Official US Government Icon

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure Site Icon

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PIA - Business/Historical Analysis Repository

Department of Transportation

Federal Aviation Administration

Privacy Impact Assessment

Business/Historical Analysis Repository
(B/HAR)

April 5, 2007


Table of Contents

Overview of Federal Aviation Administration (FAA) privacy management process for Business/Historical Analysis Repository (B/HAR)
Personally-identifiable information and B/HAR
Why B/HAR collects information
How B/HAR uses information
How B/HAR shares information
How B/HAR provides notice and consent
How B/HAR ensures data accuracy
How B/HAR provides redress
How B/HAR secures information
System of records

Overview of Federal Aviation Administration (FAA) privacy management process for Business/Historical Analysis Repository (B/HAR)

The Federal Aviation Administration (FAA), within the Department of Transportation (DOT), has been given the responsibility to carry out safety programs. FAA is responsible for providing the safest, most efficient aerospace system in the world. One of the programs that helps FAA fulfill this mission is the Business/Historical Analysis Repository (B/HAR), which supports the agency’s ability to achieve financial accountability and reach human resource goals.

Under the President’s Management Agenda for eGovernment, the ePayroll Initiative was implemented at FAA. The agency migrated to the Department of Interior’s (DOI) Federal Personnel and Payroll System (FPPS) on October 16, 2005, in preparation to sunset multiple legacy computer systems that had previously supplied personnel and payroll data to business applications. Under FPPS, the DOT Interface Repository (DOT IR) was created to load data from the host system and provide a source for applications that need data through a computer interface. The FAA B/HAR data warehouse was established for the purpose of collecting data from the DOT IR and building a repository of “historical” personnel and payroll data. When lines of business and staff offices need historical data to identify trends and forecast future costs the B/HAR is the source of those data.

Privacy management is an integral part of the B/HAR system. DOT/FAA has retained the services of privacy experts to help assess its privacy management program, utilizing proven technology, sound policies and procedures, and proven methodologies.
The privacy management process is built upon a methodology that has been developed and implemented in leading companies around the country and globally.  The methodology is designed to help ensure that DOT and FAA will have the information, tools, and technology necessary to manage privacy effectively and employ the highest level of fair information practices while allowing FAA to achieve its mission of protecting and enhancing a most important U.S. transportation system.  The methodology is based upon the following:

  • Establish priority, authority, and responsibility. Appointing a cross-functional privacy management team to ensure input from systems architecture, technology, security, legal, and other disciplines necessary to ensure that an effective privacy management program is developed.
  • Assess the current privacy environment.  This involves interviews with key individuals involved in the B/HAR system to ensure that privacy risks are identified and documented.
  • Organize the resources necessary for the project’s goals.  Internal DOT/FAA resources, along with outside experts, are involved in reviewing the technology, data uses, and associated risks.  They are also involved in developing the necessary redress systems and training programs.
  • Develop the policies, practices, and procedures.  The resources identified in the paragraph above work to develop an effective policy or policies, practices, and procedures to ensure that fair information practices are complied with.  The policies are designed to protect privacy effectively while allowing DOT/FAA to achieve its mission.
  • Implement the policies, practices, and procedures.  Once the policies, practices, and procedures are developed, they must be implemented.  This involves training all individuals who will have access to and/or process personally identifiable information.  It also entails working with vendors to ensure that they maintain the highest standard for privacy while providing services to the FAA project.
  •  Maintain policies, practices, and procedures.  Due to changes in technology, personnel, and other aspects of any program, effective privacy management requires that technology and information be available to the privacy management team to ensure that privacy policies, practices, and procedures continue to reflect actual practices.  Regular monitoring of compliance with privacy policies, practices, and procedures is required.
  • Manage exceptions and/or problems with the policies, practices, and procedures.  This step involves the development and implementation of an effective redress and audit system to ensure that any complaints are effectively addressed and corrections made if necessary.

Personally Identifiable Information and B/HAR

The B/HAR system contains both personally identifiable information (PII) and non-personally identifiable information pertaining to financial accountability and human resource goals. For an individual’s PII to be included in B/HAR, that information must (1) reside in the DOT IR, which contains personnel and payroll data obtained from the DOI FPPS; and (2) be authorized by the memorandum of understanding (MOU) between the DOT IR and the B/HAR. PII data contained within the B/HAR include the name, date of birth, and social security number of current and former FAA employees.  The only PII that pertains to members of the public is PII associated with former DOT/FAA employees who have left the Department and are considered members of the public because they are no longer employed by the Department.

Why B/HAR Collects Information

The B/HAR does not collect any PII directly from current or former DOT/FAA employees. Instead, the B/HAR receives PII from the DOT IR for the purpose of warehousing the history of personnel and payroll transactions. Customers from various DOT/FAA lines of business and staff offices use specialized computer applications that interface to the data warehouse to access data.

How B/HAR Uses Information

The B/HAR is a data warehouse that stores historical personnel and payroll data.  In that role the data are used by computer applications only as authorized by an existing MOU.  The computer applications analyze historical personnel and payroll data for the purpose of identifying trends and forecasting future costs in support of the agency’s mission.

How B/HAR shares information

In order for any DOT/FAA line of business or staff office to get access to the B/HAR it must complete a MOU outlining the business case for gaining access to the data.  In the routine usage of B/HAR, there is no exchange or sharing of any PII with non-DOT entities. Since B/HAR is a system of records under the Privacy Act, DOT may share information from B/HAR in accordance with, and as authorized by, law.

How B/HAR provides notice and consent

Since B/HAR does not directly collect information, there is no immediate notice given or consent collected from the individuals whose data are contained in the system. This PIA serves as notice to any members of the public, in this case retired or former DOT/FAA employees, whose information may be contained in the system. Only PII on current or former DOT employees is contained in B/HAR.

How B/HAR ensures data accuracy

The B/HAR is a downstream data warehouse that loads data directly from the DOT IR via a computer interface.  The data are derived from the DOI FPPS and are based upon Office of Personnel Management’s Standard Forms 50 and 52 (SF-50, Notification of Personnel Action, and SF-52, Request for Personnel Action, respectively).  To ensure the integrity and accuracy of the data, the incoming data cannot be modified by DOT/FAA personnel.  Users and administrators may only view, read, and print information.  Since the mission of the B/HAR is to maintain historical data online for business applications data are kept for a minimum of five years and a maximum of seven years.

How B/HAR provides redress

After reviewing their printed SF Form 50, Notification of Personnel Action, individuals are responsible for contacting their HR representative to have their data corrected in DOI FPPS.  The corrected personnel and/or payroll data will be loaded through the computer interfaces from DOI FPPS into the DOT IR and ultimately flow downstream into the FAA B/HAR system.  Again, B/HAR is used only by employees responsible for identifying trends and forecasting future costs in support of the agency’s mission.  If individuals believe their records contain inaccurate information, they may contact the FAA Privacy Officer.

How B/HAR secures information

Only official Information Technology Systems with a current Security Certification and Authorization Packages (SCAP) completed, and an up-to-date Certification and Authorization (C&A) in place are authorized to interface to the B/HAR. Each application must be hosted on a server that is a member of the FAA Domain, which ensures secure connectivity. The "FAA Manager" responsible for making work assignments to the person requesting access is required to authorize access to the B/HAR for all employees needing it.

In addition, access to B/HAR PII is limited according to job function. FAA controls access privileges according to the following roles:

  • Program Oversight & Management Team
  • Data Integrity Team
  • Oracle Database Administrator (DBA) Team (these individuals require access to the data in order to create and maintain data structures (tables, fields, views, etc.) within the database and to ensure the load and validation processes work properly).
  • Server Administration Team
  • Access Request & Tracking System Team
  • Interface Owner

The following matrix describes the levels of access and safeguards around each of these roles as they pertain to PII.

B/HAR Levels of Access and Safeguards – Part 1 of 3

B/HAR Levels of Access and Safeguards
ROLEACCESSSAFEGUARDS
Program Oversight & Management TeamUnlimited Access

The following safeguards also apply:

  • Passwords expire after a set period.
  • Accounts are locked after a set period of inactivity.
  • Minimum length of passwords is eight characters.
  • Passwords must be a combination of letters and numbers
  • Accounts are locked after a set number of incorrect attempts.
Data Integrity TeamUnlimited Access

The following safeguards also apply:

  • Passwords expire after a set period.
  • Accounts are locked after a set period of inactivity.
  • Minimum length of passwords is eight characters.
  • Passwords must be a combination of letters and numbers
  • Accounts are locked after a set number of incorrect attempts.

B/HAR Levels of Access and Safeguards – Part 2 of 3

 

B/HAR Levels of Access and Safeguards – Part 2 of 3
ROLEACCESSSAFEGUARDS
Oracle DBA TeamUnlimited Access

The following safeguards also apply:

  • Passwords expire after a set period.
  • Accounts are locked after a set period of inactivity.
  • Minimum length of passwords is eight characters.
  • Passwords must be a combination of letters and numbers
  • Accounts are locked after a set number of incorrect attempts.
Server Administration Team

Unlimited Access to the Server Volumes
No Access to the Oracle Database

The following safeguards also apply:

  • Passwords expire after a set period.
  • Accounts are locked after a set period of inactivity.
  • Minimum length of passwords is eight characters.
  • Passwords must be a combination of letters and numbers
  • Accounts are locked after a set number of incorrect attempts.

B/HAR Levels of Access and Safeguards – Part 3 of 3

 

B/HAR Levels of Access and Safeguards – Part 3 of 3
ROLE

ACCESS

SAFEGUARDS
Access Request & Tracking System TeamUnlimited Access

The following safeguards also apply:

  • Passwords expire after a set period.
  • Accounts are locked after a set period of inactivity.
  • Minimum length of passwords is eight characters.
  • Passwords must be a combination of letters and numbers
  • Accounts are locked after a set number of incorrect attempts.
Interface OwnerSpecific Tables and Data Elements are specified within a Memorandum of Understanding

The following safeguards also apply:

  • Passwords expire after a set period.
  • Accounts are locked after a set period of inactivity.
  • Minimum length of passwords is eight characters.
  • Passwords must be a combination of letters and numbers
  • Accounts are locked after a set number of incorrect attempts.

How Long B/HAR Retains Information

Records stored in B/HAR are retained and disposed in compliance with the General Records Schedules, National Archives and Records Administration, Washington, DC.

System of Records

B/HAR is subject to the Privacy Act, because it is searched by name and telephone number.  Personally identifiable information in B/HAR is covered by OPM/GOVT-1 (General Personnel Records).

FAA has certified and accredited the security of B/HAR in accordance with DOT standard requirements.