Skip to page content
Office of the Chief Information Officer
Bookmark and Share

Privacy Impact Assessment Questionnaire

BLS – National Longitudinal Survey (NLS) FY13

Overview

The U.S. Department of Labor, Bureau of Labor Statistics sponsors the National Longitudinal Survey (NLS) program to obtain information about how people respond to changes in the broader economy and how they make transitions through various stages of their lives. The NLS program currently includes three ongoing surveys, the National Longitudinal Survey of Youth 1979 (NLSY79), the NLSY79 Child and Young Adult Survey, and the National Longitudinal Survey of Youth 1997 (NLSY97).

The NLSY79 consists of a nationally representative sample of nearly 10,000 men and women who were born in the years 1957 to 1964 and living in the United States when the survey sample was selected in 1978. These respondents were ages 14 to 22 when first interviewed in 1979. The survey provides information on work and non-work experiences, training, schooling, income and assets, health conditions, and other characteristics.

The NLSY79 Child and Young Adult Survey is a survey of all children born to NLSY79 female respondents. The size of the NLSY79 child sample depends on the number of children born to female NLSY79 respondents, attrition over time, and the gradual aging of the children into the young adult sample. The size of the young adult sample depends on the number of children who reach age 15 in each survey round. The survey includes assessments of each child as well as additional demographic and development information collected from either the mother or child. For children aged 10 and older, information has been collected biennially since 1988 on a variety of factors including child-parent interaction, attitudes toward schooling, dating and friendship patterns, religious attendance, health, substance use, and home responsibilities. Since 1994, children ages 15 and older complete an interview modeled on the NLSY79 questionnaire.

The NLSY97 consists of a nationally representative sample of nearly 9,000 youths who were born in the years 1980 to 1984. These youths were ages 12 to 16 as of December 31, 1996. The first round of annual interviews took place in 1997. The survey provides information on employment experiences, schooling, family background, social behavior, and other characteristics.

Regular press releases of findings from the surveys occur to accompany the release of data from each round of data collection. The NLSY97 is conducted annually. The NLSY79 was conducted annually from 1979 to 1994 and has been conducted biennially since 1994. Data from each round of data collection are available to the public about 12 months after the end of fielding.

The NLS data include PII such as Social Security number, name, and address. Due to the existence of PII in NLS data, there are various legal statutes, such as the Confidential Information Protection and Statistical Efficiency Act of 2002 and the Privacy Act of 1974 that protect the data. The NLS data are collected under the following pledge of confidentiality:

  • We want to reassure you that your confidentiality is protected by law. In accordance with the Confidential Information Protection and Statistical Efficiency Act of 2002, the Privacy Act, and other applicable Federal laws, the Bureau of Labor Statistics, its employees and agents, will, to the full extent permitted by law, use the information you provide for statistical purposes only, will hold your responses in confidence, and will not disclose them in identifiable form without your informed consent. All the employees who work on the survey at the Bureau of Labor Statistics and its contractors must sign a document agreeing to protect the confidentiality of your data. In fact, only a few people have access to information about your identity because they need that information to carry out their job duties.
  • Some of your answers will be made available to researchers at the Bureau of Labor Statistics and other government agencies, universities, and private research organizations through publicly available data files. These publicly available files contain no personal identifiers, such as names, addresses, Social Security numbers, and places of work, and exclude any information about the States, counties, metropolitan areas, and other, more detailed geographic locations in which survey participants live, making it much more difficult to figure out the identities of participants. Some researchers are granted special access to data files that include geographic information, but only after those researchers go through a thorough application process at the Bureau of Labor Statistics. Those authorized researchers must sign a written agreement making them official agents of the Bureau of Labor Statistics and requiring them to protect the confidentiality of survey participants. Those researchers are never provided with the personal identities of participants. The National Archives and Records Administration and the General Services Administration may receive copies of survey data and materials because those agencies are responsible for storing the Nation's historical documents.

Parties Involved in the NLS

NLS Program Office:

The NLS program is managed by the Office of Employment and Unemployment Statistics, Employment Research and Program Development staff. The principal responsibilities of the NLS office are to oversee the collection of the NLS; make the NLS data broadly available to the research community, including administering the Geocode data program; and provide research to the BLS. To perform these responsibilities, a significant portion of the collection, distribution, and records management of the NLS is performed under a contract with the National Opinion Research Center at the University of Chicago, who subcontracts with the Center for Human Resource Research (CHRR) at Ohio State University.

National Opinion Research Center at the University of Chicago (NORC):

NORC is a non-profit organization founded in Colorado in 1913. NORC has been located in Chicago since 1947. Although based at and associated with the University of Chicago, NORC is a separate non-profit organization. NORC conducts the interviews with NLS respondents. To perform its data collection responsibilities, NORC has interviewers throughout the U.S. working on the NLS collection. Additionally, NORC participates in the questionnaire design and stores BLS data from previous rounds of the NLS.

The Ohio State University, Center for Human Resource Research (CHRR):

Part of the College of Social and Behavior Sciences at the Ohio State University, CHRR's mission is to study contemporary problems related to developing and conserving human resources. As a NORC subcontractors, CHRR develops the questionnaire, programs the survey instrument, processes and cleans the BLS data, and maintains the BLS database storing NLS microdata. CHRR also produces and distributes the public-use files and the restricted-access Geocode and census tract/zip code files.

Production of the NLS:

CHRR was awarded the first contract to administer the National Longitudinal Surveys in the mid 1960's. The first surveys were conducted in 1966, and the NLS program has since advanced greatly in regards to collection, distribution, and technology. The NLS came under the auspices of BLS in 1986. Each contract covers specific rounds of the surveys. Each round has a three year production cycle. The current NLS contract runs from 2011-2015 and covers rounds 15-16 of the NLSY97 and rounds 25-26 of the NLSY79.

To facilitate data collection, CHRR was tasked with designing the computer-assisted personal interview (CAPI)/computer-assisted telephone interview (CATI) collection system. This BLS-owned database serves to collect, sort, and house data from various NLS rounds. CHRR employees maintain the database, code collected data for input into the system, make the public-use data files available on the Internet, and distribute the Geocode files to BLS-approved researchers.

CHRR and NORC communicate through automated processes, over a secure file transfer protocol (SFTP) connection that allows NORC data collectors in the field to securely transmit completed interviews into a database for further processing and to retrieve new survey assignments. The data transmissions are batched twice daily over this encrypted connection.

NORC employees utilize personal and telephone interviews, as well as Voice Over Internet technology (VOIP) to collect the NLS data. PII are included in the file when it is transmitted to CHRR for further processing.

CHRR archivists retrieve the daily data transmissions and analyze and code the data. Archivists categorize the data into the appropriate format and develop the various forms of usable data, such as the public-use and Geocode data files. The Geocode data are recorded onto CDs for distribution to BLS-authorized agents who will use the data for statistical research purposes. The public-use data are posted to an NLS web site maintained by CHRR. The public-use files are regularly examined to ensure that respondent identities cannot be inferred when the NLS data are used in combination with the other data sources.

NORC stays in communication with CHRR and the BLS on a daily basis to determine any necessary updates to questionnaires and to the NLS data collection and production processes. The BLS has the final determination on all procedures and processes in accordance with the BLS contracts.

The following components are included in this system:

  • OSH Sample Selection System
  • OSHSUM (Summary) Estimation System
  • OSH Confidentiality System
  • Case and Demographic Characteristics (Case and Demo) Estimation System
  • CFOI Collection System
  • CFOISUM tabulation system
  • Profiles System

The OSHS system does not connect directly to any other systems, except the internal BLS Local Area Network (LAN).


Characterization of the Information

The following questions are intended to define the scope of the information requested and/or collected as well as reasons for its collection as part of the program, system, or technology being developed.

Specify whether the system collects personally identifiable information (PII) on DOL employees, other federal employees, contractors, members of the public (U.S. citizens), foreign citizens, or minor children.

System collects name, email address and optionally a phone number when members of the public choose to be contacted by BLS staff for receiving statistical data, analysis and administrative data if appropriate.

What are the sources of the PII in the information system?

Public provides BLS staff contact information should they wish to be contacted by BLS staff in the future. For example, to furnish an information request that cannot be completed immediately.

What is the PII being collected, used,disseminated, or maintained?

Name, email and optionally phone and business address.

How is the PII collected?

Public contacting BLS staff are offered the opportunity to provide return contact information (name, email, phone) if they wish to be contacted in the future to receive related statistical data or analyses similar to present reason they contacted BLS.

How will the information be checked for accuracy?

The information is not checked for accuracy.

What specific legal authorities, arrangements, and/or agreements defined the collection of information?

29 U.S.C. § 2, Collection, Collation, and Reports of Labor Statistics

Privacy Impact Analysis

The PII is stored in a database behind the BLS public firewall. Individuals may request to see their contact information by contacting BLS staff.  No further action needs to be taken to ensure PII security.


Uses of the PII

The following questions are intended to clearly delineate the use of information and the accuracy of the data being used.

Describe all the uses of the PII

The information collected is used as necessary to respond to customer inquiries. If the customer requests to be placed on an email notification list, the email address will be used for that purpose.

What types of tools are used to analyze data and what type of data may be produced?

BLS uses standard reports that analyze information requests available in the Customer Information System. Reports contain aggregated information, not PII data.

Will the system derive new data, or create previously unavailable data, about an individual through aggregation of the collected information?

No.

If the system uses commercial or publicly available data, please explain why and how it is used.

Not applicable.

Privacy Impact Analysis

No further action needs to be taken to ensure PII security.


Retention

The following questions are intended to outline how long information will be retained after the initial collection.

How long is information retained in the system?

Email addresses remain on mailing lists until the customer requests to be removed, or when the email bounces back.  Other PII is deleted from the database 90 days after the customer’s last date of inquiry.

Has the retention schedule been approved by the DOL agency records officer and the National Archives and Records Administration (NARA)?

Yes.

What efforts are being made to eliminate or reduce PII that is collected, stored or maintained by the system if it is no longer required?

Please see answer above.

How is it determined that PII is no longer required?   

Please see answer above.

Privacy Impact Analysis

There are no risks associated with having name, email address and, optionally, phone number stored in the systems being retained as long as the associated email is a valid entry. Once the email becomes invalid, the system will purge the information according to system rules. There is a moderate risk of unauthorized disclosure due to failure to encrypt backup data / media. The system uses an external storage device that is backed up for disaster recovery purposes. The backups contain the PII stored on the system in an unencrypted format that makes the PII vulnerable to unauthorized access if the backup media is not properly safeguarded.


Internal Sharing and Disclosure

The following questions are intended to define the scope of sharing within the Department of Labor.

With which internal organization(s) is the PII shared, what information is shared, and for what purpose?

PII is not shared outside the agency except for aggregated metrics (e.g., number of inquirers).

How is the PII transmitted or disclosed?

Not applicable -- PII is neither disclosed nor transmitted

Privacy Impact Analysis

Not applicable and hence no further action needs to be taken to ensure PII security.


Internal Sharing and Disclosure

The following questions are intended to define the scope of sharing within the Department of Labor.

With which internal organization(s) is the PII shared, what information is shared, and for what purpose?

PII is not shared outside the agency except for aggregated metrics (e.g., number of inquirers).

How is the PII transmitted or disclosed?

Not applicable -- PII is neither disclosed nor transmitted

Privacy Impact Analysis

Not applicable and hence no further action needs to be taken to ensure PII security.


External Sharing and Disclosure

The following questions are intended to define the content, scope, and authority for information sharing external to DOL which includes federal, state and local government, and the private sector.

With which external organization(s) is the PII shared, what information is shared, and for what purpose?

Disclosure may also be necessary with the Department of Justice (DOJ) and the Office of Special Counsel (OSC) when complaints have proceeded to an advanced stage. Both agencies are responsible for the litigation of meritorious claims. Also, disclosure is necessary with the Employer Support of the Guard and Reserve (ESGR) for verifying claimants/claims processed within their system.

Is the sharing of PII outside the Department compatible with the original collection?

If so, is it covered by an appropriate routine use in a SORN? If so, please describe. If not, please describe under what legal mechanism the program or system is allowed to share the PII outside of DOL.

System of Records Notice (Privacy Act Systems - DOL/VETS-1 and DOL/VETS-2)

How is the information shared outside the Department and what security measures safeguard its transmission?

DOJ and OSC receive only hardcopy case records. Both agencies have electronic access to VIPER for documenting case status and to review electronic records. ESGR access the information electronically through VIPERS.

Privacy Impact Analysis

Sharing of information outside of DOL can potentially expose PII to unauthorized individuals. To prevent risk, all non-DOL users of VIPERS must request VETS' Chief of Investigations approval for application access; annually agree to the Rules of Behavior, maintain an active account, and have a strong password. Non-DOL Federal employees are required to advise the Chief of Investigations when an authorized user is not assigned investigative responsibilities or no longer employed.


Notice

The following questions are directed at notice to the individual of the scope of PII collected, the right to consent to uses of said information, and the right to decline to provide information.

Was notice provided to the individual prior to collection of PII?

Yes, privacy notice is provided verbally to customers who inquire by telephone or in email for those who inquire by email.

Do individuals have the opportunity and/or right to decline to provide information?

Yes

Do individuals have the right to consent to particular uses of the information? If so, how does the individual exercise the right?

No. The posted privacy policy stipulates that BLS is authorized to request this information under 5 United States Code (USC) section 301. Furnishing the information on this form is voluntary; however, BLS may not be able to register you for the subscription service if you fail to do so. Any disclosure of the information on this form is in accordance with the routine uses found in the Privacy Act System of Records Notice (SORN) DOL/BLS-19.

Privacy Impact Analysis

LABSTAT (and BLS) provide both privacy notice and privacy and security statement directly to the individual. No further action needs to be taken to ensure PII security.


Access, Redress, and Correction

The following questions are directed at an individual’s ability to ensure the accuracy of the information collected about them.

What are the procedures that allow individuals to gain access to their information?

Individuals would need to contact BLS to gain access to their information.

What are the procedures for correcting inaccurate or erroneous information?

There is no process to determine whether the name or email address is correct or inaccurate.

How are individuals notified of the procedures for correcting their information?

There is no mechanism of notification.

If no formal redress is provided, what alternatives are available to the individual?

Individuals seeking to change their information such as email address contact the office that manages the email lists to which they subscribe.

Privacy Impact Analysis

LABSTAT (and BLS) provide both privacy notice and privacy and security statement verbally and/or in email communications. No further action needs to be taken to ensure PII security.


Technical Access and Security

The following questions are intended to describe technical safeguards and security measures.

What procedures are in place to determine which users may access the system and are they documented?

Only persons with significant information services responsibilities have access to PII stored by the system.

Will Department contractors have access to the system?

Yes, contractors that have successfully passed background investigations.

Describe what privacy training is provided to users, either generally or specifically relevant to the program or system?

All BLS persons with the ability to access the PII, including contractors, are required to complete annual mandatory Security and Confidentiality training. These persons are also required to complete additional security training in their capacity as persons with significant security responsibilities.

What auditing measures and technical safeguards are in place to prevent misuse of data?

Systems logs are reviewed periodically to ensure only authorized persons access information.

Privacy Impact Analysis

PII is available to System Administrators. Review of system logs (that which audit the auditors) can be used to mitigate this risk.

 


Technology

The following questions are directed at critically analyzing the selection process for any technologies utilized by the system, including system hardware, RFID, biometrics, and other technology.

What stage of development is the system in, and what project development life cycle was used?

System is in maintenance phase. Standard Software development methodology was employed in introducing the system for use.

Does the project employ technology which may raise privacy concerns? If so please discuss their implementation?

Yes

The system is connected to network attached storage that is backed up on a regular schedule for disaster recovery purposes. The backup data is stored on media in an unencrypted state. OMB 06-16 requires PII stored remotely or on removal media be encrypted. The PII data is at moderate risk of unauthorized disclosure if  backup media is not properly safeguarded.


Determination

As a result of performing the PIA, what choices has the agency made regarding the information technology system and collection of information?

Bureau of Labor Statistics (BLS) has completed the PIA for LABSTAT which is currently in operation. BLS has determined that the safeguards and controls for this Moderate system adequately protect the information.

BLS has determined that it is collecting the minimum necessary information for the proper performance of a documented agency function.