DEPARTMENT OF TRANSPORTATION
Research & Innovative Technology Administration
PRIVACY IMPACT ASSESSMENT
CONFIDENTIAL CLOSE CALL REPORTING SYSTEM (C3RS)
March 19, 2010
Overview of Privacy Management Process
The Federal Railroad Administration (FRA), within the Department of Transportation (DOT), has been given the responsibility to carry out rail safety programs. FRA is responsible for promulgating and enforcing rail safety regulations; administering railroad assistance programs; conducting research and development in support of improved railroad safety and national rail transportation policy; providing for the rehabilitation of the Northeast Corridor rail passenger service; and consolidating government support of rail transportation activities. The FRA is sponsoring the Confidential Close Call Reporting System (C3RS) Demonstration Project to demonstrate the effectiveness of reporting of close calls or near misses in improving railroad safety.
Providing confidentiality for individuals who report close calls requires a third party to accept, store, process, and analyze the reports, as well as to disseminate reports to the participants and FRA on rail safety trends and new risks. The Bureau of Transportation Statistics (BTS) has agreed to perform these functions. All reports collected and maintained by the C3RS team are protected under the BTS confidentiality statute (49 U.S.C. 111(k)) and the Confidential Information Protection and Statistical Efficiency Act (CIPSEA) of 2002. Under CIPSEA, BTS, as a federal statistical agency, has the authority to protect employee identification through direct or indirect means at any time.
Personally Identifiable Information (PII) & C3RS
The C3RS database system contains PII and non-PII received from railroad employees participating in the project in accordance with the Memorandum of Understanding (MOU) between FRA, BTS and the participating railroad.
PII information includes name, age, mailing address, phone numbers, and job classification of employees reporting a close call event. The system also includes non-PII information specific to the close call event about which the employee is reporting into the C3RS system.
Why C3RS Collects PII
Information on close call events and unsafe working conditions represent an opportunity to identify and correct weaknesses in a railroad's safety system prior to the occurrence of an actual accident. For this demonstration project, close call reports should be collected to address the following four goals:
- To monitor the frequency of known failure modes (existing risks to safety);
- To learn about new failure modes (new risks to safety);
- To maintain alertness to the risks inherent in railroad operations; and
- To enable carriers, labor organizations and FRA to identify safety issues that require corrective action.
The C3RS system collects name and personal contact information (address, phone numbers) of individuals reporting close calls so that BTS can communicate with participating employees, as needed.
How C3RS Uses PII
All participants in the C3RS Demonstration Project have agreed to use the information they acquire only for the purpose of improving rail safety. BTS collects PII information for the following functions:
a) BTS uses an employee address to mail a confirmation letter to those employees participating in the study once they have successfully completed all the requirements. The confirmation letter is used as proof of participation in the study and functions as a legal waiver from disciplinary action as outlined in the MOU between the carrier, FRA, and BTS;
b) C3RS staff use employee phone numbers to contact participating employees for additional information and/or further clarification about their reported case; and
c) BTS uses job classification as a means of understanding the employee's role in the reported close call incident.
How C3RS Shares PII
BTS does not share PII information collected for the C3RS study with other entities.
A primary goal of the C3RS is to protect the identity of any employee who reports a close call incident to BTS. Reports collected and maintained in the C3RS are protected from disclosure as provided in the BTS confidentiality statute (49 U.S.C. 111(k)) and the Confidential Information Protection and Statistical Efficiency Act (CIPSEA) of 2002.
How C3RS Provides Notice and Consent
For this demonstration study, carrier and employee participation in C3RS is voluntary. Information gathered under the C3RS Demonstration Project is protected under the BTS confidentiality statute (49 U.S.C. 111(k)) and CIPSEA. Participating rail employees are asked to consent to the collection of this data when filling out a C3RS Report Form. In addition, the Department will publish a Privacy Act System of Records Notice in the Federal Register.
How C3RS Ensures Data Accuracy
BTS has developed quality control procedures to ensure the accuracy of the information recorded into the C3RS data systems. The close call report received by BTS from a participating employee is first entered into the stand-alone database by a research assistant. This information is then provided to the assigned Rail Safety Analyst (RSA) who compares the information in the system to the original report submitted by the employee and notes any discrepancies. All discrepancies are resolved during the RSA interview with the participating employee. Further, the C3RS database specialist and research assistant does routine database maintenance and checks the database for accuracy as part of the process.
How C3RS Provides Redress
Employees and contractors of Federal agencies are subject to The Privacy Act of 1974 (5 U.S.C. 552a), and anyone, who willfully discloses personal information contrary to this law, or who fails to give notice of a system of records, may be fined and the agency may be sued for damages. The Act also places restrictions on the use of an individual's social security number. BTS does not collect social security numbers through C3RS.
CIPSEA is contained in Public Law 107-347, Title V. and includes fines and penalties for unauthorized disclosures of information collected under a pledge of confidentiality where the information is designated exclusively for statistical purposes. BTS is providing a pledge of confidentiality for information it collects under this project. CIPSEA provides that if an officer, employee or agent of the agency (e.g., a contractor or a contractor's employee) knowingly and willfully discloses the information in any manner to a person or agency not entitled to receive it, shall then be guilty of a class E felony and imprisoned for not more than 5 years, or fined not more than $250,000, or both.
How C3RS Secures Information
All the information C3RS obtains, including the PII data, is kept in a secure room in the Department of Transportation Headquarters building in Washington, DC. Only members of the C3RS Team have access to the secure room. The door of the secure room is kept closed during work hours and kept locked when no one is in the room. All data are stored in an electronic database in a stand-alone desktop computer attached to a non-network printer. The stand-alone workstation as well as the database that contains PII data is password protected. All working documents are stored in the secure room and shred immediately after case completion.
How Long C3RS Retains Information
The C3RS project is a five-year research/feasibility study subject to availability of funds. After the project completion, all PII data fields will be destroyed. BTS will retain the entire C3RS database for up to ten years after completion of the project (i.e., up to fifteen years total). The system is currently unscheduled; pending approval of a retention schedule by the National Archives and Records Administration (NARA), the records must be kept indefinitely. The retention periods that will be proposed to NARA are as follows: upon project completion, all PII data fields will be destroyed, and all non-PII data will be retired to the Federal Records Center (FRC). The non-PII data will be destroyed 10 years after completion of the study.
System of Records
Records contained in the C3RS database are subject to the Privacy Act. The Department will publish a Privacy Act System of Records Notice in the Federal Register. In addition, system security will be certified and accredited in accordance with DOT information technology security standard requirements.