Privacy Impact Assessment Statement
Prepared by: Sheryl Hollins
Reviewed by: Patty Grasso
Unique Project Identifier: 006-05-01-60-02-0402-00
IT Security System: OS-18 Office of Security (OSY) IT Infrastructure
LobbyWorks is commercial off-the-shelf (COTS) software distributed by Honeywell.
The Graphical User Interface (GUI) provides a visitor management solution for the Herbert Clark Hoover Building (HCHB), Washington, DC. HCHB is where the U.S. Department of Commerce Headquarters offices are located. The internal client server based systems are located at all visitor entrances. The servers are located in the HCHB and are part of the OSY Information Technology (IT) Infrastructure network designated by the unique project identifier above. Trained security guards utilize the system to track domestic visitors, foreign visitors, temporary contractors, visitors requesting garage access, and employees with temporary badges while inside HCHB. Additionally, Commerce employees can pre-register their visitors through a Web client via the Department’s Intranet.
1. What information is to be collected (e.g., nature and source)?
The personal information in the LobbyWorks system is collected from the identification document that is provided by the visitor. For U.S. citizens, this will be either a driver’s license or a government identification card issued in lieu of a driver’s license. For foreign visitors, this will be a passport. The information collected from these visitors includes the individual’s full name, date of birth, home address, height, weight, and the identification number of the driver/individual that appears on the card. This may be the individual’s social security number (SSN) if that is used by the state that issued the license or identification card.
For foreign visitors, the information will be collected from their passport, and includes their name, date of birth, home address, and passport number.
In addition, the visitor will be required to provide the security guard with information relative to the visit, such as purpose of the visit, room, and contact person.
2. Why is the information being collected (e.g., to determine eligibility)?
This information is collected to track the visitors in HCHB and ensure the security of the visitors and employees in the building. The security guard scans the license, passport, or business card which stores the information in the system. The information will be retained for an undetermined period of time so that, if necessary, it will be available for subsequent investigatory inquiries should they occur.
3. What is the intended use of the information (e.g., to verify existing data)?
The personal information is collected to help ensure the security of visitors and employees in HCHB and of the building itself. Maintaining a system to control access to HCHB is essential for this purpose. All visitors are sponsored by Commerce employees that are physically located at HCHB.
4. With whom the information will be shared (e.g., another agency for a specified programmatic purpose)?
The personal information will be shared only with authorized users who have a legitimate need to know. Specifically, the information may be shared with authorized users of the Department’s Office of Security (OSY) and any other representative of a federal agency with authority to obtain the information in accordance with the Privacy Act system of records notice, DEPT-6, Visitor Logs and Permits for Facilities under Department Control,
5. What opportunities do individuals have to decline to provide information (i.e., where providing information is voluntary) or to consent to particular uses of the information (other than required or authorized uses), and how individuals can grant consent?
Upon entering the building, the visitor will be required to provide the security guard with information relative to the visit, such as purpose of the visit, room, and contact person. The visitor will also be asked to provide the identification documentation described above and agree to be photographed. The individuals will have an opportunity to decline the security guard’s request for this information and documentation, in which case, the individual may not be allowed to enter the building.
6. How will the information be secured (e.g., administrative and technological controls)?
In accordance with the requirements of the Federal Information Security Act of 2002 (FISMA), a Security Certification and Accreditation (C&A) was completed and is in force for OS-018 Office of Security (OSY) IT Infrastructure, which is the system that hosts LobbyWorks. The C&A process is an audit of policies, procedures, controls, and contingency planning, required to be completed for all federal government IT systems every three years.
The IT Security Plan for this system is also current and in force. The access and other controls for the host system meet the requirements of the Department of Commerce IT Security Program Policy and Minimum Implementation Standards.
The information is secured via both administrative and technical controls and incorporates the following security safeguards in compliance with the Commerce IT Security Program Policy and Minimum Implementation Standards.
• Authorized users are issued a system user identification login and given limited read and/or write privileges depending on their scope of duties and need to know.
• Regular monitoring of the system for unauthorized access is conducted.
The potential risk of inappropriate disclosure and/or unauthorized disclosure is mitigated by limiting the number of authorized system users, providing initial and annual system security training, monitoring authorized user activity, providing automatic and immediate notification of unauthorized system access or usage to the system administrator, and documenting user violations.
7. Is a system of records being created under the Privacy Act, 5 U.S.C. 552a.?
No. The Privacy Act system of records notice for DEPT-6, Visitor Logs and Permits for Facilities under Department Control, applies to the personal information in this system.
8. How long will these records be retained?
The retention period for these records is guided by the General Records Schedules (GRS), which are issued by the National Archives and Records Administration (NARA) to provide disposition authorization for records common to several or all agencies of the federal government. In accordance with GRS 20, item 3, electronic versions of records scheduled for disposal may be deleted at the expiration of the retention period authorized by the GRS for the equivalent paper copies or when no longer needed, whichever is later. This allows for a longer retention period for the electronic records than the equivalent paper records, which are generally scheduled for disposal when two years old (GRS 18, item 17). OSY has determined that the records in LobbyWorks, in accordance with GRS 20, item 3, may need to be retained indefinitely in case they are needed for subsequent investigative or other routine uses, as provided for under the Privacy Act.
9. Do you log all computer-readable data extracts from databases holding sensitive information? Is that information verified (including sensitive data) and erased within 90 days or determined that it is still required?
The Lobbyworks system does not currently utilize any methods for the logging and verification of data extracts. However, the completion of data extracts is limited to administrative users through a separate reporting application. The extracts are destroyed within 90 days once they are no longer required.