Skip to page content
Office of the Chief Information Officer
Bookmark and Share

Privacy Impact Assessment Questionnaire

Enterprise Business Support System (EBSS) — FY 2013

Overview

The Enterprise Business Support System (EBSS) is an Employment and Training Administration (ETA) Major Information System. EBSS is a Major Application that consists of multiple individual modules that generate management reports for ETA. A PIA is being conducted because EBSS stores personally identifiable information (PII). Enterprise Business Support System (EBSS) is an Employment and Training Administration (ETA) Major Information System. EBSS is a Major Application that consists of multiple individual modules that generate management reports for ETA. A PIA is being conducted because EBSS stores personally identifiable information (PII).

The first components of EBSS were developed in mid 1998 and have been operational since then. EBSS is a Major Application (MA) that consists of multiple individual applications (known as modules) that collect grantee performance data and generate management reports on ETA programs. EBSS has an Oracle Relational Database Management System (RDBMS) backend and provides both internal and external web-enabled user interface which is front-end accessible by ETA headquarters' intranet, regional locations nationwide, grantees, and registered users nationally.

For ETA, EBSS is a management tool that assists with the review and analysis of program data. EBSS enables ETA to review data submitted by grantees and generate management reports (e.g., delinquency, aggregate, projections, etc.). A business intelligence and data warehouse component is under development to generate these management reports and to display them as a series of charts, graphs and tables accessible to ETA users from the Active Desktop after logging in from the General Support System (GSS). Information is first displayed at a national level, with a “drill down” capacity to show regional, state, and then grantee level data.

EBSS applications share a networked computer infrastructure and have a common Oracle back-end for data storage and retrieval. They share a common single logon application that verifies users and routes them to application areas based on pre-set role definitions. Table schemas are normalized so that common data elements that are entered or updated in one application will be accessible within other applications.

EBSS comprises the following modules:

  • Common Reporting and Wage Records Information Services (CRIS/WRIS)

CRIS/WRIS presents the common performance reporting measures from multiple programs.

  • Computer Assisted Labor Market Analysis System (CALMAS)

CALMAS is a web-enabled system that accepts unemployment data from the Bureau of Labor and Statistics and generates a report on the labor surplus areas throughout the country.

  • Data Warehouse and the Data Management Reporting System (DMRS)

DMRS collects and maintains program performance and participant information.

  • Data Validation and Reporting System (DVRS)

DOL-ETA is responsible for the management and oversight of the Workforce Investment Act (WIA) programs. In order to promote effective oversight and accountability for the programs as required under WIA and various department notices, the ETA developed and deployed the Data Reporting and Validation System (DRVS) to support grantee and department reporting requirements. The DRVS provides data validation, reporting, and submission support functionality. The core reporting functions supported by the application include the generation of WIS Standardized Record Data (WIASRD) records, ETA 900 report, ETA 9091 report, WIA Annual report, 9002 (all) reports, and Veterans Employment and Training Service (VETS) 2000 Performance Measures. DRVS reduces paperwork, improves data quality, and helps to ensure data integrity.

  • Division of Trade Adjustment Assistance MIS (DTAA MIS)

The TAA website provides an Online Petition application in a user-friendly process for TAA customers, and addresses additional functionality identified by Congress.

  • E-Data Reporting and Validation System (E-DRVS)

Provides report validation and data element validation for the Workforce Investment Act (WIA) program. This software allows the states to review and validate their WIA reporting data before final submission to the National Office (NO).

  • Enhanced Transitional Jobs Demonstration (ETJD)

The Office of Workforce Investment, Division of Youth Services, has requested that OIST develop a new subsystem within EBSS in support of a new initiative called Enhanced Transitional Jobs Demonstration (ETJD). This new subsystem will be modeled off an existing EBSS application called the Prisoner Reentry Initiative (PRI), which supports the Reintegration of Ex-Offenders program. Much of the existing code logic for the PRI subsystem will be reused as about 60 – 65% of the existing logic and data elements will be the same. The new subsystem will also serve non-custodial parents and will need to create additional demographic and outcome sections related specifically to that population. Enhance workflow programming will be needed to track these outcomes and an extra “tab” section tracking the subsidized job portion of the project will need to be added. The database will be modified to add new data elements and to remove those that do not carry over from the PRI database. Some screens will be redesigned and modified to reflect changes in the database and new screens will need to be developed. The new system will have to pass three testing levels to include unit testing; OIST quality control testing; and final user acceptance testing. Design and development will follow a strict Systems Development Lifecycle Methodology (SDLCM). Finally, security will need to perform a partial certification and acceptance of the system before it is put into production and EBSS security documents will be updated to reflect the additional subsystem.

  • Green Jobs Recovery Act Data (GRAD)

The Department of Labor's Employment and Training Administration's (ETA) Business Relations Group (BRG) focuses grant opportunities on high growth, high demand industries. The Recovery Act Data (RAD) system and its Green Jobs Initiative is a large focus of that effort. RAD, an EBSS sub-system, manages participant data resulting from Green Jobs recovery act funds activities. This case management system supports the collection and reporting of individual participant data and quarterly outcomes. BRG is providing a new grant source from the Green Jobs Innovation Fund (GJIF). The tracking of these participants can utilize 98% of the existing RAD system and only require a few minor adjustments to data elements to accurately capture and report on those outcomes. Additionally, there are some other functional enhancements requested that should also apply to the RAD system. The main objectives are to make the application extensible to provide a GRAD system for managing the participants of the GJIF grants. Other objectives include the addition of functionality for GRAD and the RAD system. Maintenance activities in support of the current RAD system will be continued under this engagement. In addition, technical support assistance will be provided to RAD and GRAD system users along with training for significant changes or modifications to both systems.

  • High Growth and Community Based Job Training and Performance Reporting (HGJTP)

This system accepts program participant data for the high growth industry/community based grant and technology based grant programs and provides reporting.

  • Indian/Native American Program (INAP) Performance Reporting

INAP is a web-enabled system that manages program performance data for the Indian and Native American program participants.

  • Job Corp Financial Accounting System (JFAS)

JFAS is an internal budget and cost reporting/tracking system which manages the Annual Advance Procurement Plan (AAPP), contract history, and Financial Operating Plan changes for the Job Corps Budget Office.

  • Labor Exchange Agricultural Reporting System (LEARS)

A web-enabled application that supports the collection, certification, and assessment of services to migrant and seasonal farm workers data submitted by the State Employment Security Agencies (SESAs). The system is composed of two components: Internal and external. For external users, the system supports the electronic submission of services to migrant and seasonal farm workers data by the States. For internal users, the system enables users to retrieve, review, and assess the data submitted by SESAs.

  • Labor Exchange (Pers9002/VETS200) Reporting System (LERS)

LERS is a web-enabled application that automates the submission and review of LERS 9002 A, 9002 B, 9002 C, 9002 D, and 9002 E reports and VETS 200 A, B, and C reports.

  • National Farm Worker Jobs Program (NFJP) Performance Reporting

A web-enabled system that manages program performance data for the program participants of services designed for farm workers.

  • Office of Disability and Employment Program (ODEP)

A web-enabled system that manages program performance data for the program participants of services designed for those with disabilities.

  • Re-integration of Ex-Offenders (ReXO) Case Management and Reporting System

The Re-integration of Ex-Offenders (ReXO) Case Management and Reporting System seeks to strengthen urban communities characterized by large numbers of returning prisoners through an employment-centered program that incorporates mentoring, job training, and other comprehensive transitional services. This program, which involves several Federal agencies, is designed to reduce recidivism by helping inmates find work when they return to their communities, as part of an effort to build a life in the community for everyone.

  • Recovery Act Data (RAD)

Business Relations Group/Green Recovery Act Data: The Department of Labor's Employment and Training Administration's (ETA) Business Relations Group (BRG) focuses grant opportunities on high growth, high demand industries. The Recovery Act Data (RAD) system and its Green Jobs Initiative is a large focus of that effort. RAD, an EBSS sub-system, manages participant data resulting from Green Jobs recovery act funds activities. This case management system supports the collection and reporting of individual participant data and quarterly outcomes. BRG is providing a new grant source from the Green Jobs Innovation Fund (GJIF). The tracking of these participants can utilize 98% of the existing RAD system and only require a few minor adjustments to data elements to accurately capture and report on those outcomes. Additionally, there are some other functional enhancements requested that should also apply to the RAD system.

  • Rapid Response (RR)

RR is an on-line system that allows States to inform the NO of projected closings or lay-offs, as well as reporting the estimated impact, duration, and severity of those closings.

  • Registered Apprenticeship Partners Information Data System (RAPIDS)

DOL-ETA's Office of Apprenticeship (OA) is the registration authority for the National Registered Apprenticeship System. The Federal staffs use the Registered Apprenticeship Partners Data Information System (RAPIDS) to provide leadership, guidance, and technical support to employers, sponsors, and workers who are interested in developing apprenticeship programs and oversight of the apprenticeship activities among the 50 state apprentice agencies. The main objectives are to make the application more maintainable, while providing consistent behavior and quality of data. Other objectives include the addition of functionality to meet OA, ETA, and DOL requirements such as in the areas of supporting multi-level occupations, more flexible reporting, more printer friendliness, 508c usability, and security. Maintenance activities in support of the current system will be continued under this engagement. In addition, technical support assistance will be provided to RAPIDS system users along with training for significant changes or modifications to RAPIDS sponsors to register and manage apprentices in programs they sponsor.

  • SCSEP Performance and Results QPR System (SPARQ)

SCSEP, funded under Title V of the Older Americans Act, serves people with low incomes who are fifty-five years old or older and have poor employment prospects. Services provided include community service based job training and related educational opportunities, and opportunities for placement into unsubsidized jobs. The SCSEP program provides project sponsors, grantees, and sub-grantees with detailed information regarding the requirements necessary for periodic validation of participant's data captured by the SPARQ system, and generation of error rate reports for each data element validated. These reports are used by DOL to determine the accuracy of the data elements used to 1) calculate the QPRs and assess the performance of individual project sponsors, 2) evaluate the effectiveness of the overall program on a nationwide basis, and 3) keep the public informed as to the accomplishments of the program.

  • SESA Real Property

SESA tracks and reports federal equity in real property purchased or improved by grantees with grant money.

  • Training Adjustment Assistance Community College and Career Training (TAACCCT)

The TAACCCT program offers community colleges and other eligible institutions of higher education with funds to expand and improve their ability to deliver education and career training programs that can be completed in two years or less, is suited for workers who are eligible for training under the TAA for Workers program, and prepares program participants for employment in high-wage, high-skill occupations. The system will store aggregate data from grantees for internal and external analysis to determine the effectiveness of the grantee's program implementation. In more detail, it will support consistent collection of aggregate data, reporting and outcome information and to provide Grantees the ability to submit quarterly and annual performance reports (QPR/APR) to the Department. These reports are performance snapshots of the collected aggregate data that the department will use to fulfill the program's internal and Report-to-Congress requirements.

  • Trade Act On-line Petitions

As mentioned under DTAA MIS, petitions are filed electronically via TAA website to allow petitioners the opportunity to submit applications/file for assistance online.

  • Trade Act Participant Records (TAPR)

The TAPR application website provides assistance to individuals who have become unemployed as a result of increased imports from, or shifts in production to foreign countries. TAPR automates the data submission procedure for production of Trade Act Participant Report as well as providing a central repository for reviewing this information.

  • Title XII Tracking System

The Title XII allows states to apply for Title XII loans for NO to process applications.

  • Veterans' Employment & Training Services Operational & Programs Activity Report (VOPAR)

VOPAR is a web-enabled system that collects aggregate program data on VETS services for reporting.

  • Veterans Retraining and Assistance Program (VRAP)

The purpose of the Veterans Retraining and Assistance Program (VRAP) subsystem project is to support the Veterans Opportunity to Work (VOW) to Hire Heroes Act. The VRAP system goal is to provide tracking and reporting of participants enrolled in the Veterans Retraining and Assistance Program. The advantages gained by the implementation of the VRAP system include:

  • Ability for states to get weekly list of program graduates to satisfy the legislative requirement of DOL contacting them within 30 days of graduation or completion of training, as well as those participants who have not completed training or who have been terminated,
  • Ability for DOL to perform outreach via email to all participants to enroll in DOL job placement programs, and
  • Ability for DOL to accurately and effectively count VRAP participation.
  • Automated Waivers System (WAIVERS)

The Waivers system receives, processes, and publishes waivers for statutes and regulations as mandated by Congress.

  • WIA Annual Reports (WIA-AR)

WIA-AR manages annual reports. Each state administering a grant under the WIA adult, dislocated worker, and youth programs is also required to submit annual (ETA Form 9091) reports containing information related to levels of participation and performance outcomes.

  • WIA Performance Reporting Quarterly (WIAPR)

WIAPR manages quarterly reports. Each state administering a grant under the WIA adult, dislocated worker, and youth programs is required to submit quarterly (ETA Form 9090) reports containing information related to levels of participation and performance outcomes.

  • WIA Standardized Record Data (WIASRD)

WIASRD manages file submissions and stores annually submitted files of individual records on all participants who exit the WIA programs.

  • Tax Credit Reporting System (WOTC/WtW)

WOTC/WtW automates the on-line submission of conditional certification information by state coordinators and helps regional/national coordinators assess the certification data submitted by the state coordinators so that they can better monitor and oversee the WOTC/WtW tax credit programs.

  • Youth Builds/Youth Offenders

In an effort to effectively oversee, implement, manage and report on the performance and financial activities funded by the Youth Build Grant Program, ETA's Office of Youth Services (OYS) worked with OIST to develop an automated application to capture its Youth Build business processes. The application provides advanced capabilities to support the business needs and procedures of the OYS and the Youth Build grantees. Specifically, the system allows grantees and sub-awardees to create, monitor, and update records of participants, grants, assessments, and activities. It also allows grantees to generate Quarterly Reports and follow-ups to performance data. This Youth Build MIS supports the collection of individual participant data, sub-grantee/sub-awardees' information, and grantee narrative information pertaining to the grant's goals/objectives, planned and actual progress, etc. It also provides the capability to generate aggregate level demographic data and narrative information into Quarterly Progress Reports. There is an internal component that allows the program office to review submitted reports, generate management and summary reports, and perform system administration functions. An additional module, supporting the Youth Offender grantees, is being added to the application.

  • National Performance Reporting System (NPRS)

This application provides National Office users with a select number of reports that can be generated and then loaded into EXCEL spreadsheets. These reports are generally roll-ups of quarterly performance data, by State, Region, or at a National level.
The legal authority to operate is under Section 303(a)(6) of the Social Security Act.

Introduction

EBSS is a collection of subsystems that provide automated support across various program offices for Employment and Training Administration (ETA). For ETA, EBSS is a management tool that assists with the review, analysis, and reporting of the data collected and/or submitted.

The following questions are intended to define the scope of the information requested and/or collected as well as reasons for its collection as part of the program, system, or technology being developed.
Specify whether the system collects personally identifiable information (PII) on DOL employees, other federal employees, contractors, members of the public (U.S. citizens), foreign citizens, or minor children.

EBSS collects personally identifiable information (PII) on members of the public who participate in the grant programs.

What are the sources of the PII in the information system?

Grantees collect PII from participants in the program.

What PII is collected, used, disseminated, or maintained?

  • Name
  • Date of birth
  • Social Security Number (SSN)
  • Mailing address
  • Phone number
  • Education records
  • Ethnic group
  • Wages
  • Veteran status
  • Sex

How is the PII collected?

Below is a brief description of how applicable modules collect PII:

  • DTAA MIS: Form ETA-9042A is faxed or mailed to DTAA by petitioners, and internal DTAA staffs enter the information.
  • SCSEP: Collects the SCSEP program participant data from the Grantees when they complete the ETA report forms.
  • PRI: Case Managers enter the data provided by the participants.
  • Youth Builds: Case managers enter the data provided by the participants.
  • BeneChoice: Case managers enter the data provided by the participants.
  • RAPIDS: Apprentice Training Representatives (ATR) enter the PII.
  • INAP: PII Case Managers enter the data provided by the participants.
  • HGJTP: Case Managers enter the data provided by the participants.
  • How will the PII be checked for accuracy?

As required by the Privacy Act of 1974, OMB 7-16, and NIST SP800-122, PII entering this system undergoes several integrity checks, as follows:

  • At the state level, where PII is initially collected, state-level staff review participant identification and validate all PII before entering it into the system.
  • EBSS performs range, type, and bounds checking on PII
  • DVRS validates PII and other data in the system, per description above
  • Each year, the Data Element Validation Report is produced. To produce this report, records are chosen at random and sent to the states for verification and correction when necessary
  • What specific legal authorities, arrangements, and/or agreements defined the collection of information?
    • Workforce Investment Act of (29 U.S.C. 2801 et seq.)
    • Section 303(a)(6) of the Social Security Act
    • FISMA
    • Privacy Act of 1974
    • OMB 7-16

Privacy Impact Analysis

The risk to privacy is inappropriate handling or disclosure of PII, especially SSNs. Access controls mitigate the risk that data will be compromised. In addition, the SSN column is encrypted to ensure the confidentiality of this data element.

Uses of PII

The following questions are intended to clearly delineate the use of information and the accuracy of the data being used.

Describe all the uses of the PII

The system collects SSNs for the Common Reporting Interchange System (CRIS). CRIS uses state and Federal Employment Data Exchange System (FEDES) and Wage Record Interchange System (WRIS) in generating reports. CRIS in turn provides common performance measures for the grant programs since the programs do not have the ability to collect the common measure outcomes, i.e. Entered Employment Rate, Retention Rate, and Average Earnings etc on their own.

What types of tools are used to analyze data and what type of data may be produced?

Not applicable. Tools are not used to analyze the data.

Will the system derive new data, or create previously unavailable data, about an individual through aggregation of the collected information?

EBSS does not derive new data through aggregation of collected information.

If the system uses commercial or publicly available data, please explain why and how it is used.

EBSS does not use publicly available data.

Privacy Impact Analysis

The following security controls have been implemented to prevent data from being compromised:-

  • Each grantee is assigned a unique Personal Identification number (PIN) and password.
  • Encryption is utilized to manage the secure transfer of the Standardized Participant Information Record Data file, which contains SSNs.
  • The page for the file upload has Secure Socket Layer (SSL) enabled.
  • Secure File Transfer protocol (S-FTP) is used to transfer files from ETA to Kansas. Kansas has as S-FTP server and DOL has the S-FTP client.

Retention

The following questions are intended to outline how long information will be retained after the initial collection.

How long is information retained in the system?

Records are maintained indefinitely to allow historical analysis.

Has the retention schedule been approved by the DOL agency records officer and the National Archives and Records Administration (NARA)?

The System Owner has approved the retention schedule but there is no contract/agreement with National Archives and Records Administration (NARA).

What efforts are being made to eliminate or reduce PII that is collected, stored or maintained by the system if it is no longer required?

Information about all personnel who have exited the program is collected and stored securely. The plan going forward is to limit information collection to two previous quarters only.

How is it determined that PII is no longer required?

n/a; PII is retained indefinitely, for the purpose of historical analysis.

Privacy Impact Analysis

Risks associated with the length of time data is retained include inadvertent disclosure of confidential information. These risks are mitigated by the implementation of the following controls:

  • Data are encrypted in the database
  • An audit trail is kept of attempts to decrypt the data

Internal Sharing and Disclosure

The following questions are intended to define the scope of sharing within the Department of Labor.

With which internal organization(s) is the PII shared, what information is shared, and for what purpose?

PII is not shared with internal organizations.

How is the PII transmitted or disclosed?

Not applicable.

Privacy Impact Analysis

Not applicable. There is no internal sharing of PII.

External Sharing and Disclosure

The following questions are intended to define the content, scope, and authority for information sharing external to DOL which includes federal, state and local government, and the private sector.

With which external organization(s) is the PII shared, what information is shared, and for what purpose?

Information is shared with CRIS through Kansas. EBSS provides SSNs to Kansas for processing by CRIS. CRIS provides common performance measures for grant programs that do not have the ability to collect common measure outcomes i.e. Entered Employment Rate, Retention Rate, and Average Earnings. Kansas does not return SSNs but rather aggregate data that cannot be attributed to a particular individual.

Is the sharing of PII outside the Department compatible with the original collection? If so, is it covered by an appropriate routine use in a SORN? If so, please describe. If not, please describe under what legal mechanism the program or system is allowed to share the PII outside of DOL.

Yes. Information collected is not altered prior to transmittal to Kansas. ETA has a Memorandum of Agreement with Kansas. In addition, SORNs for some EBSS modules have been published in the Federal Register.

How is the information shared outside the Department and what security measures safeguard its transmission?

Information is transmitted to Kansas for processing. The following security controls have been put in place:

  • Encryption is utilized to manage the secure transfer of the Standardized Participant Information Record Data file, which contains the SSNs.
  • The page for the file upload (for grantees) has Secure Socket Layer (SSL) enabled, but will not have third-party verification.
  • Secure File Transfer protocol (S-FTP) is used to transfer files from ETA to Kansas. Kansas has an S-FTP server and DOL has the S-FTP client.
  • Data returned by Kansas do not include SSNs.
  • Data are not returned by Kansas if there are fewer than 4 records.

Privacy Impact Analysis

Given the external sharing of data, ETA identified privacy risks to include inadvertent disclosure of confidential information. For that reason, ETA established an MOU with Kansas and also implemented various security controls as mentioned above.

Notice

The following questions are directed at notice to the individual of the scope of PII collected, the right to consent to uses of said information, and the right to decline to provide information.

Was notice provided to the individual prior to collection of PII?

Yes; notice is provided to individuals (participants). PII is collected through grantees, not collected directly from the individuals.

Do individuals have the opportunity and/or right to decline to provide information?

Yes. SSN disclosure must be voluntarily provided by the individual and grantees cannot deny the participant access to services if the SSN is not provided. In such instances, the grantee is instructed to use an alternate unique identifier.

Do individuals have the right to consent to particular uses of the information? If so, how does the individual exercise the right?

Yes. Individuals have the right to consent to particular uses in writing.

Privacy Impact Analysis

Individuals are informed that providing SSNs is voluntary.

Access, Redress, and Correction

The following questions are directed at an individual's ability to ensure the accuracy of the information collected about them.

What are the procedures that allow individuals to gain access to their information?

Individuals do not have access to the system; only grantees can access the system.

What are the procedures for correcting inaccurate or erroneous information?

Not applicable

How are individuals notified of the procedures for correcting their information?

Not applicable

If no formal redress is provided, what alternatives are available to the individual?

Not applicable

Privacy Impact Analysis

Individuals have the right to withdraw from the program.

Technical Access and Security

The following questions are intended to describe technical safeguards and security measures.

What procedures are in place to determine which users may access the system and are they documented?

Only grantees access the system using a unique PIN and password. This process is documented.

Will Department contractors have access to the system?

Yes

Describe what privacy training is provided to users, either generally or specifically relevant to the program or system?

ETA users take a Rules of Behavior training course.

What auditing measures and technical safeguards are in place to prevent misuse of data?

Data are encrypted in the database and an audit trail of activities performed on the database is tracked.

Privacy Impact Analysis

Given the sensitivity and scope of the information collected, as well as any information sharing conducted on the system, privacy risks identified include inadvertent disclosure and misuse of confidential information. These risks are mitigated by the implementation of the following controls:

  • MOU between ETA and Kansas to address key issues.
  • Encryption is utilized to manage the secure transfer of the Standardized Participant Information Record Data file, which contains the SSNs.
  • The page for the file upload (for grantees) has Secure Socket Layer (SSL) enabled, but will not have third-party verification.
  • Secure File Transfer protocol (S-FTP) is used to transfer files from ETA to Kansas. Kansas has a S-FTP server and DOL has the S-FTP client.

Technology

The following questions are directed at critically analyzing the selection process for any technologies utilized by the system, including system hardware, RFID, biometrics, and other technology.

What stage of development is the system in, and what project development life cycle was used?

EBSS is operational; the system development conforms to computer security lifecycle defined in the DOL System Development Lifecycle Management Manual (SDLCMM). Based on the SDLCMM the system is in the ‘Operations and Maintenance' phase.

Does the project employ technology which may raise privacy concerns? If so please discuss their implementation?

EBSS does not employ technology which may raise privacy concerns.

Determination

As a result of performing the PIA, what choices has the agency made regarding the information technology system and collection of information?

  • ETA has completed the PIA for EBSS which is currently in operation. ETA has determined that the safeguards and controls for this moderate system adequately protect the information as indicated in EBSS System Security Plan, dated March 5, 2013.
  • ETA has determined that it is collecting the minimum necessary information for the proper performance of a documented agency function.