DEPARTMENT OF TRANSPORTATION
Office of the Secretary
PRIVACY IMPACT ASSESSMENT
DOT IT Consolidation/Common Operating Environment (COE)
May 11, 2004
Overview of Department of Transportation (DOT) privacy management process for IT Consolidation/Common Operating Environment (COE)
At the June 26, 2003 meeting of the Department's Investment Review Board (IRB) a decision was made to begin the process of consolidating the Department's IT infrastructure in advance of the move to the new headquarters facility. A consolidated IT infrastructure has the benefit of delivering to the end users improved, more consistent and more highly secured IT services at a total cost of ownership (TCO) that is equal-to or less than the current cost of provisioning such services. This double benefit of improved services at a reduced cost is only possible with a commitment to a standardized, well structured IT infrastructure delivered by a world-class service organization. Thus, the IT Consolidation project if properly executed will contribute to implementing the President's Management Agenda vision of eliminating redundant services while improving overall IT service and security levels. In addition, because there is an increasingly critical need for real time communications among the Operating Administrations and the Department, the need for a single consolidated e-mail and directory capability across the Department (excluding the FAA) is strongly supported. Thus, this program will support the strategic goals of improved service to citizens, increased security of operations, at a reduced cost, while also providing improved, internal communications across the agencies and within the entire Department. The Office of the Chief Information Officer has the responsibility to effect this consolidation and will do so by creating a DOT Common Operating Environment (COE). The DOT Information Technology Services (DOT-ITS), a division of the Chief Information Officer's Office, will be responsible for the establishment and maintenance of the COE. That office will administer desktop and network operations for the Department.
Since privacy management is an integral and important part of the COE, the department has retained the services of privacy experts to help assess its privacy management program by utilizing proven technology, sound policies and procedures, and proven methodologies.
The privacy management process is built upon a methodology that has been developed and implemented in leading companies around the country and globally. The methodology is designed to help ensure that DOT will have the information, tools and technology necessary to effectively manage privacy and employ the highest level of fair information practices while allowing DOT to achieve its mission of protecting and enhancing a most important U.S. transportation system. The methodology is based upon the following:
- Establish priority, authority and responsibility. Appointing a cross-functional privacy management team to ensure input from systems architecture, technology, security, legal and other disciplines necessary to ensure that an effective privacy management program is developed.
- Assess the current privacy environment. This involves interviews with key individuals involved in the IT services to ensure that privacy risks are identified and documented.
- Organize the resources necessary for the project's goals. Internal DOT resources, along with outside experts will be involved in reviewing the technology, data uses and associated risks. They will also be involved in developing the necessary redress systems and training programs.
- Develop the policies, practices and procedures. The resources identified in Step 3 will work to develop an effective policy or policies, practices and procedures to ensure that fair information practices are complied with. The policies will effectively protect privacy while allowing DOT to achieve its mission.
- Implement the policies, practices and procedures. Once the policies, practices and procedures are developed, they must be implemented. This involves training of all individuals who will have access to and/or process personally identifiable information. It also entails working with commercial services to ensure that they maintain the highest standard for privacy while providing services to the DOT project.
- Maintain policies, practices and procedures. Due to changes in technology, personnel and other aspects of any program, effective privacy management requires that technology and information be available to the privacy management team to ensure that privacy policies, practices and procedures continue to reflect actual practices. Regular monitoring of compliance with privacy policies, practices and procedures will be required.
- Manage exceptions and/or problems with the policies, practices and procedures. This step involves the development and implementation of an effective redress and audit system to ensure that any complaints can be effectively addressed and corrections made if necessary.
Personally-identifiable information (PII) and IT Consolidation/COE
The DOT COE contains both PII and non-PII. DOT receives this information directly from commercial and federal sources, as well as through federal government official-provided notes and data. Raw data may enter the COE when an individual inputs data directly, scans a paper document, or inputs data provided through a paper document.
Why DOT IT sytems retain information
There are numerous information systems within the department that collect and retain PII for a myriad of purposes such as Human Resources management, email and phone directories, contingency contact databases, financial records, etc. The COE is a standard infrastructure which is comprised of numerous systems and networks.
How IT Consolidation/COE uses information
IT COE stores PII and non-PII and makes these data available to appropriate personnel involved in desktop and network operations. These staff members use the network to conduct daily operations.
Network systems within the COE provide no reports without PII to the public and individuals requesting such information.
How the COE shares information
Designated, approved federal employees and contractors have access to IT Systems and the COE according to job roles and responsibilities for use in their respective jobs.
DOT does not share information from its network or IT systems in any other way.
How the COE provides notice and consent
How the COE provides redress
DOT provides Web site access to a privacy officer who addresses privacy concerns and questions.
How IT Consolidation/COE secures information
IT data files are maintained in a secure government facility. All IT support staff and contractors are briefed on IT security requirements and associated responsibilities.
IT staff and contractors with access to COE data receive basic security training with some privacy components. These users also annually read and sign a Non-Disclosure Agreement containing privacy provisions and penalties for unauthorized disclosure of data. In addition to physical access, electronic access to PII is limited according to job function. DOT controls access privileges according to a documented roles matrix, with each individual receiving the minimum necessary access to PII and permissions. Many IT users receive read-only access to all or some of the data.
In addition, access to PII requires access to a secure LAN with complex passwords and regular change intervals. Much of the data requires second passwords when accessing a particular system which houses the PII. Password and account procedures comply with the following basic guidelines:
- Passwords expire after a set period.
- Accounts are locked after a set period of inactivity.
- Minimum length of passwords is eight characters.
- Passwords must be a combination of letters and numbers.
- Accounts are locked after a set number of incorrect attempts.
System of records
The COE as a whole is not a system of records. OST has certified and accredited the COE in accordance with DOT requirements.