Privacy Impact Assessment Questionnaire

Technical Information Management System (TIMS) 2012

Overview

The system name and the name of the DOL component(s) which own(s) the system.
The purpose/function of the program, system, or technology and how it relates to the component’s and DOL mission
A general description of the information in the system.
A description of a typical transaction conducted on the system.
Any information sharing conducted by the program or system.
A general description of the modules and subsystems, where relevant, and their functions.
Where appropriate, a citation to the legal authority to operate the program or system.
A description of why the PIA is being conducted.

TIMS is a database and document imaging system which serves as an information repository for a number of OSHA programs managed by the Directorate of Technical Support and Emergency Management (DTSEM). TIMS hosts three separate applications:

TDC Bibliographic database - Contains records of document collections maintained in the National and Regional Technical Information Offices.
Variance Office program application - Manages employer requests for variances from specific provisions of the OSHA standards.
Occupational Safety and Health Response Annex (OSHRA) application - Collects and store safety and health intervention information gathered in conjunction with OSHA assistance provided during disaster recovery work.

Only the last of the applications, OSHRA, is the subject of Appendix B, Privacy Impact Assessment Questionnaire.

The database server and supporting application server are integrated into the GSS of the Agency (OSHANet). Server security is largely administered by the GSS staff.

Tablet computers are used to collect the OSHRA industrial hygiene and safety data gathered during disaster recovery work and when not in use are stored at OSHA’s Cincinnati Technical Center (CTC). A typical transaction is the collection of general information about the worksite, the type of work, the company completing the work, observed hazards, and whether OSHA pamphlets were distributed to the workers. Where workers might be exposed to toxic substances, contact information is collected in case the Agency would need to notify them at a later date. It is this last information that is considered PI. The collected intervention information can be uploaded to the TIMS Oracle computer through an Internet application. Industrial hygiene monitoring data will be passed to the Salt Lake Technical Center (SLTC) where it will be evaluated. Once available, sampling results are transferred to the TIMS and attached to the intervention record.

The core operations of the Technical Information Management System (TIMS) are hosted in the Technical Data Center, N2625, Francis Perkins Building, Department of Labor, Washington, D.C. The servers are secured in a locked room within the Center.

Characterization of the Information

The following questions are intended to define the scope of the information requested and/or collected as well as reasons for its collection as part of the program, system, or technology being developed.
Specify whether the system collects personally identifiable information (PII) on DOL employees, other federal employees, contractors, members of the public (U.S. citizens), foreign citizens, or minor children.

The system collects personally identifiable information (PII) on members of the public who are employed in clean-up operations where disaster recovery efforts are being made. Workers may be legally employed foreign citizens.

What are the sources of the PII in the information system?

Where industrial hygiene measurements are carried out in the vicinity of individuals working in disaster recovery areas, the worker can supply general contact information if they would like to be notified later once the exposure level has been evaluated by a laboratory. Providing contact information is not required, but helps if the individual is interested in getting personal exposure information or if the Agency has a need to contract the person at a later date.

What is the PII being collected, used, disseminated, or maintained?

Worker contact information including home address, telephone numbers.

How is the PII collected?

Inspection records are created on site either on paper or through the use of tablet computers. If tablet computers are used, the information can be uploaded via the Internet through an OSHA SSL port and entered after checking into the database.

How will the information be checked for accuracy?

It is the responsibility of the intervention team that completes the industrial hygiene evaluation to assure that a worker’s name and contact information is entered correctly and verified.

What specific legal authorities, arrangements, and/or agreements defined the collection of information?

There is no legal authority requiring the collection of this information. OSHA has a mandate to “to assure so far as possible every working man and woman in the Nation a safe and healthful working condition” and an ethical duty to provide individuals with any knowledge of possible harm from overexposure to toxic substances.

Privacy Impact Analysis

During cleanup operations the names and contact information may be collected and stored on the system in order to notify individuals of the results of toxicity sampling completed in their immediate work area. This information is given on a voluntary basis.

The PII is used by the either the OSHA Area Office or an Emergency Annex Office to contact the individual and provide them with personal exposure information.

Despite the relative low sensitivity of this PII, the system owners understand the need to ensure that this information is protected from unauthorized access and that the system’s security controls must be adequate to accomplish this. The system has been labeled “Moderate” because of the PII discussed in this document, has an Authorization to Operate (ATO) based on that classification. All of the security controls imposed by the network, OSHANet, are an important part of this defense, including boundary defenses, Active Directory controlled settings and protection from malicious software.

Uses of the PII

The following questions are intended to clearly delineate the use of information and the accuracy of the data being used.

Describe all the uses of the PII

Names and contact information are used to contact individuals and provide them with the results of sampling for toxic substances conducted in their immediate work area (breathing zone.)

What types of tools are used to analyze data and what type of data may be produced?

None.

Will the system derive new data, or create previously unavailable data, about an individual through aggregation of the collected information?

No.

If the system uses commercial or publicly available data, please explain why and how it is used.

N/A.

Privacy Impact Analysis

Name and contact information is only used either to contact or to confirm the identity of an individual who contacts the Agency in order to provide that individual with the results of personal sampling for toxic exposure. The contact information is only shared with Agency personnel who are directly involved with providing the exposure information with the worker. The PII information is used for no other purposes.

Retention

The following questions are intended to outline how long information will be retained after the initial collection.

How long is information retained in the system?

25 years.

Has the retention schedule been approved by the DOL agency records officer and the National Archives and Records Administration (NARA)?

Yes.

How is it determined that PII is no longer required?

The PII that is collected is limited to name and contact information and is given freely by the individual. It is retained for a 25 year period in case additional knowledge is learned of the toxic substance or the level of exposure and it is found necessary to contact the exposed individual.

What efforts are being made to eliminate or reduce PII that is collected, stored, or maintained by the system if it is no longer required?

PII collected is very minimal and is not comprised of sensitive PII. Because the may always be a need to contact the individual, to recommend medical follow-up for example, the Agency feels it is important to keep names of exposed individuals for a reasonable period of time.

Privacy Impact Analysis

It is expected that the OSHRA records, including name and contact information for sampled workers will be held for a period of 25 years. This is considered appropriate given the low sensitivity of the PI collected and the possible need to contact a worker, given learned new information about a substance’s toxicity or the measured level of exposure, at a time far after the original collection exposure date.

Internal Sharing and Disclosure

The following questions are intended to define the scope of sharing within the Department of Labor.

With which internal organization(s) is the PII shared, what information is shared, and for what purpose?

PII information is not expected to be shared with any other internal DOL organization.

How is the PII transmitted or disclosed?

N/A.

Privacy Impact Analysis

There are no plans to share OSHRA PII date with any internal organization within the DOL.

External Sharing and Disclosure

The following questions are intended to define the content, scope, and authority for information sharing external to DOL which includes federal, state, and local government, and the private sector.

With which external organization(s) is the PII shared, what information is shared, and for what purpose?

None.

Is the sharing of PII outside the Department compatible with the original collection? If so, is it covered by an appropriate routine use in a SORN? If so, please describe. If not, please describe under what legal mechanism the program or system is allowed to share the PII outside of DOL.

N/A.

How is the information shared outside the Department and what security measures safeguard its transmission?

N/A.

Privacy Impact Analysis

The agency does not plan to share collected PII with any organizations outside of the Agency.

Notice

The following questions are directed at notice to the individual of the scope of PII collected, the right to consent to uses of said information, and the right to decline to provide information.

Was notice provided to the individual prior to collection of PII?

Name and contact information is obtained directly from the individual and the purpose, to notify the individual of their possible exposure to toxic substances, is explained at the time the industrial hygiene sampling is conducted.

Do individuals have the opportunity and/or right to decline to provide information?

Yes. Names and contact information are given voluntarily if the individual wants to be notified of industrial sampling results concerning their possible exposure to toxic substances.

Do individuals have the right to consent to particular uses of the information? If so, how does the individual exercise the right?

No other use of the information is envisioned.

Privacy Impact Analysis

Individuals are made aware of the use of PII at the time they provide this information to the field evaluation team. Providing this information is voluntary and this point must be explained to the worker. If provided, name and contact information is used for no other purpose than to notify the individual of the results of industrial hygiene sampling conducted in their immediate work area.

Access, Redress, and Correction

The following questions are directed at an individual’s ability to ensure the accuracy of the information collected about them.

What are the procedures that allow individuals to gain access to their information?

Individuals can contact the OSHA Technical Data Center at the following address if they wish to review their contact information:

US Department of Labor - OSHA
Technical Data Center
Room N-2625
200 Constitution Avenue, N.W.
Washington, DC 20210
(202)693-2350
e-mail: TechnicalDataCenter@dol.gov

What are the procedures for correcting inaccurate or erroneous information?

Individuals who feel that there contact information has been recorded inaccurately can contact the OSHA Technical Data Center at the address given above for procedures to correct the information.

How are individuals notified of the procedures for correcting their information?

Individuals may contact the Technical Data Center at the above address.

If no formal redress is provided, what alternatives are available to the individual?

Individuals may contact the Technical Data Center at the above address.

Privacy Impact Analysis

Name and contact information is collected by the agency in order to notify the individual and correctly recording this information is to the benefit of both parties. It is important to the Agency that this information is correct. Although is no formal redress procedure, individuals can contact Technical Data Center staff in order to review their contact information and, in necessary, request corrections.

Technical Access and Security

The following questions are intended to describe technical safeguards and security measures.

What procedures are in place to determine which users may access the system and are they documented?

OSHRA information is stored on the Technical Information Retrieval System (TIMS) maintained by the OSHA Technical Data Center which has received a Department of Labor Authority to Operate at a security level appropriate for the sensitivity of the PII stored on the system. Access is limited to only those OSHA staff who have a need to work with the information. Outside access is further protected by the network firewalls and security protection. PII is encrypted when it is passed over the network. All users of the internal network must abide by the rules of the network and must electronically sign Rules of Behavior and take an annual course.

Will Department contractors have access to the system?

Yes. Contactors are involved with the maintenance of the system.

Describe what privacy training is provided to users, either generally or specifically relevant to the program or system?

All OSHA employees are given general training in the importance of protecting privacy information. DSTM staff work on the OSHRA project receive specific instruction on the need to record the information accurately and the need to ensure that it only be used for the intended purpose and that access is restricted to only appropriate OSHA staff.

What auditing measures and technical safeguards are in place to prevent misuse of data?

Access to the supporting network and to the database management system is controlled through logon procedures which meet Department of Labor requirements for password complexity. Access logons and attempted logons are audited. All user interfaces provided are restricted to read-only access. The system is further protected by the by the access controls and technical safeguards of the network.

Privacy Impact Analysis

To prevent unauthorized disclosure of PII information it is important to maintain an appropriate level of security. The OSHRA module resides on the Technical Information Retrieval System (TIMS) which has an authorization to operate from the Department of Labor and a security level deemed appropriate to protect PPI of this nature. In addition, the tablets used in the collection of this information are password protected and all the information on them encrypted in case the machine is lost or stolen. All transfers of the information over the Internet or the internal network are protected against disclosure through encryption. The system is further protected from outside intrusion by the access controls, firewalls and other security measures of the Agency network.

Technology

The following questions are directed at critically analyzing the selection process for any technologies utilized by the system, including system hardware, RFID, biometrics, and other technology.

What stage of development is the system in, and what project development life cycle was used?

The information is currently stored on the TIMS which is operational and has an ATO from the Department of Labor. The OSHRA module is largely complete with some ongoing development and maintenance work.

Does the project employ technology which may raise privacy concerns? If so please discuss their implementation?

No.

Determination

As a result of performing the PIA, what choices has the agency made regarding the information technology system and collection of information?

OSHA has completed the PIA for Technical Information Management System (TIMS) which is currently in operation. OSHA has determined that the safeguards and controls for this moderate system adequately protect the information.
OSHA has determined that it is collecting the minimum necessary information for the proper performance of a documented agency function.