DEPARTMENT OF TRANSPORTATION
Federal Highway Administration
PRIVACY IMPACT ASSESSMENT
August, 12, 2004
Table of Contents
Overview of Federal Highway Administration (FHWA) privacy management process for QuickHire
Personally-identifiable information and QuickHire
Why QuickHire collects information
How QuickHire uses information
How QuickHire shares information
How QuickHire provides notice and consent
How QuickHire ensures data accuracy
How QuickHire provides redress
How QuickHire secures information
System of records
Federal Highway Administration (FHWA), within the Department of Transportation (DOT), has been given the responsibility enhancing the highway movement of people and goods, while also ensuring the safety of the traveling public, promoting the efficiency of the transportation system, and protecting the environment. One vital component involved in reaching those goals is finding and hiring the best people for the job. To manage this increasingly complex task while modeling frameworks described in the President's Management Agenda and the Human Capital Standards for Success, the comprehensive framework prepared by the Office of Management and Budget, the Office of Personnel Management, and the General Accounting Office, FHWA is currently employing an automated human capital management tool QuickHire.
The QuickHire system is a publicly available Web site through which applicants can provide information, apply for jobs, and track status; and through which FHWA Human Resources (HR) personnel can process the receipt of applicants, rate and rank applicants, communicate internally with hiring authorities, notify applicants of status, and overall streamline the hiring process. Applicants may enter the QuickHire system through consolidated online government job boards, such as through www.usajobs.com. If an applicants requests to apply for a DOT job, that applicant's Web browser is forwarded to the separate QuickHire Web site. As the federal government consolidates more of it HR activities, more or less of the ownership and control of QuickHire data and functionality may fall under the Office of Personnel Management.
QuickHire is a narrowly focused, volunteer-based communication vehicle and hiring information repository. QuickHire serves as a central point of HR communication up to the point of hire, and it increases efficiency and effectiveness by connecting the right people to the right jobs.
Privacy management is an integral part of the QuickHire project. DOT/ FHWA has retained the services of privacy experts to help assess its privacy management program, utilizing proven technology, sound policies and procedures, and proven methodologies.
The privacy management process is built upon a methodology that has been developed and implemented in leading companies around the country and globally. The methodology is designed to help ensure that DOT and FHWA will have the information, tools, and technology necessary to manage privacy effectively and employ the highest level of fair information practices while allowing FHWA to achieve its mission of protecting and enhancing a most important U.S. transportation system. The methodology is based upon the following:
- Establish priority, authority, and responsibility. Appoint a cross-functional privacy management team to ensure input from systems architecture, technology, security, legal, and other disciplines necessary to ensure that an effective privacy management program is developed.
- Assess the current privacy environment. This involves interviews with key individuals involved in the QuickHire system to ensure that all uses of personally identifiable data, along with the risks involved with such use, are identified and documented.
- Organize the resources necessary for the project's goals. Internal DOT/FHWA resources, along with outside experts, are involved in reviewing the technology, data uses, and associated risks. They are also involved in developing the necessary redress systems and training programs.
- Develop the policies, practices, and procedures. The resources identified in the paragraph immediately above will work to develop an effective policy or policies, practices, and procedures to ensure that fair information practices are complied with. The policies will effectively protect privacy while allowing DOT/FHWA to achieve its mission.
- Implement the policies, practices, and procedures Once the policies, practices, and procedures are developed, they must be implemented. This involves training of all individuals who will have access to and/or process personally identifiable information. It also entails working with vendors to ensure that they maintain the highest standard for privacy while providing services to the FHWA project.
- Maintain policies, practices, and procedures. Due to changes in technology, personnel, and other aspects of any program, effective privacy management requires that technology and information be available to the privacy management team to ensure that privacy policies, practices, and procedures continue to reflect actual practices. Regular monitoring of compliance with privacy policies, practices, and procedures will be required.
- Manage exceptions and/or problems with the policies, practices, and procedures.This step involves the development and implementation of an effective redress and audit system to ensure that any complaints can be effectively addressed and corrections made if necessary.
The QuickHire system uses both PII and non-PII data from and about volunteer Web site applicants. Using the QuickHire Web site, applicants may:
- Voluntarily set up a profile that includes name, date of birth, social security number, phone number, email address, citizen/military service/veteran status, and a resume that may also contain Personally Identifiable Information (PII). In addition, applicants set up a password and secret question for continued access to their PII.
- Apply for jobs.
- Access any provided personal information and change profile information, including changing contact information.
FHWA uses PII submitted through QuickHire to screen individuals for job postings, assist in automating the hiring process, and communicate with applicants.
QuickHire's goal of linking applicants with federal jobs demands some degree of information collection and sharing, by definition. With this in mind, applicants volunteer to share PII through the QuickHire Web site so that FHWA HR and hiring professionals may assess their qualifications and consider them for applicable positions. Also, FHWA uses PII in QuickHire to contact references, verify applicant statements, and facilitate communication with applicants.
Information in an identifiable form is used to provide FHWA and volunteer applicants with an enhanced, efficient hiring process. FHWA does not use PII in QuickHire for any purposes outside of the hiring process.
The QuickHire system collects PII only with express permission of users, and only for activities associated with the hiring process. FHWA does not use QuickHire PII in any other way. If it is determined that this is a Privacy Act system of records, the Acts statutory exemptions and DOT's General Routine Uses will permit other uses of information in the system. At any time, a user may elect to withdraw from receiving emails.
FHWA HR professionals and officials responsible for making hiring decisions may have access to all or some of the PII that QuickHire contains. During the selection process, these personnel may share data contained in QuickHire with training facilities and organizations deciding claims for retirement, insurance, unemployment or health benefits. FWHA does not share QuickHire personally-identifiable information in any other way.
As an applicant is creating a profile, QuickHire provides the opportunity for the applicant to select his or her notification preferences.
QuickHire allows users to access PII, change that information, and request complete deletion from the QuickHire database at any time. Applicants access their own PII through the QuickHire Web site, which authenticates applicants through applicant-provided online ID or email address and password.
If an applicant has provided a non-functional email address, a FHWA HR user or System Manager contacts that applicant by phone or postal letter, requesting that he or she update the email address. In addition, if during the hiring process a FHWA HR user or System Manager realizes that an item of PII is incorrect, he or she may request that the applicant change the information online, or may make the change him or herself.
The QuickHire system is housed in Rockville, MD, in a facility run by QuickHire. Physical access to the QuickHire system (Web server) is limited to appropriate personnel through building key cards and room-access key pads.
In addition to physical access, electronic access to PII in QuickHire is limited according to job function. FHWA controls access privileges according to the following roles:
- HR User
- Selection Official
- System Manager
The following matrix describes the privileges and safeguards around each of these roles as they pertain to PII.
|Applicant|| Creates own profile|
Accesses and change own profile information
Changes own password
Applies for jobs
| Views jobs and status|
User-set email and password:Minimum 5-character length for password
Secret question to change or remember password
|HR User||Posts jobs|
Views aggregate Race/National Origin reports (no PII)
Reviews or changes all applicant information, except for password and answer to secret question
|HR Users are set up as users by System Managers and have two sets of passwords, one for the system and one for the database. The following safeguards apply:|
Passwords expire after a set period.
|Selection Officials||Views all of applicant record as sent by HR User. The applicant record may include name, social security number, citizen status, DOB, home address, phone, resume and all included information, and answers to qualifying questions||Selection Officials have only temporary access to applicant information, and only to applicants that the HR User has determined are possible job candidates. A temporary password provides read-only access, and the password expires when an HR User closes the job case.|
|System Manager||Views and changes all information, including password and answer to secret question.|
System Managers have two sets of passwords, one for the system and one for the database. The following safeguards apply:
Passwords expire after a set period.
QuickHire is a Privacy Act System of Records, as it is searched by name and unique identifier. The applicable Privacy Act System of Records notice is: OPM/GOVT-5, Recruiting, Examining, and Placement Records.FHWA has certified and accredited QuickHire under DOT requirements.
1. I would NOT like to be notified by email about new job postings.
2. I would like to be notified by email about ALL new job postings.
3. I would like to be notified by email about new job postings that meet my specified email notification criteria.
(Email notification criteria will be selected on the next page.)