Privacy Impact Assessment Statement
Prepared by: Tina Smith, Management Analyst, OSY
Reviewed by: Kevin Sadler, Assistant Director of Strategic & Administrative Management Division, OSY
Unique Project Identifier: 006-05-01-60-02-0402-00
IT Security System: OS-018 - Office of Security (OSY) IT Infrastructure
Project Description: Inqusite is a software program that the Office of Security uses to administer surveys to the workforce and to document training. The software is currently used for multiple surveys, two of which collect/store personally identifiable information (PII) received from the survey respondents.
1. What information is to be collected (e.g., nature and source)?
• Customer Satisfaction Survey collects and stores anonymous responses to questions about their satisfaction with overall security at their respective facility. No PII is collected.
• Employee Engagement Survey collects and stores anonymous responses to questions about their satisfaction with their engagement with management. No personally identifiable information is collected.
• Manager Self-Evaluation Survey asks for the respondent to identify themselves from a list of names and then collects and stores individual responses to questions about how they see themselves performing as a manager. No PII is collected.
• OEP Self-Assessment Survey collects and stores data on the state of emergency preparedness for each DOC facility. An “auditor” will enter their name, work phone number and work email address into the survey as the person who conducted the survey of the facility and will respond to a series of questions regarding emergency preparedness. No PII is collected.
• Travel Briefing Survey asks for the respondent to enter their name, date of birth, work contact information, duty station, and Bureau/Office and then provides the respondent with a certificate for having completed training.
• NSI Briefing Survey asks for the respondent to enter their name and Bureau/Office and then he/she will respond to questions designed to test their knowledge of how to handle National Security Information. Upon successful completion, the respondent will receive a certificate stating that they have successfully completed the training. No PII is collected.
• HSPD-12 Role-Based Training Survey asks for the respondent to enter their name, date of birth and Bureau/Office and then he/she will respond to questions designed to train them on their role under PIV-I. Upon successful completion, the respondent will receive a certificate stating that they have successfully completed the training.
2. Why is the information being collected (e.g., to determine eligibility)?
Regarding the two surveys (Employee Engagement and HSPD-12) that collect PII, the date of birth is collected solely to verify the accuracy of the respondent’s name by cross-checking the name provided with names in a consolidated database of the full legal names of all Commerce employees. This cross-check is necessary because respondents sometimes enter nicknames or maiden names that do not match. The cross-check prompts the respondent to enter their full name without misspellings before the training certificate can be issued.
3. What is the intended use of the information (e.g., to verify existing data)?
Regarding the two surveys (Employee Engagement and HSPD-12) that collect PII, the intended use of the information is solely to verify the accuracy of the respondent’s name by cross-checking the name provided with names in a consolidated database of the full legal names of all Commerce employees.
4. With whom the information will be shared (e.g., another agency for a specified programmatic purpose)?
The information is not shared with any other agency. It is solely for the purpose of ensuring accurate recordkeeping and crediting of training completed.
5. What opportunities do individuals have to decline to provide information (i.e., where providing information is voluntary) or to consent to particular uses of the information (other than required or authorized uses), and how individuals can grant consent?
Regarding the two surveys (Employee Engagement and HSPD-12) that collect PII, the individual does not have the opportunity to decline providing this information. Providing the information is a condition of continued federal employment.
6. How will the information be secured (e.g., administrative and technological controls)?
In accordance with the requirements of the Federal Information Security Management Act of 2002 (FISMA), a Security Certification and Accreditation (C&A) was completed for this system and is current and in force. The C&A process is an audit of policies, procedures, controls, and contingency planning, required to be completed for all federal government IT systems every three years.
The IT Security Plan for this system is also current and in force. The access and other controls for the host system meet the requirements of the Department of Commerce IT Security Program Policy and Minimum Implementation Standards.
7. Is a system of records being created under the Privacy Act, 5 U.S.C. 552a?
No, a new system of records is not being created under the Privacy Act. These records are covered by the Privacy Act System of Records Notice DEPT-18, Employee Personnel Files Not Covered by Notices of Other Agencies.
8. How long will these records be retained?
The retention period for these records is guided by the General Records Schedules (GRS), which are issued by the National Archives and Records Administration (NARA) to provide disposition authorization for records common to several or all agencies of the Federal Government. In accordance with GRS 20, item 3, electronic versions of records scheduled for disposal may be deleted at the expiration of the retention period authorized by the GRS for the equivalent paper copies or when no longer needed, whichever is later. GRS 1, item 29b authorizes the disposal of the equivalent paper copies when five years old.
9. Do you log all computer-readable data extracts from databases holding sensitive information? Is that information verified (including sensitive data) and erased within 90 days or determined that it is still required?
Data extracts are created only in those instances when the name provided by an employee upon completion of a training course does not match a name in the OSY database of Commerce employees, often because the employee provided a nickname or shortened version of his or her complete official name. The only information extracted is the name and date of birth of the employee so that OSY staff can verify the identity of the employee and issue a certificate of training. A log of all computer-readable extracts from the OSY database of Commerce employees is maintained, and the extracts are destroyed within 24 hours upon verification of the identity of the employee.