Font Size Print Download Reader HHS Home|HHS News|About HHS

Centers for Disease Control & Prevention Privacy Impact Assessments

06.3 HHS PIA Summary for Posting (Form) / CDC African American Men who have Sex with Men (AAMSM)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA? Yes

If this is an existing PIA, please provide a reason for revision: -

1. Date of this Submission: CDC African American Men who have Sex with Men (AAMSM)

2. OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number: NO

4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name (Align with system Item name): African American Men who have Sex with Men (AAMSM)

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: David Purcell

10. Provide an overview of the system: The purpose of AAMSM data collection system is to permit funded sites to perform the following activities:

· Manage venue information and venue testing activities for alternate venue testing and targeted outreach strategies

· Manage interview data and other information about at-risk individuals who are nominated via the social networks and PCRS strategies

· Manage clients’ demographic, HIV risk, HIV CTR, and strategy-specific information

· Manage time and cost information collected for each strategy

· Manage project staff details (e.g., time spent on a specific strategy activity, hourly rate)

· Generate custom reports that summarize project data (by and across strategies) and facilitate effective program monitoring and evaluation

The desired impact of this project is to improve the public's health by reducing the number of new HIV infections occurring each year in the United States. The goals of this project are to increase the proportion of HIV-infected African American MSM in the U.S. who are aware of their status and linked to appropriate prevention, care and treatment services. To accomplish these goals, project staff and grantees will evaluate the relative effectiveness of testing strategies based on existing models (e.g., mobile testing and alternative venue testing to make testing more accessible, using social networks of HIV-infected persons to refer at-risk peers for testing, and partner counseling and referral services). This project supports the following CDC Health Protection goal: Healthy People in Every Stage of Life. Although this project can potentially impact people in all life stages, the focus of the project is on improving the health of adults. The target population is 18 – 24 year old African American MSM. AAMSM will continue from 6/2008 until 10/2010.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?

(Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No

21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): AAMSM does not contain IIF

· Venue information and venue testing activities for alternate venue testing strategy

· Interview data and other information about at-risk individuals who are nominated via the social networks and PCRS strategies

· Clients’ demographic, HIV risk, HIV CTR, and strategy-specific information

· Manage time and cost information collected for each strategy

· Project staff details for the staff who are involved in various activities of the project (e.g., time spent on a specific strategy activity, hourly rate)

The information collected at the sites will be sent to the CDC via secure data network (SDN) for analyzing the data collected.

31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared.

(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) AAMSM does not contain IIF

32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: AAMSM does not contain IIF.

PIA Approval

PIA Reviewer Approval: Promote

PIA Reviewer Name: Michael W. Harris

Sr. Official for Privacy Approval: Promote

Sr. Official for Privacy Name: Thomas P. Madden

Sign-off Date: Jul 28, 2008

Approved for Web Publishing: Yes

Date Published: Jun 1, 2009

_____________________________________________________________________________

06.3 HHS PIA Summary for Posting (Form) / CDC ATSDR DHAC Identifying Exposure Pathways (IEP)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA? Yes

If this is an existing PIA, please provide a reason for revision: -

1. Date of this Submission: CDC ATSDR DHAC Identifying Exposure Pathways (IEP)

2. OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number: -

4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name (Align with system Item name): CDC ATSDR DHAC Identifying Exposure Pathways (IEP)

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Robert L. Kay

10. Provide an overview of the system: Identifying Exposure Pathways (IEP) is a web-based training that has been on the Agency for Toxic Substances and Disease Registry (ATSDR)/CDC web since 2003. The online learning program provides information on the basic concepts used by ATSDR staff and agents of ATSDR in conducting public health assessments, specifically how to identify pathways of exposure. The program is intended to assist environmental public health professionals to understand the basic steps and coordination necessary to identify exposure pathways. The program provides learn-by-doing steps on how ATSDR's cooperative agreement partners (agents of ATSDR), ATSDR staff, and other environmental and public health professionals can identify how persons come into contact with hazardous and toxic substances. This program is an interactive simulation involving internal and external communications, site document review, mock site review, video clip review, community involvement activities, and completion of an exposure pathway table. The program does not collect/store any Personable Identifiable Information (PII) regarding any of its participants.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?

21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No, does not contain PII

(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) No, does not contain PII

32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No

37. Does the website have any information or pages directed at children under the age of thirteen?: -

50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): -

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No, does not contain PII

PIA Approval

PIA Reviewer Approval: Promote

PIA Reviewer Name: Felicia Kittles

Sr. Official for Privacy Approval: Promote

Sr. Official for Privacy Name: Thomas P.Madden

Sign-off Date: Jan 5, 2009

Approved for Web Publishing: Yes

Date Published: Jun 1, 2009

_____________________________________________________________________________

06.3 HHS PIA Summary for Posting (Form) / CDC ATSDR Triage Tracking System (TTS)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA? No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: CDC ATSDR Triage Tracking System (TTS)

2. OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number: 009-20-01-03-02-9221-00

4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name (Align with system Item name): Triage Tracking System (TTS)

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Richard Gillig

10. Provide an overview of the system: The Triage Tracking Database (TTS) is an MS Access database that is used to track the progress of documents (health consultations, public health assessments, etc) through the review process, as well as record ancillary data associated with said documents.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?

21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

(2) TTS tracks the current status of documents and health education/ environmental activities. The system also tracks the status of known issues containing environmental and contamination through the review process. Reports are generated and used for internal purposes only and are not shared with any other Divisions/ Offices/ Centers within CDC.

(3) TTS does not contain any PII.

(4) N/A. No PII collected.

(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) The system does not contain PII.

32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The system does not contain PII.

No IIF Collected.

E-Authentication Assurance Level = N/A

Risk Analysis Date = 7/23/2009

PIA Approval

PIA Reviewer Approval: Promote

PIA Reviewer Name: Michael W. Harris

Sr. Official for Privacy Approval: Promote

Sr. Official for Privacy Name: Thomas P. Madden

Sign-off Date: Aug 14, 2008

Approved for Web Publishing: Yes

Date Published: Jun 1, 2009

_____________________________________________________________________________

06.3 HHS PIA Summary for Posting (Form) / CDC Auto Decal

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA? Yes

If this is an existing PIA, please provide a reason for revision: -

1. Date of this Submission: CDC Auto Decal

2. OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number: 009-20-01-06-02-0984-00

4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): DOT/ALL8

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name (Align with system Item name): Auto Decal

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Tracy Hollis

10. Provide an overview of the system: Mainframe application used by the Office of Security and Emergency Preparedness to issue car decals for any vehicles parked on CDC premises or leased property by CDC workforce. The only system users are OSEP personnel, who enter information regarding a vehicle and the associated decal number and the owner’s User ID. The information is manually typed from a signed form by the vehicle owner usually submitted to security personnel assigned to the user’s workplace. The security staff issues the decal, and then submits the form to the security office in charge of entering the information from the form. This may take several days from the time the user is issued a decal until the information is entered into the Auto Decal system.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?

21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) No

32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Need to Know policy is enforced in the application. Only designated OSEP personnel can see the record. User Id’s, Passwords (expire after a set period of time), Accounts are locked after a set period of inactivity, Minimum length of passwords is eight characters, Accounts are locked after a set number of incorrect attempts. Firewall protected.

PIA Approval

PIA Reviewer Approval: Promote

PIA Reviewer Name: Michael W. Harris

Sr. Official for Privacy Approval: Promote

Sr. Official for Privacy Name: Thomas P. Madden

Sign-off Date: Aug 19, 2008

Approved for Web Publishing: Yes

Date Published: Jun 1, 2009

_____________________________________________________________________________

06.3 HHS PIA Summary for Posting (Form) / CDC CCCHIS NCPHI DEOC Requests System (DRS)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA? Yes

If this is an existing PIA, please provide a reason for revision: -

1. Date of this Submission: CDC CCCHIS NCPHI DEOC Requests System (DRS)

2. OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number: 009-20-01-03-02-1255-00

4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-20-0055

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name (Align with system Item name): DEOC Request System (DRS)

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Clarence Bloomfield

10. Provide an overview of the system: This system is used by the CDC Emergency Operations Center to manage and track tasks that come into the Operations Center.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?

21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system does not share or disclose IIF.

(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Employees’ (new hires) are informed and have given consent during the employee orientation process that their PII information will be used in order to support the CDC Director’s Emergency Operations Center.

32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: CDC EMSSP security controls are adequate to protect the IIF contained within this system. The controls ensure a common baseline level of protection is met for all CDC information systems.

PIA Approval

PIA Reviewer Approval: Promote

PIA Reviewer Name: Michael Harris

Sr. Official for Privacy Approval: Promote

Sr. Official for Privacy Name: Thomas P. Madden

Sign-off Date: Jul 28, 2008

Approved for Web Publishing: Yes

Date Published: Jun 1, 2009

_____________________________________________________________________________

06.3 HHS PIA Summary for Posting (Form) / CDC CCEHIP ATSDR Centralized Information Management System - (SEQUOIA)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA? Yes

If this is an existing PIA, please provide a reason for revision: -

1. Date of this Submission: CDC CCEHIP ATSDR Centralized Information Management System - (SEQUOIA)

2. OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number: 009-20-01-02-1411-00

4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-90-0018

5. OMB Information Collection Approval Number: No

6. Other Identifying Number(s): No

7. System Name (Align with system Item name): Centralized Information Management System (CIMS) aka Sequoia

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Keith West

10. Provide an overview of the system: Sequoia is the result of reengineering ATSDR’s HazDat system. HazDat, initiated in 1988, is ATSDR’s scientific and administrative database developed to provide rapid access to information on the release of hazardous substance from Superfund sites and other events. It provides information on the effects of hazardous substances on the health of human populations. ATSDR’s business requirements have changed dramatically over the last few years, during which major development on HazDat was frozen. As a result, HazDat has become increasingly less useful to ATSDR staff, and Sequoia has been created to update the functionality of HazDat. Phase I of Sequoia includes functionality provided by the Site & Event, Cost Recovery, and ASA (Activities) modules of HazDat. Taken together, these modules provide users with the ability to track environmentally damaging events and cleanup activities, plus the recording of supporting information on the activities performed during those events to support efforts to recover cleanup costs for the federal government.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?

21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Sequoia does not share or disclose any IIF data. The SSN data that is used for in a query with the UFMS payroll data is stored in a Sequoia data table in encrypted format & is only unencrypted via a SQL function whose access is limited. The SSN is unencrypted in order to match data contained in several related tables from the MISO database. SSN is not printed on any reports or displayed on any screens.

(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) No

32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Administrative Controls: In order to ensure least privilege and accountability, read-only access is given by default. Additional access must be requested by the user’s manager/supervisor and granted by the system administrator. Technical Controls: integrated with AD for login, SQL server security including encryption. Physical Controls: Guards, ID badges, key cards, locked offices, locked server rooms.

PIA Approval

PIA Reviewer Approval: Promote

PIA Reviewer Name: Alice M. Brown

Sr. Official for Privacy Approval: Promote

Sr. Official for Privacy Name: Thomas P. Madden

Sign-off Date: Apr 23, 2008

Approved for Web Publishing: Yes

Date Published: Jun 1, 2009

_____________________________________________________________________________

06.3 HHS PIA Summary for Posting (Form) / CDC CCEHIP ATSDR Hazardous Substances Emergency Event System - (HSEES)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA? Yes

If this is an existing PIA, please provide a reason for revision: -

1. Date of this Submission: CDC CCEHIP ATSDR Hazardous Substances Emergency Event System - (HSEES)

2. OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number: 009-20-01-02-9221-00

4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): No

5. OMB Information Collection Approval Number: No

6. Other Identifying Number(s): No

7. System Name (Align with system Item name): HSEES (Hazardous Substances Emergency Events Surveillance)

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Maureen Orr

10. Provide an overview of the system: The Hazardous Substances Emergency Events Surveillance (HSEES) system was established by ATSDR to collect and analyze information about acute releases of hazardous substances, as well as threatened releases that result in a public health action such as an evacuation. The goal of HSEES is to reduce the morbidity (injury) and mortality (death) that result from hazardous substances events, which are experienced by first responders, employees, and the general public.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?

21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The Hazardous Substances Emergency Event Surveillance application collects company name and address information on the event location and the parties responsible for hazardous chemical events. Addresses of individuals (private households) are also collected, but not their names. The application also collects name (government employee), agency, address, and phone information on the party who notified the state department of the event. The address information is used to determine the latitude/ longitude values, and demographics/ proximity information of hazardous events to aid in prevention and outreach. The name of the event location is used to determine the type of industry that was involved with the hazardous release. The notification information is used for contact purposes in case data received is incomplete. User names, states, and email addresses are stored for user roles and privileges.

IIF is only shared or disclosed to HSEES users who are State and International Partners (State Health Departments). Each state can only access their data. DHS users can access data from all states but name, address, and phone fields are encrypted. NOTE: IIF is NOT retrieved by Privacy data.

Data are entered by participating state health departments into a web-based application that enables ATSDR to instantly access data for analysis.

Data collected include the following:

• Name, address, and phone # of the source that notified the state health department of the event and the date of the notification.

• Time, date, and day of the event.

• Geographic location (street, city, county, state, zip, country, latitude, longitude)

• Name of the event location, and the party responsible for the release.

• The type of industry involved

• The proximity and demographic (land use and nearby population information to estimate the number of persons potentially exposed)

• Place within the facility where the event occurred

• Event type (fixed-facility or transportation related event)

• Factors contributing to the release

• The substances released

• Environmental sampling and follow-up health activities

• Specific information on injured persons: age, sex, type and extent of injuries, distance from spill, population group (employee, general public, responders, student), and type of protective equipment used

• Information about decontaminations, orders to evacuate or shelter-in-place

Data are used to:

• Provide presentations of data from HSEES to industries that account for a significant number of spills to help plan prevention strategies

• Provide data for Hazardous Material training courses, including data on the risk of injury from methamphetamine labs

• Provide data to establish and maintain protection areas for municipal water systems

• Provide data by county on spills to assist with the proper placement of Hazardous Material teams and equipment

• Distribute fact sheets on frequently spilled chemicals or chemicals that cause a disproportionate number of injuries, such as chlorine and ammonia

• Distribute newsletters or fact sheets to industry, responder, and environmental groups

• Provide presentations for state and local emergency planners

(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) No

32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Administrative:

Users are assigned unique roles and privileges depending on their titles. The HSEES system administrator is responsible for assigning these roles.

Technical:

Depending on the user’s role certain fields containing IIF data are encrypted. Company name, address, and telephone information are entered by and visible to State users, but are encrypted to the Division of Health Studies (DHS) representatives.

User access and authentication is provided through a Secure Data Network (SDN) issued digital certificate which is valid for one year from the date of receipt. Each user will be assigned a unique numeric token which will be used to access the SDN Web Server and assign user roles and privileges. SDN also requires a passphrase to access the SDN Web Server.

Physical Controls:

Production and test servers are stored in a server room secured by the CDC. Access tools are in place to secure entry into CDC buildings (Guards, ID Badges, Key Card, Cipher Locks, Closed Circuit TV).

PIA Approval

PIA Reviewer Approval: Promote

PIA Reviewer Name: Michael Harris

Sr. Official for Privacy Approval: Promote

Sr. Official for Privacy Name: Thomas P. Madden

Sign-off Date: Jul 11, 2008

Approved for Web Publishing: Yes

Date Published: Jun 1, 2009

_____________________________________________________________________________

06.3 HHS PIA Summary for Posting (Form) / CDC CCEHIP ATSDR OCScheduler

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA? Yes

If this is an existing PIA, please provide a reason for revision: -

1. Date of this Submission: CDC CCEHIP ATSDR OCScheduler

2. OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number: -

4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name (Align with system Item name): CDC CCEHIP ATSDR OCScheduler

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Marianne Hartin

10. Provide an overview of the system: Office of Communication Conference Scheduler (OCScheduler) is a web based conference scheduling application that allows CDC/National Center for Environmental Health (NCEH)/Agency for Toxic Substance and Disease Registry (ATSDR) employees to sign up and volunteer to help support conferences, forums and other activities the division in involved in and attends. OCScheduler allows personnel to go online and visually see times and dates available to volunteer for and support NCEH/ATSDR conference activities. The application reduces the work required in organizing and ensuring coverage for necessary support of activities with varied days and times required for NCEH/ATSDR support. The application allows the user to view a primary page that lists the event to support, the dates and times needed for support and to volunteer by clicking on an available date and time and entering their contact information (name, business phone number and business email address).

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?

21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): n

(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) The system does not contain PII.

32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No

37. Does the website have any information or pages directed at children under the age of thirteen?: -

50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): -

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The system does not contain PII. No IIF collected

E-Authentication Assurance Level = N/A

Risk Analysis Date = 12/19/08

PIA Approval

PIA Reviewer Approval: Promote

PIA Reviewer Name: Felicia Kittles

Sr. Official for Privacy Approval: Promote

Sr. Official for Privacy Name: Thomas P. Madden

Sign-off Date: Jan 5, 2009

Approved for Web Publishing: Yes

Date Published: Jun 1, 2009

_____________________________________________________________________________

06.3 HHS PIA Summary for Posting (Form) / CDC CCEHIP ATSDR RssReader

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA? Yes

If this is an existing PIA, please provide a reason for revision: -

1. Date of this Submission: CDC CCEHIP ATSDR RssReader

2. OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number: 009-20-01-03-02-9623-00

4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): No

5. OMB Information Collection Approval Number: No

6. Other Identifying Number(s): No

7. System Name (Align with system Item name): RssReader (ATSDR News Room)

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Wilma Lopez

10. Provide an overview of the system: ATSDR News Room (RSSReader) is a application to disseminate environmental health news stories to visitors of the webpage and the Agency for Toxic Substances and Disease Registry (ATSDR) web site. The news stories is to be used as informational sources for the general public to read and use for private use. The content is not generated by the National Center for Environmental Health (NCEH)/ATSDR Office of Communication. The content is just organized and available for public users of the website to find information on environmental health news storiesole to have add/edit/delete permissions