Privacy Impact Assessment Questionnaire
OSHA – WEBIMIS – FY2011
- System Name: WebIMIS Whistleblower Application
- The purpose of WebIMIS Whistleblower System is to support OSHA's Whistleblower Protection Program by housing case data. The Office of the Whistleblower Protection Program (OWPP) supports the Whistleblower Protection Program in enforcing Section 11(c) of the Occupational Safety and Health (OSH) Act and fifteen other Whistleblower statutes.
- The system runs on an Oracle Web-Based architecture. The Whistleblower Application captures the Form 87 data into the Oracle database and supports reporting for open/pending cases for the Investigators for all Reporting IDs (RIDS). The Web IMIS Whistleblower application functionality is as follows:
- Captures the Form 87 data into the Web IMIS Oracle Host,
- Links to the query and report generator,
- Prints blank and filled Form 87,
- Links to Establishment processing for Respondent verification and consistency,
- Lists open/pending cases specific for the Investigator for all RIDs assigned. WebIMIS Whistleblower application is a Web-based system enabling users to access and manipulate IMIS Whistleblower data. All OSHA staff interact with the WebIMIS over standard Web browser clients (e.g. I.E.). The WebIMIS applications use SSL for encryption, LDAP for user authentication and application authorization through database roles and privileges. Data from the WebIMIS is sent nightly to the Sungard Mainframe HOST System. This is OSHA's primary hosting system for all data. Data is transmitted using a restricted 'ftp' between the WebIMIS Production System and the HOST Mainframe.
- The Whistleblower Application collects significant data to enable supervisors to track the investigation progress from receipt of complaint to final case determination. The six data entry screens collect all the data from the Form 87 to include:
- Additional Information
- Case Comments
- The data contained in the system contains Personally Identifiable Information (PII) on complainants.
3.2 Characterization of the Information
The following questions are intended to define the scope of the information requested and/or collected as well as reasons for its collection as part of the program, system, or technology being developed.
Specify whether the system collects personally identifiable information (PII) on DOL employees, other federal employees, contractors, members of the public (U.S. citizens), foreign citizens, or minor children.
- What are the sources of the PII in the information system?
The source of the PII is the complainant (DOL or other federal employees), who provides this information by filing a complaint with OSHA's Area, Regional or National office.
- What is the PII being collected, used, disseminated, or maintained?
The information being collected is the complainant name, address, phone numbers.
- How is the PII collected?
Complainants provide the information either orally or in writing, and then the information is entered into the WebIMIS Whistleblower Application
- How will the information be checked for accuracy?
Edit checks are in place within the application to ensure accuracy of data input. In addition, information may be verified by the investigator of the case.
- What specific legal authorities, arrangements, and/or agreements defined the collection of information?
Secretary's Order 2-2007 delegates and assigns responsibility to The Assistant Secretary for Occupational Safety and Health for administering the whistleblower programs and activities of the Department of Labor, of the following laws:
(a) Occupational Safety and Health Act of 1970, 29 U.S.C. 651, et seq.; Surface Transportation Assistance Act of 1982, 49 U.S.C. 31105; Asbestos Hazard Emergency
Response Act of 1986, 15 U.S.C. 2651; International Safe Container Act, 46 U.S.C. 80507; Safe Drinking Water Act, 42 U.S.C. 300j–9(i); Energy Reorganization Act of 1974, as amended, 42 U.S.C. 5851; Comprehensive Environmental Response, Compensation and Liability Act of 1980, 42 U.S.C. 9610(a)–(d); Federal Water Pollution Control Act, 33 U.S.C. 1367; Toxic Substances Control Act, 15 U.S.C. 2622; Solid Waste Disposal Act, 42 U.S.C. 6971; Clean Air Act, 42 U.S.C. 7622; Wendell H. Ford Aviation Investment and Reform Act for the 21st Century, 49 U.S.C. 42121; Sarbanes-Oxley Act of 2002, 18 U.S.C. 1514A; Pipeline Safety Improvement Act of 2002, 49 U.S.C. 60129; Federal Rail Safety Act, as amended by §1521 of the 9/11 Act of 2007, 49 USC §20109; National Transit Security Systems Act, §1413 of the 9/11 Act of 2007, 6 USC §1142.
- Privacy Impact Analysis
The privacy risks and associated mitigation are displayed on the sign on page of WebIMIS
This is a Department of Labor computer system. DOL computer systems are provided for the processing of official U.S. government information only. Unauthorized use of the system is prohibited and subject to criminal and civil penalties. All information contained on DOL computer systems is owned by the Department of Labor and may be monitored, intercepted, recorded, read, copied or captured, in any manner and disclosed in any manner, by authorized personnel.
THERE IS NO RIGHT OF PRIVACY IN THIS SYSTEM. System personnel may give to law enforcement officials any potential evidence of crime found on Department of Labor computer systems.
USE OF THIS SYSTEM BY ANY USER, AUTHORIZED OR UNAUTHORIZED, CONSTITUTES CONSENT TO THIS MONITORING, INTERCEPTION, RECORDING, READING, COPYING or CAPTURING and DISCLOSURE.
Authorized users are responsible for the proper handling of the Government data, equipment and resources which they access.
3.3 Uses of the PII
The following questions are intended to clearly delineate the use of information and the accuracy of the data being used.
The purpose of the Whistleblower Protection Program is to administer whistleblower protection provisions of various laws. These statutory provisions enable employees to seek a personal remedy for unlawful retaliation. Personal remedies include back wages, reinstatement, compensatory damages, etc., all of which are dependent on collecting and retaining relevant PII. In the course of an investigation, the agency must correspond with the complainant, put the respondent on notice of the complaint (which notice includes information about the complainant), provide various opportunities to give testimony, etc. The PII is relevant to all of the above statutorily required agency activities.
- What types of tools are used to analyze data and what type of data may be produced?
The application utilizes Oracle Reports as its reporting tool where users can query and analyze the data. Data output will be based on the parameter selections requested by the authorized user.
- Will the system derive new data, or create previously unavailable data, about an individual through aggregation of the collected information?
The system does not create new data. Aggregation of the data, which will be used in reporting, results in complete anonymity.
- If the system uses commercial or publicly available data, please explain why and how it is used.
Not applicable. The system does not use commercial or publicly available data.
- Privacy Impact Analysis
The system complies with NIST 800-53 controls for ensuring security of PII data. Access is to Whistleblower data and cases, is provided to authorized OSHA staff only.
The following questions are intended to outline how long information will be retained after the initial collection.
- How long is information retained in the system?
Currently, the data is available since its initial deployment. Currently the data retention period is not defined.
- Has the retention schedule been approved by the DOL agency records officer and the National Archives and Records Administration (NARA)?
- How is it determined that PII is no longer required?
- What efforts are being made to eliminate or reduce PII that is collected, stored or maintained by the system if it is no longer required?
- Privacy Impact Analysis
The data and corresponding investigative records are the property of the United States Government. Files must be maintained and destroyed in accordance with official agency schedules for retention and destruction of records.
3.5 Internal Sharing and Disclosure
The following questions are intended to define the scope of sharing within the Department of Labor.
- With which internal organization(s) is the PII shared, what information is shared, and for what purpose?
The PII data is used by authorized OSHA area, regional and national office employees.
- How is the PII transmitted or disclosed?
The Web using IMIS uses a multi-layered security infrastructure that protects the system at the network, operating system and database layers. The WebIMIS applications use SSL for encryption, LDAP for user authentication and application authorization through database roles and privileges.
- Privacy Impact Analysis
The Whistleblower application is entirely inaccessible to the public. It contains a limited amount of personal and/or privacy protected information that is not releasable to the public under the terms of the Freedom of Information Act (FOIA) (5 U.S.C. § 552a) and the Privacy Act of 1974 (5 U.S.C. § 552a (d). Sensitive information must be safeguarded against unauthorized disclosure. Some information contained in this system, if improperly safeguarded, could result in an unwarranted invasion of an individuals privacy. Therefore, maintaining the privacy of sensitive information processed via the Whistleblower application is an important security concern.
The following table outlines sensitive Whistleblower data to be protected from unauthorized disclosures, whether in electronic or paper format.
Table 1-1: Sensitive Information
First Name, Middle Name, Last Name, Salutation
(May contain sensitive information on the Complainant.)
3.6 External Sharing and Disclosure
The following questions are intended to define the content, scope, and authority for information sharing external to DOL which includes federal, state and local government, and the private sector.
- With which external organization(s) is the PII shared, what information is shared, and for what purpose?
PII information is occasionally shared with other government agencies, on a need-to-know basis, with adequate safeguards against public disclosure. The cases which include the PII data may be reported to Congress. Aggregated data such as numbers of complaints received annually under each of the laws, the number of complaints dismissed or found in favor of complainants, etc, are publicly disclosed in a variety of ways.
- Is the sharing of PII outside the Department compatible with the original collection? If so, is it covered by an appropriate routine use in a SORN? If so, please describe. If not, please describe under what legal mechanism the program or system is allowed to share the PII outside of DOL.
Yes, the PII shared is compatible with the original collection and is covered by a SORN.
- How is the information shared outside the Department and what security measures safeguard its transmission?
The WebIMIS system employs NIST-800- 53 controls.
Any information extracted from the application for the purpose of sharing is in the format of a Form 87.
- Privacy Impact Analysis
In support of OSHAs goal of achieving GISRA Level 4 compliance, Whistleblower application users are advised to follow the guidelines listed below to support a secure operating environment and to protect the privacy of our constituents.
- Reports, documents and other printed data that contain sensitive information should be immediately picked up from the printer.
- Hardcopy data and reports containing sensitive information should never be left unattended and should be secured in a locked office, desk, or cabinet.
- Hardcopy data containing sensitive information should be torn up or destroyed using shredding devices when no longer needed.
- Sensitive information sent through the mail or courier/messenger service should be delivered in sealed packaging marked "Sensitive Information, Designated Official Only" and include the name and address of the designated official.
- Spoiled media that contains sensitive information, including diskettes, tapes, and CD-ROMs should be destroyed by crushing, incinerating, shredding, or melting.
- Electronic media containing sensitive information should be sanitized according to IMIS Redesign Media Sanitization Procedures prior to being surplus or reused.
- A log should be maintained of all sensitive information provided to individuals outside the OSHA National Office or other Federal and State offices. The log should indicate when, what, why, and who received the sensitive information.
- Computer monitors should be faced away from open doors, windows, and heavily traveled areas where unauthorized users may be able to view sensitive information.
The following questions are directed at notice to the individual of the scope of PII collected, the right to consent to uses of said information, and the right to decline to provide information.
- Was notice provided to the individual prior to collection of PII?
Complainants file complaints with OSHA knowing that their PII will be retained by the agency, in full awareness that whistleblower complaints, by definition, cannot be filed anonymously or investigated without disclosing the identity of the complainant.
- Do individuals have the opportunity and/or right to decline to provide information?
Indirectly, in that they file complaints voluntarily.
- Do individuals have the right to consent to particular uses of the information? If so, how does the individual exercise the right?
No, individuals waive the right to consent to particular uses of the information, once they submit a complaint.
- Privacy Impact Analysis
Individuals are not notified of the fact that OSHA electronically manages the data they have voluntarily submitted; however, as this data is for internal and exclusively government use, and very limited disclosures (to respondents, other agencies, and Congress) are mandated by law, there is minimal risk. This risk is mitigated by controlling access to the system.
3.8 Access, Redress, and Correction (Need to rethink this section)
The following questions are directed at an individual's ability to ensure the accuracy of the information collected about them.
- What are the procedures that allow individuals to gain access to their information?
The disclosure of information in investigations records is governed by the Privacy Act. The goal of which is to protect the privacy of individuals whose names records are kept, and the Freedom of Information Act (FOIA) (5 U.S.C. § 552a).
Your request should be as specific as possible with regard to names, dates, time frames, places, events, subjects, etc. If known, you should include any file designations or descriptions of the records you want. You do not have to give a requested records name or title, but the more specific you are the more likely it will be that the record you seek can be located. For example, if you have been interviewed by a law enforcement component (such as the Occupational Safety and Health Administration) in connection with a law enforcement investigation and you request a copy of the interview report, your listing of the date and location of the interview, and the name of the interviewing agent and subject of the investigation will be helpful in deciding where to search and in determining which records respond to your request.
The Department of Labor does not require a special form in order to make a FOIA request. Requests must be in writing, either handwritten or typed. Requests may be submitted by fax, courier services, mail, or to email@example.com. In order to protect your privacy, when you make a written request for information about yourself you must provide either a notarized statement or a statement signed under penalty of perjury stating that you are the person you claim to be. You may fulfill this requirement by: (1) having your signature on your request letter witnessed by a notary, or (2) pursuant to 29 U.S.C. 1746 (2) including the following statement just before the signature on your request letter: "I declare under penalty of perjury that the foregoing is true and correct. Executed on [date]." If you request information about yourself and do not provide one of these statements, your request cannot be processed under the Privacy Act. This requirement helps to ensure that private information about you will not be disclosed to anyone else.
- What are the procedures for correcting inaccurate or erroneous information?
None. There is no PII in the system that was not originally provided by the owner of the PII, and this information is not used for any purpose that would create a risk associated with inaccurate capture of data.
- How are individuals notified of the procedures for correcting their information?
- If no formal redress is provided, what alternatives are available to the individual?
- Privacy Impact Analysis
3.9 Technical Access and Security
The following questions are intended to describe technical safeguards and security measures.
- What procedures are in place to determine which users may access the system and are they documented?
Users are granted access once the DIT HelpDesk receives a signed form from an authorizing security manager indicating the user's role and reporting office(s) they are assigned to. The processes for Handling Accounts are outlined in the WebIMIS SSP and supporting SOPs. The WebIMIS applications use SSL for encryption, LDAP for user authentication and application authorization through database roles and privileges.
- Will Department contractors have access to the system?
- Describe what privacy training is provided to users, either generally or specifically relevant to the program or system?
Users are required annually to complete the Computer Security Assessment Training (CSAT) that addresses handling of privacy data. Additionally, System administrators are required to complete standard hours of Role Based Training.
- What auditing measures and technical safeguards are in place to prevent misuse of data?
WebIMIS employs NIST-800 53 Auditing Controls for the Whistleblower application.
- Privacy Impact Analysis
WebIMIS employs NIST-800 53 Controls for Risk Mitigation of the Whistleblower application. OSHA DIT FDSB will protect PII (in all forms) through appropriate security safeguards against risks such as loss, unauthorized access or use, destruction, modification, or unintended or inappropriate disclosure.
The following questions are directed at critically analyzing the selection process for any technologies utilized by the system, including system hardware, RFID, biometrics, and other technology.
- What stage of development is the system in, and what project development life cycle was used?
The system is currently in the Operations and Maintenance Phase as per the DOL System Development Life Cycle Manual (SDLCM) for the full system lifecycle
- Does the project employ technology which may raise privacy concerns? If so please discuss their implementation?
No, WebIMIS does not employ any technology that may raise privacy concerns.
As a result of performing the PIA, what choices has the agency made regarding the information technology system and collection of information?
OSHA has completed the PIA for WebIMIS which is currently in operation. OSHA has determined that the safeguards and controls for this moderate system adequately protect the information.