PIA - Security Information Management System (SIMS)

Office of Security
Security Information Management System (SIMS)

October 2006
Privacy Impact Assessment Statement

Project: Security Information Management System (SIMS)
Unique Project Identifier: 00605016002101200401121
Project Description

Security Information Management System (SIMS) is a legacy security management system which has not been modified since implementation in 2003 of the Management Application for Security (MAPS) system. SIMS continues to be used to maintain historical data on classified document management, facilities, and personnel (employees and contractors). SIMS currently has two user accounts established. All other accounts have been disabled. The system is not updated with new information. It is part of the OSY Information Technology (IT) Infrastructure network designated by the unique project identifier above.

1. What information is to be collected (e.g., nature and source)?

Personal information is stored in the SIMS database. The information includes individual’s full name, date and place of birth, social security number, other names used, gender, and citizenship.

2. Why is the information being collected (e.g., to determine eligibility)?

The system no longer collects personal information but previously collected information continues to be maintained on the database. The personal information was collected as part of the personnel security (PerSec) process in order for the Department to conduct background investigations. These investigations were conducted to establish that applicants or incumbents, either employed by the U.S. Government or working for the Government under contract, are suitable for a job, eligible for a public trust or sensitive position, and/or eligible for a security clearance. For applicants, the information was collected only after a conditional offer of employment had been made. The personal information obtained was collected only with the knowledge and consent of the individual.

3. What is the intended use of the information (e.g., to verify existing data)?

The personal information was collected as part of the PerSec process in order for the Department to conduct background investigations to establish that applicants or incumbents either employed by the U.S. Government or working for the Government under contract, are suitable for a job, eligible for a public trust or sensitive position, and/or eligible for a security clearance.

4. With whom will the information be shared (e.g., another agency for a specified programmatic purpose)?

The personal information will be shared only with authorized users who have a legitimate need to know. Specifically, the information may be shared with authorized employees of the Department’s Office of Security (OSY), Office of Human Resources Management, Office of General Counsel, and Office of Inspector General; the Office of Personnel Management; and any other representative of a federal agency with authority to obtain the information under the Privacy Act, Freedom of Information Act, or other law.

5. What opportunities do individuals have to decline to provide information (i.e., where providing information is voluntary) or to consent to particular uses of the information (other than required or authorized uses), and how individuals can grant consent?

The personal information was collected via an individual’s completion of Standard Form (SF) 85, Questionnaire for Non-Sensitive Positions; SF 85P, Questionnaire for Public Trust Positions; or SF 86, Questionnaire for National Security Positions. Prior to completion of the questionnaire, the individual was advised that providing the information was voluntary; however, OSY might not be able to complete the required background investigation, or complete it in a timely manner, if an individual did not provide each item of information requested. Failure to complete the investigation could affect the individual’s placement, employment, or security clearance prospects. The individual could chose to decline providing the requested personal information or to consent to the particular use of the personal information at the time the questionnaire was presented for completion.

6. How will the information be secured (e.g., administrative and technological controls)?

SIMS is a stand alone system with two authorized users who are physically located at Herbert C. Hoover Building (HCHB), Washington, DC. The authorized users were issued login identifications and passwords with limited read/write privileges depending on their scope of duties and need to know. McAfee Antivirus was installed on the workstation along with the current files.

7. Is a system of records being created under the Privacy Act, 5 U.S.C. 552a.?

No. The existing Privacy Act system of records notice for DEPT-13, Investigative and Security Records, applies to the personal information in this system.

8. How long will these records be retained?

The retention period for these records is guided by the General Records Schedules (GRS), which are issued by the National Archives and Records Administration (NARA) to provide disposition authorization for records common to several or all agencies of the federal government. GRS 18, item 22a, provides that personnel security clearance files are to be destroyed upon notification of death or not later than 5 years after separation or transfer of employee or no later than 5 years after a contract relationship expires, whichever is applicable. In accordance with GRS 20, item 3, the electronic versions of records scheduled for disposal may be deleted at the expiration of the retention period authorized for the equivalent paper records or when no longer needed, whichever is later.