EXECUTIVE SUMMARY REPORT
INTRODUCTION TO THE PIA
Purpose
DOL is responsible for ensuring the confidentiality, integrity, and
availability of the information contained within its information systems. DOL
must at times collect, use, analyze, and store personally identifiable
information (PII) from its employees and customers. DOL remains vigilant in
protecting all its information technology resources, but this is especially
true of those systems containing PII. Ideally, the PIA should be performed
during the development phase of a system life cycle. A PIA should also be
conducted at any time when the system is significantly modified, or the
sensitivity of the data contained within the system is changed.
The Solicitor's Office (SOL) has assessed its Litigation Support Systems
(LSS) and evaluated privacy vulnerabilities and risks, and their implications
on this information system. This assessment enables SOL to ensure that SOL has
complied with all relevant privacy policies, regulations, procedures, and
guidance, both internal and external to DOL.
Scope
LSS is a collection of in-house developed Microsoft Access databases
designed to assist with case investigation/litigation. Each application is
totally independent and has no relationship to any other database. There is no
interconnectivity to any other application. Each Microsoft Access database is
nothing more then a collection of case data placed in an organized form called
a database. Software modifications are rarely made during the life of the
database. The life of these databases is equal to the life of the case they
support. Once the case is closed-out, the databases are archived permanently.
Any number of databases may be active at any one time and in various
stages of development to support on-going investigations and/or litigation.
Each case uses similar software products to carryout one or more of the
following functions: the finding, analyzing and/or reorganizing of evidentiary
data in a particular case. Individual databases may be active for years since
information may be subject to court orders or renewed investigations. All
information in an application is unique to the case's users, the network, and
the databases for that case. The databases may contain legal documents such as
evidence, briefs, motions, transcripts, decisions, and settlements. At a given
point in time, some information may be considered privileged.
Approach
This assessment was completed by assembling a team that consisted of the
developers, Program Manager, SOL Security Officer, and SOL IT Manager. Together
the team reviewed the questionnaire and discussed and answered each
question.
Results and Summary
The Litigation Support Systems (LSS) contain personally identifying
information. Based on this assessment SOL has determined that the LSS have
adequate controls in place to meet minimal compliance with federal privacy
requirements and that all risks have been minimized.
|
