable
information (PII) is protected by security procedures and controls commensurate
with the sensitivity of the information. The LCMS is a major application that
runs on and is supported by the ESA GSS. The LCMS supports delivery of mission
critical services in compliance with the Longshore and Harbor Workers'
Compensation Act.
In addition, this PIA will assist with identifying the nature of
personally identifiable information associated with the business process,
validate "Rules of Behavior" for managing the collection, use, disclosure and
destruction of personally identifiable information and provide management with
a tool to make informed policy, operations and system design decisions, based
on an understanding of privacy risk and of the options available for mitigating
that risk.
Scope
The LCMS is one of the nine major applications that reside (and rely) on
the Employment Standards Administration agency ESA-GSS IT infrastructure to
support its core business processes in administering the agency's business
operations and the delivery of critical services in-house and to the public the
agency serves.
The LCMS resides on the ESA GSS central database server at the primary
and disaster recovery centralized data centers. The LCMS client server
application serves approximately 120 users at the National, Regional and
District DLHWC offices.
Approach
The Office of Worker's Compensation Programs (OWCP) consulted with the
Office of Management, Administration, and Planning's Division of Information
Technology Management and Services to gain an understanding of the business and
legislative drivers for conducting a Privacy Impact Assessment (PIA). Based on
our understanding that the conduct of a PIA is a shared management
responsibility, we performed a high-level review of the assessment questions to
determine the level of skill sets required to:
- Ensure that privacy protection is a core consideration in the initial
framing of program or service objectives;
- Ensure that accountability for privacy issues is clearly
incorporated into the duties of program managers and technical specialists;
and
- Promote an awareness of sound privacy practices associated with
program and service delivery.
The PIA was performed using the questionnaire provided by the Office of
the Chief Information Officer Programs. Participants in the PIA include the
DLHWC Director, DLHWC IT Security Officer, the Branch Chief of Policy,
Regulations and Procedure, the Branch Chief of Financial Management and
Insurance and input from District Office Directors.
Results
Based on the Privacy Impact Assessment Questionnaire, DLHWC has not
discovered any discrepancies.
Summary
DLHWC understands the importance of protecting the PII information and
while there has been Privacy Act training offered in the past there are some
other actions (PII ROB, etc) that should help to limit the threat of possible
PII data disclosure. DLHWC is committed to taking further steps to help limit
any and all PII vulnerabilities.
|
