Veterans' Employment Training Service-100 (VETS-100)

EXECUTIVE SUMMARY REPORT

INTRODUCTION TO THE PIA

Purpose

The assessment was performed to ensure Veterans' Employment and Training Services' compliance with the Privacy Act of 1974 and other legislation requirements. The guidelines include E-Government Act of 2002, Office of Management and Budget (OMB) Circular A-130, the Management of Federal Information Resources and Circular A-11. As mandated by the Department each agency must assess their policies and systems against the Privacy Impact Methodology developed by the Department.

Scope

System Name: VETS-100 Information System (VIS)

System Title: Veterans' Employment Training Service-100 (VETS-100) Information Management System (IMS)

System Owner: Veterans Employment and Training Services

The VETS-100 IMS is operational and has held production status since May 1997. The system underwent a system migration to Microsoft Access 2002 in March 2003. The system security requirements are reviewed by the security staff to evaluate security modifications if necessary.

General Description

The purpose of the VIS is to establish an effective automated process of collecting, reporting, and compiling VETS-100 data submitted by Federal contractors and subcontractors. VIS is used to manage and validate information on federal contractors that comply with the VETS-100 reporting requirements on an annual basis. The VETS-100 system, receives, and processes VETS-100 reporting data that is provided by Federal contractors and subcontractors. The VETS-100 system is comprised of two databases and a web-based data reporting service. The primary database, located in Alexandria, VA, is where all VETS-100 reporting data is stored on the server. The secondary database, also located in Arlington, VA, serves as a data retrieval point during instances of system crashes, natural disasters, etc.

The web-based data reporting service allows submission and verification of federal contractors and subcontractors employee veteran status information. Information received by both the primary database, via hardcopy and disk and the web-based reporting service, via the web, are shared and exchanged by the use of the File Transfer Protocol.The USERRA IMS is a standalone application connected via a dedicated connection to the Internet and using the TCP/IP protocol stack.

System Interconnection/Information Sharing

The VIS is not interconnected with any other systems or applications and a Memorandum of Understanding or Memorandum of Agreement should not be required.

Approach

VETS approached the PIA by first reviewing in detail the Privacy Act of 1974, E-Government Act of 2002, the Office of Management and Budget Circular A-130 and the Management of Federal Information Resources and Circular A-11. VETS then reviewed its current security documents and procedures and compared them to the guidance provided in the above mentioned documents. VETS then went through the PIA questionnaire answering the questions and determining risk.

Results

Upon review of the documentation and after completing the PIA Questionnaire it was determined that the VETS-100 does not collect PII information and is therefore not subject to the following mandates or ACTS:

• Privacy Act of 1974 and other legislation requirements.
• The guidelines include E-Government Act of 2002,
• Office of Management and Budget (OMB) Circular A-130
• Management of Federal Information Resources
• and Circular A-11

Summary

The VETS-100 does not collect privacy act information or PII and is therefore not required to satisfy the guidelines described in the following documentation:

• Privacy Act of 1974 and other legislation requirements.
• The guidelines include E-Government Act of 2002,
• Office of Management and Budget (OMB) Circular A-130
• Management of Federal Information Resources
• and Circular A-11

VETS will take no mitigating actions as there are no associated risks with privacy information data on the VETS-100 system. Attached is the PIA Questionnaire that was used to determine if there were any risks to public information associated with the data captured by the VETS-100 as well to determine if the data being collected qualified as PII.