EXECUTIVE SUMMARY REPORT
INTRODUCTION TO THE PIA
The purpose of this document is to summarize the findings of the United
States Department of Labor National Contact Center (DOL-NCC) Privacy Impact
Assessment (PIA). The PIA ensures the confidentiality, integrity, and
availability of the information contained within the system. This assessment
aims to determine what types of data are collected, stored, or shared and by
its nature, whether that data will cause an invocation of the Privacy Act of
1974. This document also assesses the risks for system vulnerability
Scope
This document will discuss what, if any, personal information is
collected and stored, whether adequate measures are in place to protect such
data, and in the case that they are not, what remediation is required to
satisfy the protection requirements of this data. The system components to be
assessed are the DOL-NCC IT System Application Server, Database Server, and Web
Reports Server.
DOL-NCC IT System is used by the DOL-NCC Customer Service Representative
(CSR) and program management staff.
PIA Approach
The execution of this PIA was accomplished through the collection of
data and information in the form of interviews with DOL-NCC program management
personnel, review of key documentation, and review of key system resources and
data components.
PIA Results
Through this assessment, it was determined that the personally
identifiable information collected in the DOL-NCC IT System does not constitute
sensitive information and is disposed of on a 30-day cycle. Information
collected is limited to name, address, phone numbers, and email address. Data
is controlled in a manner complying with the Privacy Act of 1974 and does not
invoke any other compliance requirements.
PIA Summary
In conclusion, personal information is given on a voluntary basis, and
is collected to invoke a request by the customer for further research. No
personally sensitive information is collected, and data access is controlled
and managed utilizing least privilege.
|
