Privacy Impact Assessment Questionnaire
The Secretary’s Information Management System (SIMS) FY2017
The Secretary's Information Management System (SIMS) is a web-based system that can only be accessed from departmental computers on DOL's Networks. This system is owned by the Office of the Secretary Office of the Executive Secretariat and is designed to track Executive Correspondence and decision and informational papers through DOL. SIMS enables users to collect metadata; track document compliance; process electronic mail notification; store images; and query, as well as to track, and report on limited data. SIMS provides a singular correspondence system DOL-wide and allows electronic dialogue capabilities for clearance between the Executive Secretariat, peers, and intra-organizationally. SIMS supports the current paper based business model. DOL agencies have been allowed to use a segregated component of SIMS to track agency correspondence in accordance.
Information contained in SIMS is covered by a "system of record notice (SORN)" as defined by the Privacy Act of 1974. The information processed by the system includes Personally Identifiable Information (PII), in the form of names, mailing addresses, telephone numbers, and email addresses. Of this information only names are required and displayed in the SIMS Web Interface. Any additional PII such as, SSN or account numbers to the extent that it is present, is contained in the actual documents which are stored in scanned form and cannot be searched electronically. As SIMS collects personal and similar data, the public disclosure of certain data in the system would constitute a clearly unwarranted invasion of personal privacy. As such, Exec Sec has established procedures for accessing the system and provides annual power user training and certification. The Executive Secretariat has also made efforts to protect the hard copy of incoming correspondence and information each item may contain. We accomplish this through protective PII messages at the bottom of clearance forms. All DOL employees are required to comply with the annual information security training.
SIMS supports the SIMS FOIA sub-system which is managed by SOL. SIMS FOIA is a department-wide system based on SIMS, with additional FOIA-specific features. SIMS and SIMS FOIA share the same production database and are referenced with the same OASAM System ID, since they are one system from a security perspective. While SIMS and SIMS FOIA are components of the same system, they serve two user bases: SIMS serves the Executive Secretariat community, while SIMS FOIA supports FOIA related activities across the Department.
Characterization of the Information
The following questions are intended to define the scope of the information requested and/or collected as well as reasons for its collection as part of the program, system, or technology being developed.
Specify whether the system collects personally identifiable information (PII) on DOL employees, other federal employees, contractors, members of the public including U.S. citizens, foreign citizens, or minor children.
What are the sources of the PII in the information system?
Correspondence from the public or through Members of Congress is the source of the PII. The only PII that is searchable in SIMS is the user's name. The contents of the documents are not searchable.
What is the PII being collected, used, disseminated, or maintained?
For SIMS the PII being collected are the First and/or last name. The following information is not required by SIMS, but it might be provided: phone numbers, mailing addresses, personal email addresses, and business address, SSN's and account numbers.
SIMS-FOIA collects information concerning requests received by members of the public including: names; personal mailing address; telephone numbers; personal email addresses; and, a unique tracking number which identifies each request.
For both systems, the SIMS records containing this information are disseminated to agencies for appropriate use.
How is the PII collected?
Names are entered into SIMS and SIMS FOIA by authorized system users via a web form. Any other PII is contained in the scanned and uploaded document.
How will the information be checked for accuracy?
The information is cross-referenced against the correspondence or request submitted.
What specific legal authorities, arrangements, and/or agreements defined the collection of information?
Generally, documents are voluntary submitted by those requesting assistance from the Department. The Freedom of Information Act (FOIA) requires that certain information about each FOIA requester be collected for mandated tracking responsibilities as outlined by the statute.
Privacy Impact Analysis
The amount of PII collected is minimal and is used for appropriately responding to information requests from members of the public. As Access to the system is limited and only available through approved equipment connected to the DOL networks they are limited to no security risk to the department or the public.
Uses of the PII
The following questions are intended to clearly delineate the use of information and the accuracy of the data being used.
Describe all the uses of the PII
The PII is used to prepare responses to the requestors.
What types of tools are used to analyze data and what type of data may be produced?
PII, for regular SIMS, is not recorded in any searchable fields. All PII is only recorded in the scanned document, which is not searchable by the content. There are no specific tools used to analyze the data and report for regular SIMS. However, SIMS-FOIA has a dynamic reporting capability that allows system user to analyze data in many ways, including by search of a user's name.
Will the system derive new data, or create previously unavailable data, about an individual through aggregation of the collected information?
No, SIMS does not derive new data or create previously unavailable data about an individual.
If the system uses commercial or publicly available data, please explain why and how it is used.
SIMS System does not use commercial or publicly available data.
Privacy Impact Analysis
The system implements TLS encryption on all communications and implements role based access controls to segregate duties.
The following questions are intended to outline how long information will be retained after the initial collection.
How long is information retained in the system?
For the most part the SIMS FOIA records are retained and covered by NARA's General Records Schedules GRS 1, Item 31 and 34; GRS 20, Items 10 and 11; GRS 14, Items 11, 21, 24, 31. In addition, the SIMS System also has its own NARA approved General Records Schedule. SIMS records have been determined to be temporary.
Has the retention schedule been approved by the DOL agency records officer and the National Archives and Records Administration (NARA)?
SIMS FOIA records retention schedule has been approved by the DOL agency Records Officer and filed with NARA. SIMS records are temporary since SIMS is used for tracking only. All permanent records are maintained in hard copy.
What efforts are being made to eliminate or reduce PII that is collected, stored or maintained by the system if it is no longer required?
SIMS FOIA collects minimal PII data and that is being assessed annually for applicability and will be eliminated of not required by business functions.
How is it determined that PII is no longer required?
An assessment is performed annually to ascertain if PII is no longer required for responding to inquiries.
Privacy Impact Analysis
The length of time information is retained provides for an effective retention period, allowing enough time to use the information as needed to complete the mission, and is destroyed in a manner best effective and in compliance with NARA.
The data is securely maintained and only contains information necessary for correspondence. After defined period, the electronic data in SIMS and SIMS FOIA records are destroyed via approved DOL procedures. The hard copies of incoming correspondence are archived in accordance and following the approved NARA record schedule.
Internal Sharing and Disclosure
The following questions are intended to define the scope of sharing within the Department of Labor.
With which internal organization(s) is the PII shared, what information is shared, and for what purpose?
The PII collected (last name, first name) is shared only with internal agencies that have responsibility for responding to inquiries.
How is the PII transmitted or disclosed?
SIMS information is transmitted digitally within the system using encryption via TLS.
Privacy Impact Analysis
There is no privacy impact to internal sharing of data.
External Sharing and Disclosure
The following questions are intended to define the content, scope, and authority for information sharing external to DOL which includes federal, state and local government, and the private sector.
With which external organization(s) is the PII shared, what information is shared, and for what purpose?
When necessary, incoming copy of the correspondence (but not the SIMS record itself) may be transferred to a more appropriate governmental entity. It is done so through a secure email process.
Is the sharing of PII outside the Department compatible with the original collection? If so, is it covered by an appropriate routine use in a SORN? If so, please describe. If not, please describe under what legal mechanism the program or system is allowed to share the PII outside of DOL.
There are no external systems that connect to SIMS.
SIMS leverages the following SORN: DOL/OASAM-24 Privacy Act/Freedom of Information Act Requests File System: http://www.dol.gov/sol/privacy/dol-oasam-24.htm
How is the information shared outside the Department and what security measures safeguard its transmission?
Privacy Impact Analysis
There is no privacy impact to external sharing of data, as no information is shared externally.
The following questions are directed at notice to the individual of the scope of PII collected, the right to consent to uses of said information, and the right to decline to provide information.
Was notice provided to the individual prior to collection of PII?
The information is submitted voluntarily, no notice of PII collection is provided before collection. For FOIA and Privacy Act requests, DOL has provided appropriate public notice of the collection of information necessary to process requests under the statutes in full compliance with the law and OMB guidance.
Do individuals have the opportunity and/or right to decline to provide information?
- The information is voluntarily submitted, thereby the individual can decline to provide information they deem private. In accordance with DOL's regulations implementing the provisions of FOIA and the Privacy Act, a requester must provide a complete name and mailing address in order to facilitate the processing of their request. Failure to properly submit a request impairs DOL's ability to respond.
Do individuals have the right to consent to particular uses of the information? If so, how does the individual exercise the right?
The public has been made aware, through formal publication, of the types of information collected and routine uses that will be made of the information collected under DOL/OASAM-24 Privacy Act/Freedom of Information Act Requests File System. An individual, armed with that knowledge, may decide whether or not to correspond with the Department or submit a FOIA request. The decision to do so is voluntary.
Privacy Impact Analysis
There is no privacy impact to providing notification.
Access, Redress, and Correction
The following questions are directed at an individual's ability to ensure the accuracy of the information collected about them.
What are the procedures that allow individuals to gain access to their information?
None members of the public do not have direct access to the system. Information from the system may be made available, consistent with Federal law, in response to a request for such information.
What are the procedures for correcting inaccurate or erroneous information?
As appropriate, any corrections are done per individual's request, consistent with the provisions of the Privacy Act and DOL's implementing regulations.
How are individuals notified of the procedures for correcting their information?
If system user finds information that requires correction, notification may occur in writing, via fax, mail, or e-mail, to the requestor of the information. For records subject to the provisions of the Privacy Act, notification procedures are provided in the SORN and in DOL's regulations.
If no formal redress is provided, what alternatives are available to the individual?
There is no formal redress or alternate process available as the information is voluntarily submitted. If additional information is needed the individual is contacted and erroneous data is corrected at that time. For records subject to the provisions of the Privacy Act, redress procedures are provided in the SORN and in DOL's regulations.
Privacy Impact Analysis
There is no additional risk in redress process as the public does not have direct access.
Technical Access and Security
The following questions are intended to describe technical safeguards and security measures.
What procedures are in place to determine which users may access the system and are they documented?
A formal user access and account management procedure is in place to grant access to the system. User access forms and rules of behavior are two of the documented products.
Will Department contractors have access to the system?
Contractors will have access to SIMS from programming/developmental side. However as technical issues arise with live programming side of SIMS they work with DOL employees address the issue they see the system from the user interface side of SIMS/SIMS FOIA. On some occasions such as when a major technical issue is rolled out contractors can be provided access to specific SIMS offices so they can test and make sure technical change or issues have been properly rolled out, especially, if work is done over the weekend. They however will coordinate with business representative of the system owner to ensure from a SIMS user standpoint that changes were made satisfactorily. The contractor's access as a user will be removed after change or rollout is complete.
Describe what privacy training is provided to users, either generally or specifically relevant to the program or system?
Annual Computer Security Awareness Training is provided to all ECN/DCN users as documented within the Computer Security Handbook.
What auditing measures and technical safeguards are in place to prevent misuse of data?
SIMS Leverages Audit Web Service, which logs all system events. Audit Web Service is a utility that can be called within each application for capturing/recording user's activities when interacting with information system. The captured audit records are stored centrally in a database for later monitoring, filtering, searching and reporting of users activities. Monitoring and reporting capabilities have been provided through an easy-to-use web interface and accessible only to authorized users.
Though web interface users can define their search criteria and monitor only subset of record or chose to get notification and alerts through email on event types that might be critical to each system owner. The reporting capability of the Audit Web Service allows authorized users to extract their desirable set of audit records in form of Excel file for generating further reports. SIMS leverages TLS for all internal communications. Role based access controls denote what information SIMS and SIMS FOIA users have access to.
Privacy Impact Analysis
The primary risks associated with the handling of privacy data include fraud the unauthorized release of data outside of the controls of SIMS. As result, the Office of the Assistant Secretary for Administration and Management (OASAM) has implemented a required Security Awareness Training program. This program included guidance and training for the proper handling of privacy data. Every year Department of Labor employees must complete the online training. Last year‘s training was entitled, The Information Systems Security and Privacy Awareness 2014 online training. The 2014 training included the exam at the end of the training session.
It is up to the individual agencies to take their own steps to ensure that PII is properly protected into their daily business procedures, for instance protected PII data in SIMS. The Executive Secretariat has also made efforts to protect the hard copy of the incoming correspondence and the information each item may contain. We accomplish this though protective PII messages printed on the blue border form contained in the SIMS System. We also stamp a PII message at the bottom of clearance forms.
SIMS also has implemented various auditing functions to track changes to the data. The logical and physical access controls as identified in the SIMS SSP mitigates the risks.
The following questions are directed at critically analyzing the selection process for any technologies utilized by the system, including system hardware, RFID, biometrics, and other technology.
What stage of development is the system in, and what project development life cycle was used?
SIMS is in the Operations and Maintenance phase of the Software Development Life Cycle Management Manual (SDLCM).
Does the project employ technology which may raise privacy concerns? If so please discuss their implementation?
No, SIMS does not employ technology that would raise privacy concerns.
As a result of performing the PIA, what choices has the agency made regarding the information technology system and collection of information?
OASAM has completed the PIA for SIMS which is currently in operation.
- OASAM has determined that the safeguards and controls for this moderate system adequately protect the information.
- OASAM has determined that it is collecting the minimum necessary information for the proper performance of a documented agency function.