DEPARTMENT OF TRANSPORTATION
PRIVACY IMPACT ASSESSMENT
PAYROLL LABOR DISTRIBUTION SYSTEM (PLDS)
June 23, 2009
The Maritime Administration, within the Department of Transportation, has been given the responsibility to improve and strengthen the U.S. marine transportation system. The Maritime Administration programs promote the development and maintenance of an adequate, well-balanced United States merchant marine, sufficient to carry the Nation's domestic waterborne commerce and a substantial portion of its waterborne foreign commerce, and capable of service as a naval and military auxiliary in time of war or national emergency.
Payroll Labor Distribution System (PLDS) is a system that creates accounting transaction files based on Federal Aviation Administration (FAA) Payroll information, and the Fleet Reserve Files. PLDS has a biweekly processing cycle, performed by the users in the office of accounting, through a menu processor, the processing programs, and data entry programs.
Information, including Personally Identifiable Information (PII) in the Payroll Labor Distribution System
MARAD employees in the Payroll Labor Distribution System (PLDS) are listed by name, agency, employee identifier, social security number, and location.
Why Payroll Labor Distribution System Collects PII
The collection of PII for PLDS allows MARAD a substantial reimbursable effort with its Reserve Fleet. The ability to track reimbursable activities and connect them with the correct interagency agreement had not been possible to date except through bookkeeping adjustments.
Legal Authority for Information Collection
The Maritime Domain Awareness (MDA) program and the Maritime Security Act of 2003 are the legal authority for information collection for MARAD systems.
How Payroll Labor Distribution System Uses Information
The routine use of the information is for payroll accounting procedures, including reconciliation with the FAA Payroll system.
How Payroll Labor Distribution System Shares Information
Payroll Labor Distribution System is a web-based application that is centrally housed at the NASA Stennis Space Center in Mississippi.
How Payroll Labor Distribution System Provides Notice and Consent
Payroll Management Information System data usage is contained with US DOT and MARAD Human Resources and participation is mandatory upon hire.
How Payroll Labor Distribution System Ensures Data Accuracy
Data quality and relevance are the sole responsibility of the information providers. Payroll Labor Distribution System has incorporated data integrity techniques into its infrastructure.
The data elements are described in detail in the interface control documents as well as the logical data model.
How Payroll Labor Distribution System Provides Redress
Data used in Payroll Labor Distribution System is obtained from CASTLE. The source of data and the possible ability to decline would be at the data sources level.
Payroll Labor Distribution System data usage is specified in the MOA/MOU defined with FAA. The FAA is the owner of the data and will have license to provide the data to Payroll Labor Distribution System or not to.
How Payroll Labor Distribution System Secures Information
Payroll Labor Distribution System takes appropriate security measures to safeguard PII and other sensitive data. Payroll Labor Distribution System applies DOT security standards, including but not limited to routine scans and monitoring, back-up activities, and background security checks of Maritime Administration employees and contractors.
Data access is determined by permission levels and role based access controls. Users have certain rights based on account type. Users entering Payroll Labor Distribution System are authenticated with a unique identification and password. System security policy guidelines provide for the creation of secure complex passwords. Users register for an account on the Payroll Labor Distribution System application. The Payroll Labor Distribution System accounts manager reviews then approves/denies access to Mariner Outreach System.
|System Administrator||Full Access||Administrators have permissions to provide management of the infrastructure|
|Maritime Administration Manager||Read, Write||Modify Managers have limited permissions based on roles, they have the ability to manage the application|
After initial certification and accreditation, Mariner Outreach System will have a Certification and Accreditation performed every 3 years to ensure it meets agency and Federal requirements. Additional activities are performed more frequently to ensure Mariner Outreach System meets regulatory security requirements.
A favorable risk assessment was performed in 2008 for the Payroll Labor Distribution System. Unacceptable risks found during this risk assessment were noted in a plan of action and milestones document that was subsequently remediated by the system owner.
The Maritime Administration IT Security team performs continuous monitoring activities for the Payroll Labor Distribution System at different frequencies. Operating system and application patches are verified on a weekly basis. Application scanning is used to identify insecure coding practices, improper configurations, and areas of non-compliance with privacy laws. Furthermore, an Intrusion Prevention System aids in the detection of potential intruders and minimizes their impact if success is achieved.
How Long Payroll Labor Distribution System Retains Information
PLDS will dispose of information records when superseded by master file processing updates.
System of Records
Payroll Labor Distribution System contains information that is part of a System of Records subject to the Privacy Act because it is searched by an individual's social security number. In some cases, such as DOT/OST, the Department of Transportation controls the data and maintains System of Records responsibilities.
Payroll Labor Distribution System has been certified and accredited in accordance with DOT information technology security standard requirements.