Skip to page content
Office of the Chief Information Officer
Bookmark and Share

Privacy Impace Assessment Questionnaire

SOL - Management System (MMS) - FY14

Overview

The system name and the name of the DOL component(s) which own(s) the system:

The Matter Management System (MMS) and is owned by the Office of the Solicitor.

The purpose/function of the program, system, or technology and how it relates to the component's and DOL mission:

The sponsor of this system is the Office of the Solicitor and the initiative is managed within the Office of Management and Administrative Legal Services (MALS). This system is part of an IT modernization investment. The investment targets the legal services performed by the SOL National, Regional and Sub-Regional offices. The Matter Management System (MMS) consists of a Commercial-off-the Shelve (COTS) product.

The MMS tracks all significant legal activities referred by DOL client agencies to the various components of the Solicitor's Office. Legal activities include representing the Secretary and the client agencies in all necessary litigation, including both enforcement actions and defensive litigation, and in alternative dispute resolution activities; assisting in the development of regulations, standards, and legislative proposals, and providing legal opinions and advice concerning all the Department's activities. Data collected through the Matter Management System is used to analyze the volume, diversity, trends, and impact of the workload in the Office of the Solicitor (SOL) divisions and field offices. This system provides information needed to manage SOL resources, to monitor performance, and to provide SOL's client agencies (DOL agencies) with updated information on the work being done in their respective program areas. The system also captures SOL resource time spent providing legal services and manages legal holds for litigation cases. The MMS provides these functions throughout SOL national, regional and sub-regional offices supporting approximately 700 attorneys, docket clerks, and paralegals.

A general description of the information in the system.

The MMS contains data which is considered PII. The information in the system is descriptive and status information about the legal services (litigation, opinion and advice, rules and regulations review) provided by SOL to DOL client agencies, OMB and the White House.

A description of a typical transaction conducted on the system.

A typical transaction in the MMS involves a SOL docket clerk creating a litigation matter (legal services) to support a DOL enforcement agency, updating a matter's status, recording the time spent on a matter, sending a legal hold request to preserve documents related to the litigation, and closing a matter at the completion of the litigation case.

Any information sharing conducted by the program or system.

SOL shares information with DOL clients (DOJ, OMB/Whitehouse, and DOL agencies).

A general description of the modules and subsystems, where relevant, and their functions:

The Matter Management System contains the following major components:

  • Matter Management – tracks the legal services provided to clients from initiation to completion
  • Legal Hold - manages notices to preserve documents in the event of pending or reasonable anticipation of litigation
  • Management Reporting –provides standard and adhoc reporting.

Where appropriate, a citation to the legal authority to operate the program or system.

5 U.S.C. §301. Departmental Regulations

A description of why the PIA is being conducted.

The MMS contains PII on Federal employees, contractors and members of the public and therefore a Privacy Impact Assessment is required. A Privacy Act System of Record Notice (SORN) will be published in the Federal Register. The Privacy Act requires that a SORN be published in the Federal Register when PII is maintained by a Federal agency in a system of records and the information is retrieved by a personal identifier. The system can retrieve PII by the specific personal identifier.

Characterization of the Information

The following questions are intended to define the scope of the information requested and/or collected as well as reasons for its collection as part of the program, system, or technology being developed.

Specify whether the system collects personally identifiable information (PII) on DOL employees, other federal employees, contractors, members of the public (U.S. citizens), foreign citizens, or minor children.

PII is collected in the system from DOL client agencies on members of the public (US citizens) and DOL employees.

What are the sources of the PII in the information system?

Sources of the information are the DOL client offices that request legal service from SOL.

What is the PII being collected, used, disseminated, or maintained?

Members of the Public

  • Name of party to a litigation case
  • Name of legal hold recipient
  • Residential address
  • Mailing address
  • Business address
  • Business phone number
  • Business email address
  • Personal phone number
  • Personal email address
  • SSN (FEEWC Subrogation and Black Lung matters only)

Note: Party to a case includes judge, expert witnesses, opposing counsel, etc.

SOL Federal Employees

  • Name of SOL employee
  • Network logon credentials (network domain/user id) of system business users
  • Business phone
  • Business email

SOL Contractors

  • Name of contractor
  • Network logon credentials (network domain/user id) of contractors that maintain the system
  • Business phone
  • Business email

DOL Federal Employees and Contractors

  • Name of legal hold recipient
  • Business email

How is the PII collected?

PII is collected as the result of performing legal services for the DOL client agencies.

How will the information be checked for accuracy?

PII for a specific matter/case is reviewed by the supervising attorney assigned to the matter/case.

What specific legal authorities, arrangements, and/or agreements defined the collection of information?

SOL has the authority to perform legal services under statutes and federal regulations noted on Section 3.1 of this document. These legal services are recorded in MMS.

SOL adheres to the Privacy Act of 1974 for PII that is contained within the MMS. PII is stored for the exclusive purpose of performing SOL's mission. The mission is to represent the Secretary and the client agencies in all necessary litigation, including both enforcement actions and defensive litigation, and in alternative dispute resolution activities; assist in the development of regulations, standards, and legislative proposals, and provide legal opinions and advice concerning all the Department's activities.

Privacy Impact Analysis

The PII stored in the MMS is subject to minimal risk because it is well protected by implementation of numerous security controls as defined by NIST SP 800-53 Recommended Security Controls for Federal Systems. Privacy awareness is administered annually through the DOL Safeguarding PII training and the Information System Security Awareness Training (ISSAT). This required training is provided to all DOL employees and contractors. Even without specific training, however, the risk of unauthorized disclosure and unauthorized access to the MMS data is minimal due to the existing security controls in place at the network and application level and the limited use of PII.

Uses of the PII

The following questions are intended to clearly delineate the use of information and the accuracy of the data being used.

Describe all the uses of the PII

PII

Use

Members of the Public

 

SSN of the miner who filed the black lung claim.

Used to identify the claimants, beneficiaries, survivors, etc., and ensure that the DOL client agency and SOL attorney are communicating concerning the correct individual, and to ensure proper payment of benefits

SSN of the DOL employee who filed the workers compensation claim for which DOL will request reimbursement from the third party at fault

Used to identify the claimants

Name of parties to a litigation case  (member of the public)

Used to communicate with the parties involved in the case

Residential address, mailing address,  of parties to a litigation case (member of the public)

Used to communicate with the parties involved in the case

Personal phone number and email of  parties to a litigation case (member of the public)

Used to communicate with the parties involved in the case

Business address, phone and email of parties to a litigation case (member of the public)

Used to communicate with the parties involved in the case

Name, business email, personal email

Used to communicate legal hold requests to, non-DOL individuals.  A legal hold is a request to preserve documentation that may be relevant to an active or pending litigation case.

SOL EMPLOYEES AND CONTRACTORS

 

Name of  SOL employees and contractors

Used for internal operational reporting and system access management

Business phone and email

Used to communicate within SOL

Network logon credentials

Used to authenticate the SOL user for authorized use of the MMS

DOL EMPLOYEES AND CONTRACTORS

 

Name, business email

Used to communicate legal hold requests to DOL individuals.  A legal hold is a request to preserve documentation that may be relevant to an active or pending litigation case

What types of tools are used to analyze data and what type of data may be produced?

The Business Object Enterprise Web Intelligence tool is used to analyze data and generate operational reports. These reports contain workload information at the aggregate level for legal services rendered. PII is not displayed at the aggregate level. However, any report from the contact information function of the system has significant PII on members of the public. Any report from the Staff Notebook function of the system has PII on SOL employees and contractors. The Report Wizard tool is used to analyze data requested through on-line inquiries and may display PII data. The Report Wizard does not export to Excel. Business Objects exports are management reports that do not contain PII.)

Will the system derive new data, or create previously unavailable data, about an individual through aggregation of the collected information?

No.

If the system uses commercial or publicly available data, please explain why and how it is used.

Not applicable

Privacy Impact Analysis

The operational storage and use of PII can create the risk of unauthorized access and disclosure. The use of PII stored in the MMS is subject to minimal risk because it is well protected by numerous technical security controls. Privacy data is also protected by ensuring that privacy awareness training is provided annually by DOL.

The key security controls to ensure that PII is handled in accordance with the above described uses include:

  • Technical Class Controls
    • Access Control (AC):
      • Access Control Policy and Procedures
      • Account Management
      • Access Enforcement
      • Separation of Duties
      • Least Privilege
      • Unsuccessful Login Attempts
      • System Use Notification
      • Session Lock
      • Supervision and Review –Access
    • Audit and Accountability (AU):
      • Audit and Accountability Policy and Procedures
      • Auditable Events
      • Content of Audit Records
      • Audit Monitoring, Analysis, and Reporting
    • Identification and Authentication:
      • Identification and Authentication Policy and Procedures
      • Authenticator Management
  • Management Class Controls
    • Planning (PL)
      • Security Planning, Policy, and Procedures
      • Rules of Behavior
    • System and Services Acquisition (SA)
      • Systems and Services Acquisition Policy and Procedures
      • Software Usage Restrictions
      • Security Design Principles
  • Operational Class Controls
    • Awareness and Training (AT)
      • Security Awareness and Training Policy and Procedures
      • Security Awareness
      • Security Training
    • Media Protection (MP)
      • Media Protection Policy and Procedures
      • Media Access
      • Media Storage

Implementation of the above security controls is documented in the MMS System Security Plan (SSP). The SSP addresses all of the control areas identified above, including how SOL employees are granted system access based upon their organizational role and need to know. The certification and accreditation process and continuous monitoring activities ensure that the implemented controls are operating effectively and producing the desired results.

Retention

The following questions are intended to outline how long information will be retained after the initial collection.

How long is information retained in the system?

Information is retained in accordance with the SOL Records Schedule.

Has the retention schedule been approved by the DOL agency records officer and the National Archives and Records Administration (NARA)?

The disposition of the Matter Management System (MMS) is under consideration. Accordingly, the records generated cannot be destroyed until a records schedule is approved by the Archivist of the United States. Once the disposition is determined, retention and disposal of the records will be governed in accordance with the applicable disposition instruction in the DOL/SOL records schedule.

How is it determined that PII is no longer required?

A determination as to when PII is no longer required within the system is performed as part of the annual review of the Privacy Impact Assessment. Specifically, the MALS Legal Technology Unit will make recommendations for approval by the System Owner. Also SOL addresses all federal mandates to reduce the use of PII and specific identifiers where possible in its information collection processes.

What efforts are being made to eliminate or reduce PII that is collected, stored or maintained by the system if it is no longer required?

As of March 2010, only the last 4 digits of the SSN are recorded for the Black Lung matters.

As of August 2010, SSN is no longer recorded for FECA Subrogation.

Privacy Impact Analysis

Whenever large amounts of personal data are stored for an extended period of time, there is a significant privacy risk. This risk is proportionally increased by the length of time in which the data is retained. The following are NIST SP 800-53 Rev 3 control families that mitigate the risks associated with PII retention:

  • Operational Class Controls
    • System and Information Integrity (SI)
      • System and Information Integrity Policy and Procedures
      • Information Output Handling and Retention
    • Physical and Environmental Protection (PE)
      • Physical and Environmental Protection Policy and Procedures
      • Physical Access Authorizations
      • Physical Access Control
    • Media Protection (MP)
      • Media Protection Policy and Procedures
      • Media Access
      • Media Storage

Internal Sharing and Disclosure

The following questions are intended to define the scope of sharing within the Department of Labor.

With which internal organization(s) is the PII shared, what information is shared, and for what purpose?

In providing legal services, PII is not reflected in any management level aggregate reports. However, PII may be shared with DOL agencies through online inquiries or user defined reports.

How is the PII transmitted or disclosed?

PII is transmitted or disclosed through operational reporting (matter level), online inquiries, and online screen displays.

Privacy Impact Analysis

The privacy risk lies in unauthorized disclosure based on methods of sharing. The methods of mitigation of potential risks include Technical class controls.

External Sharing and Disclosure

The following questions are intended to define the content, scope, and authority for information sharing external to DOL which includes federal, state and local government, and the private sector.

With which external organization(s) is the PII shared, what information is shared, and for what purpose?

Not applicable. PII from the MMS is not shared outside the Department.

Is the sharing of PII outside the Department compatible with the original collection? If so, is it covered by an appropriate routine use in a SORN? If so, please describe. If not, please describe under what legal mechanism the program or system is allowed to share the PII outside of DOL.

Not applicable. PII from the MMS is not shared outside the Department.

How is the information shared outside the Department and what security measures safeguard its transmission?

Not applicable. PII from the MMS is not shared outside the Department.

Privacy Impact Analysis

Not applicable. PII from the MMS is not shared outside the Department.

Notice

The following questions are directed at notice to the individual of the scope of PII collected, the right to consent to uses of said information, and the right to decline to provide information.

Was notice provided to the individual prior to collection of PII?

Yes. The Privacy Act requires that a SORN be published in the Federal Register when PII on members of the public is maintained by a Federal agency in a system of records and the information is retrieved by a personal identifier. The system can retrieve PII by the specific personal identifier.

Do individuals have the opportunity and/or right to decline to provide information?

Yes, individuals have the right to decline to provide information based on the invocation of the Privacy Act of 1974. Individuals would have addressed this opportunity or right with the DOL agency prior to SOL's use of the information. SOL does not collect this information directly from members of the public but rather extracts the information from records collected by the DOL agencies.

Do individuals have the right to consent to particular uses of the information? If so, how does the individual exercise the right?

No, as there are only routine uses of the information, and no particular uses that would require consent under the Privacy Act of 1974.

Privacy Impact Analysis

The predominant privacy risk lies in improper disclosure. DOL shall not disclose, nor make available, any personal data except with the consent of the individual concerned or by authority of law. DOL shall, when appropriate and required by law, provide access to, and a process for amending, personal information in accordance with the Privacy Act of 1974. Also, all SOL Federal and contractor support staff are aware of penalties regarding improper use of SOL information (e.g., system access notification, computer security awareness training Contractor Confidentiality/Non-Disclosure Agreement, Employee Computer Network (ECN)/Departmental Computer Network (DCN) Network Access Request Form and Rules of Behavior).

Access, Redress and Correction

The following questions are directed at an individual's ability to ensure the accuracy of the information collected about them.

What are the procedures that allow individuals to gain access to their information?

An individual, or legal representative acting on his behalf, may request access to a record about himself by appearing in person or by writing to the Office of the Solicitor of Labor (SOL), Deputy Solicitor, and 200 Constitution Avenue, NW, Washington, DC 20210. A requester in need of guidance in defining his request may write to the Assistant Secretary for Administration and Management, U.S. Department of Labor, 200 Constitution Avenue, NW, Washington, DC 20210–0002.

The specific procedures for allowing an individual to gain access to their information are provided in Title 29 CFR Part 71.2.

What are the procedures for correcting inaccurate or erroneous information?

An individual may submit a request for correction or amendment of a record pertaining to him. The request must be in writing and must be addressed to the Office of the Solicitor of Labor (SOL), Deputy Solicitor, and 200 Constitution Avenue, NW, Washington, DC 20210. The request must identify the particular record in question, state the correction or amendment sought, and set forth the justification for the change. Both the envelope and the request itself must be clearly marked: "Privacy Act Amendment Request."

The specific procedures for correcting inaccurate or erroneous information are provided in Title 29 CFR 71.9.

How are individuals notified of the procedures for correcting their information?

This information is published in the Federal Register entry for the system. Also, www.dol.gov provides "Important Web Site Notices" which contains the department's Privacy and Security Policies. This is found on the initial page of the website or directly at http://www.dol.gov/dol/aboutdol/website-policies.htm .

If no formal redress is provided, what alternatives are available to the individual?

When a request for correction or amendment is denied in whole or in part, the requester may appeal the denial to the Solicitor of Labor within 90 days of his receipt of the notice denying his request.

Privacy Impact Analysis

There is minimal risk to the data integrity of PII stored in the MMS because it is well protected by numerous security controls. Data integrity is primarily accomplished because access to data is restricted to authorized personnel within SOL and information is only shared internally for the purpose of opening, updating, or closing a matter. Privacy data is also protected by ensuring that privacy and security awareness training is provided annually by DOL. Specifically, Mandatory Safeguarding PII and DOL Information Systems Security Awareness Training are provided to all employees and contractors of SOL. Even without specific training, however, the risk of unauthorized access to the MMS data is minimal due to the existing security controls in place and the limited use of PII.

Privacy risks associated with the accuracy of information are mitigated through the following NIST SP 800-53 controls:

  • Technical Class Controls
    • System and Communications Protection (SC):
      • Boundary Protection
      • Transmission Integrity
      • Transmission Confidentiality
  • Operational Class Controls
    • System and Information Integrity (SI)
      • Software and Information Integrity
      • Information Input Restrictions
      • Information Accuracy, Completeness, Validity, and Authenticity

Technical Access and Security

The following questions are intended to describe technical safeguards and security measures.

What procedures are in place to determine which users may access the system and are they documented?

SOL has documented Access Control procedures in place which ensures the access to the MMS is established in compliance with the DOL computer security handbook. The applicable NIST SP 800-53 management, operational and technical controls access control requirements are employed or are being employed for the MMS.

Highlights of the SOL procedures include:

  • general and privileged user Rules of Behavior acknowledgement
  • single sign-on via Windows Active Directory Services
  • access provided strictly on the basis of approved authorizations
  • automatic removal of inactive accounts
  • least privileges access

Will Department contractors have access to the system?

Yes, the MMS is accessed by developers and system administrators who are authorized contractors of the Department of Labor, for the purpose of developing, testing, administering and operating the system.

Describe what privacy training is provided to users, either generally or specifically relevant to the program or system?

Mandatory DOL Information Systems Security Privacy and Awareness Training are provided to all employees and contractors of SOL.

What auditing measures and technical safeguards are in place to prevent misuse of data?

Within the MMS there are specific user roles (groups) defined which provide varying levels of access to data stored in the MMS. Critical functions are divided among different individuals based on their security group assignment and/or the role they play on a matter. Generally, users will be allowed to modify only the matters to which they are assigned. Users will be allowed to view only their own time entry records. In accordance with SOL requirements, Supervisors will be allowed to view other timekeepers' time entry data within their office, and Administrators all timekeepers' time entry data.

Auditing functionality exists within the MMS to allow for specific general and privilege user actions, to be recorded in an audit log and backed up for a specified period of time. Information stored includes: type of audit event, date and time audit event occurred, User ID, command used to initiate the audit event, success or failure of audit event and event result.

All audited transactions within the MMS are written to a separate audit log table within the MMS database. The electronic audit log is protected from viewing by unauthorized users.

Privacy Impact Analysis

PII stored on the MMS is limited to information necessary for the Agency to carry out its duties and is well protected by numerous NIST SP 800-53 security controls (i.e. Access Control, Audit and Accountability, Identification and Authentication, System Communication Protection). There is no direct connection between the MMS and the Internet. The MMS does not interface with any other systems except its host system, the ECN/DCN GSS. PII may be shared with DOL agencies through operational reporting of a specific matter.

Technology

The following questions are directed at critically analyzing the selection process for any technologies utilized by the system, including system hardware, RFID, biometrics, and other technology.

What stage of development is the system in, and what project development life cycle was used?

MMS is in the Operations and Maintenance Phase. The ATO was signed February 27, 2012 and the system rollout to national and regional offices was completed in ended June 2012. The project development life cycle used is the DOL Systems Development Life Cycle Management Manual (SDLCMM).

Does the project employ technology which may raise privacy concerns? If so please discuss their implementation?

No. MMS consists of configured commercial off-the-shelf (COTS) software.

Determination

As a result of performing the PIA, what choices has the agency made regarding the information technology system and collection of information?

SOL has completed the PIA for the Matter Management System. SOL has determined that the safeguards and controls for this moderate system will adequately protect the information and will be referenced in Matter Management System Security Plan.

SOL has determined that it is collecting the minimum necessary information for the proper performance of a documented agency function.