Skip Navigation
  • Text Size: A A A
  • Print
  • Email
  • Facebook
  • Tweet
  • Share
  • Print
  • Email
  • Facebook
  • Tweet
  • Share

Centers for Disease Control - Page 2

Back to Privacy Impact Assessments page

 

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCPDCID CoCHP Intranet Platform OD EPMIS
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-01-02-1055-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC CCID NCPDCID CoCHP Intranet Platform OD EPMIS
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCPDCID CoCHP Intranet Platform OD EPMIS - POSSI
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-01-02-1055-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC CCID NCPDCID CoCHP Intranet Platform OD EPMIS - POSSI
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCPDCID CoCHP Intranet Platform OD GA - BSU Report
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  N/A
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC CCID NCPDCID CoCHP Intranet Platform OD GA - BSU Report
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCPDCID CoCHP Intranet Platform OD GA - Change Tracking
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9024-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC CCID NCPDCID CoCHP Intranet Platform OD GA - Change Tracking
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers.

Application Update Change Tracking.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC Blogs [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1603
7. System Name (Align with system Item name):  CDC Blogs
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Susan Wilkin
10. Provide an overview of the system:  The Division of Informatics Outreach and Education (DIOE) provides blogging functionality for internal use at the CDC in order to facilitate collaboration around a range of areas from public health topics to general CDC internal topics.  Blogs provide the ability for groups at the CDC to share information and receive feedback from interested CDC personnel.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC CCID NCHHSTP Sisters Empowered Sisters Aware - (SESA) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  5/8/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-01-02-1000-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC ID: 1839
7. System Name (Align with system Item name):  Sisters Empowered, Sisters Aware (SESA)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Carolyn Guenther-Grey
10. Provide an overview of the system:  Sisters Empowered, Sisters Aware (SESA) is a project designed to increase the number of African American women who know their HIV status (it is an HIV testing project). The project involves the evaluation of four HIV testing strategies designed to locate women with undiagnosed infection.

The SESA data collection system is a client/server application developed in C#.NET with Microsoft SQL server 2005 as backend. The system contains client-level demographic, testing strategy, and counseling/ testing/referral (CTR) data. The system will also collect data pertaining to cost-effectiveness analysis and allow site managers to run queries and reports that summarize data associated with a specific time period.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  HIV CTR, demographic, testing strategy, and cost-effectiveness data; does not contain any IIF.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  SESA does not contain any PII.
Risk Analysis Date = January 10, 2008
E-Authentication Assurance Level = N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  5/8/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC CCID NCZVED National Outbreak Reporting System  (NORS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  12/9/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-02-02-9721-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  No
7. System Name (Align with system Item name):  National Outbreak Reporting System  (NORS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Barbara Mahon
10. Provide an overview of the system:  The National Outbreak Reporting System (NORS) provides collection and storage of aggregate outbreak data from State Health Departments.  The data is studied and analyzed as a part of national surveillance. Aggregate outbreak data is entered into the system as individual incident reports via client web interface for study as a passive surveillance tool.  This surveillance analysis normally occurs after an actual outbreak has occurred.  State administrators have the ability to finalize and approve individual incident reports.  The data is collected at the CDC in a normalized relational database.  Separate applications to work with the surveillance data.  Administration and individual incident record viewing is done through the web interface.  Currently aFORS (analytical FORS) is the only additional module that has been integrated.  NORS has several system interconnections and dependencies. NORS will share functionality with PulseNet and NARMS by automatically sending requests and response for data between the systems.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The National Outbreak Reporting System (NORS) provides collection and storage of aggregate outbreak data from State Health Departments.  The data is studied and analyzed as a part of national surveillance. Aggregate outbreak data is entered into the system as individual incident reports via client web interface for study as a passive surveillance tool.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No
E-Authentication Assurance Level = 2
Risk Analysis Date = November 4, 2008
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles  OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  12/12/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC CCID NCZVED OutbreakNet [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  2/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-02-02-9721-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC #: 1318
7. System Name (Align with system Item name):  CDC CCID NCZVED OutbreakNet
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Richard Williams
10. Provide an overview of the system:  OutbreakNet is an external facing web application. The application collects both line list and outbreak data that relates to cases but does not contain PII. The data is used to enable reporting and hypothesis generation during a foodborne outbreak. From this data the system will generate reports and allow direct connectivity for statisticians within the CDC. Allowing for greater analysis and easier reporting to allow more focus on the science behind the outbreak.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The application collects both line list and outbreak data that relates to cases but does not contain PII. The data is used to enable reporting and hypothesis generation during a foodborne outbreak. The data entered into the system is largely captured by state health departments and then shared voluntarily with the CDC.  Once entered into OutbreakNet, states will not be able to download or read other states data.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  2/3/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC CCID OD Coordinating Center for Infectious Disease (CCID) Informatics Customer Support (c.Support) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  11/20/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-02-00-02-9309-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Coordinating Center for Infectious Disease (CCID) Informatics Customer Support (c.Support)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Tonya Martin
10. Provide an overview of the system:  c.Support® from GWI Software is a comprehensive help desk/customer support application that allows support organizations to coordinate and manage everyday support activities as well as track assets, build a knowledge base and provide customer self-help.

Designed and developed using the Microsoft® .NET Framework, c.Support provides the best overall value by leveraging our existing investment in Microsoft® systems, servers, and infrastructure. c.Support will integrate with Microsoft Active Directory®, Domino Directory, a Microsoft SQL database, and/or Microsoft® CRM.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Other CDC and CDC Contracted Expert Resources for Incident Resolution.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Records business email address, business phone, fax, and mailing address.  Submission is mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  None
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Customer information is stored on a Microsoft SQL Server inside the firewall and protected by all CDC network protections.

E-Authentication Assurance Level = N/A

Risk Analysis Date = 10/31/2008
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  11/24/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC Content Services [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  7/13/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1737
7. System Name (Align with system Item name):  CDC Content Services
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Fred Smith
10. Provide an overview of the system:  The CDC Content Services will provide an application programming interface (API) for accessing publically available content from CDC.gov so that it can be easily incorporated into CDC Partners’ websites in a controlled manner.  The initial targeted service is the Content Syndication Service which will enhance the existing syndication functionality already provided by CDC by offering a registration component and a “self-serve” mechanism for getting the necessary code to syndicate CDC content.   Syndication is used to synchronize CDC web content.  This currently available content will be in an industry standard “open” format to allot for reuse off of the CDC Network.  The syndication includes a self regulation tool as well other various support utilities.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No IIF collected.

E-Authentication Assurance Level = 1

Risk Analysis Date = June 25, 2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  7/14/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC DACH GA - State of Aging [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/9/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  DACH GA - State of Aging
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  Reports the health status and health behaviors of U.S. adults aged 65 years and older.

These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All of the data, including the IIF, follow the security controls of the EMSSP.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC DASH Evaluation Tutorials [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/9/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  DASH Evaluation Tutorials
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  DASH evaluation training Web site.

These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All of the data, including the IIF, follow the security controls of the EMSSP.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC DCPC GA - Issue Tracker [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/9/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  DCPC GA - Issue Tracker
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  Tracks user issues with Registry Plus software.

These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared.

(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.
 
Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All of the data, including the IIF, follow the security controls of the EMSSP.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC DCPC GA - Program Contacts [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/9/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  DCPC GA - Program Contacts
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  Contact information for CDC's Breast and Cervical Cancer Early Detection Program.

These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All of the data, including the IIF, follow the security controls of the EMSSP.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC DCPC USCS [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/9/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  DCPC USCS
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  Provides state-specific and regional data for cancer cases diagnosed and cancer deaths.

These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All of the data, including the IIF, follow the security controls of the EMSSP.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC DHDSP GIS - DHDSP [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/10/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  DHDSP GIS - DHDSP
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  Geographical display of cardiovascular mortality data.

These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All of the data, including the IIF, follow the security controls of the EMSSP.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC DHDSP GIS - DHDSP Policy Maps [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/10/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  DHDSP GIS - DHDSP Policy Maps
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  Geographical display of cardiovascular-related legislation.These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All of the data, including the IIF, follow the security controls of the EMSSP.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC DHDSP Legislative Database [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/29/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  No cost involved; No ESC entry
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC DHDSP Legislative Database
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  Search for state-level bills related to heart disease and stroke prevention topics.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All of the data, including the IIF, follow the security controls of the EMSSP.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC DHPIRS NCHHSTP Prevention Program Branch Support System (PPBSS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  11/14/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-02-02-9323-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  Exempt due to business PII
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC ID: 1342
7. System Name (Align with system Item name):  Prevention Program Branch Support System (PPBSS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Wendy Harrington-Lyon
10. Provide an overview of the system:  The PPBSS environment was established in 2005 to address the recommendation of the McKing Consulting Firm for system automation within the Prevention Program Branch.  Z-Tech developers created a general support system that will operationally support the future development of PPB applications.  The system consists of a web server and an SQL server data repository that supports not only data collection, but, additional administrative and reporting needs for the branch.  The development of PPBSS has facilitated the move from all paper field processes for grantee files to automated processing of information, thereby increasing system efficiency.  It is accessible on the CDC Intranet as well as through remote access for field officers and organizations working with Health Departments and Community Based Organization (CBO) grantees.
The primary purpose of PPBSS is to process and manage grantee information and make such information available to all PPB staff, both on and off site.
The functions of the PPBSS environment will be as follows:
•              Data collection
•              Manage Grantee information
•              Manage Agency information/contacts
•              Manage proposed target populations
The majority of applications that will be operating within the PPBSS environment will have data flows as detailed below:
•              User inputs information into system
•              User manages collected information
•              User runs reports to review submitted information
Manual processes within PPB have already been identified and plans to develop applications to replace those processes have already been documented.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  PPBSS DOES NOT DISCLOSE ANY IIF
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  PPBSS collects various business related information from Community Based Organizations and State Health Departments. This information is used to help them determine if an organization should be provided grant funding.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  PPBSS collects various business related information from Community Based Organizations and State Health Departments. This information is used to help them determine if an organization should be provided grant funding.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  PPBSS IS ONLY ACCESSIBLE THROUGH THE CDC INTRANET BY USERID’S THAT ARE MANUALLY ENTERED IN BY PPBSS ADMINISTRATORS.  THE SERVERS ARE IN A SECURE FACILITY THAT HAS GUARDS AND LOCKED DOORS.
E-Authentication Level:  N/A

Risk Analysis Date: 10/20/2008
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  11/14/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC DHPIRS NCHHSTP PRS EBS System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  11/3/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-06-02-1000-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC ID: 1597
7. System Name (Align with system Item name):  PRS Evidence Based Search (PRS EBS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Carolyn Guenther-Grey
10. Provide an overview of the system:  The PRS EBS project allows CDC employees to more readily locate pertinent evidence-based intervention documents, previously entered by hand into ‘Fact Sheets,’ and used by HIV intervention researchers. The PRS EBS software is an ASP.NET 2.0 application that stores its data on a SQL 2008 Server. All the documents involved with the PRS EBS application contain no PII/IIF nor does it contain any sensitive information.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  NO PII/IIF COLLECTED
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  “Fact Sheets” used by HIV intervention researchers; All data is public information and does not store or process any PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No PII
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  11/3/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC DNPA GA - Abstraction [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/10/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  DNPA GA - Abstraction
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  Used to gather public study abstracts and the data that supports those studies.

These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All of the data, including the IIF, follow the security controls of the EMSSP.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC DNPA GA - DNPA Program Directory [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/10/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  DNPA GA - DNPA Program Directory
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  Provides information about physical activity programs involving state departments of health.

These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All of the data, including the IIF, follow the security controls of the EMSSP.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC DNPA GA - PA Statistics [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/22/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC DNPA GA - PA Statistics
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  Displays physical activity-related BRFSS data.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All of the data, including the IIF, follow the security controls of the EMSSP.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC DNPA GA - US PA Guidelines [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/23/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC DNPA GA - US PA Guidelines
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All of the data, including the IIF, follow the security controls of the EMSSP.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC DOH GIS - DOH [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/23/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC DOH GIS - DOH
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  Geographical display of oral health indicators and preventive interventions for oral health.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All of the data, including the IIF, follow the security controls of the EMSSP.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC DOH PTS [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/26/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9121-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC DOH PTS
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  Aids in the tracking and reporting of test data from participating water fluoride testing labs.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.

30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.
 
Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All of the data, including the IIF, follow the security controls of the EMSSP.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC DTE NCHHSTP Tuberculosis Genotyping Information Management System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  10/30/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  TBD
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  None
5. OMB Information Collection Approval Number:  None
6. Other Identifying Number(s):  ESC# 1773
7. System Name (Align with system Item name):  TB Genotyping Information Management System (TB GIMS) Pilot
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Thomas Navin
10. Provide an overview of the system:  TB Genotype Information Management System (TB GIMS) is for State TB Controllers who require timely access to centralized TB genotype results and TB cluster data eliminating the need for each state having to compile and maintain the genotyping data.  The TB GiMS is a centralized IT solution hosted at CDC that will streamline the use of TB Genotyping data for effective use in TB control unlike the current labor intensive process involved.  It will also help maintain integrity of the data required for analysis by CDC TB Program.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No IIF collected. Dummy data will be entered.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No IIF collected.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No IIF collected.

E-Authentication Assurance Level = 1

Risk Analysis Date = 09/16/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Mike Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  11/3/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC Financial Disclosure Management [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  2/5/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1768
7. System Name (Align with system Item name):  CDC Financial Disclosure Management
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  John G. Goodson
10. Provide an overview of the system:  This system establishes an LDAP directory service for the purpose of authenticating CDC users to the U.S. Army Financial Disclosure Management system.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Names, business phone and email address. Voluntary in nature.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  Information is collected from individuals as members of Federal Advisory Committees and entered into the server Active Directory.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  System is hosted in the DMZ; there is no direct access to directory except through Windows Server administration tools. Security is controlled by machine name, specific IP address and single user logon.
Risk Analysis Date = January 5, 2010
E-Authentication Assurance Level = N/A
IIF is used to authenticate user to Army FDM.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L. Carter OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  2/18/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC Identity Management Site (MASO) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/14/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-02-10-1393-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-20-0147
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1331
7. System Name (Align with system Item name):  CDC IDMS
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Ronald Abernathy
10. Provide an overview of the system:  The CDC Identity Management System (IDMS) is a SQL database with application front end internal to the CDC that will allow OSEP to consolidate information from other databases in order to produce report of projected numbers base on the data. This database will also serve as a collection point for the bulk load data that will be migrated to the CDC IDMS.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Yes, with HHS Identity Management System, for the production of PIV II Smart Cards
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Mandatory,

Will be shared with HHS Identity Management System, for the production of PIV II Smart Cards

Full Name, User ID, Job Title, Grade, U.S. Citizen, Hire Date, Years of Service, Background Investigation Type, Status code, Adjudication  code and Date
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  Updated is gathered from the individual only at time of enrollment and renewal.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  The Data is stored on the ITSO consolidated SQL server, that is hardened and secured by ITSO. The data is accessed internally via rolls.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/20/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC Influenza Reagent Resource [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/20/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
009-20-01-06-02-9224-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1632
7. System Name (Align with system Item name):  Influenza Reagents Resource Web Portal (IRR)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Mary Hoelscher
10. Provide an overview of the system:  The IRR web portal is a General Support System (GSS) which is external to any CDC network or system.  The web portal will be comprised of various hardware infrastructure and software applications that together form the functionality required for an electronic online catalog search and for an e-commerce storefront to be developed according to IRR requirements.  The web portal will provide for electronic catalog searches, storefront for e-commerce functions, registration for qualified organizations, and electronic information source for the IRR program. The IRR web portal information system will provide a secure, interface for authorized organizations to access the information it contains.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  American Type Culture Collection (ATCC) will maintain day-to-day inventory to assure accurate storage and retrieval of all viral and bacterial agents, reagents and kits. This inventory will be maintained on the ATCC Enterprise Resource Planning (ERP) system, MFG/PRO from QAD, that has been in place at ATCC for more than 10 years. Our database systems will track all information related to the activity of the CDC-IRR including maintaining the inventory of agents, reagents and kits, recording QC tests and results, curating mailing lists and records of registered users and managing shipping and receiving information. Reporting functions can provide reports in spreadsheet formats, delimited text, database formats or hard copy.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No IIF collected.
E-Authentication Assurance Level = 1
Risk Analysis Date = July 13, 2011
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  9/20/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC Information Technology on the GO (CITGO) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  11/9/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 620
7. System Name (Align with system Item name):  CDC Intranet on the GO (CITGO)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Lee Eilers
10. Provide an overview of the system:  CITGO provides secure connectivity to CDC resources from computer systems that have Internet connectivity and an appropriate web browser, where all CDC provided resources are available and secure.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  11/9/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC IS Auto Decals [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/9/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-06-02-0984-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  DOT/ALL8
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1638
7. System Name (Align with system Item name):  Auto Decal
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Tracy Hollis
10. Provide an overview of the system:  Mainframe application used by the Office of Security and Emergency Preparedness to issue car decals for any vehicles parked on CDC premises or leased property by CDC workforce. The only system users are OSEP personnel, who enter information regarding a vehicle and the associated decal number and the owner’s User ID. The information is manually typed from a signed form by the vehicle owner usually submitted to security personnel assigned to the user’s workplace. The security staff issues the decal, and then submits the form to the security office in charge of entering the information from the form. This may take several days from the time the user is issued a decal until the information is entered into the Auto Decal system.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Mainframe application used by the Office of Security and Emergency Preparedness to issue car decals for any vehicles parked on CDC premises or leased property by CDC workforce. The information collected is User ID and Vehicle Identifiers.   The only system users are OSEP personnel, who enter information regarding a vehicle and the associated decal number and the owner’s User ID. The information is manually typed from a signed form by the vehicle owner usually submitted to security personnel assigned to the user’s workplace. The security staff issues the decal, and then submits the form to the security office in charge of entering the information from the form. This may take several days from the time the user is issued a decal until the information is entered into the Auto Decal system. The information is voluntary but mandatory for an Auto Decal.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Need to Know policy is enforced in the application. Only designated OSEP personnel can see the record.  User Id’s, Passwords (expire after a set period of time), Accounts are locked after a set period of inactivity, Minimum length of passwords is eight characters, Accounts are locked after a set number of incorrect attempts.  Firewall protected.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/19/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC ITSO ITSOTools [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/31/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-02-00-01-1152-00-404-139
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 620
7. System Name (Align with system Item name):  CDC ITSO Tools
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  David Ausefski
10. Provide an overview of the system:  ITSOTools Homepage is a dynamically controlled and data driven website that is based on the user’s Active Directory authentication and security groups. 

The system provides a tertiary level of security by utilizing application data driven security categories and groups.  Each user will have a unique set of available information provided on the homepage.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No Information in Identifiable Form is collected or transmitted.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  8/31/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC Mailing Lists [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  2/25/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-90-0041
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC System ID: 1772
7. System Name (Align with system Item name):  CDC Mailing Lists (CDCML)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  John G. Goodson (hso2)
10. Provide an overview of the system:  The mailing list system provides the means for operational unit personnel to create and maintain CDC publications mailing lists for foreign, domestic and internal CDC recipients. In addition, it is used to create email lists in the CDC Message Center for communications to all CDC personnel in support of approved CDC activities.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Mailing List administrator (MASO) and individual list creators in organization units.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Contact information (home or business mailing addresses) is provided voluntarily by recipients and is used only at their request. Changes are managed by direct correspondence between recipient and list owner.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  Same as previous answer (#30)
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  PII is maintained in CDC offices and data centers and subject to the standard record keeping controls already in place.

Yes IIF
Risk Analysis Date: 1/22/2010
E-Auth level = N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L. Carter OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  2/25/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC Mailstop Maintenance [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/18/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  1507
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 1507
7. System Name (Align with system Item name):  CDC Mailstop Maintenance
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  John G. Goodson (hso2)
10. Provide an overview of the system:  The Mailstop System is an informational sytem that stores the mailstops of all the CDC locations..This is a intranet-based application used to maintain CDC Mailstop Data.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  None
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  PII = No
EAL = N/A
Risk Analysis Date = 01/04/2011
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  1/18/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC Neighborhood [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  6/16/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-09-0984-00-404-137
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  OPM/GOVT-1
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1449
7. System Name (Align with system Item name):  CDC Neighborhood (CDCN)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Sandy Chapman
10. Provide an overview of the system:  CDC Neighborhood is a contact and self-service profile application for all users at CDC. Users can look up public contact information for other CDC employees, contractors or affiliates.  The application also functions as a self-service profile for each user at CDC, The primary goal of the Neighborhood is to create a user-friendly web-based search function and personnel information application to assist with emergency and non-emergency field staff deployment, as well as directory searches. The functionality will allow users to enter personal and work-related information that can be queried by separate applications.  Such functionality will assist the CDC to comply with national and agency regulations related to security and administration of people with access to CDC and its resources.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Emergency Coordinators and those with the authority who need to know emergency contact or deployment-related information.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  This system will collect names of CDC personnel, personal phone numbers, email address, education records, military status, employment status, professional and personal emergency contact info, self-identified skills, experience, training, and other credentials, including supervisor names.
Submission of information is voluntary.  The information collected does contain PII for the purposes of emergency contact and deployment purposes.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  Users are notified via a general OD announcement when changes occur in the system. Users are also asked by the DAA to update and validate their information on a yearly basis. A privacy notice opens when the user first accesses their contact information.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  IF Collected.


E-Authentication Assurance Level = N/A

Risk Analysis Date = 6/3/2010

Network and security controls for the web servers and databases are in place as well as network security monitoring and security audits. The system is only available on the intranet, mitigating the exposure outside the firewall. Access to the system and to specific information is controlled using Windows Integrated Authentication so users have to have a valid and active network profile before they are allowed system access.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  6/15/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC New Ideas [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/18/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-06-02-9409-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 1527
7. System Name (Align with system Item name):  CDC New Ideas
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  John G. Goodson (hso2)
10. Provide an overview of the system:  New Ideas serves as a portal for all of CDC employees to submit ideas and suggestions on how to improve CDC.  MASO receives and process the new ideas and suggestions.  Some ideas must be forwarded to a committee in OCOO for review and approval.  The system serves only as a web portal for the submission of ideas; it stores the ideas in a database but performs no further data processing.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  None
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  PII = No
EAL = N/A
Risk Analysis Date = 01/04/2011
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/19/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC NIOSH DART DART Applications (DARTApps) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  12/14/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-05-02-9522-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC NIOSH DART DART Applications (DARTApps)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Williams J. Murphy
10. Provide an overview of the system:  DARTApps consists of three applications:

Power Tools Import Utility and Web Seach (Power Tools)
The Power Tools system provides information on a tool’s sound power level, sound pressure level exposure, hand vibration exposure, and information on test and analysis methods used when gathering the above information.

Noise Reduction Rating Calculator (NRRCalc)
The Noise Reduction Rating Calculator (NRRCalc) is developed for the National Institute for Occupational Safety and Health (NIOSH) and is supported by the U.S. EPA Interagency Agreement DW-75-92197301-0.  NRRCalc provides calculation of the Noise Reduction Rating for the following hearing protection devices: passive linear, hearing enhancement, active noise reduction, and customized.

Hearing Protector Device Compendium  (Compendium)
The Hearing Protection Device Compendium system provides a searchable interface for users to search for hearing protection devices based on manufacturer, model, protector style and the protection devices protection rating.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  12/14/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC OCOO ITSO Multi User Share Tool - (MUST) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  6/29/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  No
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC ID: 620
7. System Name (Align with system Item name):  Multi-User Share Tool(MUST)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Wayne Knight
10. Provide an overview of the system:  MUST provide the ability of Active Directory Member Group Data Stewards to manage user access to specified file shares in the CDC domain. The system will provide a quicker turnaround time for the CDC User (customer) and eliminate having to impact multiple technicians throughout the infrastructure to make modifications to AD groups.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  6/29/2011
Approved for Web Publishing:  Yes

Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC OCOO ITSO Office Communications Server 2007 (OCS 2007) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  4/1/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-02-00-01-1152-00-404-139
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 620
7. System Name (Align with system Item name):  CDC OCOO ITSO Office Communications Server 2007 (OCS 2007)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Doug McClelland
10. Provide an overview of the system:  Microsoft Office Communication Server 2007 manages all real-time (synchronous) communications including instant messaging, VoIP, and Audio and Video conferencing. This project will test the Microsoft Office Communication Server 2007 client and evaluate the web conferencing, secure instant messaging (IM), and OCS Blackberry Client. All testing will be performed inside the CDC network with no external public facing access. After successful testing the web conferencing, instant messaging, and OCS Blackberry Client features and functionality results will be presented to ITSO Sr. Management for approval before moving forward with an All-CDC implementation.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  E-Authentication Assurance Level = N/A

Risk Analysis Date = 09/24/08

No IIF Collected
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  4/2/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC OCOO MASO Organization & Function - (OF) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  5/2/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-06-02-9409-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 603
7. System Name (Align with system Item name):  Organizations and Functions
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Kimberly Thurmond
10. Provide an overview of the system:  The Organizations and Functions system accesses the Reorganization Database for all the data relating to reorganization proposals.  It tracks the status of reorganization proposals.  It provides search capabilities and data can be viewed by all of CDC.  MASO maintains the data.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  NNo
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Does not collect information; only displays Information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  David Knowles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  5/6/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC OCOO MASO Policy Management - (PM) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/15/2007
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-06-02-9409-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  POLICY MANAGEMENT
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Kimberly Thurmond
10. Provide an overview of the system:  The POLICY MANAGEMENT database provides users with copies of CDC Policies which are available by a key word and/or function search.  The website and search feature will be reviewed and redesigned in 2007 to add functionality.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
POLICY MANAGEMENT does not collect or share IIF
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The POLICY MANAGEMENT system provides a search of CDC policies.
POLICY MANAGEMENT does not collect or share IIF.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  POLICY MANAGEMENT does not collect or share IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  POLICY MANAGEMENT does not collect or share IIF.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Alice M. Brown
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  4/22/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC OCOO MISO Web Services Logger [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  4/27/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-09-02-0984-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC ID: 1675
7. System Name (Align with system Item name):  Web Services Logger (WSLogger)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Sandy Chapman
10. Provide an overview of the system:  WSLogger is a component that can be attached to any MISO web service to transparently begin capturing utilization information about that web service.  The Component registers usage and benchmark information into the SQL database for management reporting.  Information captured is limited to few data elements such as User-ID of caller, date and time, name of the web service, elapsed time, and name of the method.  No PII is collected.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  This system collects/stores User-ID of caller, date and time, name of the web service, elapsed time, and name of the method.  No PII is collected and the information is mandatory. The Component registers usage and benchmark information into the SQL database for management reporting.  Information captured is limited to few data elements.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A – No PII is collected
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly Walker
Sign-off Date:  4/27/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC OD ITSO Voice Over IP - (VoIP) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  4/6/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-02-00-02-1152-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 620
7. System Name (Align with system Item name):  CDC Internal VoIP (VoIP)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Richard Self
10. Provide an overview of the system:  CS1000E is a scalable and robust IP PBX that offers support of IP based applications using SIP protocols, while providing an industry leading set of telephony features and applications.  The CS1000E allows customers to distribute a large number of telephony users throughout their QoS-managed IP network, controlled by a redundant call server.  The current redundant core and redundant NRS are located in Chamblee Bldg 106 and Clifton Bldg 21.  The PBX systems at Clifton 6, Century Center and Chamblee 101 are all IP ready.  These systems provide support multiple applications which include IP telephones, Media Gateways, and soft clients for desktops.  This system supports VoIP services to all CDC locations with access to the CDC network.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  This system is not designed to store or retain PII.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  This system is not designed to store or retain PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  This system is not designed to store or retain PII.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  This system is not designed to store or retain PII.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  4/6/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC OD ITSO WAN Video Conferencing System - (ENVISION) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  3/24/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-02-00-01-1152-00-404-139
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  No
7. System Name (Align with system Item name):  ENVISION
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Thomas Erves
10. Provide an overview of the system:  The Envision system will provide video conferencing capabilities to the CDC network and Internet by CDC employees. The addition of the Tandberg Border Controller will allow Internal CDC sites to conferencing capabilities with external H.323 sites.  The Envison system will multipoint control unit device for video conferencing capabilities throughout the CDC.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  3/24/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC OD OCOO_Congenital Anomaly Surveillance Electronic System_Umbrella_CASES [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  6/28/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-02-02-1032-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-20-0136
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 137  CDC IRB 1955
7. System Name (Align with system Item name):  Congential Anomoly Surveillance Electronic System (CASES)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The Congenital Anomaly Surveillance Electronic System (CASES) is the data collection tool used for the Metropolitan Atlanta Congenital Defects Program (MACDP). MACDP is a population-based surveillance program which monitors birth defects. MACDP has been collecting, analyzing and interpreting birth defects surveillance data since 1968. CASES is used by abstrators in the field to collect relavent data. Data are identified by medically trained abstractors at birth hospitals, pediatric hospitals, laboratories, prenatal clinics, and other sources. Because the data comes from multiple sources, it is necessary to be able to recognize when the same case has been identified in two different places. For this reason, sufficient identifying information is collected to recognize duplicates, even in the case of twins. 
CASES is run independently on the abstrators laptop with a web front end and a SQL server back end. CASES is self contained on each abstractors laptop.  Although a web interface is used for PHIN compliance reasons, the laptops do not connect to the Internet.  Instead, the laptops run IIS and desktop SQL Server software.  Abstractors use their browser to access the application, but everything runs on the laptops.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  CDC participates in the National Birth Defects Prevention Study (NBDPS) as the Georgia study center for MACDP. CASES is the data collection tool used for NBDPS. NBDPS uses the PII to contact cases and controls to participate in the study.  More information about NDBPS can be found at http://www.nbdps.org/index.html
MADDSP is another CDC surveillance program that tracks children with developmental disabilities.  Since children with birth defects often have developmental disabilities, we serve as an ascertainment source for them and our data on the specific defects with which a child is diagnosed becomes part of their data.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  1) Collect, analyze and interpret birth defects surveillance data;
2) birth defects surveillance
3) Data includes PII
4) Data is extracted from medical records. Data collection is authorized under HIPAA.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  1)   There is no process in place to specifically notify individuals. The data is collected directly from medical records.
2)   The patient is not specifically notified that the data has been collected. Data collection is authorized under HIPAA.
3)   The PII is used to contact cases and controls to participate in NDBPS.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  System follows all applicable administrative, technical, and physical controls required by CDC & NIST.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  6/28/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC OD OCOO_Public Comment Review Website_Umbrella_NPCRW [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  10/27/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-02-02-9523-00-110-246
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC#  1833
7. System Name (Align with system Item name):  NCPDCID Public Comment Review Website (NPCRW)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Craig Oliver
10. Provide an overview of the system:  NCEZID Public Comment Review Website (NPCRW) is an internet based system that provides web users with the public comments of certain CDC draft documents. These documents are publicly available at http://www.regulations.gov/. This is part of the Federal Register public review process and is mandated. The comments will be sent via email to CDC from regulations.gov where the comments will be uploaded from within the CDC network environment and stored on a CDC SQL database. The privacy policy of the regulations.gov website informs individuals that comments provided to a Federal Department or Agency through Regulations.gov are collected voluntarily and may be publicly disclosed in a rulemaking docket or on the Internet.

All outward facing content is read-only, accessible to everyone, and there is no data entered by the public user. The comments will be screened for personal identifying information and obscene language before being placed within the database. Comments with such content will not be entered and will be deleted. Authentication for internal CDC staff access will be via Active Directory.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  NCEZID Public Comment Review Website (NPCRW) is an internet based system that provides web users with the public comments of certain CDC draft documents. These documents are publicly available at http://www.regulations.gov/. This is part of the Federal Register public review process and is mandated.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No IIF Collected.

E-Authentication Assurance Level = N/A

Risk Analysis Date = 4/19/2010
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  10/28/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC OD OCOO_Suspense Tracking and Reporting_Umbrella_STAR [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  5/10/2007
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-02-00-02-9509-00
(OMB reduced the UPI to 17 digits for FY 2008)
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1409
7. System Name (Align with system Item name):  Suspense Tracking and Reporting (STAR) System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Craig Studer
10. Provide an overview of the system:  STAR provides limited information on both budget and program status which is needed in DHAP at all levels.  When someone needs more detailed information they can access other systems.  STAR serves multiple purposes depending on where the user sits in the organization. 

Functions of STAR at the Branch:

·          Reduce data entry – information entered into STAR at the branch level is feed into HIV Lead and other systems
·          Reduce the need to query the Branch regarding target populations, age groups, risk behavior, etc.
·          Submit and track new projects for funding
·          Provide a listing of all projects in a branch
·          Provide information on projects in other branches in DHAP
·          Provide tracking system for the yearly funding cycle
·          Provide a historical record of all project funding

Functions of STAR at Division:

·          Complete listing of all projects in DHAP
·          Provide system to submit new projects to be funded
·          Standardization of data elements between different systems
·          Provide database of information to produce reproducible reports that are requested by NCHSTP, CDC, grantees, constituents, Congress,  and the general public
·          Increase accountability of HIV funding
·          Define need for data
·          Define use of data
·          Intramural projects
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The information collected does not contain IIF.

STAR collects and maintains limited budget and program data for the purpose of managing grants. All information is related to the process of handling suspense requests. Examples of information are, Program Announcement (FOA) Number, Grant number, Grantee name (organization), Date of Grantee Letter, Date Received in PGO, Request Type, Description, Branch Contact, Program Recommendation and Approval, as well as all timestamp data related to the process
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  STAR does not contain PII
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  STAR does not contain PII.

No IIF collected.

E-Authentication Assurance Level = N/A

Risk Analysis Date = February 2, 2007
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Alice M. Brown
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  10/16/2007
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC OID: Electronic HIV/AIDS Reporting System(eHARS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  5/29/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-02-02-9122-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  HIV/AIDS Reporting System (HARS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Sam Costa
10. Provide an overview of the system:  HARS is a multipurpose surveillance system designed to monitor the total number of reported HIV/AIDS cases from public, private, and government reporting facilities.  This surveillance system monitors the total number of AIDS cases reported in the 50 States, DC, six separately funded cities, US territories and possessions, and HIV cases in States that require reporting of persons with HIV (not AIDS) . The database is cumulative, containing all case reports since 1981
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Public health data only.  Case reports are received from providers who voluntarily report to the local surveillance program by phone with a surveillance representative completing the case report form and from surveillance representatives who abstract medical records in hospitals and private physicians’ offices to complete the case report form.  Data is either manually entered or imported into HARS at the state or local level.  Data is transferred to CDC monthly through the filtering of new and updated records.  The transfer process removes identifying information (IIF) from the transfers, encrypts the file using SEAL and submits to CDC through the use of the Secure Data Network (SDN) file upload procedure.  CDC produces national datasets quarterly, which are used to produce the annual national HIV/AIDS surveillance report, as well as numerous other epidemiological analyses.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  None
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  DOB only IIF within datasets.  Access to the network is controlled with standard CDC IT security policies.  Additionally, datasets are secured on a secure data store with limited user rights.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  5/27/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC OSH GA - FAQ [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/10/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  n/a
5. OMB Information Collection Approval Number:  n/a
6. Other Identifying Number(s):  n/a
7. System Name (Align with system Item name):  OSH GA - FAQ
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All of the data, including the IIF, follow the security controls of the EMSSP
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC OSH GA - Health Consequences SGR Database [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/10/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  n/a
5. OMB Information Collection Approval Number:  n/a
6. Other Identifying Number(s):  n/a
7. System Name (Align with system Item name):  OSH GA - Health Consequences SGR Database
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All of the data, including the IIF, follow the security controls of the EMSSP
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC OSH QIT [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/26/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9024-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC OSH QIT
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  Categorizes tobacco-related survey questions.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All of the data, including the IIF, follow the security controls of the EMSSP.

PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC OSH STATES [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/29/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9121-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC OSH STATES
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  Contains up-to-date and historical state-level data on tobacco use prevention and control; designed to integrate many data sources to provide comprehensive summary data and facilitate research and consistent data interpretation.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All of the data, including the IIF, follow the security controls of the EMSSP.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC PERFORMS [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  5/2/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-04-00-02-1290-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1290
7. System Name (Align with system Item name):  State and Local Preparedness Program Management Information System (PERFORMS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Prachi Mehta
10. Provide an overview of the system:  The Coordinating Office for Terrorism Preparedness and Emergency Response has maintained a management information system on CDC's Secure Data Network (SDN) since FY 2004.  This system is used to receive, process, monitor, and evaluate cooperative agreements of over $800 million per year for 62 grantees.  These funds are used to establish critical systems to prepare for and respond to terrorism, outbreaks of infectious diseases, and other public health threats and emergencies.  Use of the PERFORMS is mandatory for submission of progress reports, applications and budget information.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  System will collect detailed information about the grantees workplan and the budget, which describes how money will be allocated and expended.  Workplan contains project level activities.  The budget is broken down into object classes including personnel, equipment, supplies, contracts, etc.  Personnel includes  employee Names, Employee salaries.  Submission of this information is mandated by the CDC PHEP cooperative agreement for states wishing to receive funding.  In a separate system, a module includes work phone numbers, email and work addresses for grantees that are users of  the system.  These are 2 different modules.  This information is FOI able.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  David Knowles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  5/6/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC Resource Index [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/12/2007
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-06-02-9409-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  The PII collected is exempt due to the Business PII determination made in accordance with the HHS PIA SOP of February 2009
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC ID: 1512
7. System Name (Align with system Item name):  RESOURCE INDEX (RI)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  John G. Goodson
10. Provide an overview of the system:  This system is a subject driven searchable database used by CDC employees.  CDC employees refer inquiries from the public to the correct offices within CDC.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
RESOURCE INDEX Does Not collect or share IIF.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Names and Phone numbers and office locations are collected. Voluntary in nature.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  Information is collected from local C/I/O administrators.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  System is hosted within the firewall; information is disseminated by administrative personnel; there is no direct access to database except through technical stewards validated via active directory.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Alice M. Brown
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  4/17/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC Wikis [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/12/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1606
7. System Name (Align with system Item name):  CDC Wikis
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Robert Swain
10. Provide an overview of the system:  CDC Wikis will provide internally facing wiki functionality for any CDC groups that desire it.  Wiki functionality allows authorized users to edit web pages collaboratively to produce better information and create and capture knowledge.  This system will eventually replace the wiki functionality available within the Knowledge Management Technical Infrastructure.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
No IIF Collected
E-Authentication Assurance Level = N/A
Risk Analysis Date = July 13, 2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  8/13/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDC WONDER [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  8/4/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-02-02-1010-00-110-246 (009-20-01-21-01-1010-00)
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  N/No
6. Other Identifying Number(s):  ESC# 311
7. System Name (Align with system Item name):  CDC WONDER
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Sigrid Economou
10. Provide an overview of the system:  The CDC WONDER system provides data dissemination and web-based analysis, visualization and reporting for scientific datasets (collections) produced by CDC programs and partners.    Access to information, summary statistics and micro-data is provided to the general public, public health policy makers and analysts, epidemiologists and researchers.  The data collections on the public web site are public use data.  No user accounts or registrations are required to access the public use data or public web site.  The web site and data collections are relied on by state, local and community health programs, and CDC programs and partners for publication of these data collections, data sharing and analysis.  An average of 20,000 persons, measured as "distinct hosts" or unique computer addresses, access the web site each week.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The CDC WONDER system does not collect data. CDC WONDER does maintain and disseminate public use data collections.  CDC WONDER maintains these data collections at the direction of the data steward for each collection. The data stewards for each data collection ensure privacy issues are met before release, that all information in identifiable form (IIF) or personal identifiers such as names, health record numbers, locations below the county level, birth or death dates are removed from the data before the data are submitted for inclusion in the CDC WONDER system.   CDC WONDER receives regular updates to the data collections, some datasets are updated weekly, some annually.  Previous data releases are available as “archive” data.  The data are disseminated on a public web site.  The CDC WONDER web-based software provides data query access, summary statistics, micro-data extracts and visual analysis tools.  The data are used for analysis and evidence-based public health practice, by CDC programs and partners, public health analysts, epidemiologists and researchers.  The CDC WONDER system is used to facilitate data sharing and data dissemination.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  PII = N/A

E-Auth = N/A

Risk Assessment Date = 7/13/10
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden, OCISO
Sign-off Date:  8/16/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CDCGlobalHealth.net [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  3/15/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Global Migration Database
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Gary Brunette
10. Provide an overview of the system:  The Global Migration project is an effort to gather air traffic data for modeling and analysis purposes. A data feed has been established with the Federal Aviation Administration’s (FAA) Enhanced Traffic Management System (ETMS). DGMQ receives a daily summary of flight information pulled from the archive process supported by the ETMS system. This feed is public data and available to and used by a number of commercial air traffic websites. The unique and powerful aspect of this project for CDC is the collection of the daily data feed into one large database (dataset) for statistical and situational analysis. At this point there is no user interface, the database servers as an air traffic warehouse to be accessed by statisticians, data analysts and queried for situation driven information.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The Global Migration project is an effort to gather air traffic data, from the Federal Aviation Administration (FAA), for modeling and analysis purposes. DGMQ receives a daily summary of flight information pulled from the archive process supported by the ETMS system. This feed is public data and available to and used by a number of commercial air traffic websites.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  3/15/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Central Indicator Database (CID) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  10/18/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 2057
7. System Name (Align with system Item name):  Central Indicator Database
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Dale Stratford
10. Provide an overview of the system:  The Central Indicator Database (CID) does not store, collect, or transmit Personally Identifiable Information (PII) or Social Security Number (SSN) data. CID is a web-based tool for managing, analyzing, interpreting, and reporting on HIV prevention performance indicators from multiple data sources, including qualitative context information. All indicator data imported into CID is derived from various data sources, meaning it has had some form of analysis and/or calculation applied to it. The CID system does NOT connect to any of the raw data sources to obtain data.
The National HIV/AIDS Strategy highlights the importance of developing improved mechanisms for monitoring and reporting on progress toward achieving national prevention goals.  CID will facilitate the Division of HIV/AIDS Prevention (DHAP’s) ability to integrate and synthesize indicator data and other sources of information in order to:
¿      generate reports that provide a comprehensive picture of the HIV epidemic nationally and at the jurisdiction or agency levels;
¿      assess or examine the results of our efforts to reduce incidence and improve health outcomes;
¿      assist with rigorous evaluation of current programs and redirect resources to the most effective programs;
¿      build on an evolving evidence base of what works in order to refine our response to the epidemic over time.

CID will include an on-line help menu to guide users.  In addition, a CID User Guide will provide a detailed description of CID functions and procedures. These materials will be made available as part of a phased CID roll-out plan that will include user orientation and training.

CID is being developed in three phases:
¿   Phase I (July 2010—June 2011) — Modules 1 and 2
¿   Phase II (July 2011—June 2012) — Modules 3 and 4
¿   Phase III (July 2012—June 2013) — Enhancements/updates, and migration to CDC server

CID is being developed by the Manila Consulting Group under the Indicator Analysis Project Task Order.  During Phases I-II, CID will reside on a Manila server. Throughout Phases II-III, Manila will provide technical support for CID development, management, and report production.  During this time, Manila will work closely with staff in DHAP’s Program Evaluation Branch (PEB) to build capacity and ensure a smooth transition of CID to a CDC-hosted server
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  All of the data used by the CID system is derived HIV statistical data, meaning it is not the raw data but rather data that has had some form of analysis or scientific calculations made to it. There is no direct connection back to the original source of the data.
This information will be used to respond to the National HIV/AIDS Strategy goals and enable the CDC to better manage available resources.
CID does not contain PII or SSN information.
No personal information is included in the CID system.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  10/18/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC Cessation Resource Center [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/10/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  n/a
5. OMB Information Collection Approval Number:  n/a
6. Other Identifying Number(s):  n/a
7. System Name (Align with system Item name):  OSH GA - Cessation Resource Center
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All of the data, including the IIF, follow the security controls of the EMSSP.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC ChartReview [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  12/17/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1757
7. System Name (Align with system Item name):  ChartReview
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Tonya D. Martin
10. Provide an overview of the system:  The ChartReview application is a small application (4 aspx pages) that allows three specific users from the Division of Global Migration and Quarantine (DGMQ) to login in using .NET FORMS authentication, review non-identifying medical records related to yellow fever vaccination clinical visits, and cast a vote on whether or not the yellow fever vaccination was administered appropriately, given the information contained in the de-identified medical record.
Users access the web site by connecting to an internal web server.  The web server communicates directly with a production database hosted by ITSO.  Data is transmitted in a bidirectional manner between these two servers.
The Division of Global Migration and Quarantine owns all data in this application.  The CCID Informatics office will export all “vote data” when expert medical reviews and voting have completed.  The data will then be provided to DGMQ for analysis by statisticians and epidemiologists for presentation at an upcoming conference.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The ChartReview application is a small application (4 aspx pages) that allows three specific users from the Division of Global Migration and Quarantine (DGMQ) to login in using .NET FORMS authentication, review non-identifying medical records related to yellow fever vaccination clinical visits, and cast a vote on whether or not the yellow fever vaccination was administered appropriately, given the information contained in the de-identified medical record.
Users access the web site by connecting to an internal web server.  The web server communicates directly with a production database hosted by ITSO.  Data is transmitted in a bidirectional manner between these two servers.
The Division of Global Migration and Quarantine owns all data in this application.  The CCID Informatics office will export all “vote data” when expert medical reviews and voting have completed.  The data will then be provided to DGMQ for analysis by statisticians and epidemiologists for presentation at an upcoming conference.  No PII is shared, collected or distributed.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No IIF collected.

E-Authentication Assurance Level = N/A

Risk Analysis Date = November 20, 2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L. Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  12/21/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Checkpoint [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  4/21/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CheckPoint
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Harvey Holmes
10. Provide an overview of the system:  CheckPoint System is an internal facing wireless temperature monitoring system.  It monitors the temperature of the storage equipment (Refrigerators, Freezers, Incubators, etc.) in the laboratory.  System receives wireless temperature data from sensors assigned to laboratory equipment that archives the temperature data, and launches alert notification if the temperature inside the equipment strays outside the established temperature ranges assigned to each piece of equipment.  Wireless Temperature Sensors assigned to each laboratory equipment transmits temperature data to a wireless repeater which forwards data wirelessly to a wireless receiver attached to the USB Port on the PC Computer in the laboratory.  This system is an ISM 900 MHz two-way communication system and transmits temperature data from 902~928 MHz. CheckPoint System:  Proprietary Temperature Data Packets are sent wirelessly from the sensors installed through a repeater to a receiver on the PC Computer.  Upon successful receipt of Temperature Data Packet, the system sends an acknowledgement (ACK) back through the system to the sensor to confirm receipt of temperature data packet.  All wireless communication utilizes a 900 MHz ISM frequency range (902~928 MHz).  It is a two-way communication system between the sensors, repeaters, and receiver to establish a self-healing mesh network, a self-adjusting wireless network to establish the optimum pathway for data transmission.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No PII collected
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No PII collected
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No IIF collected.

E-Authentication Assurance Level = N/A

Risk Analysis Date = January 20, 2010
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L. Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  4/22/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Chemical Hazardous Tracking system (CHaTS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  2/4/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 1278
7. System Name (Align with system Item name):  Chemical Hazardous Tracking system (CHaTS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Sunil Patel
10. Provide an overview of the system:  1)Provides CDC employees with information (MSDS’s?) on all hazardous chemicals that are brought onto the facilities In compliance with:
a)EPA's Emergency Planning and Community Right-To-Know Act
b)OSHA's Hazard Communication Program
2) Ensures that all hazardous material containers are bar-coded with a unique tracking identification number.   Provides ability to quickly locate detailed information about a specific chemical - generates inventory reports
The following are available menu options in CHaTS:
View inventory - lists chemical inventory by week, month, or all
Search chemical - finds location of a chemical
Print inventory - prints a list of current inventory
Move inventory - inactivates or relocates a chemical
Surplus inventory - views surplus inventory

Menu/Function Summary
1)Docks
a)Prints labels and updates inventory
b)Add Users
c)Add Chemicals to master list
2)Movement & Query Tool
a)Inventory Query
b)Inactivate
c)Xfer to another individual
d)Surplus
e)Lookup MSDS’s
3)Admin
a)Queries
b)Add users for Xfer by lab people
c)Add MSDS’s
d)Identify ingredients for chemicals (all) – m/b able to identify location of ingredients at CDC per EPA reg.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No PII Collected
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No IIF is collected, disseminated or maintained on the system.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No IIF Collected

E-Authentication Assurance Level = N/A

Risk Analysis Date = 18 September 2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L. Carter OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  2/8/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Childhood Blood-Lead Poisoning Surveillance System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  7/20/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9221-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-19-0001
5. OMB Information Collection Approval Number:  0920-0337
6. Other Identifying Number(s):  ESC# 50
7. System Name (Align with system Item name):  Childhood Blood Lead Surveillance System (CBLS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Lem Turner
10. Provide an overview of the system:  Childhood Blood Lead Surveillance System (CBLS) is a surveillance and analysis system used to maintain and report on de-identified childhood blood lead surveillance data submitted to the CDC Childhood Lead Poisoning Prevention branch from state health departments across the United States.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  CBLS does not share or disclose PII.  Only the data provider can see their own data.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  1. County, City, State, ZIP Code, Date of birth, Race, Gender, Date of Blood test
2. Research and analysis for Public Health
3. CBLS contains PII
4. The submission of the PII is voluntary by the State Public Health Departments
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  1. Data is collected by the state; State is responsible
2. State is responsible
3. Data is collected by the state; State is responsible
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Administrative: The HHS Rules of Behavior govern the data protection, integrity and general use of the system and data rights. 

Technical: Only users with proper access privileges (CDC/NCEH/LPPB staff) have active directory rights to access the network location where the executable application is located. 

Physical: Production and test servers are stored in a server room secured by the CDC.  Access tools are in place to secure entry into CDC buildings (Guards, ID Badges, Key Card, Smart card,  Closed Circuit TV).

IIF collected for research purposes
EAAL = N/A
Risk Analysis Date = 03/23/2009

Physical: Production and test servers are stored in a server room secured by the CDC.  Access tools are in place to secure entry into CDC buildings (Guards, ID Badges, Key Card, Smart card,  Closed Circuit TV).
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  7/21/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Children’s Mental Health Metadata Webpage (CMHMW) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 

Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  10/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 1518
7. System Name (Align with system Item name):  Children’s Mental Health Metadata Webpage (CMHMW)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Patricia Pastor
10. Provide an overview of the system:  The data used in this project are all published PUBLIC USE METADATA (information about survey questions).  We will only provide access to PUBLIC USE METADATA, that is information available from the public use home web pages of NCHS surveys.  There will be no information obtained from individual survey respondents or any type of confidential data or information used in the development of the website or available from the website.
 
The goal of this project is to develop a website designed around a database search application that makes information about child mental health measures from various NCHS data systems easily available to mental health researchers, policy analysts, program administrators, and government officials.  A web-based source of child mental health measures will also provide a valuable tool for researchers and public health practitioners at the national, state, and local level who need to design surveys to monitor child mental health.
Proposed key features of the website include:
·          An intuitive search algorithm with options and layering of information in ways that allow users to enter the process from several different starting points
 
·          Options that allow users to customize or limit their searches to the types of information they are seeking – such measures based on a specific type of data such as ICD-9 codes, diagnosis, population, timeframe, etc.
 
·          Report formats that organize information in a way that is relevant and useful – printable and/or save-able to hard drive of users’ computers.  Should be in a file format that allows users to easily copy and paste the information, such as text of questions, into other programs and documents.
 
Search options/format that lets users view and compare information “across” and “within” NCHS data systems.  For example:  Users might select a question/measure and view its use across NCHS data systems AND the years of data collection for that measure within a specific NCHS data system.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No.
 
No IIF collected.
E-Authentication Assurance Level = N/A
Risk Analysis Date = June 1, 2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  10/11/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Children's Health after the Storms (CHATS) Automated Information System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  10/26/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-20-0136
5. OMB Information Collection Approval Number:  OMB in progress
6. Other Identifying Number(s):  ESC 2025
7. System Name (Align with system Item name):  Children’s Health After the Storms (CHATS) Automated Information System (AIS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Gary Teague (gtr0)
10. Provide an overview of the system:  The Children’s Health after the Storms (CHATS) Automated Information System (AIS) will support the day to day operations of the CHATS project. The CHATS AIS will:
• Configure a system that obtains current locating information for study members.
• Design, develop/configure, and implement a system that provides efficient data collection, field management, and monitoring of study activities.
• Configure case management systems (CMS) on handheld devices and laptop computers to provide data for monitoring data collection activities and generating status reports.
• Design and develop applications to collect study data on handheld devices and laptop computers.
• Establish encrypted databases on handheld devices and laptop computers and use hard-disk encryption on the laptop computers.
• Efficiently and securely transmit data between RTI, handheld devices, laptop computers, and laboratories.
• Establish a CHATS environment in RTI’s FIPS moderate network where project data will be stored for additional processing.  Files containing SSNs will be encrypted.
• Build databases in accordance with CDC format specifications
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  • RTI staff assigned to CHATS AIS – manage the system, manage cases, and process data
• Batch tracing vendors – obtain current locating information for sample members
• Field interviewers – locate sample members, determine their eligibility to participate in the study, and conduct interviews
• Field supervisors – manage cases
• Nurses – conduct a health assessment and collect blood and urine
• Medical abstractors – obtain access to medical records for abstraction and abstract records
•  Respondents – report the results of the health assessment and the results of tests performed on biological and environmental samples
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  ·    Locating information
o   Will be used to select the sample for the study and to locate sample members
o   Includes name and address information pre- and post- storms, telephone numbers, Social Security Numbers
o   Data provided to RTI by FEMA through CDC and RTI assumes it was given voluntarily
·    Screening data
o   Will be used to screen selected households for eligibility into the study
o   Includes name, address and telephone numbers
o   Obtained voluntarily
·    Environmental assessment data
o   Data obtained by field interviewers through visual observation/inspection while in and around the respondents’ homes and by using environmental monitoring devices
o   Contains no PII
o   Obtained voluntarily
·    Survey data including GPS readings
o   Contains responses to the interview and GPS readings
o   Contains PII (GPS readings)
o   Respondents must provide consent to having the GPS readings taken
·    Health assessment data
o   Contains health information obtained from respondents
o   Contains no PII
o   Obtained voluntarily
·    Medical abstraction data
o   Contains information abstracted from respondents’ medical records
o   Contains no PII
o   Respondents must consent to having their medical records abstracted
·    Results obtained from tests performed on blood and urine
o   Contains no PII
o   Respondents provide the blood and urine samples voluntarily
·    Results obtained from environmental monitoring
o   Contains no PII
o   Obtained voluntarily
·    Field management information
o   Used to manage field operations
o   Contains no PII
o   Obtained voluntarily
·    Environmental sample inventory
o   Maintains an inventory of environmental samples
o   Contains no PII
o   Obtained voluntarily
o   Biospecimen inventory
o   Maintains an inventory of blood and urine samples
o   Contains no PII
o   Obtained voluntarily
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  (1)  We will not notify respondents when major changes are made to the system.
(2)  Respondents will be asked to sign consent forms at the time of data collection; consent forms will include information about how the data will be used.
(3)  De-identified data will be used to construct analysis files and files for delivery to CDC. Respondents will receive a letter describing the results of tests performed on biological and environmental samples.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  PII will be stored on servers within RTI’s Enhanced Security Network (ESN), which was designed to meet the NIST guidelines for moderate impact level systems. 
Administrative controls include a system security plan, a risk assessment, personnel security, and vulnerability scanning.
Technical controls include user identification and authentication, passwords, firewalls, and encryption.
Physical controls include guards, identification badges, key cards and cipher locks.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  10/26/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Cholera and Other Vibrio Illness Surveillance [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  5/24/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-20-0136
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1799
7. System Name (Align with system Item name):  Cholera and Other Vibrio Illness Surveillance (COVIS) System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Ezra Barzilay
10. Provide an overview of the system:  Data from surveillance report forms (CDC form 52.79) that are sent to CDC are entered into a data entry form in Access.  Data is reviewed and analyzed using forms and queries in Access.  Sets of forms are used to summarize data for the annual summary and for generating line lists.  The results from pre-made forms summarize the number of cases by species for each year, the number of cases by state and region, number of wound and foodborne cases, the number of cases with pre-existing conditions specific to vibriosis, the number of hospitalizations and deaths, the number of cases by site of isolation, and the number of cases by seafood items consumed.  Queries are also commonly created to analyze other variables.  The line lists that are generated contain the following variables: year and month of onset, species, wound status, death, gender, age, race, state, bivalve mollusk consumption, raw seafood consumption, seafood items consumed, lab identified species, serotype, toxin results, and virulence factors results.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  The system does not share or disclose PII.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The CDC maintains a voluntary surveillance system to collect data on culture-confirmed Vibrio infections in all 50 states. Investigators collect demographic, clinical, and epidemiologic data on case-patients.  Data have been used to identify environmental risk factors, retail food outlets where high-risk exposures occur, and target groups that may benefit from consumer education. The system does collect PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No This is voluntary information obtained by the health departments in all 50 states.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Only CDC users in AD have access to the system. The system is behind the firewall and the servers are managed by ITSO.
Yes IIF
Risk Analysis Date: 9/14/2007
E-Auth level = NA
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  5/24/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Chronic Disease Indicators [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/8/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC DACH Chronic Disease Indicators
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  Provides online information for chronic disease indicators and related statistics
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  IIF is retained until no longer needed.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CIMS Dell Site Infrastructure (CIMS DSI) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  3/15/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CIMS Dell Site Infrastructure
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Michael Leiblie
10. Provide an overview of the system:  The Dell (Blackstone Office)/General Network is production network is a Windows based multi-user system with access to the CDC wide area network through a 10 MB NMLI connection. It utilizes the distributed star topology and Ethernet Switched 100 baseT as the network interface, and currently has about 80 systems connected to it. The facility is occupied by approximately 50 employees supporting the Information Technology Support Service (ITISS) contract, formerly the Microcomputer Support Service (MSS) contract in support of the Information Technology Services Office (ITSO) The services performed out of this office include Help Desk Support, Hardware Support, HP ServiceCenter, Administration, CDC Training Room and Dell Program Management for the overall contract.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A No PII Collected

31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A No PII Collected
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A No PII Collected
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E  Walker
Sign-off Date:  3/15/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC CIMS Lockheed Martin Site Infrastructure (CIMS LMSI) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  5/3/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 2110
7. System Name (Align with system Item name):  CIMS Lockheed Martin Site Infrastructure (CIMS LMSI)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Alvin Hall (axh2@cdc.gov)
10. Provide an overview of the system:  The system is a general purpose computing network used by the Lockheed Martin CDC PMO to provide support for task orders under the CDC Information Management Services (CIMS) contract.
PMO staff consists of Lockheed Martin Program Managers, Contractors directly supporting various CDC task orders, administrative staff and LM Management providing services to CDC.  Specifically, the following classes of users are based at the PMO:
·           Executive Project Management (Director, Deputy Director) Administrative Support Staff
·           Information Security/IT Support staff
·           Program Managers
·           Technical Advisory/Consulting Staff
·           Programmers and Programming Leads, specific to CDC task orders
LM CDC PMO personnel provide general support for the task orders and more specialized support in CDC-related tasks as required. All CDC equipment used by LM personnel directly supporting CDC task orders are supplied, installed, configured, supported and maintained by CDC/ITSO personnel and complies with all FISMA, FIPS, ITSO and OCISO policies.  All CDC-owned equipment at the LM CDC PMO is under the direct control of ITSO. LM CDC PMO administrators and personnel working on CDC task orders do not have administrative privilege to network equipment managed by CDC/ITSO.  All LM CDC PMO computers fall under the ITSO SLA for services and support.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  This system does not store or collect PII.  It is used to transmit data between the CDC network and LM facilities.  This data will not contain PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  PII is not collected, contained, shared, or disclosed by this system.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  5/3/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CIMS Northrop Grumman Site Infrastructure (CIMS NGSI) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  4/19/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 2087
7. System Name (Align with system Item name):  CIMS Northrop Grumman Site Infrastructure (CIMS NGSI)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Alvin Hall
10. Provide an overview of the system:  The CIMS NGSI system is a network located at Northrop Grumman’s Atlanta facilities that is directly connected to the CDC by a dedicated leased line.  The primary function of the system is to transmit data between NG facilities and the CDC for staff supporting various CDC service contracts including CIMS and others. These ‘contract-related’ activities may be categorized as follows:

Information technology augmentation services including system design, development, administration, and support

 

Contract administration activities including program management, human resources, facilities, and system maintenance

 

Full lifecycle information system development

 

This system does not store or collect PII.  It is used to transmit data between the CDC network and NG facilities.  This data may or may not contain PII.  Any PII it would transmit would be contained within the authorized system boundary of another CDC system e.g. CDC email.

All CDC contract-related activities are conducted using CDC-owned networks and systems (The CDC Delegated Network) and are subject to CDC policy requirements including:

CDC information security policies and procedures

 

CDC background investigation and personnel screening requirements for visitors and workers

 

CDC system and network administration policies and procedures

As such, Northrop Grumman has limited administrative control over contract-related networks, domains, and systems.

Northrop Grumman is responsible for the lease and maintenance of the CIMS NGSI Atlanta facility workspaces and their physical security. Northrop Grumman also maintains, and is responsible for, physically separate LAN and Internet segments used by local personnel conducting non-CDC contract-related activities
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No PII
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  This system does not store or collect PII.  It is used to transmit data between the CDC network and NG facilities.  This data will not contain PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No PII Collected
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No PII
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  4/19/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CITGO Profile Delete Tool (PDT)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  4/21/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  No
7. System Name (Align with system Item name):  Profile Deletion Tool (PDT)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Wayne Knight
10. Provide an overview of the system:  The CITGO Profile Deletion Tool (PDT) is a web based application that will reset a users roaming profile should their existing roaming profile become corrupted.  This tool will be hosted on the ITSO Tools Intranet Server.  This will allow for first call resolution of this issue by the service desk and minimize the lost productivity while the user waits for their profile to be reset.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No data will be entered in or collected for this.  No information will be used as a result of this tool. This information does not contain any PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No IIF is collected, disseminated, or maintained in the system.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A

No IIF Collected.

E-Authentication Assurance Level = N/A

Risk Analysis Date = Feb 5, 2010
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  David Knowles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  4/22/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Clinical Laboratory Improvement Amendment Website (CLIA) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  12/1/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  HHS SORN 09-90-0059 Federal Advisory Committee Membership Files
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  No
7. System Name (Align with system Item name):  Clinical Laboratory Improvement Amendment (CLIA) Website
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Elizabeth Weirich
10. Provide an overview of the system:  The Centers for Medicare & Medicaid Services (CMS) regulates all laboratory testing (except research) performed on humans in the U.S. through the Clinical Laboratory Improvement Amendments (CLIA). In total, CLIA covers approximately 225,000 laboratory entities.  The objective of the CLIA program is to ensure quality laboratory testing.
The CLIA website operated and hosted by CDC/OSELS/LSPPPO/DLSS supports regulatory functions of the CMS under an Interagency Agreement between CDC and CMS.  Reports are used by interested parties to inform the States of laboratory regulations.
The CLIA website also supports the CLIA Advisory Committee (CLIAC) by posting agendas, minutes, and other information relevant to their regular meetings facilitated by DLSS.  The CLIA website contains a data collection form that allows CLIAC members and other interested parties (federal and non-federal) to register for the semi-annual meetings. Limited PII is collected including name, title, organization, business address, phone number, e-mail address and emergency contact name and phone number.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  PII collected online is used internally by CDC/OSELS/LSPPPO/DLSS support staff for the purpose of planning periodic meetings of the CLIA Advisory Committee (CLIAC).  This information is not disclosed to anyone else.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  1)   DLSS collects information online from individuals wishing to attend the periodic CDC-sponsored CLIAC meetings.  Individuals include other than Federal employees.
2)   Information is used by internal DLSS support staff to plan the CLIAC meetings and to communicate with participants regarding those meetings.
3)   Information collection contains PII including name, title, organization, address, phone number, e-mail address and emergency contact name and phone number. Note: Individuals may enter business or personal contact information.
4)   Submission of the information is mandatory for individuals who wish to participate.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  1) No Process per HHS SORN 
2) Per HHS SORN process
3) Per HHS SORN process
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Web forms used to collect and transmit PII are encrypted using SSL/TLS and stored in a secured SQL Server database.  Only system administrators and users authorized by DLSS may access the database or run the data export component against the PII.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  12/1/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CoCHP Intranet Platform DACH GA-BRFSS Publications (Admin)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CoCHP Intranet Platform DACH GA-BRFSS Publications (Admin)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CoCHP Intranet Platform DASH QADS-Online Surveillance Mgmt (Admin)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9121-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CoCHP Intranet Platform DASH QADS-Online Surveillance Mgmt (Admin)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CoCHP Intranet Platform OD GA - Customer Satisfaction
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9024-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC CoCHP Intranet Platform OD GA - Customer Satisfaction
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers.

CoCHP Satisfaction Survey Tool.
13. Indicate if the system is new or an existing one being modified:  Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system.

This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CoCHP Intranet Platform OD GA - Data Release
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9024-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC CoCHP Intranet Platform OD GA - Data Release
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers.

Data Relase Plans Sharing for Publication.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CoCHP Intranet Platform OD GA - Dataset Catalog
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9024-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC CoCHP Intranet Platform OD GA - Dataset Catalog
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers.

Information about public health datasets and statistical code samples.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CoCHP Intranet Platform OD GA - Issue Tracker (ADMIN)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9024-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC CoCHP Intranet Platform OD GA - Issue Tracker (ADMIN)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers.

Chronic Dev Team Issue Tracker Tool.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC CoCHP Intranet Platform OD GA - Legislative Database
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9024-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC CoCHP Intranet Platform OD GA - Legislative Database
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers.

OPEL Legislative Database.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CoCHP Intranet Platform OD GA - Portals Course Registration
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9024-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC CoCHP Intranet Platform OD GA - Portals Course Registration
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers.

Project Officer of the Future Course Registration.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CoCHP Intranet Platform OD GA - Site Visits
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9024-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC CoCHP Intranet Platform OD GA - Site Visits
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers.

Project Officer of the Future tool to add site visits to the CDC events calendar.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level = 
Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CoCHP Intranet Platform OD GA - Upload Request Forms
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9024-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC CoCHP Intranet Platform OD GA-Upload Request Forms
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers.

Forms used to request uploads for various stages of application development/deployment.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CoCHP Intranet Platform OD GA-Staff List
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  N/A
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC CoCHP Intranet Platform OD GA-Staff List
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers.

Provides staff list for NCCDPHP employees.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CoCHP Intranet Platform OD HSR
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-05-02-9022-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC CoCHP Intranet Platform OD HSR
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers.

Human Subjects Review Tracking System.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CoCHP Intranet Platform OD HSR-CPS
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-05-02-9022-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC CoCHP Intranet Platform OD HSR-CPS
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers.

CoCHP Project Search.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CoCHP Intranet Platform OD NCCDPHP Intranet
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9024-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC CoCHP Intranet Platform OD NCCDPHP Intranet
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP. 
IIF Collected = Yes
E-Authentication Assurance Level =
Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CoCHP Intranet Platform OD NCCDPHP Intranet - Events
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9024-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC CoCHP Intranet Platform OD NCCDPHP Intranet - Events
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes

Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CoCHP Intranet Platform OD NCCDPHP Intranet - Events Service
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9024-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC CoCHP Intranet Platform OD NCCDPHP Intranet - Events Service
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers.

Read/write Events from CDC Events used by CDC Connects.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC CoCHP Intranet Platform OSH Clearinghouse
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-01-02-1055-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC CoCHP Intranet Platform OSH Clearinghouse
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CoCHP Intranet Platform OSH MCRC (Admin)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC CoCHP Intranet Platform OSH MCRC (Admin)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers.

Access to, and ordering support for, advertising campaigns for tobacco use prevention.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Codian Pilot Test (N/A) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  10/13/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Codian Pilot Test
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Scott Sawyer
10. Provide an overview of the system:  The Codian Pilot test will allow the MMT staff to evaluate Tandberg's current VTC infrastructure equipment in a non-production environment. The Codian Pilot test will provide a baseline for comparing our current infrastructure components performance in the areas of  error handling, call management, audio quality, video quality and video format negotiation during high bandwidth connections. The Codian Pilot test will also provide the opportunity for the MMT group to explore the possibilities of conducting conferences in HD format.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  nNo
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  10/14/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Community Health Resources [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/9/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  DACH GA - CHAPS Toolkit
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  Searchable listing of community health interventions & programs that address chronic disease & health disparities issues.

These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All of the data, including the IIF, follow the security controls of the EMSSP.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CommVault Backup System (CVBS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  9/22/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 620
7. System Name (Align with system Item name):  CommVault Backup System (CVBS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Jim Landers
10. Provide an overview of the system:  CommVault - Simpana ver 8 backup System is a consolidated system that backs up all servers managed by the DSS on a daily basis with a copy being stored off site weekly for disaster recovery purposes.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A

No IIF Collected
E-Authentication Assurance Level = (0) N/A
Risk Analysis Date = 09/07/2010
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  10/7/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Conference Room Scheduling System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  6/30/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-02-00-02-9309-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1364
7. System Name (Align with system Item name):  Conference Room Scheduling System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Scott Wilson
10. Provide an overview of the system:  The Conference Room Scheduling System is required by ITSO to schedule conference rooms and the services that are available in Conference Rooms.  It is in use across the CDC enterprise.  The administrators are geographically dispersed and operate autonomously with little necessary contact with ITSO, system stewards, or developers.  The system communicates with users and administrators through many different types of emails.  It also integrates with the ITSO Peregrine system to make requests for equipment such as computers and projectors without phone calls.  The system is, by far, the largest system of its type at CDC.  As of January 2008 (since the February 2005 launch), there are over 120,000 reservations across nearly 50 buildings and more than 230 rooms which were created by 5,000 distinct persons.  Envision video conference scheduling and LiveMeeting web conference scheduling is partially integrated, saving the CDC 10s of thousands a month in telecommunications costs by matching real needs and usage to telecom requests.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No, System does not contain any PII
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No PII data collected.  Conference room scheduling information and voluntary user-id for contact event coordinators is collected.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No, System does not contain any PII
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No, System does not contain any PII
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E. Walker
Sign-off Date:  6/30/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Congressional Information Management System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  Initial PIA Migration to ProSight 
1. Date of this Submission:  2/4/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1485
7. System Name (Align with system Item name):  Congressional Information Management System (CIMS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Liza Veto
10. Provide an overview of the system:  The Centers for Disease Washington D.C (CDC-W) Liaison office coordinates responses to inquiries, and other requests for information from congressional staffers on matters related to public health. The Congressional Information Management System (CIMS) is a contact management and inquiry tracking tool used to track communications between the CDC-W congressional liaison office and legislative entities within the U.S. capitol.  The system provides a mechanism to effectively and efficiently manage, track, and report on critical correspondence between CDC Washington senior management, congressional staffers and other external partners on matters of national public health importance.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Weekly report is generated and sent to HHS Office of the Director.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The system stores first names, last names, business mailing addresses, business email addresses, and business phone numbers of members of congress, congressional staff, committee staff, and non-governmental organization.  All information is collected from the public domain or voluntarily from the individual submitting inquiries to the CDC Washington office.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A, Information is in public domain.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No PII is collected on this system.
Administrative Controls:  The system administrator in the CDC Washington Office adds users to the system when approved by the Deputy Director of CDC Washington.  The system administrator will remove any users from the system that are no longer working for CDC Washington or no longer have a valid need to access to the system.
Technical Controls:  User access to IIF is role base and controlled by AD groups and application specific accounts.
Physical Controls:  IIS and SQL servers secured in ITSO facility at the CDC Roybal Campus in Atlanta.
Risk Analysis Date = July 20, 2007
E-Authentication Assurance Level = N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L. Carter OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  2/8/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Connects (N/A) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  6/23/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC Connects
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Fred Smith
10. Provide an overview of the system:  CDC Connects is a web-based intranet application that does not collect any PII.  CDC Connects is an employee-centered portal that provides access and information about useful intranet resources, employee and project related stories, and an overall internal portal for searching the agency. It is an Intranet portal with stories, feature articles, photos, most important links and news about CDC and its employees.  It also provides a communication vehicle for leadership.  The CDC Connects Application is a way for CDC Connects staff to enter content and images through a Web based portal application.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  CDC Connects is an Intranet portal with stories, feature articles, photos, most important links and news about CDC and its employees.  It also provides a communication vehicle for leadership.  The CDC Connects Application is a way for CDC Connects staff to enter content and images through a Web based portal application.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  6/23/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Consolidated Data Request Tracking System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  12/20/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9623-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1584
7. System Name (Align with system Item name):  Consolidated Data Request Tracking System (CDRTS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Carol Waller
10. Provide an overview of the system:  Consolidated Data Request Tracking System (CDRTS) is a Resource Management System used to track work and requests being performed by staff and viewed in reports.

CDRTS uses a framework for modular work request interfaces for internal Coordinating Center for Environmental Health and Injury Prevention (CCEHIP) use.  Users access the system via a website where they fill out the work request.  The request is then emailed to the team responsible for completing the request as well as to the requestor.  The online request form connects to a database to populate various drop-down lists which provide the user with request options.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  (1) CDRTS collects, stores and disseminates data regarding work requests.
(2) CDRTS is used to track work and requests being performed by staff and viewed in reports.  CDRTS has three separate interfaces:
TRAX is the web interface used by National Center for Environmental Health (NCEH) / Office of the Director / Information Systems (OD/IS) for task tracking, requests submission and report generation.
OD/IS Data Management Tracking System is the web interface used by the CCEHIP Data Management team for tracking tasks.
OD/IS Information Security Tracking System is the web interface used by the CCEHIP Security Team to track tasks.
(3) The system does not contain any PII.
(4) N/A.  The system does not contain any PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A.  The system does not contain any PII.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A.  The system does not contain any PII.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  12/20/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Consolidated Intranet Web Services (CIWS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  4/20/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  No
7. System Name (Align with system Item name):  Consolidated Intranet Web Services (CIWS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Jim Landers
10. Provide an overview of the system:  Consolidated Intranet Web Services provides internal facing web servers, services and applications within the consolidated DSS environment
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  4/20/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC Consolidated Overseas Accountability Support Toolbox (COAST) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/3/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1844
7. System Name (Align with system Item name):  Consolidated Overseas Accountability Support Toolbox - COAST
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Daniel J Hardee
10. Provide an overview of the system:  The U.S. Department of State (DoS) provides accounting services for the CDC at international locations.  DoS provides COAST software to allow its customers to view their accounting data in its accounting system. The source files are used to establish obligations (Status of Obligations report) in the Unified Financial Management System (UFMS) and then record expenditures (FMC 80 report) against those obligations.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  FMO's Financial Services Branch staff download COAST data files each business day from the Department of State and then, using a tool called Monarch, conduct edit checks to ensure the accuracy of the data. After this is completed, the obligation and expenditure data is uploaded into UFMS.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  9/8/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Consolidated Statistical Platform (CSP) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  5/22/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-02-00-01-1152-00-404-139
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-20-0169
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 620
7. System Name (Align with system Item name):  Consolidated Statistical Platform (CSP)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Jim Landers
10. Provide an overview of the system:  The CSP provides a centralized locus for the storage and processing of statistical data for internal CDC customers.  The statistical tools are SAS and SAS-callable SUDAAN, but it is possible that other applications may be added in future revisions of the platform.
The CSP system resides on a logically-isolated and firewalled network segment (VLAN).
SAS Data Sets and the supporting documents and scripts reside in SAN storage connected to CSP Servers and in SQL databases located on the ITSO Consolidated SQL Platform.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A

IIF Collected.

E-Authentication Assurance Level = N/A

Risk Analysis Date = 15 Apr 2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  5/27/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top