EXECUTIVE SUMMARY REPORT
INTRODUCTION TO THE PIA
Purpose
This privacy impact report seeks to identify the essential components of
the Electronic Labor Organization Reporting System (e.LORS) to ensure that
personally identifiable information (PII) is protected by security procedures
and controls commensurate with the sensitivity of the information.
In addition, this PIA will assist with identifying the nature of
personally identifiable information associated with the business process,
validate "Rules of Behavior" for managing the collection, use, disclosure and
destruction of personally identifiable information and provide management with
a tool to make informed policy, operations and system design decisions, based
on an understanding of privacy risk and of the options available for mitigating
that risk.
History
The Office of Labor-Management Standards (OLMS) administers provisions
of the Labor-Management Reporting and Disclosure Act (LMRDA) of 1959, as
amended and related laws which establish standards of conduct for labor
organizations and require reporting by unions and others for public disclosure
access. OLMS also certifies fair and equitable protective arrangement for
transit employees when Federal funds are used to acquire, improve, or operate a
transit system.
Labor organizations hold billions of dollars in assets that must be
safeguarded for the use of the union members. OLMS is mandated by Congress for
ensuring union audits and related compliance assistance activities, as well as
criminal enforcement, as necessary to ensure financial integrity. This
information is currently gathered for reporting to the President and Congress
through the Electronic Labor Organization Reporting System (e-LORS). E-LORS was
initiated to support the President's Management Agenda to expand electronic
government by automating a paper-based reporting and public disclosure system
under the LMRDA. It also ensures compliance with the Government Paperwork
Elimination Act, P.L. 105-277, Title XVII, by making required forms available
for electronic signature.
The e-LORS system provides a reporting capability for labor
organizations to electronically submit federally mandated annual reports (LM-2,
3 and 4). It includes a secure electronic submission process for those reports
and an Internet public disclosure system that provides unprecedented public
access to filed labor organization reports. It also allows citizens the
capability to search for information on union activities from those reports.
In 2002 the LM-2 form was revised through a proposed rule. The Final
Rule was published October 9, 2003 in Federal Register 68 FR 58374. The rule
implementing the revised LM-2 went into effect July 1, 2004. The proposed rule
specifically states the new forms must be submitted electronically, which
required modification to the current e-LORS system to facilitate creation,
submission, storage and disclosure of the new electronic forms.
Scope
This Privacy Impact Assessment (PIA) covers e.LORS, which is managed by
the Office of Labor- Management Standards (OLMS). The system owner is the
Deputy Assistant Secretary of Office of Labor Management Standards.
This assessment is limited to data used by e.LORS; its file, print,
storage and application server(s); all interconnections, whether to systems or
other applications; and all application software, hardware and operating
systems located in Washington, D.C.
PIA Approach
OLMS consulted with the Office of Management, Administration, and
Planning's Division of Information Technology Management and Services (DITMS)
to gain an understanding of the business and legislative drivers for conducting
a Privacy Impact Assessment (PIA). Based on our understanding that the conduct
of a PIA is a shared management responsibility, we performed a high-level
review of the assessment questions to determine the level of skill sets
required to:
- Ensure that privacy protection is a core consideration in the initial
framing of program or service objectives;
- Ensure that accountability for privacy issues is clearly incorporated
into the duties of program managers and technical specialists; and
- Promote an awareness of sound privacy practices associated with
program and service delivery.
The PIA was performed using the questionnaire provided by the Office of
the Chief Information Officer Programs.
Summary and Results
The detailed Privacy Impact Assessment Questionnaire in Section 2
provides details to substantiate OLMS findings.
|
