USERRA and Veterans' Preference Complaints Submission System (UVPCSS)

EXECUTIVE SUMMARY REPORT

INTRODUCTION TO THE PIA

Purpose

The assessment was performed to ensure Veterans' Employment and Training Services' compliance with the Privacy Act of 1974 and other legislation requirements. The guidelines include E-Government Act of 2002, Office of Management and Budget (OMB) Circular A-130, the Management of Federal Information Resources and Circular A-11. As mandated by the Department each agency must assess their policies and systems against the Privacy Impact Methodology developed by the Department.

Scope

System Name: UVPCSS (DOL-VETS-OAMB-M-003)

System Title: USERRA and Veterans' Preference Complaints Submission System

System Owner: Veterans Employment and Training Services

The USERRA and Veterans' Preference Complaint Submission System (UVPCSS) is in the implementation phase of the SDLC. The system is schedule to go live on or about November 8, 2004. As this is a new system enhancement are expected to occur. For purposes of this document we can assume that the current version will not be the final release.

General Description

System Interconnection/Information Sharing

The USERRA IMS is a standalone application connected via a dedicated connection to the Internet and using the TCP/IP protocol stack.

The USERRA system is an independent/standalone system and does not depend on sharing data with any other systems.

The USERRA IMS is operational and has held production status since October 1, 1996. The system is routinely evaluated to determine what upgrades or service pack(s) may be needed.

General Description of Sensitivity

The USERRA and Veterans' Preference Complaints Submission System (UVPCSS) is a Web-based information management system designed and developed by VETS and OASAM/ITC.

UVPCSS provides the U.S. veterans with an on-line system to submit USERRA or Veteran's Preference claims electronically to VETS office. UVPCSS also allows VETS investigators to review the claim on-line and transfer the case to a VETS existing system, USERRA IMS, for case creation, tracking, and management.

The use of UVPCSS advances the goals of the E-Government initiative, by providing accessible electronic services for veterans to file claims through the Internet.

Information being collected from the system includes:

• Personnel information:
• General, not personally identifiable, personnel information.
• Personnel information subject to the Privacy Act. The security measures applicable to the Privacy Act System of Records have been applied

The USERRA IMS sensitivity is primarily focused on the confidentiality of the case data, which has a high sensitivity. Certain categories of personal information reflected in the USERRA IMS regarding individual claimants, employers, and others involved in particular USERRA cases must remain confidential under the Privacy Act.

Approach

VETS approached the PIA by first reviewing in detail the Privacy Act of 1974, E-Government Act of 2002, the Office of Management and Budget Circular A-130 and the Management of Federal Information Resources and Circular A-11. VETS then reviewed its current security documents and procedures and compared them to the guidance provided in the above mentioned documents. VETS then went through the PIA questionnaire answering the questions and determining risk.

Results

The results of the PIA are favorable. VETS has met the requirements outlined in the above mentioned documents. VETS has in place the following requirements:

• PARN posting
• Does not share PII with other sources
• VETS users are the only users of the data
• Data submitted by the user becomes Read Only and is only accessible via the user id and password established by the user.

Summary

VETS is compliant with the Privacy Impact Methodology Guidance provided by the OCIO. VETS' UVPCSS security and policies satisfy the requirements outlined in the following documents:

• Privacy Act of 1974 and other legislation requirements.
• The guidelines include E-Government Act of 2002,
• Office of Management and Budget (OMB) Circular A-130
• Management of Federal Information Resources
• and Circular A-11

Because VETS has satisfied these requirements no mitigating actions are required. Attached is the PIA Questionnaire that was used to determine if there were any risks to public information associated with the data captured by USERRA IMS.