DEPARTMENT OF TRANSPORTATION
Office of the Secretary of Transportation (OST)
PRIVACY IMPACT ASSESSMENT
Tiger Collector Reporting Tool (TCRT)
June 30, 2009
Overview of Privacy Management Process
The privacy management process is built upon a methodology that has been developed and implemented in leading companies around the country and globally. The methodology is designed to help ensure that DOT and OST will have the information, tools and technology necessary to manage privacy effectively and employ the highest level of fair information practices while allowing OST to achieve its mission of protecting and enhancing the U.S. transportation system. The methodology is based upon the following steps:
- Establish priority, authority, and responsibility. Appointing a cross-functional privacy management team to ensure input from systems architecture, technology, security, legal, and other disciplines necessary to ensure that an effective privacy management program is developed.
- Assess the current privacy environment. This involves interviews with key individuals involved in the WCIS system to ensure that privacy risks are identified, addressed and documented.
- Organize the resources necessary for the project's goals. Internal OST resources, along with outside experts, are involved in reviewing the technology, data uses, and associated risks. They are also involved in developing the necessary redress systems and training programs.
- Develop the policies, practices, and procedures. The resources identified in the paragraph above work to develop effective policies, practices, and procedures to ensure that fair information practices are complied with. The policies are designed to protect privacy effectively while allowing OST to achieve its mission.
- Implement the policies, practices, and procedures. Once the policies, practices, and procedures are developed, they must be implemented. This involves training all individuals who will have access to and/or process personally identifiable information (PII). It also entails working with vendors to ensure that they maintain the highest standard for privacy while providing services to the OST project.
- Maintain policies, practices, and procedures. Due to changes in technology, personnel and other aspects of any program, effective privacy management requires that technology and information be available to the privacy management team to ensure that privacy policies, practices, and procedures continue to reflect actual practices. Regular monitoring of compliance is required.
- Manage exceptions and/or problems with the policies, practices, and procedures. This step involves the development and implementation of an effective redress and audit system to ensure that any complaints are effectively addressed and corrections made, if necessary.
Personally Identifiable Information (PII) and TCRT
The Tiger Collector Reporting Tool (TCRT) adapt the existing RITA Research Notification System "R2NS" GOTS software developed for the Research and Innovative Technology Administration (RITA) to perform the "data consolidation and reporting" tasks set forth in a web-enabled application situated on the Department of Transportation (DOT) intranet.
The TCRT application contains and publicly posts the following information to include: business email information, address, and telephone number.
Why TCRT Collects Information
The TCRT adopts a "user interface" for Departmental staff that is similar to that of the R2NS and permits "user account administration" by the Operating Administrations implementing the American Recovery and Reinvestment Act (ARRA) of 2009 (FAA, FRA, FHWA, FTA, MARAD, and Office of the Secretary). User roles are provided to control access to various system functions. There are four (3) roles in the TCRT. They are System Administrator, TEAM User, and Mode Admin. The System Administrators is the highest level of access then the Mode Administrator, then the TEAM User. The job description of personnel defines the role they are assigned.
The TCRT tool adapted the existing R2N GOTS software developed for the Research and Innovative Technology Administration (RITA) to perform the "data consolidation and reporting" tasks set forth below in a web-enabled application situated on the DOT intranet. The information processed by the TCRT is unclassified.
The TCRT is comprised of three primary servers, a Compaq DL-380 Server running Microsoft Windows Server 2003 with SP1, a Compaq DL-360 with Microsoft Windows Server 2003 and a DELL Power Edge R300 with Microsoft Windows Server 2008. Table 3 depicts the hardware/software characteristic of the system. Two of the servers functions as a WEB Server which is utilizing an application front end developed with Macromedia Cold Fusion. The other server hosts a Microsoft SQL 2000 database engine populated with the TCRT data. The system access is limited to login accounts within the DOT Intranet and the TCRT has a trust relationship with the OST Resource Domain.
The TCRT relies on native security controls of Microsoft Windows 2003 Server and MS SQL2000 as well as IIS 6.0. All Operating System and Application patch histories are current. The servers also have Semantic End Point (SEP) Virus and Spam protection installed and updates occur regularly once the update files are verified.
How TCRT Uses Information
The requestor's form data is written to the protected DOT TCRT database. Only a limited number or system administrators can access this database, where the requests can be more effectively processed and, if approved, automate many of the continuing management functions.
The TCRT data reporting functions conform to the most recent OMB Guidance and Data Architecture specifications for the ARRA (most recent versions attached) and available templates.
The TCRT provide a data structure with the following tables:
- Awards: A table holding a Grant Information System (GIS) FAADS Plus record for each ARRA project grant, with additional fields to contain recipient data (minimum 5 fields) and NEPA status data (minimum 2 fields); table is capable of holding an Federal Procurement Data System (FPDS) record. This satisfies section 1512(c)(3) of ARRA.
- Recipients: A table of external-interface users, containing at a minimum the DUNS number of each ARRA grant/contract award recipient, a password, and the recipient name.
- 1201 Periodic Reports: A table that holds a record for each recipient listed in the Recipients table and contains approximately 10 fields (to be specified) that reflect the reporting requirements of 1201(c)(2) of the ARRA. A minimum of five reporting cycles will be captured, for a minimum of 10 appropriations.
- 1512 Periodic Reports: A table that holds a record for each recipient listed in the Recipients table and contains approximately 5 fields to be specified that reflect the reporting requirements of 1512(c)(1) and (2) of the ARRA. A minimum of five reporting cycles shall be captured.
- Recipient Sub-awards: A table holding records of the sub-awards/contracts made by prime recipients (as listed in the Recipients table), associated in a many-to-one relationship to the Awards table. This satisfies section 1512(c)(4) of ARRA.
How TCRT Shares Information
Management and control of the Tiger Collector Reporting Tool is conducted via the Electronic Capital Planning and Investment Control (eCPIC) System. eCPIC is a web-based, government-owned technology system (GOTS) application designed to help agencies with the management and control of their initiatives, portfolios, and investment priorities, as well as in the preparation and submission of budget data to the Office of Management and Budget (OMB). DOT currently hosts the eCPIC Domain. eCPIC is maintained in the Worklenz data base. The system is used by fourteen Federal agencies to help them determine the most efficient allocation of information technology spending to meet agency missions. Federal agencies that use the system consider it best practice for government portfolio management. Decisions on operations, maintenance, functionality, and enhancements are implemented through the eCPIC Service Level Agreement (SLA). Through the eCPIC Change Management Committee (CMC), agency SLA members participate in monthly meetings to share lessons learned, review the status of the project, and prioritize change requests associated with the operation, maintenance, and enhancement of the application.
How TCRT Provides Notice and Consent
TCRT displays the DOT approved system warning banner to alert users of notice and consent to monitoring prior to login.
How TCRT Ensures Data Accuracy
TCRT employs the data accuracy checks inherit in Oracle database software to ensure data validity and accuracy. The system has been reviewed to ensure, to the greatest extent possible, it is accurate, relevant, timely and complete via security testing and evaluation.
How TCRT Provides Redress
Validation checks are built into the application software that both prompt the user that an incorrect entry has been entered and must be corrected, and that a user has successfully input data.
How TCRT Secures Information
TCRT takes appropriate security measures to safeguard PII and other sensitive data. TCRT applies DOT security standards, including but not limited to routine scans and monitoring, back-up activities, and background security checks of OST employees and contractors.
How Long TCRT Retains Information
TCRT retains PII information for a minimum of one year.
System of Records
TCRT contains information that will be part of existing System of Records subject to the Privacy Act, because it is searched by an individual's email address. In some cases, such as DOT/OST 101, the Department of Transportation controls the data and maintains System of Records responsibilities. In other cases, other government entities providing TCRT source data control the data and retain Privacy Act responsibilities.
OST has certified and accredited the security of TCRT in accordance with DOT information technology security standard requirements.