OALJ CASE TRACKING SYSTEM (CTS) 2012
The U.S. Department of Labor (DOL), Office of Administrative Law Judges' only Major Information System is the Case Tracking System (CTS). The CTS maintains the court docket for administrative law judge adjudications to facilitate the processing of cases and determination of issues in hearings and appeal proceedings.
The system is named the Case Tracking System (CTS) and is owned by the Office of Administrative Law Judges (OALJ) within DOL, headquartered in Washington D.C. with seven District Offices. The Office of Administrative Law Judges presides over formal hearings concerning many labor-related matters. The office's mission is to render fair and equitable decisions under the governing law, the facts of each case, and the procedures mandated by the Administrative Procedure Act (APA).
Hearings concerning Black Lung benefits and Longshore Workers' compensation constitute the largest part of the office's work in addition to the significantly increasing Permanent Labor Certification cases (PERM) cases. The Department's Administrative Law Judges (ALJs), however, also hear and decide cases arising from over 80 labor-related statutes and regulations, including, for example, such diverse subjects as:
- Whistleblower complaints involving corporate fraud, nuclear, environmental, pipeline safety, aviation, commercial trucking, railways, and other statutes.
- Minimum wage disputes.
- Enforcement actions involving the working conditions of migrant farm laborers.
- Disputes involving child labor violations.
- Civil fraud in federal programs.
Designated judges also serve as members of the Board of Alien Labor Certification Appeals which adjudicate the PERM cases. In addition to formal adjudication, OALJ implements alternative dispute resolution through its settlement judge process.
The DOL Administrative Law Judges' Case Tracking System (CTS) provides the public via its website all judge issued decisions. This IT system supports the agency's mission critical judicial activity through logging events relating to each case. This includes administrative law judges' issued documents (including the final decision document) for all cases. The CTS tracks a case through the entire life cycle of the judicial process (currently 28 types of events), including case assignment, records and evidence, orders, hearings, decisions, petitions, motions, briefs, attorney fees, appeals, and re-considerations.
The purpose for the OALJ Case Tracking System (CTS) is to maintain the court docket for ALJ adjudications. The records and information in the case tracking system are used as the court docket system in hearings conducted pursuant to 5 U.S.C. 552, 553, 554, 556 and 557 and/or a variety of particular statutes and Executive Orders. The purpose of the system is to facilitate the processing of cases and determination of issues in hearings and appeals proceedings.
Characterization of the Information
The PIA data contained within the CTS is solely for the purpose of enabling the ALJ to render a determination of issues and communicate decisions to the appropriate individuals and organizations within its adjudicatory authority. The CTS contains the following categories of PIA:
- Identification information for the parties of the case, including their representatives.
- Contact information sufficient to deliver OALJ issued documents to the parties of the case, other interested parties, and appropriate government agencies.
- Information that is part of the judge issued documents stored within the CTS filing system.
The Office of Administrative Law Judges utilizes Private Identifiable Information (PII) in the course of doing business adjudicating claims in public hearings.
- PII is collected on individuals who are associated with a case and data contained on a case file provided to OALJ by another agency or submitted to the ALJ as evidence at a public hearing.
- The following information is collected:
- Name, address, email address and telephone number of parties and individuals who are associated with a case.
- Possible medical information submitted as evidence pertaining to the specific case.
How is the PII collected?
Parties or other participants in the case submit information directly to OALJ during the processing of a case and this information is captured in the Case Tracking System (CTS). In some cases, the PII was already collected by the agency that initially processed the claim or complaint; and is provided to OALJ as an Administrative Record. These documents include individual and organizational identification and contact data.
How will the information be checked for accuracy?
The CTS performs some data entry validation checking. The information received is subsequently used for case adjudication and communication with the case participants, and is maintained as the case is processed. Issued Legal Documents require a Certificate of Service which lists all recipients of the document and its delivery is confirmed by the receipt of confirmations issued by any of the mailing services provided by OAJ.
What specific legal authorities, arrangements, and/or agreements defined the collection of information?
The Administrative Procedure Act (APA) sets out procedures for formal ALJ hearings. The other authorities contain provisions that require DOL to offer an opportunity for a formal public hearing. These authorities were published in the Federal Register as sited in 3.2.
Privacy Impact Analysis
The collected PII data is stored in a system (CTS) that is not accessible to anyone outside of OALJ and OALJ employees are granted role based access to the PII data. The PII data that is in decisions attached to CTS are considered public documents and are published on OALJ's web site under the 1996 eFOIA amendments with the PII data 5USC § 552(a)(2). The following are how the risks of collecting, utilizing and maintaining PII data are mitigated:
- Test Data in Development Lab - The General Support System (GSS) controls and prevents un-sanitized data backups from leaving the scope and control of the GSS. Only DBA administrators may create a sanitized copy of the database for the isolated test environment. Database sanitization replaces all contact information values with a ‘1' for numbers and an ‘a' for letters.
- OALJ's policy with regard to parties submitting information to the agency to reduce the collection of PII information - http://www.oalj.dol.gov/ACCESS_TO_COURT_RECORDS.HTM
- The web publication module includes a procedure to exclude FOIA exempt information from the publication process.
- Service sheets, which may contain PII, are processed and stored separately from decision documents, and are not published to the public web site.
Uses of the PII
The following questions are intended to clearly delineate the use of information and the accuracy of the data being used.
Describe all the uses of the PII
- Medical information including physician's notes medical record number, legal documents or notes, etc. may be included in briefs, hearing testimony, or other form of evidence submission, and is used by the ALJ to render a case decision. This medical information is NOT stored in CTS; however, it can be referenced in a judge's decision. All decisions are public documents and are published on OALJ's web site http://www.oalj.dol.gov, unless the decision is deemed FOIA exempt (which is extremely rare).
- Individual and organizational address, phone number, email address, or other contact information is used to both identify individuals and to issue case related correspondence through service sheets. These service sheets are NOT published on OALJ's website.
- What types of tools are used to analyze data and what type of data may be produced?
There is no data mining of the CTS system.
Will the system derive new data, or create previously unavailable data, about an individual through aggregation of the collected information?
If the system uses commercial or publicly available data, please explain why and how it is used.
Legal decisions from other publically available courts may be incorporated as case facts in judges' decisions which are attached to CTS in a file.
Privacy Impact Analysis
- Access to the data is only provided through the CTS application user interface which is role based.
- General purpose or free form query of data is not provided by CTS.
- Decision documents and case docket information made available to the public via OALJ's web site is automated, which produces an appropriate copy of a sub-set of the CTS docket data for public access.
- Manual and automated reviews of decision documents prior to being issued and after being issued are performed.
The following questions are intended to outline how long information will be retained after the initial collection.
How long is information retained in the system?
All automated information is currently maintained indefinitely. An electronic records retention schedule for CTS data is presently pending approval.
Has the retention schedule been approved by the DOL agency records officer and the National Archives and Records Administration (NARA)?
The retention schedule has been created by OALJ and submitted to NARA in September 2009; however, it hasn't been approved by NARA.
Privacy Impact Analysis
The Office of Workers Compensation Programs (OWCP) has used the Case Number based on SSNs in Black Lung Benefits Act cases since the early 1970's and OALJ use to log these OWCP numbers into CTS. Since October 2008 these OWCP numbers (SSNs) are no longer collected and have been removed from CTS; this has reduced the risk for OALJ.
Internal Sharing and Disclosure
The following questions are intended to define the scope of sharing data within DOL.
With which internal organization(s) is the PII shared, what information is shared, and for what purpose?
Nothing from CTS is shared with another organization.
How is the PII transmitted or disclosed?
Privacy Impact Analysis
External Sharing and Disclosure
The following questions are intended to define the content, scope, and authority for information sharing external to DOL which includes federal, state and local government, and the private sector.
With which external organization(s) is the PII shared, what information is shared, and for what purpose?
Except in unusual circumstances, the U.S. Department of Labor, Office of Administrative Law Judges ("OALJ") conducts public hearings under 29 C.F.R. § 18.43. Documents filed with OALJ are subject to inspection under the Freedom of Information Act. Decisions and interim orders of general interest are published on the OALJ web site at www.oalj.dol.gov and may be distributed to publishers. See Privacy Act of 1974; Publication of Routine Uses, 67 Fed. Reg. 16815 (2002) (DOL/OALJ-2) (Refer to http://www.oalj.dol.gov/ACCESS_TO_COURT_RECORDS.HTM). CTS docket sheets may be disclosed pursuant to a FOIA request. CTS data has been released to the GAO in relation to program audits.
Is the sharing of PII outside the Department compatible with the original collection? If so, is it covered by an appropriate routine use in a SORN? If so, please describe. If not, please describe under what legal mechanism the program or system is allowed to share the PII outside of DOL.
Yes. Refer to the SORN quoted beginning on page 9 of this document.
How is the information shared outside the Department and what security measures safeguard its transmission?
FOIA Coordinator will review CTS docket sheets for applicable exemptions prior to any release under FOIA. Data releases to GAO were encrypted and GAO gave assurance that the data would be destroyed when the audit was complete according to GAO procedure.
Privacy Impact Analysis
The following questions are directed at notice to the individual of the scope of PII collected, the right to consent to uses of said information, and the right to decline to provide information.
Was notice provided to the individual prior to collection of PII?
Yes, when information is obtained from agency files (e.g. Black Lung case files). However, no specific notice is provided when additional information is obtained during the hearing process because ALJ hearings are public by law.
Do individuals have the opportunity and/or right to decline to provide information?
Yes, if legal cause is demonstrated. Litigants, however, may be compelled to submit information during the hearing.
Do individuals have the right to consent to particular uses of the information? If so, how does the individual exercise the right?
Privacy Impact Analysis
RULES OF PRACTICE AND PROCEDURE: Proceedings before the Office of Administrative Law Judges are generally governed by rules of practice and procedure found in the Administrative Procedure Act. Because an opposing party has a due process right to contest a claim, and a claimant has the burden to prove a claim, the individual may unavoidably be compelled to provide information. Since OALJ conducts public hearings, the litigant's expectancy of privacy regarding adjudicatory facts is tempered by the reality of a court proceeding.
Access, Redress, and Correction
The following questions are directed at an individual's ability to ensure the accuracy of the information collected about them.
What are the procedures that allow individuals to gain access to their information?
OALJ conducts public hearings. Full access to court records is permitted.
What are the procedures for correcting inaccurate or erroneous information?
Notice to the presiding judge who then can initiate the correction of data.
How are individuals notified of the procedures for correcting their information?
OALJ's Rules of Practice and Procedure at 29CFR Part 18 describe how to file a motion with the presiding judge.
If no formal redress is provided, what alternatives are available to the individual?
Privacy Impact Analysis
Adjudicatory facts are established by the hearing process. Parties have a full and fair opportunity to submit their evidence during the hearing. Service sheet information may be corrected upon notification to the presiding judge. In addition, privacy risks associated with unauthorized disclosure of information are mitigated through:
- Media protection controls are employed for management reports including media access, media labeling and media transport.
- Access controls are employed to limit on-line screen display such as session lock and session termination
- Unauthorized access is controlled by account management and access enforcement.
Technical Access and Security
The following questions are intended to describe technical safeguards and security measures.
What procedures are in place to determine which users may access the system and are they documented?
CTS users must have a documented need to access the system defined by their role. After approval of system access, the request to access is enabled.
Will Department contractors have access to the system?
Yes, the CTS Application Support Contractors.
Describe what privacy training is provided to users, either generally or specifically relevant to the program or system?
- Bi-Annual DOL Privacy Information Act training.
- Reviews at annual Special Assistants training conference.
- On-going discussion of privacy issues at the IT weekly staff meetings, and other meetings within the OALJ Legal Counsel.
What auditing measures and technical safeguards are in place to prevent misuse of data?
The following in-place auditing measures and technical safeguards are applied to prevent misuse of data. These controls include:
- Authenticator/Password Management Application and monitoring of initial distribution, composition, history, compromise, and change of default authenticators.
- Account Management Application and monitoring of account establishment, activation, modification, disabling, removal (including unnecessary/defunct accounts) and review.
- Access Enforcement Application and monitoring of access privileges.
- Least Privilege Application for a user to perform his/her function.
- Unsuccessful Login Attempts System automatically locks the account until released by a System Administrator when the maximum number of unsuccessful attempt is exceeded.
- Manual evaluation of data is performed on a monthly basis.
Privacy Impact Analysis
Privacy risks associated with unauthorized disclosure of information are mitigated through implementation of technical controls associated with need-to-know and least privilege, ensuring that users have no more privileges to data than required to affect their official duties. In addition, deterrent controls in the form of warning banners, rules of behavior, confidentiality agreements and auditing are in place. Exit procedures for departing CTS end user's include the prompt disabling of accounts.
The following questions are directed at critically analyzing the selection process for any technologies utilized by the system, including system hardware, RFID, biometrics, and other technology.
What stage of development is the system in, and what project development life cycle was used?
The CTS is in the operation and maintenance phase since May 1998 pre-DOL SDLCM.
Does the project employ technology which may raise privacy concerns? If so please discuss their implementation?
No. CTS is an Intranet Microsoft .NET Web application using a SQL Server 2005 database.
As a result of performing the PIA, what choices has the agency made regarding the information technology system and collection of information?
- OALJ has completed the PIA for CTS which is currently in operation. OALJ has determined that the safeguards and controls for this moderate system adequately protect the information referenced in the CTS System Security Plan.
- OALJ has determined that it is collecting the minimum necessary information for the proper performance of a documented agency function.