United States Department of Labor

Subscribe to E-mail Updates	All DOL OCIO   Advanced Search
A to Z |  Site Map |  FAQs |  Forms |  About DOL |  Contact Us |  Español

Privacy Impact Assessment Questionnaire
SOL –Workload Management Systems (WMS) FY 2011

Overview:

• The system name and the name of the DOL component(s) which own(s) the system:
  This system is the Workload Management Systems (WMS) and is owned by the Office of the Solicitor.
  
  
• The purpose/function of the program, system, or technology and how it relates to the component’s and DOL mission:
  The WMS will track all significant legal activities referred by DOL client program agencies to the various components of the Solicitor's Office. Legal activities include representing the Secretary and the client agencies in all necessary litigation, including both enforcement actions and defensive litigation, and in alternative dispute resolution activities; assisting in the development of regulations, standards, and legislative proposals, and providing legal opinions and advice concerning all the Department’s activities. Data collected through the Workload Management Systems is used to analyze the volume, diversity, trends, and impact of the workload in the Office of the Solicitor (SOL) divisions and field offices. This system provides information needed to manage SOL resources, to monitor performance, and to provide SOL’s client agencies (DOL program offices) with updated information on the work being done in their respective program areas. The system also captures SOL resource time spent providing legal services. The WMS provides these functions throughout SOL national, regional and sub-regional offices supporting approximately 700 attorneys, docket clerks, and paralegals.


• A general description of the information in the system.
  The WMS contains data which is considered PII. The information in the system is descriptive and status information about the legal services (litigation, opinion and advice, rules and regulations) provided by SOL to DOL client program agencies, OMB and Congress.


• A description of a typical transaction conducted on the system.
  A typical transaction in the WMS would involve a SOL docket clerk creating a matter for the legal services to be provided, updating a matter’s status, recording the time spent on a matter, and closing a matter at the completion of performing the legal service. Legal services include litigation, regulation review, and opinion and advice.


• Any information sharing conducted by the program or system.
  SOL shares information with DOL clients (DOJ, OMB, Congress, and DOL program agencies).


• A general description of the modules and subsystems, where relevant, and their functions:
  The Workload Management Systems contains the following systems:


• Solicitor’s Office Legal Activity Reporting System (SOLAR). This system tracks all workload items.
• Time Distribution System (TD). This system tracks work hours devoted to workload items.
• Fair Labor Standards Wage and Hour Reporting System (W&H). This system tracks FLS wage and hour litigation workload items.
• Freedom of Information Act/Privacy Act System (FOIA/PA). This system tracks FOIA appeals workload items.
• Legislation and Legal Counsel Project Tracking System (LPTS). This system tracks workload items generated by requests from Congress, the White House, Office of Management and Budget (OMB), and other agencies.
• Where appropriate, a citation to the legal authority to operate the program or system.
  SOL has the authority to perform legal services under the following program statutes and federal regulations:

Division of Black Lung and Longshore Legal Services (BLLLS) Black Lung Benefits Act (BLBA), as amended, 30 U.S.C. 901-944; and Longshore and Harbor Worker's Compensation Act (LHWCA), as amended, 33 U.S.C. 901-950

Division of Civil Rights and Labor-Management (CRLM) Executive Order 11246, as amended; Section 503 of the Rehabilitation Act of 1973, as amended (29 U.S.C. § 793 et seq.); Vietnam Era Veterans' Readjustment Assistance Act of 1974 (VEVRAA), as amended (38 U.S.C. § 4212 et seq.); section 188 of the Workforce Investment Act (WIA), Title VI of the Civil Rights Act, Title IX of the Education Amendments Act, Age Discrimination Act, Americans with Disabilities Act of 1990, section 504 of the Rehabilitation Act, Labor-Management Reporting and Disclosure Act of 1959 (LMRDA), as amended (29 U.S.C. § 401 et seq.), section 1209 of the Postal Reorganization Act of 1970 (39 U.S.C. § 1209), section 701 of the Civil Service Reform Act of 1978 (CSRA) (5 U.S.C. § 7120), section 1017 of the Foreign Service Act of 1980 (22 U.S.C. § 4117), and section 220(a)(1) of the Congressional Accountability Act of 1995 (2 U.S.C. § 1351(a)(1)).29 CFR Part 470 29 CFR Part 30, Equal Employment Opportunity in Apprenticeship and Training; Title VI of the Civil Rights Act of 1964 (42 U.S.C. § 2000e); Title IX of the Education Amendments Act of 1972 (20 U.S.C. § 1681 et seq.); section 504 of the Rehabilitation Act of 1973 (29 U.S.C. § 794); Age Discrimination Act of 1975 as amended (42 U.S.C. § 6101 et seq.); Americans with Disabilities Act of 1990 (42 U.S.C. § 12101 et seq.); Executive Order 13166 (";Improving Access to Services for People with Limited-English Proficiency";); and section 188 of the Workforce Investment Act (WIA) (29 U.S.C. § 2938(a)(2)). the Americans with Disabilities Act, sections 503 and 504 of the Rehabilitation Act, and section 188 of WIA. Executive Order 13198 (enacted on January 29, 2001, to establish CFBCI within the Department), Executive Order 13279; 20 CFR Parts 667 and 670, and 29 CFR Parts 2 and 37. VEVRAA. 38 U.S.C. § 4212(d).

Division of Employment and Training Legal Services (ETLS) Workforce Investment Act of 1998; Wagner-Peyser Act; Federal Unemployment Tax Act (FUTA) Social Security Act (SSA) (Titles III, IX, and XII); Trade Act of 1974; Uniformed Services Employment and Reemployment Rights Act (USERRA); Veterans Employment Opportunities Act of 1998; Robert T. Stafford Disaster Relief and Emergency Assistance Act; (5 U.S.C. 8501, et seq.); Older Americans Act; National Apprenticeship Act 38 U.S.C. Chapter 41, 38 U.S.C. Chapter 42, Workforce Investment Act, Immigration and Nationality Act (INA); Worker Adjustment and Retraining Notification Act (WARN)

Division of Federal Employees' and Energy Workers' Compensation (FEEWC) Federal Employees' Compensation Act (FECA); Energy Employees Occupational Illness Compensation Program Act of 2000 (EEOICPA)

Division of Fair Labor Standards (FLS) Fair Labor Standards Act); Davis-Bacon and Related Acts; McNamara-O'Hara Service Contract Act; Walsh-Healey Public Contracts Act, Contract Work Hours and Safety Standards Act); Fair Labor Standards Act Migrant and Seasonal Agricultural Workers Protection Act; Employee Polygraph Protection Act; Family and Medical Leave Act; Consumer Credit Protection Act; Immigration and Nationality Act; Energy Reorganization Act; Wendell H. Ford Aviation Investment and Reform Act for the 21st Century

Division of Management and Administrative Legal Services (MALS) Freedom of Information Act; Privacy Act; Federal Advisory Committee Act; Administrative Procedure Act; Regulatory Flexibility Act

Division of Mine Safety and Health (MSH) Federal Mine Safety and Health Act of 1977 (the Mine Act).

Division of Occupational Safety and Health (OSH) Occupational Safety and Health Act of 1970 OSH Act); Surface Transportation Assistance Act of 1982, 49 U.S.C § 31105; section 19 of the Occupational Safety and Health Act and related Executive Order 12196

Division of Plan Benefits Security (PBS) the Employee Retirement Income Security Act of 1974 (ERISA); the Federal Employees Retirement Security Act (FERSA)

• A description of why the PIA is being conducted.
  The WMS contains PII on members of the public and therefore a Privacy Impact Assessment is required. Appropriate Privacy Act System of Record Notices (SORN) will be published in the Federal Register. The Privacy Act requires that a SORN be published in the Federal Register when PII is maintained by a Federal agency in a system of records and the information is retrieved by a personal identifier. The system can retrieve PII by the specific personal identifier.

---

Characterization of the Information

The following questions are intended to define the scope of the information requested and/or collected as well as reasons for its collection as part of the program, system, or technology being developed.

Specify whether the system collects personally identifiable information (PII) on DOL employees, other federal employees, contractors, members of the public (U.S. citizens), foreign citizens, or minor children.

The Workload Management Systems contain protected/sensitive personally identifying information (PII).

• What are the sources of the PII in the information system?
  The Workload Management Systems contain PII on members of the public. This PII information includes SSN, name, mailing address, residential address, and place of work. These members of the public include claimants (for injuries and medical conditions), judges, and appellants.


• What is the PII being collected, used, disseminated, or maintained?
• FOIA System
• Residential address/mailing address for the individual filing the FOIA appeal (member of the public)
• Place of work for the individual filing the FOIA appeal (member of the public)
• Appellant name - Name of the individual filing the FOIA appeal (member of the public)
• Original Requestor - Name of the individual who filed the original FOIA request (member of the public)
• Denying Officer – name of the DOL program agency employee who denied the original FOIA request.
• SOLAR
• SSN of the miner who filed the black lung claim (member of the public)
• SSN of the DOL employee who filed the workers compensation claim for which DOL will request reimbursement from the third party at fault
• Name of the DOL attorney assigned to the matter/case
• Name of the DOL associate attorney assigned to the matter/case
• Name of the judge presiding over the matter/case in court (member of the public)
• Time Distribution
• Name of DOL attorney and paralegal (not on screen but in database) that worked on a particular matter/case
• Legislative Project Tracking System
• Name of the DOL attorney assigned to the legislative review matter
• Name of the DOL attorney (counsel) assigned to the legislative review matter
• Name (Retired by Whom) of the DOL employee that closed the legislative review matter


• How is the PII collected?
  PII is collected from DOL client program agencies.


• How will the information be checked for accuracy?
  PII information for a specific matter/case is reviewed by the supervisor assigned to the matter/case.


• What specific legal authorities, arrangements, and/or agreements defined the collection of information?
  Various statutes that permit DOL program agencies to accomplish the agency mission.

---

Uses of the PII

The following questions are intended to clearly delineate the use of information and the accuracy of the data being used.

• Describe all the uses of the PII

FOIA System

PII	Use
Residential address/mailing address	Used in communicating with the individual filing the FOIA appeal
Place of work for the individual filing the FOIA appeal	Used in communicating with the individual filing the FOIA appeal
Appellant name - Name of the individual filing the FOIA appeal	Used in communicating with the individual filing the FOIA appeal
Original Requestor - Name of the individual who filed the original FOIA request	Used in communicating with the individual filing the FOIA appeal
Denying Officer – name of the DOL program agency employee who denied the original FOIA request.	Used for tracking the original FOIA request.

SOLAR

PII	Use
SSN of the miner who filed the black lung claim	Used to identify the claimant, ensure that the program agency and SOL attorney are communicating concerning the correct individual, and to ensure proper payment of benefits.
SSN of the DOL employee who filed the workers compensation claim for which DOL will request reimbursement from the third party at fault	Used to identify the claimant.
Name of the DOL attorney assigned to the matter/case	Used for internal management reporting
Name of the DOL associate attorney assigned to the matter/case	Used for internal management reporting
Name of the judge presiding over the matter/case in court	Used for communicating with the court system

Time Distribution

PII	Use
Name of DOL attorney and paralegal (not on screen but in database) that worked on a particular matter/case	Used for internal management reporting

Legislative Project Tracking System

PII	Use
Name of the DOL attorney assigned to the legislative review matter	Used for internal management reporting
Name of the DOL attorney (counsel) assigned to the legislative review matter	Used for internal management reporting
Name (Retired by Whom) of the DOL employee that closed the legislative review matter	Used for internal management reporting

• What types of tools are used to analyze data and what type of data may be produced?
  Crystal Reports is used to generate office level and management reporting. SSN is not reflected in any management reporting.

• Will the system derive new data, or create previously unavailable data, about an individual through aggregation of the collected information?
  No.

• If the system uses commercial or publicly available data, please explain why and how it is used.
  N/A

• Privacy Impact Analysis
  The PII stored in the WMS is subject to minimal risk because it is well protected by implementation of numerous security controls as defined by NIST SP 800-53 Recommended Security Controls for Federal Systems. Privacy awareness is administered annually through the DOL Safeguarding PII training and the Information System Security Awareness Training (ISSAT), This required training is provided to all DOL employees and contractors, Even without specific training, however, the risk of unauthorized disclosure and unauthorized access to the WMS data is minimal due to the existing security controls in place at the network and application level and the limited use of PII.
  
  The privacy risks identified with the amount and type of data collected can be mitigated
  through the following NIST SP 800-53 Rev. 3 security control categories:

• Technical Class Controls
• Access Control (AC):
• Access Control Policy and Procedures
• Account Management
• Access Enforcement
• Separation of Duties
• Least Privilege
• Unsuccessful Login Attempts
• System Use Notification
• Session Lock
• Supervision and Review
• Audit and Accountability (AU):
• Audit and Accountability Policy and Procedures
• Auditable Events
• Content of Audit Records
• Audit Monitoring, Analysis, and Reporting
• Identification and Authentication:
• Identification and Authentication Policy and Procedures
• Authenticator Management
• Management Class Controls
• Risk Assessment (RA)
• Risk Assessment Policy and Procedures
• Operational Class Controls
• Awareness and Training (AT)
  • Awareness and Training Policy and Procedures
  • Security Training
  • Security Awareness
• Physical and Environmental Protection (PE)
  • Physical and Environmental Protection Policy and Procedures
  • Physical Access Authorizations
  • Physical Access Control
• Media Protection (MP)
  • Media Protection Policy and Procedures
  • Media Access
  • Media Storage

Implementation of the above security controls is documented in the WMS SSP, v2.0, November 20, 2009 that addresses all of the areas identified above, including how SOL employees are granted system access based upon their organizational role and need to know, authorizing officials, technical aspects of authentication management, software use and engineering, and the auditing of access files to ensure the protection of data maintained by the WMS.

WMS are required to continual address statutory and Department-level requirements to substantiate its handling of information through the workload systems and to ensure it is compliant. From a technical perspective, continuous monitoring requirements provide assurance that privacy-applicable controls are implemented and operating as intended.

---

Retention

The following questions are intended to outline how long information will be retained after the initial collection.

• How long is information retained in the system?
  Information is retained in accordance with the SOL Records Schedule
• Has the retention schedule been approved by the DOL agency records officer and the National Archives and Records Administration (NARA)?
  Records are retained and disposed of under the authority of the SOL Records Schedule contained on the DOL Website at: http://www.dol.gov/dol/records/#8; under schedule number N1-174-02-02: items number 13. Time Distribution (TD) System (all sub-items included) and 14. Solicitor’s Office Legal Activity Reporting (SOLAR) System (all sub-items included).
• What efforts are being made to eliminate or reduce Personally Identifiable Information from the collection, storage or maintenance of a system if it is no longer required?
  As of March 2010, only the last 4 digits of the SSN are recorded for the Black Lung matters.
  As of August 2010, SSN is no longer recorded for FECA Subrogation.
• How is it determined that PII is no longer required?
  A determination as to when PII is no longer required within the system is performed as part of the annual Privacy Impact Assessment. Specifically, the MALS Legal Technology Unit will make recommendations for approval by the System Owner. Also SOL addresses all federal mandates to reduce the use of PII and specific identifiers where possible in its information collection processes.
• Privacy Impact Analysis
  Whenever large amounts of personal data are stored for an extended period of time, there is a significant privacy risk. This risk is proportionally increased by the length of time in which the data are retained. The following are NIST SP 800-53 Rev 3 control families that mitigate the risk associated with PII retention:

• Operational Class Controls
  • System and Information Integrity (SI)
    • System and Information Integrity Policy and Procedures
    • Information Output Handling and Retention
  • Physical and Environmental Protection (PE)
    • Physical and Environmental Protection Policy and Procedures
    • Physical Access Authorizations
    • Physical Access Control
  • Media Protection (MP)
    • Media Protection Policy and Procedures
    • Media Access
    • Media Storage

---

Internal Sharing and Disclosure

The following questions are intended to define the scope of sharing within the Department of Labor.

• With which internal organization(s) is the PII shared, what information is shared, and for what purpose?
  SOLAR – PII is shared within SOL through management reporting. SSN is not reflected in any management reporting.
  TD – PII is shared within SOL through management reporting.
  FOIA Appeals - PII is shared with the DOL program agency who originally denied the FOIA request.
• How is the PII transmitted or disclosed?
  Through management reports, transmittal letters, and online screens.

• Privacy Impact Analysis
  The privacy risk lies in unauthorized disclosure based on methods of sharing. The two methods and the mitigation of potential risks are as follows:

• Technical Class Controls
• Access Control (AC):
• Account Management
• Access Enforcement
• Separation of Duties
• Least Privilege
• Unsuccessful Login Attempts
• System Use Notification
• Session Lock
• Supervision and Review –Access

• Audit and Accountability (AU):
• Auditable Events
• Content of Audit Records
• Audit Monitoring, Analysis, and Reporting

• Identification and Authentication:
• Authenticator Management

• System and Communications Protection (SC):
• Boundary Protection
• Transmission Integrity
• Transmission Confidentiality
• Media Protection (MP)
  • Media Protection Policy and Procedures
  • Media Access
  • Media Storage

---

External Sharing and Disclosure

The following questions are intended to define the content, scope, and authority for information sharing external to DOL which includes federal, state and local government, and the private sector.

• With which external organization(s) is the PII shared, what information is shared, and for what purpose?
  Not applicable. PII from the WMS is not shared outside the Department.

• Is the sharing of PII outside the Department compatible with the original collection? If so, is it covered by an appropriate routine use in a SORN? If so, please describe. If not, please describe under what legal mechanism the program or system is allowed to share the PII outside of DOL.
  Not applicable. PII from the WMS is not shared outside the Department.

• How is the information shared outside the Department and what security measures safeguard its transmission?
  Not applicable. Information is not shared outside the Department.

• Privacy Impact Analysis
  There is n Information is not shared outside the Department.

---

Notice

The following questions are directed at notice to the individual of the scope of PII collected, the right to consent to uses of said information, and the right to decline to provide information.

• Was notice provided to the individual prior to collection of PII?
  Yes. The Privacy Act requires that a SORN be published in the Federal Register when PII is maintained by a Federal agency in a system of records and the information is retrieved by a personal identifier. The system can retrieve PII by the specific personal identifier.

• Do individuals have the opportunity and/or right to decline to provide information?
  Yes, individuals have the right to decline to provide information based on the invocation of the Privacy Act of 1974. Individuals would have addressed this opportunity or right with the DOL program agency prior to SOL’s use of the information. SOL does not collect this information directly from members of the public but rather extracts the information from records collected by the DOL program agencies.

• Do individuals have the right to consent to particular uses of the information? If so, how does the individual exercise the right?
  No, as there are only routine uses of the information, and no particular uses that would require consent under the Privacy Act of 1974.

• Privacy Impact Analysis
  The predominant privacy risk lies in improper disclosure. DOL shall not disclose, nor make available, any personal data except with the consent of the individual concerned or by authority of law. DOL shall, when appropriate and required by law, provide access to, and a process for amending, personal information in accordance with the Privacy Act of 1974. Also, all SOL Federal and contractor support staff are aware of penalties regarding improper use of SOL information (e.g., system access notification, computer security awareness training, Contractor Confidentiality/Non-Disclosure Agreement, Employee Computer Network (ECN)/Departmental Computer Network (DCN) Network Access Request Form and Rules of Behavior.

---

Access, Redress, and Correction

The following questions are directed at an individual’s ability to ensure the accuracy of the information collected about them.

• What are the procedures that allow individuals to gain access to their information?
  An individual, or legal representative acting on his behalf, may request access to a record about himself by appearing in person or by writing to the Office of the Solicitor of Labor (SOL), Deputy Solicitor, 200 Constitution Avenue, NW, Washington, DC 20210. A requester in need of guidance in defining his request may write to the Assistant Secretary for Administration and Management, U.S. Department of Labor, 200 Constitution Avenue, NW, Washington, DC 20210–0002.
  The specific procedures for allowing an individual to gain access to their information are found on the internet U.S. Government Printing Office website at http://s.dol.gov/6p. This link presents the Electronic Code of Federal Regulations Title 29, Part 71.

• What are the procedures for correcting inaccurate or erroneous information?
  An individual may submit a request for correction or amendment of a record pertaining to him. The request must be in writing and must be addressed to the Office of the Solicitor of Labor (SOL), Deputy Solicitor, 200 Constitution Avenue, NW, Washington, DC 20210. The request must identify the particular record in question, state the correction or amendment sought, and set forth the justification for the change. Both the envelope and the request itself must be clearly marked: “Privacy Act Amendment Request.”
  The specific procedures for correcting inaccurate or erroneous information are contained in the Electronic Code of Federal Regulations which is found on the U.S. Government Printing Office website at http:// http://s.dol.gov/6p.

• How are individuals notified of the procedures for correcting their information?
  This information is published in the Federal Register entry for the system. Also, www.dol.gov provides “Important Web Site Notices” which contains the department’s Privacy and Security Policies. This is found on the initial page of the website or directly at http://www.dol.gov/dol/aboutdol/website-policies.htm.

• If no formal redress is provided, what alternatives are available to the individual?
  When a request for correction or amendment is denied in whole or in part, the requester may appeal the denial to the Solicitor of Labor within 90 days of his receipt of the notice denying his request.

• Privacy Impact Analysis
  There is minimal risk to the data integrity of PII stored in the WMS because it is well protected by numerous security controls. Data integrity is primarily accomplished because access to data is restricted to authorized personnel within SOL and information is only shared internally for the purpose of opening, updating, or closing a matter. Privacy data is also protected by ensuring that privacy and security awareness training is provided annually by DOL. Specifically, Mandatory Safeguarding PII and DOL Information Systems Security Awareness Training are provided to all employees and contractors of SOL. Even without specific training, however, the risk of unauthorized access to the WMS data is minimal due to the existing security controls in place and the limited use of PII.
  Privacy risks associated with the accuracy of information are mitigated through the following NIST SP 800-53 controls:

• Technical Class Controls
• System and Communications Protection (SC):
• Boundary Protection
• Transmission Integrity
• Transmission Confidentiality

• Operational Class Controls
• System and Information Integrity (SI)
• Software and Information Integrity
• Information Input Restrictions
• Information Accuracy, Completeness, Validity, and Authenticity

---

Technical Access and Security

The following questions are intended to describe technical safeguards and security measures.

• What procedures are in place to determine which users may access the system and are they documented?
  SOL has documented Access Control procedures in place which ensures the access to the WMS is established in compliance with the DOL computer security handbook. The applicable NIST SP 800-53 management, operational and technical controls access control requirements are employed or are being employed for the WMS.
  Highlights of the SOL procedures include:

• employee Rules of Behavior
• assignment of unique account name and complex password
• single sign-on and automatic enforcement of login via Windows Active Directory Services before execution of the WMS is possible
• access provided strictly on the basis of approved authorizations
• automatic removal of inactive accounts
• least privilege access

• Will Department contractors have access to the system?
  Yes, the WMS is accessed by program developers and system administrators who are authorized contractors of the Department of Labor, for the purpose of developing, testing, administering and operating the system.

• Describe what privacy training is provided to users, either generally or specifically relevant to the program or system?
  Mandatory Safeguarding PII and DOL Information Systems Security Awareness Training are provided to all employees and contractors of SOL.

• What auditing measures and technical safeguards are in place to prevent misuse of data?
  Within the WMS there are specific user roles (groups) defined which provide varying levels of access to data stored in the WMS. Functions are divided among different individuals based on the role they play on a matter. Users can only modify and view the matters to which they are assigned. Users can only modify and view their own time entry records.
  Auditing functionality exists within the WMS to allow for specific user actions, to be recorded in an audit log and backed up for a specified period of time. Information stored includes: type of audit event, date and time audit event occurred, User ID, command used to initiate the audit event, success or failure of audit event and event result. All audited transactions within the WMS are written to a separate audit log table within the WMS database. The electronic audit log is protected from viewing by unauthorized users.

• Privacy Impact Analysis
  PII stored on the WMS is limited to information necessary for the Agency to carry out its duties and is well protected by numerous NIST SP 800-53 security controls (i.e. Access Control, Audit and Accountability, Identification and Authentication, System Communication Protection). There is no direct connection between the WMS and the Internet. The WMS does not interface with any other systems except its host system, the ECN/DCN and MSHA GSS. PII may be shared with DOL program agencies through operational reporting of a specific matter.
  Privacy risks associated with the technical access safeguards for information are mitigated through the following NIST SP 800-53 controls:

• Technical Class Controls
• Access Control (AC):
• Account Management
• Access Enforcement
• Separation of Duties
• Least Privilege
• Unsuccessful Login Attempts
• System Use Notification
• Session Lock
• Supervision and Review –Access
• Audit and Accountability (AU):
• Auditable Events
• Content of Audit Records
• Audit Monitoring, Analysis, and Reporting
• Identification and Authentication:
• Authenticator Management
• System and Communications Protection (SC):
• Boundary Protection
• Transmission Integrity
• Transmission Confidentiality

---

Technology

The following questions are directed at critically analyzing the selection process for any technologies utilized by the system, including system hardware, RFID, biometrics, and other technology.

• What stage of development is the system in, and what project development life cycle was used?
  WMS is in the Operations and Maintenance Phase. The project development life cycle used is the DOL Systems Development Life Cycle Management Guide.

• Does the project employ technology which may raise privacy concerns? If so please discuss their implementation?
  No.
  

---

Determination

As a result of performing the PIA, what choices has the agency made regarding the information technology system and collection of information?

SOL has completed the PIA for WMS which is currently in operation. SOL has determined that the safeguards and controls for this moderate system adequately protect the information referenced.

SOL has determined that it is collecting the minimum necessary information for the proper performance of a documented agency function.