The template for an information technology (IT) system Privacy Impact Assessment (PIA) Analysis Worksheet and Summary Template begins on the following page. The Template covers the four major categories of information required for inclusion into the PIA: system characterization, information sharing practices, Web site practices, and security controls.
NASA IT Privacy Impact Assessment (PIA) Analysis Worksheet
The PIA determines what kind of information in identifiable form (IIF), if any, is contained within a system, what is done with that information, and how that information is protected. Systems with IIF are subject to an extensive list of requirements based on privacy laws, regulations, and guidance.
|
|
Identifying Numbers (Use N/A for items that are Not Applicable) |
|
Application Name (generally the name that the system is accessed by. www.nasa.gov, when Web enabled, for example): |
Loc__________________________________________________ator and Information Services Tracking System (LISTS) Form |
Application Owner: (Person who is responsible for funding) |
____________________________________________________Jack L. Forsythe
Phone Number: _______________301-286-7233 E-Mail: [email protected]
|
System Manager (Responsible for system technical operation)
|
____________________________________________________Rhonda McCarter
Phone Number: 301-286-5305_______________ E-Mail: [email protected]__________________
|
NASA Cognizant Official: (NASA individual responsible for management of daily operations)
Activity/Purpose of Application: |
Pamela A. Starling____________________________________________________
Phone Number: 301-286-6865_______________ E-Mail: [email protected]__________________
_____________________________________________________
Collection _____________________________________________________Renewal |
Mission Program/Project Supported: |
Se__________________________________________________curity and Program Protection |
IT Security Plan Number: |
__________________________________________________N/A |
System Location (Center or contractor office building, room, city, and state): |
Center/Contractor: NASA/Goddard Space Flight Center __________________________________
Street Address: 8800 Greenbelt Road_____________________________________ Building: ___________________________________________9; Room 118 City Greenbelt,______________________ ST MD_______ ZIP 20771____________ |
Privacy Act System of Records (SOR) Number: |
NASA 51LISTS__________________________________________________ |
OMB Information Collection Approval Number and Expiration Date: |
__________________________________________________2700-0064 2/28/07 |
Other Identifying Number(s): |
__________________________________________________GSFC 24-27 |
No. |
Privacy Question Sets |
User Response |
Comments |
||
Yes |
No |
N/A |
|||
System Characterization and Data Categorization |
|||||
1 |
Has/Have any of the major changes listed in the Comments column occurred to the system since April 2003 or the conduct of the last PIA?
If
yes, please check which change(s)
N/A is NOT an option. |
|
|
|
Conversions Anonymous to Non-Anonymous Significant System Management Changes Significant Merging New Public Access Commercial Sources Internal Flow or Collection New Interagency Use Alteration in Character of Data |
2 |
Does/Will the system contain Federal records? RECOMMEND RESPONDENT READ EXPLANATION. If this is answered “N”, but either Q4 or 13 are answered “Y,” respondent should get message telling them this one should be “Y.” |
|
|
|
|
3 |
If the system contains/will contain Federal records, under which disposition authority item in the NASA Records Retention Schedules or the General Records Schedules are/will the records be retained and disposed of or archived? If 2 is “Y”, this should be completed. If it is not, the lack thereof should be documented in the System Report and the Action List should tell them they must collaborate with their Center Records Manager to locate/develop a proper retention schedule.
|
|
|
|
NPR 1441.1D, NASA Records Retention Schedules, Schedule Item: ________________________AFS #1620, Item 104 |
4 |
Are the records in this system (or will they be) generated in the process of NASA program/project formulation, design, development, or operation as described in NPR 7120? |
|
|
|
|
5 |
Are the records Vital records for the organization? |
|
|
|
|
6
|
Are backup files (tapes or other media) being stored off-site? If yes, please indicate in the comment field where backups are located.
|
|
|
|
Backup storage location : _____________________________________________________________________________________________________________________________________________________
|
System Characterization and Data Categorization |
|||||
7 |
Does/will the system collect information in a standard way (forms, Web enabled form, survey, questionnaire, etc.) from members of the public (including contractors), regardless of whether voluntary and regardless of format (paper or electronic)?
If yes, please check types of info required under Comments.
|
|
|
|
Personal identifying information Other _ Security___________________
Other ____________________
If answered no, Auto fill next question N/A. |
8 |
Is the information collection indicated above authorized by an OMB Approval Number under the Paperwork Reduction Act (PRA)? If yes, please provide the OMB PRA Approval Number under Comments |
|
|
|
PRA OMB Approval Number: 2700-0064____________________
This number should also be provided as an “identifying number” on the first completed page of this PIA. |
9 |
Does/Will the system contain (store) information in identifiable form (IIF) from members of the public within any database(s), record(s), file(s) or Web site(s) hosted by this system?
Note: If yes, check all that apply in the Comments column. If the category of personal information is not listed, please check “Other” and identify the category.
Please note: This question seeks to identify all personal information contained within the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation.
. [Autofill all relevant questions with N/A.]
|
|
|
|
Personal Information: Name Date of birth Social Security Number (or other number originated by a government that specifically identifies an individual) Photographic identifiers (e.g., photograph image, x-rays, and video) Driver’s license Biometric identifiers (e.g., fingerprint and voiceprint) Mother’s maiden name Vehicle identifiers (e.g., license plates) Mailing address Phone numbers (e.g., phone, fax, and cell) Medical records numbers Medical notes Financial account information and/or numbers (e.g., checking account number and Personal Identification Numbers [PIN]) Certificates (e.g., birth, death, and marriage) Legal documents or notes (e.g., divorce decree, criminal records, or other) Device identifiers (e.g., pacemaker, hearing aid, or other) Web Uniform Resource Locators (URL) E-mail address Education records Military status and/or records Employment status and/or records Foreign activities and/or interests Other:________________________ Emergency contact
|
|
*** If Question 9 is answered “No,” there is no need to proceed further. *** |
|
|
|
|
10 |
Indicate all the categories of individuals about whom IIF is or will be collected. |
|
|
|
Employees Public citizens Patients Business partners/contacts (federal, state, local agencies) Vendors/Suppliers/Contractors Other |
System Characterization and Data Categorization |
|||||
11
|
Are records on the system (or will records on the system be) retrieved by one or more data elements?
Note: If yes, specify in the Comments column data elements will be used in retrieving the records (i.e., using a record number, name, social security number, or other data element or record locator methodology). If the category of personal information is not listed, please check “Other” and identify the category.
|
|
|
|
Personal Information: Name Social Security Number (or other number originated by a government that specifically identifies an individual) Photographic identifiers (e.g., photograph image, x-rays, and video) Driver’s license Biometric identifiers (e.g., fingerprint and voiceprint) Mother’s maiden name Vehicle identifiers (e.g., license plates) Mailing address Phone numbers (e.g., phone, fax, and cell) Medical records numbers Medical notes Financial account information and/or numbers (e.g., checking account number and Personal Identification Numbers [PIN]) Certificates (e.g., birth, death, and marriage) Legal documents or notes (e.g., divorce decree, criminal records, or other) Device identifiers (e.g., pacemaker, hearing aid, or other) Web Uniform Resource Locators (URL) E-mail address Education records Military status and/or records Employment status and/or records Foreign activities and/or interests Other:________________________
|
12 |
Are/Will records on 10 or more individuals containing IIF [be] maintained, stored or transmitted/passed through this system? |
|
|
|
|
13 |
Is the system (or will it be) subject to the Privacy Act?
Note: If the answer to questions 9, 11, and 12 were yes, the system will likely be subject to the Privacy Act. System owners should contact their Center PAM for assistance with this question if they are uncertain of the applicability of the Privacy Act.
|
|
|
|
If the answer to questions 11, 13, and 14 were yes, the system will likely be subject to the Privacy Act. System owners should contact their Center PAM for assistance with this question if they are uncertain of the applicability of the Privacy Act.
Autofill”yes” when yes is marked for 9 and 11; “no,” if 9 and 11 are marked “no.” |
14 |
Has a Privacy Act System of Record (SOR) Notice been published in the Federal Register for this system?
Note:
If no, explain why not in the
|
|
|
|
No IIF is contained in the system. IIF is in the system, but records are not retrieved by IIF. Should have published an SOR, but was unaware of the requirement. System is required to have an SOR but is not yet procured or operational. Other:________________________
|
15 |
If a SOR Notice has been published, have major changes to the system occurred since publication of the SOR?
|
|
|
|
|
Information Sharing Practices |
|||||
16 |
Is the IIF in the system voluntarily submitted (or will it be)? |
|
|
|
|
17 |
Does/Will the system collect IIF directly from individuals?
Note:
If yes, identify in the Comments column the IIF the system
collects or will collect directly from individuals. If the
category of personal information is not listed, please check
“Other” and identify
|
|
|
|
See Item #9 |
18 |
Does/Will the system collect IIF from other sources (i.e., databases, Web sites, etc.) besides directly from the individual?
Note: If yes, specify the resource(s) and IIF in the Comments column.
|
|
|
|
|
19 |
Does/Will the system populate data for other resources (i.e., do databases, Web sites, or other resources rely on this system’s data)?
Note: If yes, specify resource(s) and purpose for each instance in the Comments column. |
|
|
|
Resource: ____________________ Resource: ____________________ Resource: ____________________ Resource: ____________________ Resource: ____________________ |
20 |
Does/Will the system share or disclose IIF with agencies external to NASA, or other people or organizations outside NASA?
Note: If yes, specify with whom and for what purposes, and identify which data elements in the Comments column. If the category of personal information is not listed, please check “Other” and identify the category.
|
|
|
|
With whom and for what purposes: ______________________________ ______________________________ ______________________________ ______________________________ ______________________________
|
21 |
If the IIF in the system is or will be matched against IIF in one or more other computer systems internal or external to NASA, are (or will there be) computer data matching agreement(s) in place?
If yes, indicate in the Comments column internal or external and the system(s) with data which are matched.
|
|
|
|
Location of other systems involved in matching: Internal NASA External to NASA
Other systems involved: ________________________________ ________________________________
If answered “No,” auto fill 22 with N/A. |
22 |
If data matching activities will occur, will the IIF be de-identified, aggregated, or otherwise made anonymous?
Note: If yes, please describe this use in the Comments column. |
|
|
|
De-identified Aggregated Other
|
23 |
Is there a process, either planned or in place, to notify organizations or systems that are dependent upon the IIF contained in this system when changes occur (i.e., revisions to IIF, when the system encounters a major change, or is replaced)? |
|
|
|
|
24 |
Is there a process, either planned or in place, to notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection)?
|
|
|
|
|
25 |
Is there/Will there be a process in place for individuals to choose how their IIF data is used?
Note:
If yes, please describe the process for allowing individuals
choice in the
|
|
|
|
Process:_____________________________________________________________________________________________________________________________________________________ |
26 |
Is there/Will there be a complaint process in place for individuals who believe their IIF has been inappropriately obtained, used, or disclosed, or that the IIF is inaccurate?
Note:
If yes, please describe briefly
|
|
|
|
Process:_____________________________________________________________________________________________________________________________________________________ |
27 |
Are
there or will there be processes in place for periodic reviews
of IIF
Note: If yes, please describe briefly the review process in the Comments column. |
|
|
|
Process:_: Verification Forms____________________________________________________________________________________________________________________________________________________ |
28 |
Are there/Will there be rules of conduct in place for access to IIF on the system?
Note:
If yes, identify in the Comments column all users with access to
IIF on the system and for what purposes they use
|
|
|
|
Users Administrators Developers Contractors
For what purposes: ______________________________ ______________________________ ______________________________ ______________________________ ______________________________
|
29 |
Is there a process in place to log routine and non-routine disclosures and/or unauthorized access?
If yes, check in the Comments column which kind of disclosures are logged.
|
|
|
|
Disclosures logged: Routine Non-routine Public Internet__________________
|
Web site Host – Question Sets |
|||||
30 |
Does/Will the system host a Web site?
Note: If yes, identify what type of site the system hosts in the Comments column.
If no, check “No” for all remaining questions in the “Web Site Host Question Sets” section and answer questions starting with the “Administrative Controls” section beginning with question 44. |
|
|
|
Type of site: Public Internet__________________ Internal NASA __________________ Both__________________________
|
31 |
Is the Web site (or will it be) accessible by the public or other entities (i.e., federal, state, and local agencies, contractors, third-party administrators, etc.)?
|
|
|
|
|
32 |
Is the Agency Web site privacy policy statement posted (or will it be posted) on the Web site?
|
|
|
|
|
33 |
Is the Web site’s privacy policy in machine-readable format, such as Platform for Privacy Preferences (P3P)?
Note: If no, please describe in the Comments column your timeline to implement P3P requirements for this system. |
|
|
|
Implementation Plan:______________________ ______________________________________________________________________________ |
34 |
Does the Web site employ (or will it employ) persistent tracking technologies?
Note: If yes, identify types of cookies in the Comments column. If persistent tracking technologies are in place, please indicate the official who authorized the use of the persistent tracking technology. |
|
|
|
Session Cookies Persistent Cookies Web bugs Web beacons Other (Describe): ________________
Authorizing Official: ____________________
Authorizing Date: ______________________ |
35 |
Does/Will the Web site collect or maintain personal information from or about children under the age of 13?
|
|
|
|
If marked “No,” autofill “N/A” in next question. |
36 |
If the Web site does/will collect or maintain personal information from or about children under the age of 13, please indicate what information and how the information is collected.
|
|
|
|
Actively directly from the child Passively through cookies Both of the above What Information collected: _____________________________________________________________________________________________________________________
|
37 |
If the Web site does/will collect or maintain personal information from or about children under the age of 13, is the information shared with any non-NASA organizations, grantees, universities, etc.
Note: If yes, also identify the non-NASA organizations in the comments field |
|
|
|
Information is shared with: _____________________________________________________________________________________________________________________ If “no,” autofill “N/A” in items 38 & 39. |
38 |
If the Web site does/will collect or maintain personal information from or about children under the age of 13, specify in the comments field what method is used for obtaining parental consent.
|
|
|
|
Method used for obtaining parental consent (please check all that apply) No consent is obtained Simple email email accompanied by digital signature signed form from the parent via postal mail or facsimile accepting and verifying a credit card number in connection with a transaction taking calls from parents, through a toll-free telephone number staffed by trained personnel
|
39 |
Does/Will the Web site collect IIF electronically from any individuals?
Note:
If yes, identify what IIF the system collects in the Comments
column. If the category of personal information is not
|
|
|
|
Personal Information:
Name Date of birth Social Security Number (or other number originated by a government that specifically identifies an individual) Photographic identifiers (e.g., photograph image, x-rays, and video) Driver’s license Biometric identifiers (e.g., fingerprint and voiceprint) Mother’s maiden name Vehicle identifiers (e.g., license plates) Mailing address Phone numbers (e.g., phone, fax, and cell) Medical records numbers Medical notes Financial account information and/or numbers (e.g., checking account number and Personal Identification Numbers [PIN]) Certificates (e.g., birth, death, and marriage) Legal documents or notes (e.g., divorce decree, criminal records, or other) Device identifiers (e.g., pacemaker, hearing aid, or other) Web Uniform Resource Locators (URL) E-mail address Education records Military status and/or records Employment status and/or records Foreign activities and/or interests Other:________________________
|
40 |
Does/Will the Web site provide a PDF form to be completed with IIF from any individuals and then mailed or otherwise provided to NASA?
Note:
If yes, identify what IIF the PDF form collects in the Comments
column. If the category of personal information is not
|
|
|
|
Personal Information:
Name Date of birth Social Security Number (or other number originated by a government that specifically identifies an individual) Photographic identifiers (e.g., photograph image, x-rays, and video) Driver’s license Biometric identifiers (e.g., fingerprint and voiceprint) Mother’s maiden name Vehicle identifiers (e.g., license plates) Mailing address Phone numbers (e.g., phone, fax, and cell) Medical records numbers Medical notes Financial account information and/or numbers (e.g., checking account number and Personal Identification Numbers [PIN]) Certificates (e.g., birth, death, and marriage) Legal documents or notes (e.g., divorce decree, criminal records, or other) Device identifiers (e.g., pacemaker, hearing aid, or other) Web Uniform Resource Locators (URL) E-mail address Education records Military status and/or records Employment status and/or records Foreign activities and/or interests Other:________________________
|
41 |
Does/Will the Web site share IIF with organizations external to NASA, or other people or organizations outside NASA?
Note: If yes, specify with whom and for what purposes.
|
|
|
|
With whom and for what purposes: ______________________________ ______________________________ ______________________________ ______________________________ ______________________________
|
42 |
Are
rules of conduct in place (or will they be in place) for access
to IIF on the
Note: If yes, identify in the Comments column all categories of users with access to IIF on the system, and for what purposes the IIF is used.
|
|
|
|
Users Administrators Developers Contractors
For what purposes: ______________________________ ______________________________ ______________________________ ______________________________
|
43 |
Does (or will) the Web site contain links to sites external to the Center that owns and/or operates the system?
Note:
If yes, note in the Comments column whether the system provides
a disclaimer notice for users that follow external links to Web
sites not owned or operated by |
|
|
|
Disclaimer notice for all external links |
Administrative Controls |
|||||
44 |
Have there been major changes to the system since it was last certified and accredited?
Note: If the system is under development and not yet certified and accredited at the time of this PIA, please describe in the Comments column the plan and timeline for conducting a certification and accreditation (C&A) for this system. |
|
|
|
|
45 |
Have personnel (system owners, managers, operators, contractors and/or program managers) using the system been (or will they be) trained and made aware of their responsibilities for protecting the IIF being collected and maintained?
|
|
|
|
|
46
|
Who
has /will have access to the IIF on
Note:
Check all that apply in the |
|
|
|
Users Administrators Developers Contractors Other |
47 |
If contractors operate or use the system, do the contracts include clauses ensuring adherence to privacy provisions and practices? |
|
|
|
|
48 |
Are methods in place to ensure that access to IIF is restricted to only those required to perform their official duties?
Note: If yes, please specify method(s) in the Comments column. |
|
|
|
|
49 |
Are there policies or guidelines in place for the retention and destruction of IIF within the application/system?
Note: If yes, please provide some detail about these policies/practices in the Comments column. |
|
|
|
NPR 1441.1D, NASA Records Retention Schedules, AFS#1620, Item 104 |
Technical Controls |
|||||
50 |
Are technical controls in place to minimize the possibility of unauthorized access, use, or dissemination of the data in the system (or will there be)?
|
|
|
|
|
51 |
Are
any of the password controls listed in the Comments column in
place (or will they be)? Note:
Check all that apply in the
|
|
|
|
Passwords expire after a set period of time. Accounts are locked after a set period of inactivity. Minimum length of passwords is eight characters. Passwords must be a combination of uppercase, lowercase, and special characters. Accounts are locked after a set number of incorrect attempts. |
52 |
Is there (or will there be) a process in place to monitor and respond to privacy and/or security incidents?
|
|
|
|
|
Physical Controls |
|||||
53 |
Are physical access controls in place (or will they be)
|
|
|
|
|
- END - |
|||||
PIA Analysis Worksheet
Contact Information
______________________________________ ______________________
Signature of NASA Cognizant Official Date
_____________________________________________Jack L. Forsythe Chief of Security______________________
Print Name Title/Position
NASA Goddard Space Flight Center/Security Division_____________________________________________
Center and Office/Department
_____________________________________________8800 Greenbelt Road
Street Address
______________________________________
Street Address
Greenbelt, MD 20771______________________________________
City, State and Zip Code
301-286-7233 301-286-1230__________________ ____________________
Phone Number Fax Number
***Please go to the next page and complete the PIA Summary. This Summary will be made publicly available at http://www.NASA.gov/pia.***
Privacy Impact Assessment (PIA) Summary
Date of this Submission (MM/DD/YYYY): 10/16/06
NASA Center: Goddard Space Flight Center
Application Name: Pamela A. Starling
Is this application or information collection new or is an existing one being modified? Existing
Does this application collect, maintain, and/or disseminate information in identifiable form (IIF)? Yes
Mission Program/Project Supported:
Identifying Numbers (Use N/A, where appropriate)
Privacy Act System of Records Number: NASA 51LISTS
OMB Information Collection Approval Number and Expiration Date: 2700-0064 2/28/07
Other Identifying Number(s): GSFC 24-27
Description
Provide an overview of the application or collection and indicate the legislation authorizing this activity.
The Locator and Information Services Tracking System (LISTS) is primarily needed to support services on the NASA Goddard Space Flight Center (GSFC) dependent upon accurate locator-type information. Additionally, the Privacy Act information is maintained, protected, and used for mandatory security functions. The system also serves as a tool for performing short- and long-term institutional planning. The GSFC is authorized to maintain this system under the governing statutes of 5 USC 301, 42 USC 2473, and 44 USC 3101.
Describe
the information the agency will collect, maintain, or disseminate
and how the agency will use the information. In this description,
indicate whether the information contains IIF and whether submission
is voluntary
or mandatory.
The routine uses of LISTS data include assisting the Security Office in issuing identification badges and coordinating clearance requests; identifying the listed emergency contact in case of an emergency; disclosure of requested information; and court proceedings. Official uses of general information include locating individuals working at the Center; and improving services provided to the Center, e.g., mail operations, scheduling of physical examinations. The submission of information is voluntary, although failure to do so may result in being denied a GSFC identification badge or access to printed materials in the Library.
Explain how the IIF collected, maintained, and/or disseminated is the minimum necessary to accomplish the purpose for this effort.
Without this collection of information, GSFC could not maintain a current system of records that is used by officials and employees within NASA for preview, planning, review, and management decisions regarding personnel and institutional services.
Explain why the IIF is being collected, maintained, or disseminated.
GSFC is required to maintain the information because of the responsibilities it has to provide quality institutional services to meet Center needs. Certain elements of LISTS data are used for long-term institutional planning and to conduct demographic trend analysis of Goddard’s workforce.
Identify with whom the agency will share the IIF.
Information is not shared with agencies external to NASA, or other people or organizations outside of NASA.
Describe how the IIF will be obtained, from whom it will be collected, what the suppliers of information and the subjects will be told about the information collection, and how this message will be conveyed to them (e.g., written notice, electronic notice if a Web-based collection, etc.). Describe any opportunities for consent provided to individuals regarding what information is collected and how the information will be shared.
The form is available in PDF format, and some respondents may provide locator information electronically. The data provided is considered privileged information. Respondents are informed that their records are protected and maintained in accordance with the requirements of the Privacy Act and through the password and access protections built into the data base management software system.
State whether personal information will be collected from children under age 13 on the Internet and, if so, how parental or guardian approval will be obtained. (Reference: Children’s Online Privacy Protection Act of 1998)
No
Describe how the IIF will be secured.
LISTS is the central repository for this type of information; it does not exist elsewhere.
Describe plans for retention and destruction of IIF.
NPR 1441.1D, NASA Records Retention Schedules, AFS#1620, Item 104 “Records are retained for varying periods of time depending on the need for use of the files, and are destroyed or otherwise disposed of when superseded or no longer needed.”
Identify whether a system of records is being created under section 552a of Title 5, United States Code (the Privacy Act), or identify the existing Privacy Act system of records notice under which the records will be maintained.
The U.S. Code, Title 5, Section 301, Title 42, Section 2473, and Title 44, Section 3101, authorize collection of this information.
Identify a point of contact to whom a member of the public can address questions concerning this information system and the privacy concerns associated with it: _______________________________. Rhonda McCarter, 301-286-5305
______________________________________
[Name]
[NASA Cognizant Official/Title]
Jack L. Forsythe
Chief of Security
Date ____________
Concur: Concur:
______________________________________ ______________________________________
[Name] [Name]
[Center Privacy Act Manager] Center Chief Information Officer
Date ____________ Date: ____________
Concur: Approved for Publication:
______________________________________ ______________________________________
Patti F. Stockman Patricia L. Dunnington
NASA Privacy Act Officer Chief Information Officer
Date: ____________ Date: ____________
PIA
Worksheet Page
| File Type | application/msword |
| File Title | NASA Information Technology Security Program NPR |
| Author | eTouch Systems User |
| Last Modified By | Walter Kit |
| File Modified | 2006-10-18 |
| File Created | 2006-10-18 |