Skip to page content
Office of the Chief Information Officer
Bookmark and Share

Privacy Impact Assessment Questionnaire

OSHA Information System FY13

Overview

The Occupational Safety and Health Information System (OIS) is the next generation replacement system for the legacy OSHA Information Management Information System (IMIS).

The IMIS was designed in 1991. Data in IMIS is restricted to Enforcement, Consultation, and Whistleblower information. Since 1991 many new program areas and regulatory areas have been authorized and implemented such as the Voluntary Protection Program (VPP), Alliances, and Partnerships. These program areas are not currently addressed in the IMIS. In addition, the IMIS is unable to incorporate current information from several data sources such as the OSHA data initiative which identifies work establishments with high injury/illness rates, OSHA and Consultation Labs, and data from various OSHA sources that identifies high hazard work sites.

The agency envisions OIS to be a single comprehensive system for all program and regulatory practice as identified by the Program Management Office (PMO) of OIS. These areas include capabilities currently contained in the Enforcement Application, Consultation Application, and will include components for Voluntary Protection Program Evaluations, Homeland Security Response and Recovery activity, Compliance Assistance, Partnerships, and Whistleblower. The OIS is a web-based solution that will give OSHA new, powerful analytical tools to help identify injury, illness and fatality trends at local and national levels. It will help support the direction of the agency set forth in OSHA's Strategic Management Plan.

OIS is an integrated thin client automated solution for automating OSHA's business processes. OIS is a web-based multi-tiered system supported by an Oracle database. OIS bridges independent software stove pipes located at Federal and several external organizations that develop information for OSHA under contract. OIS will use open-source technology, enabled by XML to eliminate duplicative data entry by end users. OIS will close the gaps that exist now with the existing IMIS system.

The system will be used by over 5,200 Federal employees, including 1,100 field investigators; 24 State OSHA programs with 3,100 users; consultation program users in each of the 50 states; and investigative assistance employees enforcing Whistleblower statutes in 50 states.

The OIS Authority to Operate (ATO) can be found in CSAM. The OIS ATO will expire on March, 11 2014.

Characterization of the Information

The following questions are intended to define the scope of the information requested and/or collected as well as reasons for its collection as part of the program, system, or technology being developed.

Specify whether the system collects personally identifiable information (PII) on DOL employees, other federal employees, contractors, members of the public (U.S. citizens), foreign citizens, or minor children.

IS collects and maintain information in identifiable form. OIS PII data will not be available or disseminated to the public. All PII data related to Consultation and/or Enforcement data is redacted prior to being made public via the FOIA process.

What are the sources of the PII in the information system?

There are numerous sources of PII within OIS, but the majority of PII is collected from interactions through the consultation, enforcement, whistle blower and emergency response subsystems.

What is the PII being collected, used, disseminated, or maintained?

PII being collected includes first/last name, date of birth, home addresses, personal phone numbers, mailing addresses and email addresses, EIN/TIN for establishments.

Additionally OIS may potentially contain subpoena and warrant information, including the actual documents as attachments captured in OIS.

How is the PII collected?

PII is typically collected during interactions with private business establishments and direct contact with individuals.

How will the information be checked for accuracy?

PII is typically checked for accuracy at the point of collection. As it has not been specified as a requirement, OIS does not have the capability to provide manual or automated accuracy check of PII data.

What specific legal authorities, arrangements, and/or agreements defined the collection of information?

The Occupational Safety and Health Act of 1970 and Presidential Document, Executive Order 12196 of February 26, 1980.

What is the purpose or use of the PII collection for the third-party website or application?

N/A

Will PII become available to the agency through public use of a third-party website or application?

N/A

Is the PII collection from a 3rd party website or application voluntary?

N/A

N/A

Privacy Impact Analysis

Privacy risks in the OIS are moderate and will be mitigated by implementation of granular access control to the data within OIS. Upon careful review of system design documentation, the OIS Risk Assessment, Role Categorization and OIS Wireframes, user roles were defined based on access privileges, data type accessed and role categorization. By mapping user roles to data accessed and user access rights, we were able to determine the various transactions that might be conducted within the OIS System have adequate controls implemented to ensure Privacy risks to the captured OIS PII data is minimal. The PII data captured within OIS is primarily business contact information. The OIS will implement all security requirements as identified by NIST 800-53 and the DOL Computer Security Handbook (CSH) for a moderate system.

Uses of the PII

The following questions are intended to clearly delineate the use of information and the accuracy of the data being used.

Describe all the uses of the PII

The use of PII is limited with OIS. Most PII managed and maintained in OIS is contact information for individuals at business establishments. Home addresses and home numbers are collected in the Emergency Response subsystem of OIS to provide necessary contact information for OSHA Emergency response personnel. Additional PII, specifically date-of-birth, or alternatively, current age, is collected on victims of workplace accidents within the Enforcement subsystems of OIS to create summary reports on workplace accidents.

What types of tools are used to analyze data and what type of data may be produced?

OIS will include reporting tools to provide managers essential information to manage their program areas at each organizational level including Consultation programs, State OSHA programs, Federal areas, regions, and national offices.

Will the system derive new data, or create previously unavailable data, about an individual through aggregation of the collected information?

OIS will not provide new data about an individual through the aggregation of collected information.

If the system uses commercial or publicly available data, please explain why and how it is used.

Publicly available data that may be used in OIS includes:

  • NAICS/SIC codes
  • Zip Codes

Any data on a business, i.e. business environment that is publically available can be used to ascertain a complete profile for use in consults or investigations.

Will the use of PII create or modify a "system of records notification" under the Privacy Act?

The use of PII in the OIS will not create or modify a "system of records notification" under the Privacy Act.

Is the agencies use of PII regarding third-party website or application consistent with all applicable laws, regulations and policies?

N/A

Privacy Impact Analysis

After reviewing system design documentation, the OIS Risk Assessment, Role Categorization and OIS Wireframes, user roles were defined based on access privileges, data type accessed and role categorization. By mapping user roles to data accessed and user access rights, we were able to determine the various transactions that might be conducted within the OIS System have adequate controls implemented to ensure Privacy risks to the captured OIS PII data is minimal. The PII data captured within OIS is primarily business contact information. The OIS will implement all security requirements as identified by NIST 800-53 and the DOL Computer Security Handbook (CSH) for a moderate system.

Retention

The following questions are intended to outline how long information will be retained after the initial collection.

How long is information retained in the system?

The OIS system facilitates retention of case files based on approved DOL retention schedule as described in OSHA directives 1474, 1475 and 1476, which can be for up to 30 years, i.e. Health Sampling. OIS requirements state that the system shall retain OIS user data at an offsite tape storage facility for a period of three years.

Is a retention period established to minimize privacy risk?

The retention period will be established by approval from NARA when the OIS has received an approved schedule.

Has the retention schedule been approved by the DOL agency records officer and the National Archives and Records Administration (NARA)?

Yes.

What efforts are being made to eliminate or reduce PII that is collected, stored or maintained by the system if it is no longer required?

The retention period will be established by approval from NARA when the OIS has received an approved schedule.

How is it determined that PII is no longer required?

The retention period will be established by approval from NARA when the OIS has received an approved schedule.

Privacy Impact Analysis

Privacy risks related to captured OIS PII is minimal i.e. "moderate" due to OIS security controls in accordance with DOL CSH moderate security control implementation as well as the nature of the captured PII. Captured PII within OIS is primarily business contact information.

Internal Sharing and Disclosure

The following questions are intended to define the scope of sharing within the Department of Labor.

With which internal organization(s) is the PII shared, what information is shared, and for what purpose?

PII information may be shared with the DOL Solicitor's office to support legal action taken against an establishment. The OIS information to be provided would enable the solicitor's office to obtain a warrant, prepare for a contested case, and/or reviewing case files specifically related to a case.

How is the PII transmitted or disclosed?

OIS PII is transmitted to the DOL Solicitor's office via paper printouts as well electronic e-mail with associated document attachments.

Privacy Impact Analysis

After reviewing system design documentation, the OIS Risk Assessment, Role Categorization and OIS Wireframes, user roles were defined based on access privileges, data type accessed and role categorization. By mapping user roles to data accessed and user access rights, we were able to determine the various transactions that might be conducted within the OIS System have adequate controls implemented to ensure Privacy risks to the captured OIS PII data is minimal. The PII data captured within OIS is primarily business contact information. The OIS will implement all security requirements as identified by NIST 800-53 and the DOL Computer Security Handbook (CSH) for a moderate system.

External Sharing and Disclosure

The following questions are intended to define the content, scope, and authority for information sharing external to DOL which includes federal, state and local government, and the private sector.

With which external organization(s) is the PII shared, what information is shared, and for what purpose?

None

Is the sharing of PII outside the Department compatible with the original collection? If so, is it covered by an appropriate routine use in a SORN? If so, please describe. If not, please describe under what legal mechanism the program or system is allowed to share the PII outside of DOL.

N/A

How is the information shared outside the Department and what security measures safeguard its transmission?

N/A

Privacy Impact Analysis

The OIS does not share PII data with an external organization. The PII data captured within OIS is primarily business contact information. The OIS will implement all security requirements as identified by NIST 800-53 and the DOL Computer Security Handbook (CSH) for a moderate system.

Notice

The following questions are directed at notice to the individual of the scope of PII collected, the right to consent to uses of said information, and the right to decline to provide information.

Was notice provided to the individual prior to collection of PII?

PII data is collected as part of the inspection and consultation activities. Company employees are notified prior to an enforcement and/or consultation activity regarding the types of activities and information to be collected. As enforcement and consultation inspections are defendant on the differences of each organization, the OSHA enforcement and consultation officers provide individuals with applicable explanations during the inspection.

Do individuals have the opportunity and/or right to decline to provide information?

Yes, the individual is provided the opportunity to decline providing this information. However, to support OSHA workplace safety objectives, individuals are strongly encouraged to provide this information as it relates to their business contact information and activities.

Do individuals have the right to consent to particular uses of the information? If so, how does the individual exercise the right?

The OIS system is bound by the Occupational Safety and Health Act of 1970 which gives employees and their representatives the right to file a complaint and request an OSHA inspection of their workplace if they believe there is a serious hazard or their employer is not following OSHA standards. Further, the Act gives complainants the right to request that their names not be revealed to their employers.

Privacy Impact Analysis

After reviewing system design documentation, the OIS Risk Assessment, Role Categorization and OIS Wireframes, user roles were defined based on access privileges, data type accessed and role categorization. By mapping user roles to data accessed and user access rights, we were able to determine the various transactions that might be conducted within the OIS System have adequate controls implemented to ensure Privacy risks to the captured OIS PII data is minimal. The PII data captured within OIS is primarily business contact information. The OIS will implement all security requirements as identified by NIST 800-53 and the DOL Computer Security Handbook (CSH) for a moderate system.

Access, Redress and Correction

The following questions are directed at an individual's ability to ensure the accuracy of the information collected about them.

What are the procedures that allow individuals to gain access to their information?

Individual information contained within a case will not be searchable in OIS. Individuals will not be allowed access to their information in OIS.

What are the procedures for correcting inaccurate or erroneous information?

Individuals have the opportunity to review their information when information is gathered.

How are individuals notified of the procedures for correcting their information?

No procedures have been established to notify individuals of the procedures for correcting their information

If no formal redress is provided, what alternatives are available to the individual?

No alternatives have been established to allow for formal redress

Privacy Impact Analysis

After reviewing system design documentation, the OIS Risk Assessment, Role Categorization and OIS Wireframes, user roles were defined based on access privileges, data type accessed and role categorization. By mapping user roles to data accessed and user access rights, we were able to determine the various transactions that might be conducted within the OIS System have adequate controls implemented to ensure Privacy risks to the captured OIS PII data is minimal. The PII data captured within OIS is primarily business contact information. The OIS will implement all security requirements as identified by NIST 800-53 and the DOL Computer Security Handbook (CSH) for a moderate system.

Technical Access and Security

The following questions are intended to describe technical safeguards and security measures.

What procedures are in place to determine which users may access the system and are they documented?

OIS access controls are designed to be very granular and flexible. Access to OIS data and processing will be provided on a need basis as defined by OSHA federal and state policies and procedures. All OIS access policies and procedures will be documented.

Will Department contractors have access to the system?

Department contractors will have access to the OIS based on their job function. All access to OIS will be monitored via OIS auditing mechanisms.

Describe what privacy training is provided to users, either generally or specifically relevant to the program or system?

All OIS users will be required to review and sign the OIS Rules of Behavior. Further, all OSHA employees must comply with Departmental Computer Security and Privacy Awareness training.

What auditing measures and technical safeguards are in place to prevent misuse of data?

In addition to granular access controls and tightly controlled access to sensitive data elements, full auditing of data access is planned for the production OIS application in accordance with NIST 800-53 and DOL Computer Security Handbook policies and procedures for a "moderate" system.

Additional information on auditing measures and technical safeguards are addressed in the OIS System Security Plan (SSP).

Privacy Impact Analysis

Privacy risks related to captured OIS PII is minimal i.e. "moderate" due to planned OIS security controls as well as the nature of the captured PII. Captured PII within OIS is primarily business contact information. The OIS will implement all security requirements as identified by NIST 800-53 and the DOL Computer Security Handbook (CSH) for moderate systems.

Technology

The following questions are directed at critically analyzing the selection process for any technologies utilized by the system, including system hardware, RFID, biometrics, and other technology.

What stage of development is the system in, and what project development life cycle was used?

OIS is currently in the Department of Labor's System Development Life Cycle Management's (SDLCM) operational phase.

Does the project employ technology which may raise privacy concerns? If so please discuss their implementation?

OIS will not employ technologies, which may raise privacy concerns. The OIS implements all security requirements as identified by NIST 800-53 and the DOL Computer Security Handbook (CSH) for a moderate system.

Determination

As a result of performing the PIA, what choices has the agency made regarding the information technology system and collection of information?

OSHA has completed the PIA for the OIS which is currently in operation. OSHA has determined that the safeguards and controls for this moderate system adequately protect the information.

OSHA has determined that it is collecting the minimum necessary information for the proper performance of a documented agency function.