Privacy Impact Assessment Questionnaire
Veterans Investigative Preference and Employment Rights System (VIPERS) - FY 2017
The Uniformed Services Employment and Reemployment Rights Act of 1994 (USERRA) was signed into law on October 13, 1994. USERRA clarifies and strengthens the Veterans' Reemployment Rights (VRR) Statute. The Act itself can be found in the United States Code at Chapter 43, Part III, and Title 38. USERRA is intended to minimize the disadvantages to an individual that may occur when that person needs to be absent from his or her civilian employment to serve in this country's uniformed services. USERRA makes major improvements in protecting service member rights and benefits by clarifying the law and improving enforcement mechanisms.
Congress passed USERRA to safeguard the employment rights and benefits of service members upon their return to civilian life. USERRA also prohibits employers from discriminating or retaliating against persons on the basis of their military service/ obligations, intent to join a uniformed service or actions taken to enforce any person's rights under USERRA.
The Department of Labor has issued regulations that clarify its position on the rights of returning service members to include family and medical leave under the Uniformed Services Employment and Reemployment Rights Act (USERRA). See 20 CFR Part 1002.210. USERRA is administered by the United States Department of Labor, through the Veterans' Employment and Training Service (VETS). VETS provide assistance to those persons experiencing service connected problems with their civilian employment and provides information about USERRA to employers.
The USERRA Information Management System (UIMS) was developed in 1996 and operational beginning October 1996. The purpose was to establish an effective automated process for collecting, consolidating, and reporting USERRA data submitted by Veterans' Employment and Training Services (VETS) investigative staff. The system provides the capability to interactively accept and manipulate data, then perform a roll up of information through Regional Offices to the Regional Lead Center (RLC) in Atlanta Ga.
USERRA Information Management System (UIMS), Veterans' Preference Information Management System (VPIMS), and the Electronic-1010 (E-1010) systems were developed using Internet technologies. Since 2008, these subsystems (UIMS, VP, and E-1010) reside under the Veterans' Investigative Preference and Employment Rights System (VIPERS) umbrella, and are available through the VETS' application servers which are stored locally and hosted in the OASAM Silver Spring Data Center environment. Users in the national office (NO), regional office (RO) and state office (SO) have access, depending on security and permissions, to some or all of the functionality on the system.
Veterans have two options for filing a claim; they may file a USERRA or Veterans' Preference (VP) claim manually by submitting the paper form, (VETS/USERRA/VP Form 1010) by mail or in person at the DOL/VETS office. They may also submit their claim electronically by accessing the E-1010 claims form via a web browser such as Internet Explorer (IE). The E1010 gives an alternative interactive method for filing the paper form through the DOL/VETS USERRA Interface Management System (UIMS), now VIPERS.
VIPERS has undergone enhancements to include converting the UIMS application from Microsoft (MS) Access to MS SQL Server, in accordance with VETS targeted technology architecture in order to expand the existing UIMS systems' functionality. These enhancements:
- Allows VETS investigators the ability to update USERRA case data via the internet;
- Creates electronic 1063 and Memorandum of Agreement forms within the system;
- Expands existing workflow functionality and case status tracking capabilities to include stakeholder USERRA case management business processes; and
- Allows Department of Defense (DOD) Employer Support of the Guard and Reserve (ESGR), Office of the Solicitor (SOL), Office of Special Counsel (OSC), and the Department of Justice (DOJ), the ability to access and update USERRA case information via the Internet. This includes addressing stakeholder security concerns and establishing data exchange(s) between UIMS and other existing information systems (e.g., UVPCSS (USERRA/Veterans Preference Compliant Submission System) and ESGR system).
- The VIPERS module supports interactive input and update of current VIPERS case data. Data is maintained in such a way that the baseline data entered can be manipulated to provide both standard reports and flexible spreadsheet data exports for use in assisting in the analysis of VIPERS operations and outcomes. The system is accessible through the Internet, and provides information for use at several organizational and administrative levels, including: VETS field staff doing investigations, VETS supervisors and managers, VETS executive staff, and Congress. Data collected does not only include information on cases opened by investigators, but also provides output to support specified information requirements on other activities essential to the VIPERS program, such as outreach actions, employer contacts and technical assistance responses.
- Section 208 of the E-Government Act of 2002 requires Federal government agencies to conduct a Privacy Impact Assessment (PIA) for all new or substantially changed technology that collects, maintains, or disseminates personally identifiable information (PII) for members of the public or where information is collected, maintained, or disseminated using information technology.
Characterization of the Information
The following questions are intended to define the scope of the information requested and/or collected as well as reasons for its collection as part of the program, system, or technology being developed.
- Specify whether the System collects personally identifiable information (PII) on DOL employees, other federal employees, contractors, members of the public (U.S. citizens), foreign citizens, or minor children.
VIPERS collect personally identifiable information (PII) on members of the public (U.S. citizens, service members and their employers).
- From whom is information to be collected?
VIPERS collects data on complainants who are veterans, enlistees, examinees, reservists or members of the National Guard of the U.S. Armed Forces on active or reserve service or training duty, and other complainants.
- Why is the Information being collected?
PII is being collected to assist in the processing and tracking of USERRA cases. Disclosure may also be necessary to the Department of Veterans Affairs, Department of Defense (ESGR), Department of Justice (DOJ), and the Office of Special Counsel (OSC), for further adjudication.
- What is the PII being collected, used, disseminated, or maintained?
First and/or last name; Date of birth; SSN; Military, immigration, or other government-issued identifier, Residential address; Personal phone numbers (e.g., phone, fax, cell); Mailing address (e.g., P.O. Box); Personal e-mail address; Certificates (e.g., birth, death, marriage), Legal documents or notes (e.g., divorce decree, criminal records); Educational records; Employment Records.
- How is the PII collected?
The electronic VETS/USERRA/VP E-1010 Form is used by the Veteran's Employment and Training Service (VETS) to electronically collect the PII information. The information is collected by the E-1010 form then electronically transferred to VIPERS. Also, the information is collected manually when the claimant mail or faxes a 1010 form to the ARLC.
- How will the information collected from individuals or derived from the system be checked for accuracy?
The claimant self-identifies the PII information on the e-1010 form. If the information is submitted incorrectly, the assigned investigator verifies the information with the claimant and makes corrections as necessary.
- What specific legal authorities, arrangements, and/or agreements defined allow the collection of PII?
The information collected is essential to VETS in meeting its Congressional and statutory mandate to investigate 38 USC Ch. 4301 and 5 USC 3330.
Privacy Impact Analysis
The VP and USERRA system of records contains data related to civil investigations which include: initial investigative complaint form, background and investigators' fact finding records, witness statements, supporting documents provided by claimants and employers, and other information relevant to a determination of veterans' reemployment rights.
All computer-readable data extracts from VIPERS do not include PII. The VIPERS provides unique identification and authentication for all system users. Users and developers of VIPERS are aware that they share individual and collective responsibility for maintaining system security per the system's rules of behavior which requires signature agreement and adherence by all VIPERS' users.
VIPERS' user accounts are provided solely for the use of the individual for whom they are intended, and are created based on that individual's specific job responsibilities, access to cases other than assigned are limited to a need to know/need to share basis. The Regional Lead Center (RLC) Security Officer reviews audit logs on a monthly basis. The VIPERS auditing system functionality was enhanced to include email messages alerts of auditable events and system changes.
Describe the Uses of the PII
The following questions are intended to clearly delineate the use of information and the accuracy of the data being used.
Describe all the uses of the PII
PII information is used solely for the purpose of processing and tracking USERRA cases. Disclosure may also be necessary to the Department of Veterans' Affairs, Department of Defense (ESGR), Department of Justice (DOJ), and the Office of Special Counsel (OSC) for further adjudication.
What types of tools are used to analyze data and what type of data may be produced?
Microsoft (MS) Excel is the primary tool used to analyze the data. Reports are normally produced that shows statistical information.
Will the system derive new data, or create previously unavailable data, about an individual through aggregation of the collected information?
Previously unavailable data may be derived through aggregation of the collected information.
If the system uses commercial or publicly available data, please explain why and how it is used.
Users are not precluded from using commercial or publicly available data to conduct research or verify information in order to manage each case.
Will the use of PII create or modify a "system of records notification" under the Privacy Act?
Privacy Impact Analysis
Based on Federal requirements and mandates, the Department of Labor (DOL) Veterans' Employment and Training Service (VETS) is responsible for ensuring that the Veterans' Investigative Preference and Employment Rights System (VIPERS) meets the minimum security requirements as defined in the Federal Information Processing Standards (FIPS) Publication (PUB) 200, Minimum Security Requirements for Federal Information and Information Systems. The Agency has developed access control procedures to ensure the integrity, confidentiality, and availability of its information and information systems.
The access control policy and procedures for the VIPERS are consistent with applicable laws, Executive Orders, directives, policies, regulations, standards, and guidance.
The following questions are intended to outline how long information will be retained after the initial collection.
What is the retention period for the data in the system?
Information is destroyed in the 10th year. Pension cases are maintained for 50 years as mandated. Electronic data/case files are retained forever. A physical date does not apply as there are multiple periods of retention for the various data sets collected in the system.
Is a retention period established to minimize privacy risk?
Yes, retention periods to minimize risk have been established for the system.
Date of approved (05/29/2015)
Has the retention schedule been approved by National Archives and Records Administration (NARA)?
Yes Date of approved (05/29/2015)
Per M-O7-16, Safeguarding Against and Responding to the Breach of Personally Identifiable Information; What efforts are being made to eliminate or reduce PII that is collected, stored or maintained by the system if it is no longer required?
The system is not configured to prompt users/administrator to review and purge PII data every 90 days. PII data remains required beyond 90 days because it is essential to accurately cross-reference VETS' data with other agencies' data (especially DOD/ESGR) for compilation of common claimant information required by the USERRA Annual Report to Congress.
Have you implemented the DOL PII Data Extract Guide for the purpose of eliminating or reducing PII?
VIPERS' computer-readable data extracts do not include PII information. VETS security officer conducts monthly reviews of the audit logs to identify any trends or anomalies in the system, and to ensure the system is functioning properly.
How is it determined that PII is no longer required?
PII data is deemed no longer necessary per the mandates that govern USERRA data and the approved retention schedule as defined in VETS data retention schedule, that information is destroyed in the 10th year. Pension cases are maintained for 50 years as mandated. Electronic data/case files are retained forever, including PII.
If you are unable to eliminate PII from the system, what efforts are you undertaking to mask, de-identify or anonymize PII?
The system is not configured to prompt users/administrators to review and purge PII data every 90 days. PII data remains required beyond the 90 days because it is essential to accurately cross-reference VETS' data with other agencies' data (especially DOD/ESGR) for compilation of common claimant data required by the USERRA Annual Report to Congress.
Privacy Impact Analysis
There is a possibility that the length of time data is retained in VIPERS could lead to unauthorized access or the release of PII information. To prevent this risk, all users must have their supervisor's approved application for access, annually agree to the VIPERS Rules of Behavior, maintain an active account, and have a strong password to access the system. Supervisors are required to advise the VIPERS' System Administrator when an investigator is no longer assigned investigative responsibilities or is no longer employed with the Agency or Federal Government.
The VIPERS user has the responsibility to protect data to which they are given access. Users must adhere to the Rules of Behavior as defined in the VIPERS System Security Plan (SSP), DOL and agency guidance. In addition, DOL conducts mandatory annual Information Systems Security Awareness and Privacy Training, ensuring that all Department of Labor staff members are educated regarding the proper methods for handling privacy information.
VIPERS' administrators review and analyze the audit logs on a monthly basis for any trends or anomalies in the system; any indication of suspicious activity is escalated in accordance with VETS incident handling procedures. Audit logs are currently configured to automatically alert the administrators when specific security alerts occur.
Internal Sharing and Disclosure
The following questions are intended to define the scope of sharing within the Department of Labor.
With which internal organization(s) is the PII shared, what information is shared, and for what purpose?
PII is shared with the DOL's Office of the Solicitor (SOL) attorneys' assigned to further investigate USERRA cases.
How is the PII transmitted or disclosed?
Hardcopy case records are transmitted by Fed Ex. Also scanned copies of case records are stored in the DOL SharePoint site. Electronic records remain in VIPERS.
Does the agency review when the sharing of personal information is no longer required to stop the transfer of sensitive information.
VIPERS RLC staff are notified when user information, system usage, or need-to-know/need-to-share status changes.
Privacy Impact Analysis
Case Investigators report/input PII information into VIPERS. SOL's attorneys are sent hardcopies of VIPERS PII information via Fed-Ex. Hard copy records are Fed-Ex between VETS and SOL and signatures are required to validate receipt and for tracking purposes.
External Sharing and Disclosure
The following questions are intended to define the content, scope, and authority for information sharing external to DOL which includes federal, state and local government, as well as the private sector.
With which external organization(s) is the PII shared, what information is shared, and for what purpose?
Disclosure may also be necessary with the Department of Justice (DOJ) and the Office of Special Counsel (OSC) when complaints have proceeded to an advanced stage. Both agencies are responsible for the litigation of meritorious claims. Also, disclosure is necessary with the Employer Support of the Guard and Reserve (ESGR) for verifying claimants/claims processed within their system.
Is the sharing of PII outside the Department compatible with the original collection? If so, is it covered by an appropriate routine use in a SORN? If so, please describe. If not, please describe under what legal mechanism the program or system is allowed to share the PII outside of DOL.
System of Records Notice (Privacy Act Systems - DOL/VETS-1 (Uniformed Services Employment and Reemployment Rights Act (USERRA) Compliant File), and DOL/VETS-2 (Veterans' Preference Equal Opportunities Act of 1998 (VEOA))
How is the information shared outside the Department and what security measures safeguard its transmission?
Limited information is shared with Partner agencies in hard copy form.
How is the information transmitted or disclosed?
Partner agencies have electronic access to VIPERS to document case status and to review electronic records.
Is a Memorandum of Understanding (MOU), contract, or any agreements in place with any external organizations with whom information is shared, and does the agreement reflect the scope of the information currently shared? If yes, include who the agreement is with and the duration of the agreement.
There are no external MOUs, contracts or any agreements in place with any external organization.
How is the shared information secured by the recipient?
This is not applicable to the VIPERS.
What type of training is required for users from agencies outside DOL prior to receiving access to the information?
Users must complete the DOL Computer Security Awareness role based training prior to receiving access to the system. When access is granted the unauthorized use banner on VIPERS login page warns users of the consequences for illegal use activities. Users must also review and acknowledge the VIPERS RoB before accessing the system.
Privacy Impact Analysis
Sharing of information outside of DOL can potentially expose PII to unauthorized individuals. To prevent risk, all non-DOL users of VIPERS must request VETS' Chief of Investigations approval for application access; annually agree to the Rules of Behavior, maintain an active account, and have a strong password. Non-DOL Federal employees are required to advise the Chief of Investigations when an authorized user is not assigned investigative responsibilities or no longer employed by the agency.
The following questions are directed at notice to the individual of the scope of PII collected, the right to consent to uses of said information, and the right to decline to provide information.
Yes, See Privacy Notice on the E-1010 Form in Appendix B
Do individuals have the opportunity and/or right to decline to provide information?
Yes. Individuals are advised that they have the right to decline disclosing the information, but if they don't it may hinder the processing of their claim.
Do individuals have the right to consent to particular uses of the information? If so, how does the individual exercise the right?
Yes, an individual may limit use of the information and the release of the PII. In completing the form individuals are informed that some information is optional but desired for claim processing, giving them the option to divulge or withhold information as they deem necessary. The claimant is advised that the information may be needed in order to process and/or identify the merits of the claim.
Privacy Impact Analysis
Notices are provided to individuals by mail, fax or email depending on their initial contact preferences. There is a risk that an individual may not receive or read the notice; therefore the notice is relayed verbally by the investigator assigned to the individual's case during the initial contact. Individuals are also advised to read the Privacy Act statement that is provided on page 2 of the e-1010 form before signing and submitting the form. Each individual has the right under the privacy act of 1974 to request a copy of their investigative records to verify that information is divulged as requested.
(Excerpt from e-1010 Form: Please read the Privacy Act statement and certification on page two of Form 1010 before signing and submitting the form).
Individual Access, Redress, and Correction
The following questions are directed at an individual's ability to ensure the accuracy of the information collected about them.
- What are the procedures that allow individuals to gain access to their own information?
The VIPERS is an Internet-based system that allows USERRA claimants to officially submit a claim request via the VETS electronic Form 1010 (e-1010) application website. Individuals may gain access to their information post submission by:
- First register for access to the E-1010 online submission tool and create a user ID and strong password.
- Individuals filing an electronic claim may access their information electronically with the self-created ID and password at any time.
- Claimants filing a paper claim may request a record of the file if they did not retain a copy. Upon completion of the e-1010 form claimants are advised to print and retain a copy for future reference.
- If the claimant did not retain a copy the individual may make a written request for information under the Privacy Act and the Freedom of Information Act.
- What are the procedures for correcting inaccurate or erroneous information?
Electronic filers may self-verify the information prior to submitting the e-1010 form or update electronically if additional information or corrections are requested by the reviewing investigator.
If a paper claim is submitted the investigator will contact the claimant in writing to request additional information or to verify the accuracy of the submitted claim.
In cases where the hardcopy form is incomplete the ARLC will return the form to the claimant for completion via the contact information provided (e.g., postal mail, fax), or verified via telephone if provided.
- How are individuals notified of the procedures for correcting their own information?
The ARLC notify claimants in writing of the procedure for correcting their information in the same manner in which the claim was submitted (email, postage mail, etc.,) or by the contact preferences provided by the claimant (e.g. telephone).
- If no formal redress is provided, what alternatives are available to the individual?
This question is not applicable as there is a formal process in place.
Privacy Impact Analysis
There is a risk that the information collected may not be accurate, however the claimant self-identifies the PII information on the e-1010 form prior to submitting. In cases where the information is still incorrect, the assigned investigator verifies the information with the claimant and can make authorized corrections as necessary. An individual may also request their records under the Privacy Act and the Freedom of Information Act to verify that the information collected is what was released.
Technical Access and Security
The following questions are intended to describe technical safeguards and security measures.
Which user group(s) will have access to the system? (for example, program managers, IT specialists, and analysts will have general access to the system and registered users from the public will have limited access.)
User groups for the VIPERS could include Secretaries, Investigators (Agents), State Directors (DVETs), and Regional Administrators (RAVETs). Titles and office locations are maintained for each authorized user and reflect the organizational structure of VETS.
Will contractors to DOL have access to the system? If so, please include a copy of the contract describing their role to the OCIO Security with this PIA.
Contractors to DOL do not have access to the VIPERS application.
Does the system use "roles" to assign privileges to users of the system? If yes, describe the roles.
Yes. VIPERS create accounts first by job title, assigned office, specific job functions, and application access. The ability to view, modify, download, or report on case data by any user other than the assigned investigator is restricted, except where it has been specifically authorized.
What procedures are in place to determine which users may access the system and are they documented?
VIPERS' utilizes an access request form to verify users' identity, what type of access is required, and who is authorizing access to the VIPERS system. The users' supervisor must first verify and approve account requests, including access rights and privileges. Account requests (user authorization forms), are then forwarded to the Atlanta Regional Lead Center (ARLC) for final approval.
How are the actual assignments of roles and Rules of Behavior, verified according to established security and auditing procedures? How often training is provided? Provide date of last training.
VIPERS' procedures for creating and authorizing user accounts are as follows:
- The request for an account is completed by the user or his/her supervisor.
- The account request is signed by the user's supervisor and sent (fax or emailed) to the RLC for processing.
- The Regional Lead Center receives request which is processed by the RLC staff.
- The account access information and default password will be sent to the user by email.
- The user is required to acknowledge and accept the electronic "Rules of Behavior" and then user will be redirected to the change password utility.
Describe what privacy training is provided to users, either generally or specifically relevant to the program or system?
All users, including VIPERS system administrators must complete the DOL System Security Awareness and Privacy role based training prior to being granted access to the system. When access is granted an unauthorized use banner on the VIPERS login page warns the user of legal repercussions for illegal use activities. Users must also review and acknowledge (sign) the VIPERS ROB before accessing the system.
What auditing measures and technical safeguards are in place to prevent misuse of data?
All access (who, what, when and where) to VIPERS data is monitored and recorded by the system's administrative staff.
Is the data secured in accordance with FISMA requirements? If yes, when was Security Assessment and Authorization last completed?
Yes, the data is secured in accordance with FISMA requirements. The Security Assessment and Authorization was last completed November 2013 and is slated for recertification November 2016.
Privacy Impact Analysis
The VIPERS' access to case information is based on a "need-to-know/need-to-share" basis. Federal staff has access only to assigned cases. Management has access to the cases under their supervision. To prevent risk, all users of VIPER must have a supervisor's approved application for access, agree to the system's Rules of Behavior, maintain an active account, and have a strong password. Supervisors are required to advise the VIPERS' Administrator when an investigator is no longer assigned investigative responsibilities or no longer employed with the Agency. Users requesting access to the system are validated through the web server to the forms authentication on dedicated web server login procedures. Transactions are encrypted in both directions using Secure Socket Layer/Transport Layer Security (SSL/TLS) data encryption. VIPERS also receive very secure protection from the DOL Enterprise Consolidated Network (DOL ECN) General Support System (GSS) which is composed of Firewalls, Intrusion Detection Systems, Intrusion Prevention Systems, Anti-Virus systems and data encryption.
The following questions are directed at critically analyzing the selection process for any technologies utilized by the system, including system hardware, RFID, biometrics, and other technology.
Was the system built from the ground up or purchased and installed?
The system was developed in-house.
Describe how data integrity, privacy and security were analyzed as part of the decisions made for your system.
The system was developed and designed to minimize risks. Technical staff conducted meetings, gathered information, and performed analytical processes as necessary to identify applicable informational and functional descriptions to establish an effective requirements structure for the system. The integrity of the system was tested during the IV&V phase, and data encryption protocols (SSL//TLS) were used to prevent unauthorized data access. In addition, day to day system administration as well as reporting tools are in place to monitor the system for any signs of anomaly or suspicious activities. To further safeguard the system, the server resides in a secure, restricted environment that requires multi-factor verification for access.
The system resides on an HP ProLiant DL385 server located in a controlled access environment in the Silver Spring Data Center (SSDC).
What design choices were made to enhance privacy?
The VIPERS application is designed to enforce the most restrictive set of rights/privileges or accesses required by users. Users are provided access via account request authorization based on their title, role and assigned office. Each role has access to specific functions as designated by the user's job requirements. VETS uses concept of least privilege for specific duties and information systems (including specific ports, protocols, and services) in accordance with risk assessments as necessary to adequately mitigate risk to VETS operations, VETS assets, individuals, other organizations, and the Nation.
There have been no recent design updates made to the VIPERS relative to privacy enhancements, this is a legacy system scheduled for decommission during the FY17Q3 timeframe.
For systems in development, what stage of development is the system in, and what project development life cycle was used?
N/A. VIPERS is in the Operations and Maintenance (O&M) stage.
For systems in development, does the project employ technology which may raise privacy concerns? If so, please discuss their implementation.
VIPERS is in the O&M stage, this is not applicable to the system.
As a result of performing the PIA, what choices has the agency made regarding the information technology system and collection of information? (Select the applicable paragraph)
Division of IT Administration, Policies and Procedures (DITAPP) in collaboration with VETS' System Owner and Information System Security Officer (ISSO) completed the PIA for the VIPER System currently in operation.
- VETS have determined that the safeguards and controls currently in place for this moderate system effectively protects the information.
- VETS have determined that it is collecting the minimum necessary information for the proper performance of a documented agency function.