|
06.3 HHS PIA Summary for Posting (Form) / OS ASAM Accounting for Payroll System (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 13, 2007
2. OPDIV Name: OS
3. Unique Project Identifier (UPI) Number: 009-91-01-01-01-1013-00
4. Privacy Act System of Records (SOR) Number: 09-90-0018
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: Accounting For Pay System (AFPS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Vincent Watson
10. Provide an overview of the system: Automated interface between the Department's central payroll and the HHS agencies for payroll cost distribution.
Provides a systematic interface of payroll accounting information necessary to account for disbursements, expenditures, obligations and accurals for personnel costs. Legislation: Chief Financial Officers Act of 1990.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The information is shared with the agencies accounting, budget and administrative offices.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The agencies recieve payroll expenditures and use this data for financial reporting and tracking their budgets (payroll costs). The data transmitted meets the standard that was established by the Department for capturing payroll costs.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: Information recieved is from HHS payroll systems (Civilian and Commisioned Corps) and is processed to properly account for payroll costs. Agencies are aware of incoming files via a scheduled processing calendar.
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Technical and Physical controls are in place to ensure the security of the information. These include an up to date System Security Plan, Contingency Plan, regular offsite backup of the data, and yearly security awareness training for all personnel. Also, the system is part of the yearly SAS-70 (Statement on Auditing Standards No. 70) audit which tests the adequacy and effectiveness of the opperating controls. Specific protection for PII include:
1- Electronic data is password protected
2- Access to electronic data is role-based
3- Documents are locked in file cabinet accessible only to mgt and admin assts
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Ruth Doerflein
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: Suzi Connor
Sign-off Date: Aug 14, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / OS ASAM ACF General Support System (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: Yes
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 13, 2007
2. OPDIV Name: OS
3. Unique Project Identifier (UPI) Number: 009-90-02-00-01-0001-00
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: ACF GSS
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Alan Smith
10. Provide an overview of the system: The ACF GSS is a local area network supporting the operations of the HHS/ACF.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): This system does not collect, maintain or disseminate IIF.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: This system does not collect, maintain or disseminate IIF.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: This system does not collect, maintain or disseminate IIF.
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: This system does not collect, maintain or disseminate IIF.
PIA Reviewer Approval: Promote
Comments: GSS -- contains no IIF information
PIA Reviewer Name: Ruth Doerflein
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: Suzi Connor
Sign-off Date: Aug 14, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / OS ASAM AHRQ Local Area Network (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: Yes
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 13, 2007
2. OPDIV Name: OS
3. Unique Project Identifier (UPI) Number: 009-90-02-00-01-0001-00
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: AHRQ General Support System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Alan Smith
10. Provide an overview of the system: AHRQ GSS is a LAN supporting the operations of the HHS/AHRQ.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): This system does not collect, maintain or disseminate IIF.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: This system does not collect, maintain or disseminate IIF.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: This system does not collect, maintain or disseminate IIF.
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: This system does not collect, maintain or disseminate IIF.
PIA Reviewer Approval: Promote
Comments: GSS -- contains no IIF information
PIA Reviewer Name: Ruth Doerflein
Sr. Official for Privacy Approval: Promote
Comments: UPI information inaccurate based upon latest guidance from HHS CPIC Manager.
Sr. Official for Privacy Name: Suzi Connor
Sign-off Date: Aug 14, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / OS ASAM AoA General Support System (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: Yes
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 13, 2007
2. OPDIV Name: OS
3. Unique Project Identifier (UPI) Number: 009-90-02-00-01-0001-00
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: AoA General Support System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Alan Smith
10. Provide an overview of the system: The AoA GSS is a lan supporting operations of the HHS/AoA.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system does not collect, maintain or disseminate IIF.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The system does not collect, maintain or disseminate IIF.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: The system does not collect, maintain or disseminate IIF.
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The system does not collect, maintain or disseminate IIF.
PIA Reviewer Approval: Promote
Comments: GSS -- contains no IIF information
PIA Reviewer Name: Ruth Doerflein
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: Suzi Connor
Sign-off Date: Aug 14, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / OS ASAM Asset Management System (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 13, 2007
2. OPDIV Name: OS
3. Unique Project Identifier (UPI) Number: 009-91-01-06-02-1030-00
4. Privacy Act System of Records (SOR) Number: No
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: Asset Management System (AMS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Debbie Orfe/Jack Sweeney
10. Provide an overview of the system: Provides access to property data by Asset Center Representatives from DHHS agencies.
AMS is the repository for asset records for a number of organizations within the DHHS. AMS generates the debits and credits related to the capitalized value, period depreciation expense, and net book value disposition of an asset if disposed before its service life has expired, stores the values into a subsidiary Standard General Ledger (SGL) account, and transfers the summary values to the PSC Financial Management Services (FMS). AMS has a built in reporting module, allowing the Asset Center Representatives (ACRs) to generate reports for the assets and users of the organizations to which the ACRs belong.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: AMS does not collect PII information
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: No
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No IIF is contained in this system
PIA Reviewer Approval: Demote
Comments: This system has been decommissioned and replaced with the PMIS system.
PIA Reviewer Name: Ruth Doerflein
Sr. Official for Privacy Approval: Demote
Comments:
Sr. Official for Privacy Name: Suzi Connor
Sign-off Date: Jun 13, 2006
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / OS ASAM AutoCAD (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 13, 2007
2. OPDIV Name: OS
3. Unique Project Identifier (UPI) Number: No
4. Privacy Act System of Records (SOR) Number: No
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name: AutoCAD
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Sheila Grossman
10. Provide an overview of the system: Used to provide architectural and renovation drawings for Parklawn building. Pricing for renovations is done using this tool. Monthly rent calculations are done using this application.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: No
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: No
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Ruth Doerflein
Sr. Official for Privacy Approval: Promote
Comments: contains no PII
Sr. Official for Privacy Name: Suzi Connor
Sign-off Date: Aug 14, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / OS ASAM Biometrics Enrollment System (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: Yes
If this is an existing PIA, please provide a reason for revision:
1. Date of this Submission: Aug 13, 2007
2. OPDIV Name: OS
3. Unique Project Identifier (UPI) Number: 009-00-01-06-02-0030-00
4. Privacy Act System of Records (SOR) Number: 09-40-0013
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name: Biometric Enrollment System (BES)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Donald Deering
10. Provide an overview of the system: To store, manage, and maintain information related to the enrollment and employment of federal and contractor applicants as well as the issuance and maintenance of PIV credentials to authorized personnel; this includes the process of identity verification and the authorization to access federal space and information systems.
BES is used to collect fingerprints, photo and other identification which is sent to OPM for background investigation and to allow issuance of badges within HHS and other federal agencies.
Homeland Security Presidential Directive 12 (HSPD-12), issued on August 27, 2004, required the establishment of a standard for identification of Federal Government employees and contractors. HSPD-12 directs the use of a common identification credential for both logical and physical access to federally controlled facilities and information systems. This policy is intended to enhance security, increase efficiency, reduce identity fraud, and protect personal privacy.
HSPD-12 requires that the Federal credential be secure and reliable. The National Institute of Standards and Technology (NIST) published a standard for secure and reliable forms of identification, Federal Information Processing Standard Publication 201 (FIPS 201), Personal Identity Verification (PIV) of Federal Employees and Contractors. The credential is for physical and logical access.
FIPS 201 has two parts: PIV I and PIV II. The requirements in PIV I support the control objectives and security requirements described in FIPS 201, including the standard background investigation required for all Federal employees and long-term contractors. The standards in PIV II support the technical interoperability requirements described in HSPD-12. PIV II specifies standards for implementing identity credentials on integrated circuit cards (i.e., smart cards) for use in a Federal system. Simply stated, FIPS 201 requires agencies to:
• Establish roles to facilitate identity proofing, information capture and storage, and card issuance and maintenance.
• Develop and implement a physical security and information security infrastructure to support these new credentials.
• Establish processes to support the implementation of a PIV program.
In response to HSPD-12 and to meet the requirements summarized above, PSC’s Security Services Branch is responsible for the management and security of all PII information it collects during the HSPD-12 applicant enrollment and card issuance process; including serving as the main internal and external point of contact with respect to program planning, operations, business management, communications and technical strategy.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): IIF is disclosed to OPM for performing background investigations for Federal Employees and Contractors as described by HSPD-12 and FIPS-201.
IIF may be disclosed to the enrollee upon request.
IIF may be disclosed to law enforcement officials when HHS becomes aware of evidence of a violation of civil or criminal law.
IIF may be disclosed to congressional offices in response to a verified inquiry made at the written request of the individual.
IIF may be disclosed to the Department of Justice, court or other tribunal when it has been deemed necessary and relevant to litigation.
IIF may be disclosed to officials of labor organizations when relevant and necessary to their duties of exclusive representation.
IIF may be disclosed to organizations approved by the Secretary for performing quality assessments, audits or utilization review.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: IIF includes fingerprints, photo, scanned documents, etc. to perform ID checks. The submission is mandatory to allow access to HHS facilities, sensitive data and IT systems. The information is used to issue identification badges and perform background investigations for Federal Employees and Contractors as described by HSPD-12 and FIPS-201 supported by the PSC for Parklawn Bldg. complex and other HHS facilities.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: Authorization of Release of Information form. Part ofStandard Form 85, Standard Form 85P and Standard Form 86.
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Administration
– Administrative controls of this system are provided by the SSB.
– Training for users and administrators.
– Confidentiality agreements for contractor access.
– Separation of duties and least privilege access and accountability.
– Processes are in place to monitor and respond to privacy and security incidents.
Technical
– Firewalls and Intrusion detection systems protect the boundaries of the HHS network on which this system operates.
– Encryption is enabled on mobile/portable systems
– Passwords are used to control workstation and server access. Passwords are also used to control encryption and application access.
– VPNs are used to encrypt data transfers.
Physical
- Workstations remain in the custody of authorized personnel while on-site and when transported.
- Workstations are covered by HHS physical controls, including guards, CCTV and ID badges, in the Parklawn Building and at all regional offices.
- Servers are maintained at the GTC and will not be removed.
- Servers are protected by the physical controls of the GTC.
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Ruth Doerflein
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: Suzi Connor
Sign-off Date: Aug 14, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / OS ASAM CORE Accounting System (Item)
|
|
Form Report, printed by: Seymour, Kristina, May 14, 2008
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 13, 2007
2. OPDIV Name: OS
3. Unique Project Identifier (UPI) Number: 009-91-01-01-01-1010-00
4. Privacy Act System of Records (SOR) Number: 09-90-0024
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: Core Accounting System (CORE)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Matt Zaklielarz
10. Provide an overview of the system: Legacy accounting and financial management system used by the Program Support Center and its customer agencies.
The CORE is the PSC legacy accounting and financial management system. The reporting for CORE also includes the Accounts Receivable Module (formerly System) and the Managing/Accounting Credit Card System (MACCS). Legislation: Chief Financial Officers Act of 1990, Certifying Officers Act of 1941, Prompt Payment Act of 1989, and the Cash Management Improvement Act of 1990.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Information is shared with the Department of the Treasury as part of the disbursement process.
Treasury – Disbursements
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: Information is not normally collected from the public. The information is primarily collected from procurement documents (e.g., purchase orders and contracts) and the data is used to process paper and electronic disbursements through the Department of Treasury. The information collected is the minimal required to process disbursment s payable to individuals in satisfaction of Government obligations.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: Information is obtained from the procurement documents (purchase order, contract, etc.) which are processed by the relevant procurement office. The information collected is legally required to process the payments as1sociated with the purchase order/contract and is part of the contract terms and conditions.
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Technical and physical controls are in place to ensure the security of the information. These include an up to date System Security Plan, Contingency Plan, regular offsite backup of the data, and yearly security awareness training for all personnel. Also, the system is part of the yearly SAS 70 (Statement on Auditing Standards No. 70) audit which tests the adequacy and effectiveness of the operating controls.
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Ruth Doerflein
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: Suzi Connor
Sign-off Date: Aug 14, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / OS ASAM Debt Management Collection System (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 13, 2007
2. OPDIV Name: OS
3. Unique Project Identifier (UPI) Number: 009-91-01-01-01-1011-00
4. Privacy Act System of Records (SOR) Number: 09-40-0012
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: Debt Management and Collection System (DMCS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Matthew Zakielarz
10. Provide an overview of the system: Automated system for the performance of receivables management and Core Accounting System feeder system.
Legislation: Debt Collection Act of 1982 and the Debt Collection Improvement Act of 1996.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Information is shared with credit reporting agencies, collection agencies, the Department of the Treasury and the Department of Justice as part of the debt collection process.
Credit reporting agencies - Credit reporting Collection agencies - debt collection Treasury TOP - Debt collection referrals Department of Justice - litigation IRS - Write offs and interest paid
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: Information is not normally collected from the public. The information is primarily collected from the referring agency program offices as a result of defaulated loans, scholarships, etc. The information is used to record and collect the receivables owed the Government by the public.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: Information is obtained from the agency program offices as a result of defaulted scholarships, loans, etc. and other sources throughout the due diligence process (e.g., collection agency, credit reporting agency, Department of Justice, etc.) No notice is given to individuals for consent, etc. Through demand letters in the due diligence process, individuals are given the opportunity to pay their debt to the Government before information is forwarded to collection agencies, credit reporting bureaus, etc.
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Technical and physical controls are in place to ensure the security of the information. These include an up to date System Security Plan, Contingency Plan, regular offsite backup of the data, and yearly security awareness training for all personnel. Also, the system is part of the yearly SAS-70 (Statement on Auditing Standards No. 70) audit which tests the adequacy and effectiveness of the operating controls.
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Ruth Doerflein
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: Suzi Connor
Sign-off Date: Aug 14, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / OS ASAM Defense Contract Management Agency (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 13, 2007
2. OPDIV Name: OS
3. Unique Project Identifier (UPI) Number: 009-91-01-09-02-1031-00
4. Privacy Act System of Records (SOR) Number: 09-15-0004
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name: DCMA
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kathy Morring, Capt. USPHS; Kim Frasher, DCMA Project Manager
10. Provide an overview of the system: HHS values and benefits from a workforce that is physically well, they support the efforts of DCMA in achieving this goal. DCMA assists employees and employers to resolve medical problems that may adversely impact their work performance, conduct, health and well-being by tracking the subject’s repetitive exposure to items that could be detrimental to the subject’s health. In order to achieve these objectives, of tracking these exposures, the DCMA case management and reporting system was developed.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Medical officers use for review of medical data. DCMA assists employees and employers to resolve medical problems.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: Patient demographic data to include name, DOB, SSN or unique ID, height, weight and other basic medical information. The demographic information is used to track the individual in the database. The medical information is used for Health Surveillance. The demographic data contains IIF (name, SSN, DOB, physical chaacteristics. If employees do not want to provide information needed to establish a medical record, then this information is forwarded to the Agency. The Agency policies will dictate what process is followed for doing the exam (regulatory, agency mandated, voluntary surveillance, etc.). Patients log information from physicals, basic data, physical reports, genetic issues, illnesses and remediation plans go directly to the supervisor.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: All employees are required to read the FOH privacy statement when they have their exam in the OHC and are asked to sign an authorization for disclosure which describes what information will be disclosed outside of FOH. All employees are asked to sign a release of information form before information and any identifieable information is transferred or released from DCMA.
32. Does the system host a website?: Yes
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Management, operational, and technical controls commensurate with the level of sensitivity for the system, including: - Electronic data is encrypted during transmission.- Electronic data is password protected- Access to electronic data is role-based- Access to electronic data is based on “least privilege”- Access to electronic data is limited by number of attempts, session lock, session termination- Documents are stored in locked file cabinets / offices.- Documents are shredded (Medical Records are archived) when no longer needed- The application servers are isolated from the rest of the FOH network by PIX firewalls, which control access to the application data.
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Ruth Doerflein
Sr. Official for Privacy Approval: Demote
Comments: This is a DoD application containing DoD data only, hosted by FOH Seattle. Not HHS responsibility to report PIA information.
Sr. Official for Privacy Name: Suzi Connor
Sign-off Date: Aug 14, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / OS ASAM Defense Financial & Accounting System (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 13, 2007
2. OPDIV Name: OS
3. Unique Project Identifier (UPI) Number: new system -- appropriate documentation still in process
4. Privacy Act System of Records (SOR) Number: N/A -- this is just a pass-through interface
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: DFAS
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Carol Arbogast
10. Provide an overview of the system: Interface to the DoD payroll system and the HHS time and attendance system, etc.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): HHS OPDIVs responsible for the interconnecting system, and the U.S. Department of Defense who are owners of DFAS main system; this is just a pass-through interface. HHS OPDIV owners of the interconnected systems, DoD as owner of the DFAS system
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: This is just a pass-through interface for transmitting HHS payroll information from the HHS time and attendance system (EHRP) to the DoD payroll payment system, using the HHS/NIH mainframe.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: This is just a pass-through interface
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A -- This is just a pass-through interface
PIA Reviewer Approval: Demote
Comments: A DoD system that contains HHS data -- Not HHS' responsibility to report PIA for system.
PIA Reviewer Name: Ruth Doerflein
Sr. Official for Privacy Approval: Demote
Comments:
Sr. Official for Privacy Name: Suzi Connor
Sign-off Date: Aug 14, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / OS ASAM Departmental Contract Information System (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 13, 2007
2. OPDIV Name: OS
3. Unique Project Identifier (UPI) Number: 009-90-01-06-02-0002-00
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: Departmental Contracts Information System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Fred Evans
10. Provide an overview of the system: The DCIS mission is to provide the data collection and reporting capabilities needed to enable HHS to comply with the reporting requirements mandated by Public Law 93-400 for the reporting of procurement actions.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: DCIS provides a single system capability within HHS that collects, edits and stores information on individual procurement and contracting actions executed by the Operating Divisions (OPDIVs) and other HHS offices. No IIF information is collected.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: Yes
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments: No IIF information contained within system
PIA Reviewer Name: Ruth Doerflein
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: Suzi Connor
Sign-off Date: Aug 14, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / OS ASAM DPM Local Area Network (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: Yes
If this is an existing PIA, please provide a reason for revision:
1. Date of this Submission: Aug 13, 2007
2. OPDIV Name: OS
3. Unique Project Identifier (UPI) Number: 009-91-01-01-01-1010-00-402-124
4. Privacy Act System of Records (SOR) Number: No
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name: DPM LAN
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Matt Zaklielarz
10. Provide an overview of the system: The DPM LAN provides local connectivity for the DPM office.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: No
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: No
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A -- a GSS
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Ruth Doerflein
Sr. Official for Privacy Approval: Promote
Comments: UPI information is inaccurate -- does not agree with numbering methodology used by HHS CPIC Manager.
Sr. Official for Privacy Name: Suzi Connor
Sign-off Date: Aug 14, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / OS ASAM Electronic Human Resources and Payroll (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 13, 2007
2. OPDIV Name: OS
3. Unique Project Identifier (UPI) Number: 009-91-01-06-01-1100-00
4. Privacy Act System of Records (SOR) Number: 09-90-0018
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: Electronic Human Resources and Payroll (EHRP)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Carol Arbogast
10. Provide an overview of the system: A system for collecting, tracking, routing and maintaining information relating to personnel actions and determinations made about an employee whil employed at HHS.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Human Resource personnel, supervisors, and employees.
OPM Reporting, and Internal Agencies Reporting
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: Personnel and payroll information required by personnel management specialists and managers in order to process and properly execute agency personnel actions.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: Information is collected from individuals. Consent is granted as part of the employee induction process.
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The following administrative, technical, and physical controls are in place for EHRP:Administrative ControlsSystem security plan Contingency (or backup) plan File backup Backup files stored offsite User manualsSecurity Awareness TrainingContractor AgreementsLeast Privilege AccessIIF PoliciesTechnical ControlsUser Identification and PasswordsFirewallEncryptionIntrusion Detection System (IDS)Physical ControlsGuardsIdentification BadgesKey Cards
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Ruth Doerflein
Sr. Official for Privacy Approval: Promote
Comments: An OPM system, with HHS data -- Not HHS' responsibility to report PIA information for this system.
UPI information is inaccurate -- does not agree with numbering methodology established by HHS CPIC Manager
Sr. Official for Privacy Name: Suzi Connor
Sign-off Date: Aug 14, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / OS ASAM Electronic Official Personnel Folder (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 13, 2007
2. OPDIV Name: OS
3. Unique Project Identifier (UPI) Number: 009-91-01-06-02-1120-00
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: electronic Official Personnel Folder
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Carol Arbogast
10. Provide an overview of the system: Converts all HHS' paper-based Federal civilian employee Official Personnel Folders (OPF) to electronic format.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): HHS employees only, and they only have access to their own personnel folder
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: Temporary and permanent HHS employee official personnel records. Contains IIF information not subject to the Privacy Act.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: Collected from the HHS Electronic Human Resources and Payroll (EHRP) System
32. Does the system host a website?: Yes
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: On the HHS Intranet, locked down behind firewalls, with access permitted only to individual whose name matches the folder. Individuals are required to use passwords and be on the HHS network.
PIA Reviewer Approval: Demote
Comments: This is an OPM system, with HHS data -- Not HHS' responsibility to report PIA information.
PIA Reviewer Name: Ruth Doerflein
Sr. Official for Privacy Approval: Demote
Comments:
Sr. Official for Privacy Name: Suzi Connor
Sign-off Date: Aug 14, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / OS ASAM Electronic-Induction (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 13, 2007
2. OPDIV Name: OS
3. Unique Project Identifier (UPI) Number: 009-91-01-06-02-1150-00
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: E-Induction
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Carol Arbogast
10. Provide an overview of the system: On-line systems for new hires
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: Information that new hires need to know. Contains no IIF information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: Yes
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A -- This is a duplication of E-INDUCTION
PIA Reviewer Approval: Promote
Comments: DoLabor system
PIA Reviewer Name: Ruth Doerflein
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: Suzi Connor
Sign-off Date: Aug 14, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / OS ASAM Elite Series System (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 13, 2007
2. OPDIV Name: OS
3. Unique Project Identifier (UPI) Number: 009-91-01-06-02-1050-00
4. Privacy Act System of Records (SOR) Number: 09-90-0024
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name: EliteSeries System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Irene Grubb
10. Provide an overview of the system: Provides cradle-to-grave management of the Supply Services Center's inventory and customers orders. It is made up of several modules wich are function-specific: Accounts Recievable, Accounts Payable, Inventory Management, Order Management, Purchasing, Production, Warehouse Management. The EliliteSeries Sytem is an off-the-shelf Software product licenesed by the SSC, and installed with no modifications.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: EliteSeries System does not collect PII information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: No
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No IIF is contained in the system
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Ruth Doerflein
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: Suzi Connor
Sign-off Date: Aug 14, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / OS ASAM Employee Assistance Program Information System (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 13, 2007
2. OPDIV Name: OS
3. Unique Project Identifier (UPI) Number: 009-91-01-45-02-1020-00-110-031
4. Privacy Act System of Records (SOR) Number: 09-90-0010
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): DOCID: fr07mr97-105
7. System Name: Employee Assistance Program Information System (EAPIS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kathy Morring Capt. PHS
10. Provide an overview of the system: Manage EAP clinician activity.
This system contains a written or electronic record on each EAP client. These records typically contain demographic data such as client name, date of birth, grade, job title, home address, telephone numbers, and supervisor's name and telephone number. The system includes records of services provided by HHS staff and services provided by contractors. AUTHORITY FOR MAINTENANCE OF THE SYSTEM: 5 U.S.C. 7361, 7362, 7901, 7904; 44 U.S.C. 3101.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): PII is not shared (except as required by law) with anyone outside of HHS
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The information contained in each record is a documentation of the nature and extent of the client's problem(s). When the intervention plan includes referral(s) to the treatment or other facilities outside the EAP, the record also documents this referral information. The information contained in each record is also used for monitoring the client's progress in resolving the problems(s). Anonymous information from each record is also used to prepare statistical reports and conduct research that helps with program management.
This information is necessary for the clinician to formulate and implement an intervention plan for resolving the problem(s).
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: Information in this system of records is: (1) Supplied directly by the individual using the program, or (2) supplied by a member of the employee's family, or (3) derived from information supplied by the employee, or (4) supplied by sources to/from whom the individual has been referred for assistance, or (5) supplied by Department officials (including drug testing officers), or (6) supplied by EAP counselors, or (7) supplied by other sources involved with the case. Clients of the EAP will be informed in writing of the confidentiality provisions. Secondary disclosure of information, which was released, is prohibited without client consent.
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Information in the system is protected by management, operational, and technical security controls commensurate with the level of sensitivity of the system.
PIA Reviewer Approval:
Comments:
PIA Reviewer Name: Ruth Doerflein
Sr. Official for Privacy Approval: Demote
Comments: This system was replaced with WebEAP. This system is decommissioned.
UPI information is inaccurate -- does not match current numbering methodology established by HHS CPIC Manager
Sr. Official for Privacy Name: Suzi Connor
Sign-off Date: Aug 14, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / OS ASAM Enterprise E-Mail System (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation1. Date of this Submission: Aug 13, 2007
2. OPDIV Name: OS
3. Unique Project Identifier (UPI) Number: 009-00-02-00-01-0009-00
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: Enterprise E-Mail System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Ken Calabrese
10. Provide an overview of the system: EES is also known as the "HHSMail" system
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): This system does not collect, maintain or disseminate IIF.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: This system does not collect, maintain or disseminate IIF.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: This system does not collect, maintain or disseminate IIF.
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: This system does not collect, maintain or disseminate IIF.
PIA Reviewer Approval: Promote
Comments: GSS
PIA Reviewer Name: Ruth Doerflein
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: Suzi Connor
Sign-off Date: Aug 14, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / OS ASAM FOH Local Area Network/Wide Area Network (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: Yes
If this is an existing PIA, please provide a reason for revision:
1. Date of this Submission: Oct 2, 2006
2. OPDIV Name: OS
3. Unique Project Identifier (UPI) Number: 009-91-02-00-02-1041-00
4. Privacy Act System of Records (SOR) Number: No
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name: FOH LAN/WAN
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kathy Mooring
10. Provide an overview of the system: The FOH LAN/WAN provides local connectivity for the FOH BTS office and wide area connectivity for the various FOH office locations
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: No
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: No
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A -- a GSS
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Ruth Doerflein
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: Suzi Connor
Sign-off Date: Aug 12, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / OS ASAM Government Transformation Center computer room (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 13, 2007
2. OPDIV Name: OS
3. Unique Project Identifier (UPI) Number: 009-90-02-00-01-0001-00
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: Government Transformation Center (GTC) computer room
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Michael Tyllas
10. Provide an overview of the system: The Government Transformation Center is a data center facility located in Unisys' Reston, VA complex which houses HHS Enterprise systems, HHS/OS OITO / ITSC GSSs and the HHS/OS OITO ITSC Network Operations Center.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): This facility does not collect, maintain or disseminate IIF.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: This facility does not collect, maintain or disseminate IIF.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: This facility does not collect, maintain or disseminate IIF.
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: This system does not collect, maintain or disseminate IIF.
PIA Reviewer Approval:
Comments:
PIA Reviewer Name: Ruth Doerflein
Sr. Official for Privacy Approval: Promote
Comments: This is a GSS (computer center) thus there is no PII. – rmd
Sr. Official for Privacy Name: Suzi Connor
Sign-off Date: Aug 14, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / OS ASAM GovNet-NG (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: Yes
If this is an existing PIA, please provide a reason for revision:
1. Date of this Submission: Aug 16, 2007
2. OPDIV Name: OS
3. Unique Project Identifier (UPI) Number: 009-90-01-01-01-1010-00
4. Privacy Act System of Records (SOR) Number: 09-90-0024
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: GovNet-NG
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Robin Hofmann
10. Provide an overview of the system: GovNet-NG is a secure on-line data and report repository which is accessible via the Intranet using standard web browsers. The accounting data archives from the CORE system will be accessible through CORE-like inquiries on transition to UFMS. The report repository will maintain the CORE reports, UFMS reports, and other source system reports, such as Payroll.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): HHS employees specifically authorized
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: GovNet-NG will receive point-in-time reports, as well as, the CORE accounting transactions to support audits, research, and history of the financial activity. Data does contain IIF as it is provided from the other systems.
*31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: Data is not collected from the public. CORE accounting transactions will be a one-time data load at the conclusion of the conversion process from CORE to UFMS. The data will be transmitted via secure FTP.
32. Does the system host a website?: Yes
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:
The following administrative, technical, and physical controls are in place for GovNet-NG:
Administrative controls:
- C&A completed
- System Security Plan
- Contingency Plan
- System backups
- Offsite storage
- User manuals
- Security Awareness Training
- Least Privilege Access
- IIF Policy
Technical Controls:
- User ID and Passwords
- Firewall
- VPN
- Encryption
- Intrusion Detection
Physical Controls:
- Guards
- ID Badges
- Key Cards
PIA Reviewer Approval: Promote
Comments: Question the UPI number used.
PIA Reviewer Name: Ruth Doerflein
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: Suzi Connor
Sign-off Date: Aug 16, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / OS ASAM HHH computer room (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
1
|
PIA Summary
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 16, 2007
2. OPDIV Name: OS
3. Unique Project Identifier (UPI) Number: 009-90-02-00-01-0001-00
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: HHH computer room
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Alan Smith
10. Provide an overview of the system: The HHH computer room is a data center facility located in HHS's Hubert H. Humphrey building.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): This facility does not collect, maintain or disseminate IIF.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: This facility does not collect, maintain or disseminate IIF.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: This facility does not collect, maintain or disseminate IIF.
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: This facility does not collect, maintain or disseminate IIF.
PIA Reviewer Approval: Promote
Comments: GSS -- contains no IIF information
PIA Reviewer Name: Ruth Doerflein
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: Suzi Connor
Sign-off Date: Aug 16, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / OS ASAM HHS Property Management Information System (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
1
|
PIA Summary
|
|
Is this a new PIA 2008?: Yes
If this is an existing PIA, please provide a reason for revision:
1. Date of this Submission: Aug 16, 2007
2. OPDIV Name: OS
3. Unique Project Identifier (UPI) Number: 009-00-01-06-01-0021-00
4. Privacy Act System of Records (SOR) Number: No
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name: OS ASAM HHS Property Management Information System (PMIS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Jack Sweeney
10. Provide an overview of the system: PMIS is a Web-based application, running on an Oracle database and developed by Sunflower, Inc. The application is utilized for fixed asset accounting and is maintained by the Logistics Services Branch (LSB). PMIS is used for recording capitalized property to the general ledger of PSC.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The syst | | |
Print
Download Reader
HHS Home|HHS News|About HHS