Skip to page content
Office of the Chief Information Officer
Bookmark and Share

Privacy Impact Assessment Questionnaire

SOL – Workload Management System – FY 2012

  • The system name and the name of the DOL component(s) which own(s) the system:
    This system is the Workload Management Systems (WMS) and is owned by the Office of the Solicitor.
  • The purpose/function of the program, system, or technology and how it relates to the component's and DOL mission:
    The WMS will track all significant legal activities referred by DOL client program agencies to the various components of the Solicitor's Office. Legal activities include representing the Secretary and the client agencies in all necessary litigation, including both enforcement actions and defensive litigation, and in alternative dispute resolution activities; assisting in the development of regulations, standards, and legislative proposals, and providing legal opinions and advice concerning all the Department's activities. Data collected through the Workload Management Systems is used to analyze the volume, diversity, trends, and impact of the workload in the Office of the Solicitor (SOL) divisions and field offices. This system provides information needed to manage SOL resources, to monitor performance, and to provide SOL's client agencies (DOL program offices) with updated information on the work being done in their respective program areas. The system also captures SOL resource time spent providing legal services. The WMS provides these functions throughout SOL national, regional and sub-regional offices supporting approximately 700 attorneys, docket clerks, and paralegals.
  • A general description of the information in the system.
    The WMS contains data which is considered PII. The information in the system is descriptive and status information about the legal services (litigation, opinion and advice, rules and regulations) provided by SOL to DOL client program agencies, OMB and Congress.
  • A description of a typical transaction conducted on the system.
    A typical transaction in the WMS would involve a SOL docket clerk creating a matter for the legal services to be provided, updating a matter's status, recording the time spent on a matter, and closing a matter at the completion of performing the legal service. Legal services include litigation, regulation review, and opinion and advice.
  • Any information sharing conducted by the program or system.

SOL shares information with DOL clients (DOJ, OMB, Congress, and DOL program agencies).

  • A general description of the modules and subsystems, where relevant, and their functions:

    The Workload Management Systems contains the following systems:

    Solicitor's Office Legal Activity Reporting System (SOLAR). This system tracks all workload items.
  • Time Distribution System (TD). This system tracks work hours devoted to workload items.
  • Fair Labor Standards Wage and Hour Reporting System (W&H). This system tracks FLS wage and hour litigation workload items.
  • Freedom of Information Act/Privacy Act System (FOIA/PA). This system tracks FOIA appeals workload items.
  • Legislation and Legal Counsel Project Tracking System (LPTS). This system tracks workload items generated by requests from Congress, the White House, Office of Management and Budget (OMB), and other agencies.
  • Where appropriate, a citation to the legal authority to operate the program or system.
    5 U.S.C. §301. Departmental Regulations
  • A description of why the PIA is being conducted.
    The WMS contains PII on Federal employees and members of the public and therefore a Privacy Impact Assessment is required. Appropriate Privacy Act System of Record Notices (SORN) will be published in the Federal Register. The Privacy Act requires that a SORN be published in the Federal Register when PII is maintained by a Federal agency in a system of records and the information is retrieved by a personal identifier. The system can retrieve PII by the specific personal identifier.

Characterization of the Information

The following questions are intended to define the scope of the information requested and/or collected as well as reasons for its collection as part of the program, system, or technology being developed.

Specify whether the system collects personally identifiable information (PII) on DOL employees, other federal employees, contractors, members of the public (U.S. citizens), foreign citizens, or minor children.

The Workload Management Systems contain protected/sensitive personally identifying information (PII).

  • What are the sources of the PII in the information system?
    The Workload Management Systems contain PII on members of the public. This PII information includes SSN, name, mailing address, residential address, and place of work. These members of the public include claimants (for injuries and medical conditions), judges, and appellants.
  • What is the PII being collected, used, disseminated, or maintained?

FOIA System

  • Residential address/mailing address for the individual filing the FOIA appeal (member of the public)
  • Place of work for the individual filing the FOIA appeal (member of the public)
  • Appellant name – Name of the individual filing the FOIA appeal (member of the public)
  • Original Requestor – Name of the individual who filed the original FOIA request (member of the public)
  • Denying Officer – name of the DOL program agency employee who denied the original FOIA request. (Federal employee)

SOLAR

        • SSN of the miner who filed the black lung claim (member of the public)
        • SSN of the DOL employee who filed the workers compensation claim for which DOL will request reimbursement from the third party at fault (Federal employee)
  • Name of the DOL attorney assigned to the matter/case (Federal employee)
  • Name of the DOL associate attorney assigned to the matter/case (Federal employee)
        • Name of the judge presiding over the matter/case in court (member of the public)

Time Distribution

  • Name of DOL attorney and paralegal (not on screen but in database) that worked on a particular matter/case (Federal employee)

Legislative Project Tracking System

  • Name of the DOL attorney assigned to the legislative review matter (Federal employee)
        • Name of the DOL supervisor attorney (counsel) assigned to the legislative review matter
        • Name (Retired by Whom) of the DOL employee that closed the legislative review matter
  • How is the PII collected?
    PII is collected from DOL client program agencies.
  • How will the information be checked for accuracy?
    PII information for a specific matter/case is reviewed by the supervisor attorney assigned to the matter/case.
  • What specific legal authorities, arrangements, and/or agreements defined the collection of information?
    Various statutes that permit DOL program agencies to accomplish their agency mission.
  • Privacy Impact Analysis
    The PII stored in the WMS is subject to minimal risk because it is well protected by implementation of numerous security controls as defined by NIST SP 800-53 Recommended Security Controls for Federal Systems. Privacy awareness is administered annually through the Information System Security and Privacy Awareness Training. This required training is provided to all DOL employees and contractors. Even without specific training, however, the risk of unauthorized disclosure and unauthorized access to the WMS data is minimal due to the existing security controls in place at the network and application level and the limited use of PII.

    The following are NIST SP 800-53 security controls that mitigate the risks associated with the amount and type of data collected:
    :
  • Technical Controls
    • Access Control (AC):
      • Access Control Policy and Procedures
      • Account Management
      • Access Enforcement
      • Separation of Duties
      • Least Privilege
      • Unsuccessful Login Attempts
      • System Use Notification
      • Session Lock
      • Supervision and Review

    • Audit and Accountability (AU):
      • Audit and Accountability Policy and Procedures
      • Auditable Events
      • Content of Audit Records
      • Audit Monitoring, Analysis, and Reporting
    • Identification and Authentication:
      • Identification and Authentication Policy and Procedures
      • Authenticator Management

  • Management Controls
    • Risk Assessment (RA)

Risk Assessment Policy and Procedures

  • Operational Controls
  • Awareness and Training (AT)
  • Awareness and Training Policy and Procedures
  • Security Training
  • Security Awareness

  • Physical and Environmental Protection (PE)
  • Physical and Environmental Protection Policy and Procedures
  • Physical Access Authorizations
  • Physical Access Control

  • Media Protection (MP)
  • Media Protection Policy and Procedures
  • Media Access
  • Media Storage

Implementation of the above security controls is documented in the WMS System Security Plan that addresses all of the areas identified above, including how SOL employees are granted system access based upon their organizational role and need to know, authorizing officials, technical aspects of authentication management, software use and engineering, and the auditing of access files to ensure the protection of data maintained by the WMS.

WMS are required to continual address statutory and Department-level requirements to substantiate its handling of information through the workload systems and to ensure it is compliant. From a technical perspective, continuous monitoring requirements provide assurance that privacy-applicable controls are implemented and operating as intended.


Uses of the PII

The following questions are intended to clearly delineate the use of information and the
accuracy of the data being used.

  • Describe all the uses of the PII

FOIA System

PII

Use

Residential address/mailing address

Used in communicating with the individual filing the FOIA appeal

Place of work for the individual filing the FOIA appeal

Used in communicating with the individual filing the FOIA appeal

Appellant name - Name of the individual filing the FOIA appeal

Used in communicating with the individual filing the FOIA appeal

Original Requestor - Name of the individual who filed the original FOIA request

Used in communicating with the individual filing the FOIA appeal

Denying Officer – name of the DOL program agency employee who denied the original FOIA request.

Used for tracking the original FOIA request.

SOLAR

PII

Use

SSN of the miner who filed the black lung claim

Used to identify the claimant, ensure that the program agency and SOL attorney are communicating concerning the correct individual, and to ensure proper payment of benefits.

SSN of the DOL employee who filed the workers compensation claim for which DOL will request reimbursement from the third party at fault

Used to identify the claimant.

Name of the DOL attorney assigned to the matter/case

Used for internal management reporting

Name of the DOL associate attorney assigned to the matter/case

Used for internal management reporting

Name of the judge presiding over the matter/case in court

Used for communicating with the court system

Time Distribution

PII

Use

Name of DOL attorney and paralegal (not on screen but in database) that worked on a particular matter/case

Used for internal management reporting

Legislative Project Tracking System

PII

Use

Name of the DOL attorney assigned to the legislative review matter

Used for internal management reporting

Name of the DOL attorney (counsel) assigned to the legislative review matter

Used for internal management reporting

Name (Retired by Whom) of the DOL employee that closed the legislative review matter

Used for internal management reporting

  • What types of tools are used to analyze data and what type of data may be produced?
    Crystal Reports is used to generate office level and management reporting. SSN is not reflected in any management reporting.

  • Will the system derive new data, or create previously unavailable data, about an individual through aggregation of the collected information?
    No.
  • If the system uses commercial or publicly available data, please explain why and how it is used.
    N/A
  • Privacy Impact Analysis
    The operational storage and use of PII can create the risk of unauthorized access and disclosure. The use of PII stored in the WMS is subject to minimal risk because it is well protected by numerous technical security controls at the network and application level. Privacy data is also protected by ensuring that privacy awareness training is provided annually by DOL. The following are NIST SP 800-53 security controls that mitigate the risks associated with use and storage of PII data:
  • Technical Controls
    • Access Control (AC):
      • Access Control Policy and Procedures
      • Account Management
      • Access Enforcement
      • Separation of Duties
      • Least Privilege
      • Unsuccessful Login Attempts
      • System Use Notification
      • Session Lock
      • Supervision and Review

    • Audit and Accountability (AU):
      • Audit and Accountability Policy and Procedures
      • Auditable Events
      • Content of Audit Records
      • Audit Monitoring, Analysis, and Reporting
    • Identification and Authentication:
      • Identification and Authentication Policy and Procedures
      • Authenticator Management

  • Management Controls
    • Risk Assessment (RA)
      • Risk Assessment Policy and Procedures

  • Operational Controls

  • Awareness and Training (AT)
  • Awareness and Training Policy and Procedures
  • Security Training
  • Security Awareness

  • Physical and Environmental Protection (PE)
  • Physical and Environmental Protection Policy and Procedures
  • Physical Access Authorizations
  • Physical Access Control

  • Media Protection (MP)
  • Media Protection Policy and Procedures
  • Media Access
  • Media Storage

Implementation of the above security controls is documented in the WMS System Security Plan (SSP). The SSP will address all of the control areas identified above, including how SOL employees are granted system access based upon their organizational role and need to know. The certification and accreditation process and continuous monitoring activities ensure that the implemented controls are operating effectively and producing the desired results.


Retention

The following questions are intended to outline how long information will be retained after the initial collection.

  • How long is information retained in the system?
    Information is retained in accordance with the SOL Records Schedule
  • Has the retention schedule been approved by the DOL agency records officer and the National Archives and Records Administration (NARA)?
    Records are retained and disposed of under the authority of the SOL Records Schedule contained on the DOL Website at: http://www.dol.gov/dol/records/; under schedule number N1-174-02-02 Office of the Solicitor
  • What efforts are being made to eliminate or reduce Personally Identifiable Information from the collection, storage or maintenance of a system if it is no longer required?
    As of March 2010, only the last 4 digits of the SSN are recorded for the Black Lung matters.
    As of August 2010, SSN is no longer recorded for FECA Subrogation.
  • How is it determined that PII is no longer required?
    A determination as to when PII is no longer required within the system is performed as part of the annual Privacy Impact Assessment. Specifically, the MALS Legal Technology Unit will make recommendations for approval by the System Owner. Also SOL addresses all federal mandates to reduce the use of PII and specific identifiers where possible in its information collection processes.
  • Privacy Impact Analysis
    Whenever large amounts of personal data are stored for an extended period of time, there is a significant privacy risk. This risk is proportionally increased by the length of time in which the data is retained. The following are NIST SP 800-53 security controls that mitigate the risks associated with PII retention:

  • Operational Controls
  • System and Information Integrity (SI)
  • System and Information Integrity Policy and Procedures
  • Information Output Handling and Retention
  • Physical and Environmental Protection (PE)
  • Physical and Environmental Protection Policy and Procedures
  • Physical Access Authorizations
  • Physical Access Control

  • Media Protection (MP)
  • Media Protection Policy and Procedures
  • Media Access
  • Media Storage

Internal Sharing and Disclosure

The following questions are intended to define the scope of sharing within the Department of Labor.

  • With which internal organization(s) is the PII shared, what information is shared, and for what purpose?
    In providing legal services, PII is not reflected in any management level aggregate reports. However, PII may be shared with DOL agencies through online inquiries or user defined reports.
  • How is the PII transmitted or disclosed?
    PII is transmitted or disclosed through operational reporting (matter level), online inquiries, and online screen displays.
  • Privacy Impact Analysis
    The privacy risk lies in unauthorized disclosure based on methods of sharing. The following are NIST SP 800-53 security controls that mitigate the risks associated with internal sharing and disclosure:
  • Technical Controls
    • Access Control (AC):
      • Account Management
      • Access Enforcement
      • Separation of Duties
      • Least Privilege
      • Unsuccessful Login Attempts
      • System Use Notification
      • Session Lock
      • Supervision and Review –Access

    • Audit and Accountability (AU):
      • Auditable Events
      • Content of Audit Records
      • Audit Monitoring, Analysis, and Reporting
    • Identification and Authentication:
      • Authenticator Management

    • System and Communications Protection (SC):
      • Boundary Protection
      • Transmission Integrity
      • Transmission Confidentiality
  • Operational Controls

  • Media Protection (MP)
  • Media Protection Policy and Procedures
  • Media Access
  • Media Storage

External Sharing and Disclosure

The following questions are intended to define the content, scope, and authority for information sharing external to DOL which includes federal, state and local government, and the private sector.

  • With which external organization(s) is the PII shared, what information is shared, and for what purpose?
    Not applicable. PII from the WMS is not shared outside the Department.
  • Is the sharing of PII outside the Department compatible with the original collection? If so, is it covered by an appropriate routine use in a SORN? If so, please describe. If not, please describe under what legal mechanism the program or system is allowed to share the PII outside of DOL.
    Not applicable. PII from the WMS is not shared outside the Department.
  • How is the information shared outside the Department and what security measures safeguard its transmission?
    Not applicable. PII from the WMS is not shared outside the Department.
  • Privacy Impact Analysis
    Not applicable. PII from the WMS is not shared outside the Department.

Notice

The following questions are directed at notice to the individual of the scope of PII collected, the right to consent to uses of said information, and the right to decline to provide information.

  • Was notice provided to the individual prior to collection of PII?
    Yes. The Privacy Act requires that a SORN be published in the Federal Register when PII is maintained by a Federal agency in a system of records and the information is retrieved by a personal identifier. The system can retrieve PII by the specific personal identifier.
  • Do individuals have the opportunity and/or right to decline to provide information?
    Yes, individuals have the right to decline to provide information based on the invocation of the Privacy Act of 1974. Individuals would have addressed this opportunity or right with the DOL program agency prior to SOL's use of the information. SOL does not collect this information directly from members of the public but rather extracts the information from records collected by the DOL program agencies.
  • Do individuals have the right to consent to particular uses of the information? If so, how does the individual exercise the right?
    No, as there are only routine uses of the information, and no particular uses that would require consent under the Privacy Act of 1974.
  • Privacy Impact Analysis
    The predominant privacy risk lies in improper disclosure. DOL shall not disclose, nor make available, any personal data except with the consent of the individual concerned or by authority of law. DOL shall, when appropriate and required by law, provide access to, and a process for amending, personal information in accordance with the Privacy Act of 1974. Also, all SOL Federal and contractor support staff are aware of penalties regarding improper use of SOL information through system access notification, information system security and privacy awareness training, Contractor Confidentiality/Non-Disclosure Agreement, and Rules of Behavior.

Access, Redress, and Correction

The following questions are directed at an individual's ability to ensure the accuracy of the information collected about them.

  • What are the procedures that allow individuals to gain access to their information?
    An individual, or legal representative acting on his behalf, may request access to a record about himself by appearing in person or by writing to the Office of the Solicitor of Labor (SOL), Deputy Solicitor, 200 Constitution Avenue, NW, Washington, DC 20210. A requester in need of guidance in defining his request may write to the Assistant Secretary for Administration and Management, U.S. Department of Labor, 200 Constitution Avenue, NW, Washington, DC 20210–0002.
    The specific procedures for allowing an individual to gain access to their information are provided in Title 29, CFR Part 71.2
  • What are the procedures for correcting inaccurate or erroneous information?
    An individual may submit a request for correction or amendment of a record pertaining to him. The request must be in writing and must be addressed to the Office of the Solicitor of Labor (SOL), Deputy Solicitor, 200 Constitution Avenue, NW, Washington, DC 20210. The request must identify the particular record in question, state the correction or amendment sought, and set forth the justification for the change. Both the envelope and the request itself must be clearly marked: “Privacy Act Amendment Request.”
    The specific procedures for correcting inaccurate or erroneous information are provided in Title 29 CFR 71.9.
  • How are individuals notified of the procedures for correcting their information?
    This information is published in the Federal Register entry for the system. Also, www.dol.gov provides “Important Web Site Notices” which contains the department's Privacy and Security Policies. This is found on the initial page of the website or directly at http://www.dol.gov/dol/aboutdol/website-policies.htm.
  • If no formal redress is provided, what alternatives are available to the individual?
    When a request for correction or amendment is denied in whole or in part, the requester may appeal the denial to the Solicitor of Labor within 90 days of his receipt of the notice denying his request.
  • Privacy Impact Analysis
    There is minimal risk to the data integrity of PII stored in the WMS because it is well protected by numerous security controls. Data integrity is primarily accomplished because access to data is restricted to authorized personnel within SOL and information is only shared internally for the purpose of opening, updating, or closing a matter. Privacy data is also protected by ensuring that privacy and security awareness training is provided annually by DOL. Specifically, mandatory DOL Information Systems Security and Privacy Awareness Training are provided to all employees and contractors of SOL. Even without specific training, however, the risk of unauthorized access to the WMS data is minimal due to the existing security controls in place and the limited use of PII.
    The following are NIST SP 800-53 security controls that mitigate the risks associated with the accuracy of information are mitigated through the following NIST SP 800-53 controls:
  • Technical Controls
    • System and Communications Protection (SC):
      • Boundary Protection
      • Transmission Integrity
      • Transmission Confidentiality
  • Operational Controls
  • System and Information Integrity (SI)
  • Software and Information Integrity
  • Information Input Restrictions
  • Information Accuracy, Completeness, Validity, and Authenticity


Technical Access and Security

The following questions are intended to describe technical safeguards and security measures.

  • What procedures are in place to determine which users may access the system and are they documented?
    SOL has documented Access Control procedures in place which ensures the access to the WMS is established in compliance with the DOL computer security handbook. The applicable NIST SP 800-53 management, operational and technical controls access control requirements are employed or are being employed for the WMS.
    Highlights of the SOL procedures access include:
    • single sign-on and automatic enforcement of login via Windows Active Directory Services before execution of the WMS is possible
    • role-based security
    • least privilege access
    • access provided strictly on the basis of approved authorizations
    • Rules of Behavior
    • automatic removal of inactive accounts
  • Will Department contractors have access to the system?
    Yes, the WMS is accessed by program developers and system administrators who are authorized contractors of the Department of Labor/Office of the Solicitor, for the purpose of developing, testing, administering and operating the system.
  • Describe what privacy training is provided to users, either generally or specifically relevant to the program or system?
    Annual mandatory DOL Information Systems Security and Privacy Awareness Training are provided to all employees and contractors of SOL.
  • What auditing measures and technical safeguards are in place to prevent misuse of data?
    Within the WMS there are specific user roles (groups) defined which provide varying levels of access to data stored in the WMS. Functions are divided among different individuals based on the role they play on a matter. Users can only modify and view the matters to which they are assigned. Users can only modify and view their own time entry records.

    Within the LSS there are specific user roles defined which provide varying levels of access to data stored in the LSS. Additionally, users are only allowed access to litigation cases to which they are assigned. Auditing functionality exists within the LSS that records user actions in audit logs. These audit logs are reviewed on a recurring basis for unusual and suspicious events. Audit logs are backed up for a specified period of time and are protected from access by unauthorized users.
  • Privacy Impact Analysis
    PII stored on the WMS is limited to information necessary for the Agency to carry out its duties and is well protected by numerous NIST SP 800-53 security controls at the application and network level. There is no direct connection between the WMS and the Internet. The WMS does not interface with any other systems except its hosting system (General Support System). PII may be shared internally with DOL program agencies through operational reporting of a specific matter.
    The following are NIST SP 800-53 security controls that mitigate the risks associated with technical access safeguards:
  • Technical Controls
    • Access Control (AC):
      • Account Management
      • Access Enforcement
      • Separation of Duties
      • Least Privilege
      • Unsuccessful Login Attempts
      • System Use Notification
      • Session Lock
      • Supervision and Review –Access
    • Audit and Accountability (AU):
      • Auditable Events
      • Content of Audit Records
      • Audit Monitoring, Analysis, and Reporting

    • Identification and Authentication:
      • Authenticator Management
    • System and Communications Protection (SC):
      • Boundary Protection
      • Transmission Integrity
      • Transmission Confidentiality

Technology

The following questions are directed at critically analyzing the selection process for any technologies utilized by the system, including system hardware, RFID, biometrics, and other technology.

  • What stage of development is the system in, and what project development life cycle was used?
    WMS is in the Operations and Maintenance Phase. The project development life cycle used is the DOL Systems Development Life Cycle Management Guide. SOLAR and TD will be decommissioned and replaced by the Matter Management System (MMS) during 2nd Quarter of FY2012.

  • Does the project employ technology which may raise privacy concerns? If so please discuss their implementation?
    No.

Determination

As a result of performing the PIA, what choices has the agency made regarding the information technology system and collection of information?

SOL has completed the PIA for WMS which is currently in operation. SOL has determined that the safeguards and controls for this moderate system adequately protect the information referenced in the WMS System Security Plan

SOL has determined that it is collecting the minimum necessary information for the proper performance of a documented agency function.