Official US Government Icon

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure Site Icon

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PIA - Disability Information Management System (DIMS)

DEPARTMENT OF TRANSPORTATION
Office of the Secretary of Transportation (OST)

PRIVACY IMPACT ASSESSMENT
  DRC Information Management System (DIMS)

August 14, 2007


TABLE OF CONTENTS

Overview of Privacy Management Process
Personally Identifiable Information (PII) & DIMS
Why DIMS Collects Information
How DIMS uses information
How DIMS Shares Information
How DIMS Provides Notice and Consent
How DIMS Ensures Data Accuracy
How DIMS Provides Redress
How DIMS Secures Information
How Long DIMS Retains Information
System of Records

Overview of Privacy Management Process

The Disability Resource Center (DRC) provides reasonable accommodations, technical assistance and training to employees of and applicants to the Department of Transportation (DOT). DOT's reasonable accommodation order requires accommodations be performed within certain timeframes. DRC works with the Department of Defense Computer and Electronics Accommodation Program (CAP). When CAP is not able to provide accommodations, DRC provides them.

DOT is also required to submit reports to the Equal Employment Opportunity Commission detailing the numbers of accommodations provided by type and by job series and the time frames for fulfilling them. Each DOT agency is responsible for reporting this information to the Departmental Office of Civil Rights.  

While DRC does not receive all accommodation requests as many are out of scope, the office does provide information on the accommodation requests received to the agencies and to the Office of Civil Rights.  

In order to keep track of the accommodations provided and the time to process, DRC uses a tracking system to record accommodation requests. Access to the system is limited to DRC accommodation specialists only. It is a Microsoft Access based system. 

Personally Identifiable Information (PII) & DIMS

The PII recorded in DIMS is the same information available in telephone and email directories and organizational descriptions. The person's name, routing, telephone, email, address and supervisor's name and contact information are requested. They are not required. The information collected by DIMS does not fall into the Sensitive Personally Identifiable Information (SPII) category, or Health Insurance Portability and Accountability Act (HIPAA) category.

Why DIMS Collects Information

DIMS collects information in order to assist DOT agencies in meeting their reporting requirements and to answer general questions such as how many accommodations have been requested during a particular time frame.

How DIMS uses information

While a paper form is available to people requesting services, the form is not required. Email and telephone communications may also be used to collect basic name and contact information.

How DIMS Shares Information

DIMS does not connect with any other system, does not maintain any personnel records, nor does it contain any medical records. User accounts are limited to DRC accommodation specialists. Information is provided to designated agency staff, typically the disability program managers.

How DIMS Provides Notice and Consent

For an individual's name and agency contact information to appear in DIMS, he or she must have submitted his or her own information with a request to be included. Accommodation requests may only be made by the employee and in rare cases by an immediate family member.

Notice will be additionally provided through a privacy policy posted on the accommodation request form, as well as the applicable Privacy Act System of Records notice, currently being developed.

How DIMS Ensures Data Accuracy

DIMS receives most PII either directly through interactions with the individual requesting service and relies on the individual to provide accurate data. DIMS does not require individuals to maintain or update their information once a request has been closed. The information provided is included in an action plan if a request is approved. The employee and/or their supervisor may change the information when the action plan is approved.

Under the provisions of the Privacy Act, individuals may request searches of DIMS data to determine if any records have been added that pertain to them individually. PII about any person in DIMS will only be provided to that individual, or to an authorized official of the agency. DRC does not determine who is authorized, that is the responsibility of the agency Civil Rights Office. This is accomplished by contacting the System Manager as will be directed in the Privacy Act System of Records notice.

How DIMS Provides Redress

As provided for by the System of Records notice under the Privacy Act, individuals with questions about privacy and DIMS may contact the DIMS System Manager. In addition, privacy concerns can be directed to the agency civil rights office.

How DIMS Secures Information

DRC takes appropriate security measures to safeguard PII and other sensitive data. DRC applies DOT security standards, including but not limited to routine scans and monitoring, back-up activities, and background security checks of DRC employees and contractors.

PII
RoleAccessSafeguards
User    Submit new request information submitted by the individual requesting service
    Update and close request records
    System Manager-set user name and password
    Account set-up approved by supervisor and Administrator.
    Minimum length of passwords is 8 characters
    User must accept rules of behavior before completing logon.
    Must access system from computers which also have user name/ password access control.
    Access to data limited by server-based access control lists based on user account.
Site AdministratorSearch and view user names and profile information
    Grant User accounts, reset account passwords
    View, search, add, change, and delete all information in database
    Prepare reports for agencies upon request
User-set user name and password
    Account set-up approved by management
    Minimum length of passwords is 8 characters
    Passwords must be combination of alpha/numeric characters
    Must access system from computers which also have user name/ password access control
    Access to data limited by server-based access control lists based on user account

How Long DIMS Retains Information

Information is retained in accordance with the Records Retention Schedule.

System of Records

DIMS contains information that is part of existing System of Records subject to the Privacy Act, because it is searched by an individual's name. The Department of Transportation controls the data and maintains System of Records responsibilities.

OST is in process of renewing the DIMS certification and accreditation in accordance with DOT information technology security standard requirements.