BPMP (Business Process Management Platform)

Overview

This ETA BPM Modernization solution (BPM) will serve as a key component of a modernized ETA Technology Platform that provides the following capabilities:

  • Hosted within a secure, FedRAMP compliant cloud environment
  • Configurable workflows and reporting
  • Scalable to needed capacity
  • Easy for all users (administrators, designers, users, etc.) to use
  • Ability to integrate with existing ETA systems and data

This BPM solution will be the business process platform which will host a set of ETA applications. Initially, this will include the following:

  • Registered Apprenticeship Partners Information Data System 2.0 (RAPIDS 2.0)

This system allows the SAAs, State Directors (SDs), Regional Directors (RDs), and Apprenticeship Training Representatives (ATRs) to capture, manage, monitor, and track apprentice data in 50 states. It also allows the ATRs to monitor their workload and performance throughout the year and provides the SAAs, SDs, and RDs the access to their ATR’s information to view apprenticeship progress within their state or region.

Information contained within this system is of 2 main categories, training program related data and apprenticeship data. Training program data contains no PII data and includes such things as Occupation type, training schedule, training provider and employer. Apprenticeship data contains PII data such as name, SSN (optional), data of birth, address, etc. and is used to identify apprentices.

This system is basically a case management system for apprenticeship and is used to track apprentice progress against a defined training program.

This PIA is being completed due to the sensitive PII data.

Characterization of the Information

The following questions are intended to define the scope of the information requested and/or collected as well as reasons for its collection as part of the program, system, or technology being developed.
Specify whether the system collects personally identifiable information (PII) on DOL employees, other Federal employees, contractors, members of the public (U.S. citizens), foreign citizens, or minor children.

Members of the public (U.S. citizens)

What are the sources of the PII in the information system?

Program Sponsor/ATR collect PII from participants (apprentices) in the program.

What is the PII being collected, used, disseminated, or maintained?

  • Name
  • SSN (optional)
  • Date of birth
  • Residential address
  • Personal phone numbers
  • Mailing address
  • Personal email address
  • Business address
  • Business phone number
  • Business email address
  • Employer Identification Number (EIN)
  • Race
  • Ethnicity
  • Wages
  • Education
  • Veteran Status

How is the PII collected?

Apprentice Training Representatives (ATR)/Sponsors enter the PII

How will the information be checked for accuracy?

The system performs range, type, and bounds checking on PII

What specific legal authorities, arrangements, and/or agreements defined the collection of information?

  • Workforce Investment Act of (29 U.S.C. 2801 et seq.)
  • Section 303(a)(6) of the Social Security Act
  • FISMA
  • Privacy Act of 1974
  • OMB 7-16

Privacy Impact Analysis

The risk to privacy is inappropriate handling or disclosure of PII, especially SSNs. Access controls mitigate the risk that data will be compromised. In addition, the SSN column is encrypted to ensure the confidentiality of this data element.

Uses of the PII

The following questions are intended to clearly delineate the use of information and the accuracy of the data being used.

Describe all the uses of the PII

The system collects SSNs for the Common Reporting Interchange System (CRIS). CRIS uses state and Federal Employment Data Exchange System (FEDES) and Wage Record Interchange System (WRIS) in generating reports. CRIS in turn provides common performance measures for the grant programs since the programs do not have the ability to collect the common measure outcomes, i.e. Entered Employment Rate, Retention Rate, and Average Earnings etc. on their own.

What types of tools are used to analyze data and what type of data may be produced?

Summary reports are produced on the demographic data.

Will the system derive new data, or create previously unavailable data, about an individual through aggregation of the collected information?

The system derives aggregate data from the collected information.

If the system uses commercial or publicly available data, please explain why and how it is used.

The system does not use publicly available data.

Privacy Impact Analysis

The following security controls have been implemented to prevent data from being compromised:

  • Encryption is utilized to manage the secure transfer of the Standardized Participant Information Record Data file, which contains SSNs.
  • The page for the file upload has Secure Socket Layer (SSL) enabled.
  • Secure File Transfer protocol (S-FTP) is used to transfer files from ETA to Kansas. Kansas has as S-FTP server and DOL has the S-FTP client.
  • Password protected zip files. Files within are also password protected.

Retention

The following questions are intended to outline how long information will be retained after the initial collection.

How long is information retained in the system?

Records are maintained indefinitely to allow historical analysis.

Has the retention schedule been approved by the DOL agency records officer and the National Archives and Records Administration (NARA)?

The System Owner has approved the retention schedule but there is no contract/agreement with National Archives and Records Administration (NARA).

How is it determined that PII is no longer required?

PII is retained indefinitely for the purpose of historical analysis.

What efforts are being made to eliminate or reduce PII that is collected, stored, or maintained by the system if it is no longer required?

PII is retained indefinitely for the purpose of historical analysis.

Privacy Impact Analysis

Risks associated with the length of time data is retained include inadvertent disclosure of confidential information. These risks are mitigated by the implementation of the following controls:

  • Access to the data is strictly controlled through the use of roles
  • The BPM platform will only decrypt an encrypted text value by using a specialized EncryptedTextField in the browser. The value remains encrypted on the server and is only decrypted when displayed in this specialized field.
  • An encrypted text value remains encrypted when stored on the disk
  • The encryption key is unique to each installation of the platform
  • Data is secured in transit via HTTPS (TLS 1.2)

Internal Sharing and Disclosure

The following questions are intended to define the scope of sharing within the Department of Labor.

With which internal organization(s) is the PII shared, what information is shared, and for what purpose?

PII is not shared with internal organizations.

How is the PII transmitted or disclosed?

Not applicable.

Privacy Impact Analysis

Not applicable. There is no internal sharing of PII.

External Sharing and Disclosure

The following questions are intended to define the content, scope, and authority for information sharing external to DOL which includes Federal, state, and local government, and the private sector.

With which external organization(s) is the PII shared, what information is shared, and for what purpose?

Information is shared with CRIS through Kansas Department of Commerce. EBSS provides data to Kansas for processing by CRIS. CRIS provides common performance measures for grant programs that do not have the ability to collect common measure outcomes i.e. Entered Employment Rate, Retention Rate, and Average Earnings. Kansas does not return SSNs but rather aggregate data that cannot be attributed to a particular individual.

Information is shared with Nebraska’s Department of Labor (NDOL) Office of Labor Market Information. They will use the apprenticeship data to determine employment, earnings, residency, migration, attachment to the labor market and other related information by matching the supplied data with unemployment insurance wage records and data, along with other administrative data maintained with NDOL’s Office of Labor Market Information.

Information is shared with the Iowa Workforce Development to enable them to track the employment outcomes of registered apprentices.

Is the sharing of PII outside the Department compatible with the original collection? If so, is it covered by an appropriate routine use in a SORN? If so, please describe. If not, please describe under what legal mechanism the program or system is allowed to share the PII outside of DOL.

Yes. Information collected is not altered prior to transmittal to Kansas. ETA has a Memorandum of Agreement with Kansas, Iowa, and Nebraska. In addition, a SOR has been published in the Federal Register.

How is the information shared outside the Department and what security measures safeguard its transmission?

The following controls are in place for submitting data to the Kansas Department of Commerce:

  • Encryption is utilized to manage the secure transfer of the Standardized Participant Information Record Data file, which contains the PII.
  • Secure File Transfer protocol (S-FTP) is used to transfer files from ETA to Kansas. Kansas has an S-FTP server and DOL has the S-FTP client.
  • The Kansa Lan has an overall Security Categorization of Moderate

The following controls are in place for submitting data to the Nebraska Department of Labor:

  • Encryption is utilized to manage the secure transfer of the Standardized Participant Information Record Data file, which contains the PII.
  • Secure File Transfer protocol (S-FTP) is used to transfer files from ETA to Nebraska. Nebraska has an S-FTP server and DOL has the S-FTP client.
  • Controls contained within NIST Special Publication 800-53 Rev 4 have been implanted to secure the data that will be processed and stored on the NDOL LAN.

The following controls are in place for submitting data to the Iowa Workforce Development:

  • Encryption is utilized to manage the secure transfer of the Standardized Participant Information Record Data file, which contains the PII.
  • Secure File Transfer protocol (S-FTP) is used to transfer files from ETA to Iowa. Iowa has an S-FTP server and DOL has the S-FTP client.
  • The Iowa Lan has an overall Security Categorization of High

Privacy Impact Analysis

Given the external sharing of data, ETA identified privacy risks to include inadvertent disclosure of confidential information. For that reason, ETA established an MOU with Kansas, Iowa, and Nebraska and also implemented various security controls as mentioned above.

Notice

The following questions are directed at notice to the individual of the scope of PII collected, the right to consent to uses of said information, and the right to decline to provide information.

Was notice provided to the individual prior to collection of PII?

Yes; notice is provided to individuals (participants). PII is collected through ATRs/Sponsors, not collected directly from the individuals.

Do individuals have the opportunity and/or right to decline to provide information?

Yes. SSN disclosure must be voluntarily provided by the individual and cannot deny the participant access to services if the SSN is not provided.

Do individuals have the right to consent to particular uses of the information? If so, how does the individual exercise the right?

No

Privacy Impact Analysis

Individuals are informed that providing SSNs is voluntary.

Access, Redress, and Correction

The following questions are directed at an individual’s ability to ensure the accuracy of the information collected about them.

What are the procedures that allow individuals to gain access to their information?

Participants/apprentices do not have access to the system.

What are the procedures for correcting inaccurate or erroneous information?

Participants/apprentices work through their Sponsor’s to have the data corrected.

How are individuals notified of the procedures for correcting their information?

Through their sponsors

If no formal redress is provided, what alternatives are available to the individual?

Not applicable

Privacy Impact Analysis

Individuals have the right to withdraw from the program.

Technical Access and Security

The following questions are intended to describe technical safeguards and security measures.

What procedures are in place to determine which users may access the system and are they documented?

Access to system components is thru the BPM platform portal to authenticated users only. Authorization is role-based.

Will Department contractors have access to the system?

Yes

Describe what privacy training is provided to users, either generally or specifically relevant to the program or system?

ETA users take a Rules of Behavior training course.

What auditing measures and technical safeguards are in place to prevent misuse of data?

Data is encrypted in the database and an audit trail of activities performed on the database is tracked.

Privacy Impact Analysis

Given the sensitivity and scope of the information collected, as well as any information sharing conducted on the system, privacy risks identified include inadvertent disclosure and misuse of confidential information. These risks are mitigated by the implementation of the following controls:

  • MOU between ETA and Kansas, Iowa, and Nebraska to address key issues.
  • Encryption is utilized to manage the secure transfer of the Standardized Participant Information Record Data file, which contains the SSNs.
  • The page for the file upload has Secure Socket Layer (SSL) enabled, but will not have third-party verification.
  • Secure File Transfer protocol (S-FTP) is used to transfer files from ETA to Kansas, Iowa, and Nebraska. Each has an S-FTP server and DOL has the S-FTP client.
  • Files are password protected.

Technology

The following questions are directed at critically analyzing the selection process for any technologies utilized by the system, including system hardware, RFID, biometrics, and other technology.

What stage of development is the system in, and what project development life cycle was used?

The system is currently undergoing development using an Agile Scrum methodology.

Does the project employ technology which may raise privacy concerns? If so please discuss their implementation?

The system does not employ technology which may raise privacy concerns.

Determination

As a result of performing the PIA, what choices has the agency made regarding the information technology system and collection of information?

  • ETA has completed the PIA for RAPIDS 2.0 which is currently in development. ETA has determined that the safeguards and controls for this moderate system will adequately protect the information and will be referenced in ETA Business Process Management Platform System Security Plan to be completed by 30 October 2015.
  • ETA has determined that it is collecting the minimum necessary information for the proper performance of a documented agency function.