Overview

The Enterprise Data Platform (EDP) is the data management and analytics capability of Department of Labor IT platform that provides a secure, flexible, enterprise-wide capability to participating DOL source systems for ingesting, processing, analyzing, and presenting the data generated by the department across agencies and sub-agencies. The EDP hosts multiple analytics tools and frameworks to support statistical analysis & modeling, generate reports, data visualization & business intelligence, data mining, and machine learning at scale. The EDP serves as a unified data infrastructure supporting operations, analytics, and governance while providing actionable intelligence for the leadership's decision support and is utilized for general data exploration. The PII is used by different agencies for analytics and reporting purposes. EDP provides ad-hoc analytics of sensitive data to support departmental initiatives such as the equity agenda. For the APIv4, functionality will also include registration of people/users.

Characterization Of The Information

Does the system collect or use PII?

The EDP system acts as an Enterprise Datawarehouse and receives PII data from source systems in a "read-only" format.

From whom is the information to be collected?

The PII is loaded from the source systems into the Enterprise Datawarehouse tables.

Why is the information being collected?

The PII is used by different agencies for analytics and reporting purposes. EDP provides ad-hoc analytics of sensitive data to support departmental initiatives such as the equity agenda.

What is the PII being collected, used, disseminated, or maintained?

The PII details collected and used are

  • mailing address,
  • email address,
  • Taxpayer Identification Number (TIN), and
  • Federal Employer Identification Number (FEIN)

PII data is not disseminated, instead it is used for reference only.  

How is the PII collected?

The EDP system does not directly collect any PII. The PII data is loaded from different transactional systems into tables within the Datawarehouse.

How will the information collected from individuals or derived from the system be checked for accuracy?

EDP does not collect any information from individuals. The Business Application Service (BAS) team provides address validation services leveraging the USPS API to validate and cleanse address source system data enroute to the data warehouse. All of the tables in the data warehouse are encrypted. The EDP system does not alter/manipulate any PII data for accuracy. Instead, any changes to the data must be made in the source systems, prior to entering EDP.

What specific legal authorities, arrangements, and/or agreements defined allow the collection of PII?

The legal authority for collecting the PII is: Title III of the Social Security Act (SSA), 42 U.S.C. 501-503; the Federal Unemployment Tax Act (FUTA), 26 U.S.C. 3304; Section 2118 of the Coronavirus Aid, Relief, and Economic Security (CARES) Act (Pub. L. 116-136), as amended; Section 410(a) of the Robert T. Stafford Disaster Relief and Emergency Assistance Act (Stafford Act) (42 U.S.C. 5177(a)); The Unemployment Compensation for Ex-Service Members (UCX) law and The Unemployment Compensation for Federal Employees (UCFE) law (5 U.S.C. Chapter 85); Chapter 2 of Title II of the Trade Act of 1974 (19 U.S.C. 2271 et seq.), as amended; and 20 CFR parts 603 & 604.

Privacy Impact Analysis

 All data including PII, in the EDP Datawarehouse is encrypted.

Describe The Uses Of The PII

Describe all the uses of the PII.

There is no ascribed "use of the PII" by EDP data warehouse users. PII is within the data that is the result sets queried by end users.

What types of tools are used to analyze data and what type of data may be produced?

All data analysis tools are external to the EDP boundary. All OCIO approved analytical applications can be leveraged for analysis and reporting on connections to the EDP data warehouse. Examples of acceptable COTS products are Microsoft's PowerBI and Tableau. Data Scientists leverage analytical applications on their workbooks to produce models based on the data in the EDP.

Will the system derive new data, or create previously unavailable data, about an individual through aggregation of the collected information?

No, the system does not derive new data. It is solely used for analytics based on data that was extracted, transformed, and loaded into the data warehouse.   

If the system uses commercial or publicly available data, please explain why and how it is used.

Not Applicable.

Will the use of PII create or modify a "system of records notification" under the Privacy Act?

No, the data received is reviewed for quality control.

Privacy Impact Analysis

There are no risks associated with the length of time data is stored in the enterprise data warehouse. All data is encrypted and securely stored.

The operational storage and use of PII can create the risk of unauthorized access and disclosure. The PII stored in the Amazon Web Services (AWS) environment is subject to a moderate security risk and is hosted in a cloud environment with implementation of the Federal Risk and Authorization Management Program (FedRAMP) baseline security controls for a Moderate system as recommended by NIST SP 800-53, Recommended Security Controls for Federal Systems. FedRAMP controls are specifically designed for cloud environment projects and are more stringent than controls for non-cloud projects.

The privacy risks identified with the storage and use of PII can be mitigated through the following FedRAMP baseline security controls:

Technical Class Controls

  • Access Control (AC):
    • Access Control Policy and Procedures
    • Account Management
    • Access Enforcement
    • Separation of Duties
    • Least Privilege
    • Unsuccessful Login Attempts
    • System Use Notification
    • Session Lock
    • Supervision and Review –Access
  • Audit and Accountability (AU):
    • Audit and Accountability Policy and Procedures
    • Auditable Events
    • Content of Audit Records
    • Audit Monitoring, Analysis, and Reporting
  • Identification and Authentication:
    • Identification and Authentication Policy and Procedures
    • Authenticator Management

Operational Class Controls

  • Awareness and Training (AT)
    • Security Awareness and Training Policy and Procedures
    • Security Awareness
    • Security Training
  • Media Protection (MP)
    • Media Protection Policy and Procedures
    • Media Access
    • Media Storage
  • Management Class Controls
    • Planning (PL) Security Planning, Policy, and Procedures
    • Rules of Behavior
  • System and Services Acquisition (SA)
    • Systems and Services Acquisition Policy and Procedures
    • Software Usage Restrictions
    • Security Design Principles

Retention

The following questions are intended to outline how long information will be retained after the initial collection.

What is the retention period for the data in the system?

The Department will prepare a record retention policy for approval through the National Archives and Records Administration (NARA). Until such policy is approved, the records will be maintained indefinitely. We can change the retention period to the recommended practice if provided.

Is a retention period established to minimize privacy risk?

Yes, the selected NARA retention period for these records will help minimize privacy risks, and ensure records are not held longer than necessary, as well as to ensure compliance with federal confidentiality regulations.

Has the retention schedule been approved National Archives and Records Administration (NARA)?

No

Per M-17-12, Preparing for and Responding to a Breach of Personally Identifiable Information; what efforts are being made to eliminate or reduce PII that is collected, stored or maintained by the system if it is no longer required?

How is it determined that PII is no longer required?

The EDP system does not make the determination; source systems determine what data flows into the EDP system.

If you are unable to eliminate PII from this system, what efforts are you undertaking to mask, de-identify or anonymize PII.

The EDP system identifies in the EDP Privacy Impact Assessment (PIA) the following information as the minimum personally identifiable information (PII) elements that are relevant and necessary to accomplish the legally authorized purpose of collection: (Name, Phone numbers, Social Security Number (SSN), Business address, Mailing address, Business phone number, Residential address, Employer Identification Number (EIN)/Taxpayer Identification Number (TIN).

Privacy Impact Analysis

None.

Internal Sharing And Disclosure

With which internal organization(s) is the PII shared, what information is shared, and for what purpose?

DOL has six (6) enforcement agencies (EBSA, MSHA, OFCCP, OLMS, OSHA, and WHD) that conduct investigations of entities (companies and organizations) as part of their ongoing business activities. The data sets that are queried by investigators may contain an individual's PII because they work for the entity that is under investigation.  

How is the PII transmitted or disclosed?

Transmitted electronically from source systems (Source system to EDW and EDW to Analytical and Reporting tool suites).

Does the agency review when the sharing of personal information is no longer required to stop the transfer of sensitive information?

No, only relevant information is provided to EDP; it will not be transferred into the system if not required.

Privacy Impact Analysis

We are creating procedures around how data may be shared in line with the routine and other statutorily authorized uses. The PIA will be updated to reflect this in advance of such disclosure.

External Sharing And Disclosure

The following questions are intended to define the content, scope, and authority for information sharing external to DOL which includes federal, state, and local government, and the private sector.

With which external organization(s) is the PII shared, what information is shared, and for what purpose?

Not Applicable.

Is the sharing of PII outside the Department compatible with the original collection? If so, is it covered by an appropriate routine use in a SORN? If so, provide the SORN ID in use for this system. If not, please describe under what legal mechanism the program or system is allowed to share the PII outside of DOL.

Not Applicable.

How is the information shared outside the Department and what security measures safeguard its transmission?

Not Applicable.

How is the information transmitted or disclosed?

Not Applicable.

Is a Memorandum of Understanding (MOU), contract, or any agreement in place with any external organizations with whom information is shared, and does the agreement reflect the scope of the information currently shared?

Not Applicable.

How is the shared information secured by the recipient?

Not Applicable.

What type of training is required for users from agencies outside DOL prior to receiving access to the information?

Not Applicable.

Privacy Impact Analysis

Not Applicable.

Notice

The following questions are directed at notice to the individual of the scope of PII collected, the right to consent to uses of said information, and the right to decline to provide information.

Was notice provided to the individual prior to collection of PII? If yes, please provide a copy of the notice as an appendix or be prepared to provide a copy of the notice during an audit request. A notice may include a posted privacy policy, a Privacy Act notice on forms, or a system of records notice published in the Federal Register Notice. If notice was not provided, please explain.

Privacy Act notices are provided by the source systems. A general privacy notice is also available at dol.gov and clicking on "Privacy and Security Statement."

Do individuals have the opportunity and/or right to decline to provide information?

Not applicable. Data from individuals would not enter into the EDP Datawarehouse if the individual declined with the source system.

Do individuals have the right to consent to particular uses of the information? If so, how does the individual exercise the right?

Not applicable.

Privacy Impact Analysis

None.

Individual Access, Redress, And Correction

The following questions are directed at an individual's ability to ensure the accuracy of the information collected about them.

What are the procedures that allow individuals to gain access to their own information?

Not applicable. Individuals with PII in the system are sourced from parent systems, and do not have the ability to edit what flows into EDP, it would need to be changed at the source.

What are the procedures for correcting inaccurate or erroneous information?

Not applicable.

How are individuals notified of the procedures for correcting their own information?

Not applicable.

If no formal redress is provided, what alternatives are available to the individual?

Not applicable.

Privacy Impact Analysis

None.

Technical Access And Security

The following questions are intended to describe technical safeguards and security measures.

Which user group(s) will have access to the system? (For example, program managers, IT specialists, and analysts will have general access to the system and registered users from the public will have limited access.)

  • Business Intelligence / Advanced Analytics (BI/AA)
  • Enterprise Data Platform (EDP) Operations Managers
  • IT Operation Services (ITOS) (DBA, Tableau Admins)

Will contractors to DOL have access to the system? If so, please include a copy of the contract describing their role to the OCIO Security with this PIA or be prepared to provide copies during an audit request

Yes.

Does the system use "roles" to assign privileges to users of the system? If yes, describe the roles.

ACCOUNTADMIN – This role alone is responsible for configuring parameters at the account level. Users with the ACCOUNTADMIN role can view and manage Snowflake billing and credit data and can stop any running SQL statements.

SECURITYADMIN – Members can create or modify users or roles.

SYSADMIN – Members can create warehouses, databases, and all database objects (schemas, tables, etc.).

<TENANT>_ADMIN – Administrator within the tenant boundary

<TENANT>_ETL – Members can perform function related to ingesting and transforming data.

<TENANT>_ENGINEERING – Members can perform functions of transforming, pivoting, and refactoring data; works with data users. 

<TENANT>_DATASCIENCE - data users/consumers.

What procedures are in place to determine which users may access the system and are they documented?

ServiceNow to document access requests, Rules of Behavior. For Tableau, Site Admins can create users. Tableau Admins require email approvals for user creation.

How are the actual assignments of roles and Rules of Behavior, verified according to established security and auditing procedures? How often training is provided. Provide date of last training.

Roles are verified via user re-certification for privileged users. Training is provided annually.

DOL system administrators receive access in accordance with DOL policies and procedures governing IT support including roles, Rules of Behavior, and ongoing cybersecurity, privacy, and role-based training.

Describe what privacy training is provided to users, either generally or specifically relevant to the program or system?

DOL users will be required to take the annual Information Systems Security and Privacy Awareness (ISSPA) training. Additionally, any DOL employees or contractors with access to the EDP system will also receive training on handling confidential Information in line DOL's agreements with its contractor(s) and DOL's agreements with states to participate in the system.

What auditing measures and technical safeguards are in place to prevent misuse of data?

All sensitive user data is encrypted at rest and in transit. The EDP system employs a zero-trust architecture that prevents access to PII, and the data is encrypted so any party that does not explicitly require access or have a token to decrypt the data cannot access the data. In addition, the system is monitored specifically for data exfiltration events.

Is the data secured in accordance with FISMA requirements? If yes, when was Security Assessment and Authorization last completed?

Data is secured in accordance with FISMA requirements. The ATO authorization is currently in process and a Security Assessment and Authorization is being conducted. However, the EDP system is covered by an Ongoing Authorization (OA) memo as well.

Privacy Impact Analysis

The risk associated with managing(collecting) sensitive PII is exposure of that information. This risk is mitigated by implementing access controls (least privilege access and zero-trust), technical controls (encryption at rest and transit), and physical controls (security).

Technology

The following questions are directed at critically analyzing the selection process for any technologies utilized by the system, including system hardware, biometrics, and other technology.

Was the system built from the ground up or purchased and installed?

The system was purchased and installed on the DOL AWS cloud platform. DOL's AWS cloud has received an ATO. The third-party vendor is a purchased software-as-a-service. AWS, Snowflake, and Informatica.

Describe how data integrity, privacy and security were analyzed as part of the decisions made for your system.

Privacy, and security considerations were utilized to make architectural and other technical decisions for the application. The application uses systems that have gone through the ongoing authorization process to ensure vetted controls could be inherited. As little data as possible to perform the system's function are managed. The PII and non-PII data are encrypted in transit and at rest with the minimum number of users or systems having the ability to decrypt the data as possible. Data integrity is considered through the implementation of rigorous data checks using data schemas.

What design choices were made to enhance privacy?

The EDP is using the DOL's AWS cloud to leverage controls from this system that has received an ongoing authorization. The system is designed to encrypt information at every step of the process and minimizes the number of people and systems able to decrypt the information. Encrypted PII is stored is a different data store from non-PII in the system.

For systems in development, what stage of development is the system in, and what project development life cycle was used?

The system uses an agile software development process and is currently in the operational phase in accordance with the DOL System Development Life Cycle Management Manual.

For systems in development, does the project employ technology that may raise privacy concerns? If so, please discuss their implementation?

The EDP itself does not include technology that may raise privacy concerns. In its current iteration, identity verification is performed in coordination with login.gov, which has its own Privacy Impact Assessment.

Determination

As a result of performing the PIA, what choices has the agency made regarding the information technology system and collection of information?

As a result of performing the PIA, what choices has the agency made regarding the information technology system and collection of information?

  • DOL has completed the PIA for EDP which is currently in operation.
  • DOL has determined that the safeguards and controls for this moderate system adequately protect the information.
  • DOL has determined that it is storing the minimum necessary information for the proper performance of a documented agency function.