DEPARTMENT OF TRANSPORTATION
Federal Aviation Administration
PRIVACY IMPACT ASSESSMENT
Designee Information Network Selection Appointment Renewal (DIN SAR)
April 10, 2010
System Overview of DIN SAR
The Federal Aviation Administration (FAA), within the Department of Transportation (DOT), has been given the responsibility to carry out safety programs to ensure the safest, most efficient aerospace system in the world. The FAA is responsible for:
- Regulating civil aviation to promote safety;
- Encouraging and developing civil aeronautics, including new aviation technology;
- Developing and operating a system of air traffic control and navigation for both civil and military aircraft;
- Developing and carrying out programs to control aircraft noise and other environmental effects of civil aviation; and
- Regulating United States (U.S.) commercial space transportation.
One of the programs that help the FAA fulfill this mission is the Designee Information Network Selection Appointment Renewal (DIN SAR) system. DIN SAR supports the management of all Aircraft Certification Service (AIR) designees (e.g., all engineering and manufacturing designees) and a limited number of Flight Standards Service (AFS) designees. The DIN SAR system supports multiple business goals, which include:
- Renewing designee certifications;
- Providing designees access to their personal information so it may be verified for accuracy and updated as needed. The increased opportunity for designees to update their data in an online, near real-time manner promotes accuracy of the designee data; and
- Providing authorized FAA users a searchable registry of certified designees, their approved designations, and limited supplemental notations specific to each designee.
DIN SAR is made up of three (3) main components:
- DIN main: The DIN main component is used by FAA personnel for the coordination, support, and processing of designee renewals. DIN main is also considered a searchable registry of designees and their authority.
- DIN Portal: The DIN Portal component is currently used by manufacturing designees. The designee accesses this portion of the system via an Internet-accessible Web interface. Through DIN Portal, designees are able to update their designation information and request renewal of their designations.
- SAR : The SAR component is used by engineering designees. SAR was the predecessor to DIN Portal. The designee accesses this portion of the system via an Internet accessible Web interface. Through SAR, designees are able to update their designation information and request renewal of their designations. Authorized FAA users are also able to access the SAR component through a separate Internet-accessible Web interface. FAA personnel use SAR to coordinate, support, and process designee renewals. It is the goal of the DIN SAR system owners to eventually retire the SAR component of the system and require all designees to use the DIN Portal component when editing their information or requesting renewals of their designations.
Information, Including Personally Identifiable Information (PII), in DIN SAR
The system contains both personally identifiable information (PII) and non-personally identifiable information pertaining to designees. PII collected in the system includes:
- Name (first, last, and possibly middle name or initial);
- Date of Birth (DOB);
- Email address;
- Home telephone number (NOTE: A designees home telephone number could be collected if the designee were to use their home telephone as their business telephone);
- Home address (NOTE: A designees home address could be collected if the designee were to use their home address as their business address); and
- FAA Designation number The FAA does not use a designees Social Security Number (SSN) for the designation number.
An designee's PII is entered into the system by FAA personnel during the designation and appointment process. Designees are then able to access and update their information through the system as needed after profiles for them are created.
Why DIN SAR Collects PII
The system collects the referenced PII in order to authorize users (designees) to view their designation information online and submit renewal requests and individual profile change requests electronically in real time. The collection of this information also improves designee management because the FAA will be able to make decisions (e.g., renewal certifications) based on the comprehensive and precise designee data that has been made available to each user.
Legal Authority for PII Collection
The PII within DIN SAR is collected and maintained as required in Title 14 of Code of Federal Regulation (CFR), Aeronautics and Space, Chapter 1, Part 183.
The PII within DIN SAR is also collected and maintained as required by FAA Order 8100.8, Designee Management Handbook, as amended.
How DIN SAR Uses the PII
PII in DIN SAR is used to authenticate and authorize designees to update their profile information electronically and promote data accuracy in the system. The PII is also used by FAA personnel to ensure data accuracy and workflow efficiency during the certification renewal process of a designee.
How DIN SAR Shares PII
PII contained in the system is shared only with other FAA systems including:
- National Automated Conformity Inspection Process (NACIP), and
- Designee Management System Data Mart (DMSDM)
Designee information is transferred to the DIN SAR hub server where it is then exported to the systems listed above. In addition, a limited subset of data from DIN SAR is available as a PDF file on the FAA.Gov public website. These PDF files Designated Airworthiness Representative (DAR) - Maintenance & Manufacturing Directory and the Designated Engineering Representative (DER) Directory. The limited DIN SAR data is exported into a Microsoft Access database by AIR-140 and filtered for informational purposes to be shared with the public in a restricted file format. Although data is transferred from the DIN SAR system to the FAA website, DIN SAR is only the source of data; the DIN SAR system is not directly connected.
How DIN SAR Provides Notice and Consent
For an individual’s PII to be included in the system, that individual must have been appointed as a designee by the FAA. Designees consent to having their name and contact information in the system and published directory during the designation and appointment process.
Notice is given to designees during the designation and appointment process as described in FAA Order 8100.8, Designee Management Handbook, as amended. Specifically, FAA Form 8110-14, STATEMENT OF QUALIFICATIONS (DAR—ODAR—DMIR—DER), provides notice to all designees. This form is available at http://forms.faa.gov/forms/faa8110-14.pdf .
How DIN SAR Ensures Data Accuracy
PII is provided by a designee during the designation and appointment process. This information is entered into the system by AIR-140 personnel. Designees can access the system to verify accuracy of their personal information and update the information as needed.
How DIN SAR Provides Redress
Under the provisions of the Privacy Act, individuals may request searches of the DIN SAR system to determine if any records have been added that may pertain to them.
Notification procedure: Individuals wishing to know if their records appear in this system may inquire in person or in writing to the appropriate system manager. Included in the request must be the following:
- Mailing address,
- Telehone number or email address
- A description of the records sought, and if possible, the location of the records.
Contesting record procedures: Individuals wanting to contest information about themselves that is contained in this system should make their requests in writing, detailing the reasons for why the records should be corrected. Requests should be submitted to the attention of the FAA official responsible for the record at the address appearing in this notice.
Federal Aviation Administration
800 Independence Ave. SW
Washington DC, 20591
How DIN SAR Secures PII
In accord with the requirements of the Federal Information Security Management Act of 2002 (FISMA), a completed security Certification and Accreditation (C&A) process was completed for DIN SAR. The C&A process is an audit of policies, procedures, controls, and contingency planning, required to be completed for all federal government IT systems every three years. All relevant policies, procedures and guidelines, including NIST Special Publication 800-53, have been followed to ensure the security of the system and the information it contains.
In addition, the system takes appropriate security measures to safeguard PII and other sensitive date. All users must be identified and authenticated for system access. To further ensure security of PII, DIN SAR uses password encryption. In addition, role-based account management is used to separate administrative activities from user activities.
Access to the system PII is limited according to job function.
How Long DIN SAR Retains PII
FAA complies with the requirements of the National Archives and Records Administration (NARA). NARA regulations state that electronic files created to monitor system usage are authorized for erasure or deletion when the agency determines that they are no longer needed for administrative, legal, audit, or other operational purposes. Generally, these (and any associated hard copy) files are authorized for deletion after 30 days unless needed for official purposes.
AAP System of Records Notice (SORN)
DIN SAR is a system of records subject to the Privacy Act because it is regularly retrieved by name. You can find the DIN SAR system of records notice at:
DOT/FAA 830 Representatives of the Administrator .