Skip to page content
Office of the Chief Information Officer
Bookmark and Share

Privacy Impact Assessment Questionnaire

Technical Information Management System (TIMS) 2013

Overview

The Technical Management Information System (TIMS) supports an Oracle DBMS that serves as an information repository for Occupational Safety Health Administration (OSHA) programs managed by the Directorate of Technical Support and Emergency Management (DTSEM). The Occupational Safety and Health Response Annex (OSHRA) application, residing on TIMS, is used to collect and store safety and health intervention information gathered during major disaster recovery work. Some of the information collected in OSHRA is considered to be personal information and this application is addressed in the questionnaire.

The database server and supporting application server are integrated into OASAM's OCIO managed GSS. Security of the TIMS's server is largely administered by the GSS staff which also maintains network and perimeter security.

Tablet computers are used to collect the OSHRA industrial hygiene and safety data gathered during disaster recovery work and are stored, when not in use, at OSHA's Cincinnati Technical Center (CTC). A typical record includes general information about the worksite, including the type of work being carried out, the identity of the company completing the work, as well as information about observed hazards and whether OSHA pamphlets were distributed to the workers. Where workers might be exposed to toxic substances, contact information is collected in case the Agency needs to notify the workers at a later date. It is collection of this personnel information that is considered to be potentially low level personally identifiable information or PII.

The collected intervention information can be uploaded to the TIMS Oracle computer through an Internet application. Industrial hygiene monitoring data is passed to the Salt Lake Technical Center (SLTC) where it is evaluated. Once available, the sampling results are transferred to the TIMS and attached to the intervention record.

The TIMS's servers are hosted in the Technical Data Center, N2625, Francis Perkins Building, Department of Labor Washington, D.C. The servers are secured in a locked room within the Center.

Characterization of the Information

The following questions are intended to define the scope of the information requested and/or collected as well as reasons for its collection as part of the program, system, or technology being developed. Specify whether the system collects personally identifiable information (PII) on DOL employees, other federal employees, contractors, members of the public (U.S. citizens), foreign citizens, or minor children.

What are the sources of the PII in the information system?

Where industrial hygiene measurements are carried out in the vicinity of individuals working in disaster recovery areas, that worker can supply general contact information if they would like to be notified later once the exposure level has been evaluated by a laboratory. Providing contact information is not required, but helps if the individual is interested in getting personal exposure information or if the Agency has a need to contract the person at a later date.

What is the PII being collected, used, disseminated, or maintained?

Worker contact information, including home addresses and telephone numbers.

How is the PII collected?

Inspection records are created on site either on paper or through the use of tablet computers. If tablet computers are used, the information can be uploaded via the Internet through an OSHA SSL port and entered after checking into the database.

How will the information be checked for accuracy?

It is the responsibility of the intervention team that completes the industrial hygiene evaluation to assure that a worker's name and contact information is entered correctly and verified.

What specific legal authorities, arrangements, and/or agreements defined the collection of information?

There is not a specific legal authority requiring the collection of this information. OSHA has a mandate to protect America's workers as stated in the OSH Act, "To assure safe and healthful working conditions for working men and women ."

Privacy Impact Analysis

During cleanup operations the names and contact information may be collected and stored on the system in order to notify individuals of the results of toxicity sampling completed in their immediate work area. This information is given on a voluntary basis.

The non-sensitive PII is used by either the OSHA Area Office or an Emergency Annex Office to contact the individual and provide them with personal exposure information.

Despite the relative low sensitivity of this PII, the system owners understand the need to ensure that this information is protected from unauthorized access and that the system's security controls must be adequate to accomplish this. The system has been labeled "Moderate" because of the PII discussed in this document, and has an Authorization to Operate (ATO) based on that classification. All of the security controls imposed by the network, OSHANet, are an important part of this defense, including boundary defenses, Active Directory controlled settings and protection from malicious software.

Uses of the PII

The following questions are intended to clearly delineate the use of information and the accuracy of the data being used.

Describe all the uses of the PII

Names and contact information are used to contact individuals and provide them with the results of sampling for toxic substances conducted in their immediate work area (breathing zone.)

What types of tools are used to analyze data and what type of data may be produced?

None.

Will the system derive new data, or create previously unavailable data, about an individual through aggregation of the collected information?

No.

If the system uses commercial or publicly available data, please explain why and how it is used.

N/A.

Will the use of PII create or modify a "system of records notification" under the Privacy Act?

In respect to TIMS, the use of non-sensitive PII is not expected to require the creation or modification of a system of records notification as defined under the Privacy Act.

Is the agency's use of PII regarding third-party website or application consistent with all applicable laws, regulations and policies?

N/A. TIMS does not utilize a third-party website or application support.

Privacy Impact Analysis

Name and contact information is only used either to contact or to confirm the identity of an individual who contacts the Agency in order to provide that individual with the results of personal sampling for toxic exposure. The contact information is only shared with Agency personnel who are directly involved with providing the exposure information with the worker. The PII information is used for no other purposes.

Retention

The following questions are intended to outline how long information will be retained after the initial collection.

How long is information retained in the system?

25 years.

Is a retention period established to minimize privacy risk?

Yes

Has the retention schedule been approved by the DOL agency records officer and the National Archives and Records Administration (NARA)?

Yes.

What efforts are being made to eliminate or reduce PII that is collected, stored or maintained by the system if it is no longer required?

The non-sensitive PII that is collected is limited to name and contact information and is given freely by the individual. It is retained for a 25 year period in case additional knowledge is learned of the toxic substance or the level of exposure and it is found necessary to contact the exposed individual.

How is it determined that PII is no longer required?

The non-sensitive PII that is collected is limited to name and contact information and is given freely by the individual. It is retained for a 25 year period in case additional knowledge is learned of the toxic substance or the level of exposure and it is found necessary to contact the exposed individual.

Privacy Impact Analysis

It is expected that the OSHRA records, including name and contact information for sampled workers will be held for a period of 25 years. This is considered appropriate given the low sensitivity of the PII collected and the possible need to contact a worker, given learned new information about a substance's toxicity or the measured level of exposure, at a time after the original collection exposure date.

Internal Sharing and Disclosure

The following questions are intended to define the scope of sharing within the Department of Labor.

With which internal organization(s) is the PII shared, what information is shared, and for what purpose?

Non-sensitive PII information is not expected to be shared with any other internal DOL organization.

How is the PII transmitted or disclosed?

N/A.

Privacy Impact Analysis

There are no plans to share OSHRA PII data with any internal organization within the DOL.

External Sharing and Disclosure

The following questions are intended to define the content, scope, and authority for information sharing external to DOL which includes federal, state and local government, and the private sector.

With which external organization(s) is the PII shared, what information is shared, and for what purpose?

None.

Is the sharing of PII outside the Department compatible with the original collection? If so, is it covered by an appropriate routine use in a SORN? If so, please describe. If not, please describe under what legal mechanism the program or system is allowed to share the PII outside of DOL.

N/A.

How is the information shared outside the Department and what security measures safeguard its transmission? N/A.

Privacy Impact Analysis

The agency does not plan to share collected PII with any organizations outside of the Agency.

Notice

The following questions are directed at notice to the individual of the scope of PII collected, the right to consent to uses of said information, and the right to decline to provide information.

Was notice provided to the individual prior to collection of PII?

Name and contact information is obtained directly from the individual and the purpose, to notify the individual of their possible exposure to toxic substances, is explained at the time the industrial hygiene sampling is conducted.

Do individuals have the opportunity and/or right to decline to provide information?

Yes. Names and contact information are given voluntarily if the individual wants to be notified of industrial sampling results concerning their possible exposure to toxic substances.

Do individuals have the right to consent to particular uses of the information? If so, how does the individual exercise the right?

No other use of the information is envisioned.

Privacy Impact Analysis

Individuals are made aware of the use of non-sensitive PII at the time they provide this information to the field evaluation team. Providing this information is voluntary and this point must be explained to the worker. If provided, name and contact information is used for no other purpose than to notify the individual of the results of industrial hygiene sampling conducted in their immediate work area.

Access, Redress and Correction

The following questions are directed at an individual's ability to ensure the accuracy of the information collected about them.

What are the procedures that allow individuals to gain access to their information?

Individuals can contact the OSHA Technical Data Center at the following address if they wish to review their contact information:

      US Department of Labor - OSHA
      Technical Data Center
      Room N-2625
      200 Constitution Avenue, N.W.
      Washington, DC 20210
      (202) 693-2350
      e-mail: TechnicalDataCenter@dol.gov

What are the procedures for correcting inaccurate or erroneous information?

Individuals who feel that their contact information has been recorded inaccurately can contact the OSHA Technical Data Center at the addresses given above for procedures to correct the information.

How are individuals notified of the procedures for correcting their information?

Individuals are informed of the contact information for the Technical Data Center at the above addresses.

If no formal redress is provided, what alternatives are available to the individual?

N/A.

Privacy Impact Analysis

Name and contact information is collected by the agency in order to notify the individual and correctly recording this information is to the benefit of both parties. It is important to the Agency that this information is correct. The redress procedure allows individuals contact information for the Technical Data Center staff in order to review their contact information and, if necessary, request corrections.

Technical Access and Security

The following questions are intended to describe technical safeguards and security measures.

What procedures are in place to determine which users may access the system and are they documented?

OSHRA information is stored on TIMS which has received a Department of Labor Authority to Operate at a security level appropriate for the sensitivity of the PII stored on the system. Access is limited to only those OSHA staff that have a need to work with the information. Outside access is further protected by the network firewalls and security protection. PII is encrypted when it is passed over the network. All users of the internal network must abide by the rules of the network and must electronically sign Rules of Behavior and take an annual course.

Will Department contractors have access to the system?

Yes. Contactors are involved with the maintenance of the system.

Describe what privacy training is provided to users, either generally or specifically relevant to the program or system?

All OSHA employees are given general training in the importance of protecting privacy information, as well as annual security awareness training. Directorate staff who work on the OSHRA project receive specific instruction on the need to record the information accurately and to ensure that it only be used for the intended purpose, and that access is restricted to only appropriate OSHA staff.

What auditing measures and technical safeguards are in place to prevent misuse of data?

Access to the supporting network and to the database management system is controlled through logon procedures which meet Department of Labor requirements for password complexity. Access logons and attempted logons are audited. All user interfaces provided are restricted to read-only access. The system is further protected by the access controls and technical safeguards of the network.

Privacy Impact Analysis

To prevent unauthorized disclosure of PII information it is important to maintain an appropriate level of security. The OSHRA module resides on TIMS which has an authorization to operate from the Department of Labor and a security level deemed appropriate to protect PII of this nature. In addition, the tablets used in the collection of this information are password protected and all the information on them encrypted in case the machine is lost or stolen. All transfers of the information over the Internet or the internal network are protected against disclosure through encryption. The system is further protected from outside intrusion by the access controls, firewalls and other security measures of the Agency network.

Technology

The following questions are directed at critically analyzing the selection process for any technologies utilized by the system, including system hardware, RFID, biometrics, and other technology.

What stage of development is the system in, and what project development life cycle was used?

The information is currently stored on the TIMS, which is operational and has an ATO from the Department of Labor.

Does the project employ technology which may raise privacy concerns? If so please discuss their implementation?

No.

Determination

As a result of performing the PIA, what choices has the agency made regarding the information technology system and collection of information?

OSHA has completed the PIA for the Technical Information Management System (TIMS) which is currently in operation. OSHA has determined that the safeguards and controls for this moderate system adequately protect the information.

OSHA has determined that it is collecting the minimum necessary information for the proper performance of a documented Agency function.