Privacy Impact Assessment for Census

PIA-Census.doc

Generic Clearance of Survey Improvement Projects

Privacy Impact Assessment for Census

OMB: 0535-0248

Document [doc]
Download: doc | pdf

United States Department of Agriculture

National Agricultural Statistics Service

NASS Census Processing System

Privacy Impact Assessment

(PIA)

August 8, 2007



Prepared by:

National Agricultural Statistics Service

1400 Independence Ave., S.W.

Washington, DC 20250

USDA PRIVACY IMPACT ASSESSMENT FORM



Agency: National Agricultural Statistics Service

     

System Name: NASS Census Processing System

     

System Type: Major Application

General Support System

Non-major Application


System Categorization (per FIPS 199): High

Moderate

Low


Description of the System:

The NASS Census Processing System is primarily used to the Census of Agriculture which is congressionally mandated to be conducted every 5 years in years ending in 2 or 7. The system can also be used for processing follow-on surveys and censuses. This major application runs on machines housed at the USDA/NITC facility in Kansas City, MO, and Headquarters in Washington, D.C.

     

Who owns this system? (Name, agency, contact information)

Brian Lounsbury     

National Agricultural Statistics Service

1400 Independence Ave., S.W.

Washington, DC 20250

Tel.No. (202)720-7906

     

Who is the security contact for this system? (Name, agency, contact information)

Renato Chan     

National Agricultural Statistics Service

1400 Independence Ave., S.W.

Washington, DC 20250

Tel.No. (202)720-4068

     

Who completed this document? (Name, agency, contact information)

Renato Chan     

National Agricultural Statistics Service

1400 Independence Ave., S.W.

Washington, DC 20250

Tel.No. (202)720-4068

DOES THE SYSTEM CONTAIN INFORMATION ABOUT INDIVIDUALS IN AN IDENTIFIABLE FORM?


Indicate whether the following types of personal data are present in the system


QUESTION 1

Does the system contain any of the following type of data as it relates to individual:


Citizens


Employees

Name

Yes

No

Social Security Number

No

   No    

Telephone Number

Yes

No

Email address

No

No

Street address

Yes

No

Financial data (i.e. account numbers, tax ids, etc)

No      

No

Health data

No      

No

Biometric data

No      

No

QUESTION 2


Can individuals be uniquely identified using personal information such as a combination of gender, race, birth date, geographic indicator, biometric data, etc.?


NOTE: 87% of the US population can be uniquely identified with a combination of gender, birth date and five digit zip code1

No      

No

Are social security numbers embedded in any field?

No

      No

Is any portion of a social security numbers used?

No

      No

Are social security numbers extracted from any other source (i.e. system, paper, etc.)?

No

      No


If all of the answers in Questions 1 and 2 are NO,

You do not need to complete a Privacy Impact Assessment for this system and the answer to OMB A-11, Planning, Budgeting, Acquisition and Management of Capital Assets,

Part 7, Section E, Question 8c is:

3. No, because the system does not contain, process, or transmit personal identifying information.



If any answer in Questions 1 and 2 is YES, provide complete answers to all questions below.



DATA COLLECTION

  1. Generally describe the data to be used in the system. The data collected reflect the general and specific information about a respondent’s agricultural operation. Information on the amount and value of land in the farm, the commodities grown or raised on that land, the production and value of products sold from that land, as well as other economic and demographic information directly related to that agricultural operation. The system processes census data from mail out and data capture, data collection and tracking, data editing, data analysis, data summarization and tabulation, and publication of aggregated totals by county, state, regional and the United States.

     

     

  1. Is the collection of the data both relevant and necessary to the purpose for which the system is designed? In other words, the data is absolutely needed and has significant and bearing on the system’s purpose.


Yes

No. If NO, go to question 5


    1. Explain.

     The system is designed to process census data. The data collected is included in published in various aggregated totals at various geographical levels.

     

     


  1. Sources of the data in the system.

    1. What data is being collected from citizens and/or employees?

     

Data about respective agricultural operations including economic and demographic information.

     

     

    1. What USDA agencies are providing data for use in the system?

     

     

     

    1. What government agencies (state, county, city, local, etc.) are providing data for use in the system?


The Bureau of the Census at the National Processing Center (NPC) in Jeffersonville, Indiana is used to mail out and electronically capture data from returned report forms. NPC transfers these files to NASS electronically.

     

    1. From what other third party sources is data being collected?

     None

     

     

  1. Will data be collected from sources outside your agency? For example, citizens and employees, USDA sources (i.e. NFC, RD, etc.) or Non-USDA sources.


Yes

No. If NO, go to question 7


    1. How will the data collected from citizens and employees be verified for accuracy, relevance, timeliness, and completeness?

      The Census Processing System has many tools for validating and analyzing the data to ensure it is accurate, relevant, timely and complete. If data questions still remain, the respondent may be contacted by NASS to clarify questions and ensure the data meets all the above criteria.

     

     

    1. How will the data collected from USDA sources be verified for accuracy, relevance, timeliness, and completeness? N/A

     

     

    1. How will the data collected from non-USDA sources be verified for accuracy, relevance, timeliness, and completeness? The Census Processing System has many tools for validating and analyzing the data to ensure it is accurate, relevant, timely and complete.

     

     

     

DATA USE

  1. Individuals must be informed in writing of the principal purpose of the information being collected from them. What is the principal purpose of the data being collected?

      To provide a uniform accounting of the entire agriculture sector every 5 years for county, State, regional and national geographic levels. The data is used by farm operators, governments, manufacturers, media, researchers, academia, and businesses. It provides an historical picture of agriculture at various points in time.

     

     

  1. Will the data be used for any other purpose?


Yes

No. If NO, go to question 9


    1. What are the other purposes?

     

     

     

  1. Is the use of the data both relevant and necessary to the purpose for which the system is being used? In other words, the data is absolutely needed and has significant and demonstrable bearing on the system’s purpose.


Yes

No. If NO, go to question 10


    1. Explain. The data is processed (as stated above) and aggregates which have passed rigorous efforts to protect and ensure a respondent’s confidentiality from being disclosed are published. Without the data there is no need for a system and there would be no deliverable product.

     

     

     

  1. Will the system derive new data or create previously unavailable data about an individual through aggregation from the information collected (i.e. aggregating farm loans by zip codes in which only one farm exists.)?


Yes

No. If NO, go to question 11


    1. Will the new data be placed in the individual’s record (citizen or employee)?


Yes

No


    1. Can the system make determinations about citizens or employees that would not be possible without the new data?


Yes

No


    1. How will the new data be verified for relevance and accuracy? By using validation, range, and consistency edits, and relational and historical comparison edits. By using various analysis tools to ensure data is relevant and accurate.

     

     

     

  1. Individuals must be informed in writing of the routine uses of the information being collected from them. What are the intended routine uses of the data being collected?

The collected data will be used as inputs to the summary, tabulation, and disclosure programs and published in aggregated totals by geographic locations. Once aggregated and published, the data is used by farm operators, governments, manufacturers, media, researchers, academics, and businesses. It provides an historical picture of agriculture at various points in time.


     

     

     

  1. Will the data be used for any other purpose (other than indicated in question 11)?


Yes

No. If NO, go to question 13


    1. What are the other purposes?

     

     

     

  1. Automation of systems can lead to the consolidation of data – bringing data from multiple sources into one central location/system – and consolidation of administrative controls. When administrative controls are consolidated, they should be evaluated so that all necessary privacy controls remain in place to the degree necessary to continue to control access to and use of the data. Is data being consolidated?


Yes

No. If NO, go to question 14


    1. What controls are in place to protect the data and prevent unauthorized access? Strict security and access controls are in place to ensure only sworn and authorized employees or agents of NASS have access to the data.

     

     

  1. Are processes being consolidated?


Yes

No. If NO, go to question 15


    1. What controls are in place to protect the data and prevent unauthorized access? Strict security and access controls are in place to ensure only sworn and authorized employees or agents of NASS have access to the consolidated data.


     

     

     

DATA RETENTION

  1. Is the data periodically purged from the system?


Yes

No. If NO, go to question 16


    1. How long is the data retained whether it is on paper, electronically, in the system or in a backup? Retention and disposal practices are in accordance with approved National Archives and Records Administration (NARA) schedules.

     

     

    1. What are the procedures for purging the data at the end of the retention period? Retention and disposal practices are in accordance with approved National Archives and Records Administration (NARA) schedules.

     

     

     

    1. Where are these procedures documented? Retention and disposal practices are in accordance with approved National Archives and Records Administration (NARA) schedules.

     

     

     

  1. While the data is retained in the system, what are the requirements for determining if the data is still sufficiently accurate, relevant, timely, and complete to ensure fairness in making determinations? Once the data has been processed, and aggregated to published totals, that data is frozen and no changes are made to its content.

     

     

     

  1. Is the data retained in the system the minimum necessary for the proper performance of a documented agency function?


Yes

No


DATA SHARING

  1. Will other agencies share data or have access to data in this system (i.e. international, federal, state, local, other, etc.)?


Yes

No. If NO, go to question 19


    1. How will the data be used by the other agency?

     

     

     

    1. Who is responsible for assuring the other agency properly uses of the data?

     

     

     

  1. Is the data transmitted to another agency or an independent site?


Yes

No. If NO, go to question 20



    1. Is there the appropriate agreement in place to document the interconnection and that the PII and/or Privacy Act data is appropriately protected? The NASS Memorandum of Understanding with NPC and NITC contains provisions for (1) Network Data Confidentiality, Integrity and Availability, and (2) Physical Security.

     

     

     

    1. Where are those documents located?

     NASS maintains a copy of the Memorandum of Understanding in its Headquarters offices in Washington, D.C.

     

     


  1. Is the system operated in more than one site?


Yes

No. If NO, go to question 21



    1. How will consistent use of the system and data be maintained in all sites?

      All NASS employees are required to sign a pledge of confidentiality that carries severe legal penalties for violating the pledge. NASS employs physical security controls, logical access controls, technological controls, auditing and monitoring of controls. NASS uses a secure, common configuration that all Field Offices and Headquarters are required to use. Magnetic backup tapes stored at NITC and NPC are secured within areas to which access is limited to authorized personnel only

     

     

DATA ACCESS

Who will have access to the data in the system (i.e. users, managers, system administrators, developers, etc.)? Sworn NASS employees will have access to the processing systems. The majority of NASS employees with access will be users of the system. A very limited number of NASS technical support staff including infrastructure, database administrators could have system administration access to the data. All NASS employees are required to sign a pledge of confidentiality that carries severe legal penalties for violating the pledge. NASS employs physical security controls, logical access controls, technological controls, auditing and monitoring of controls.

     

     

  1. How will user access to the data be determined? Users are limited to accessing the data through the census processing system and all of the tools associated with it. Authorized users can also use COTS read only query tools to help with the analysis of the data.

     

     

     

    1. Are criteria, procedures, controls, and responsibilities regarding user access documented?


Yes

No. If NO, go to question 23


    1. Where are criteria, procedures, controls, and responsibilities regarding user access documented? Electronic records of authorized requests for user accounts are maintained. Data access is strictly limited to NASS employees that have been officially authorized to have access. All NASS employees are required to sign a pledge of confidentiality that carries severe legal penalties for violating the pledge. NASS employs physical security controls, logical access controls, technological controls, auditing and monitoring of controls.

     

     

     

  1. How will user access to the data be restricted? Users are validated at several levels, including the network, database, internal application access controls and role level security before being allowed to access the data. NASS employs physical security controls, logical access controls, technological controls, auditing and monitoring of controls to accommodate this.

     

     

     

    1. Are procedures in place to detect or deter browsing??


Yes

No

     

    1. Are procedures in place to detect or deter unauthorized user access?


Yes

No


  1. Does the system employ security controls to make information unusable to unauthorized individuals (i.e. encryption, strong authentication procedures, etc.)?


Yes

No


CUSTOMER PROTECTION

  1. Who will be responsible for protecting the privacy rights of the citizens and employees affected by the interface (i.e. office, person, departmental position, etc.)?

It is the responsibility of all NASS employees and sworn agents to protect the privacy rights of citizens and employees affected by the interface. All NASS employees are required to sign a pledge of confidentiality that carries severe legal penalties for violating the pledge.

     

     

  1. How can citizens and employees contact the office or person responsible for protecting their privacy rights? NASS officials can be contacted in Headquarters and each Field Office.

     

     

     

  1. A “breach” refers to a situation where data and/or information assets are unduly exposed. Is a breach notification policy in place for this system?


Yes - If YES, where is the breach notification policy located?

     The policy is located in Security office at Headquarters in Washington, D.C.

     

     

No - If NO, please enter the POAM number with the estimated completion date:

     

     

     


  1. Consider the following:

  • Consolidation and linkage of files and systems

  • Derivation of data

  • Accelerated information processing and decision making

  • Use of new technologies


Is there a potential to deprive a citizens and employees of fundamental rules of fairness (those protections found in the Bill of Rights)?


Yes

No. If NO, go to question 29


    1. Explain how this will be mitigated?

     

     

     

  1. How will the system and its use ensure equitable treatment of citizens and employees?

     

     

     

  1. Is there any possibility of treating citizens and employees differently and unfairly based upon their individual or group characteristics?


Yes

No. If NO, go to question 31


    1. Explain

     

     

     

SYSTEM OF RECORD

  1. Can the data be retrieved by a personal identifier? In other words, does the system actually retrieve data by the name of an individual or by some other unique number, symbol, or identifying attribute of the individual?


Yes

No. If NO, go to question 32


    1. How will the data be retrieved? In other words, what is the identifying attribute (i.e. employee number, social security number, etc.)?

     

     Data is retrieved by unique identification numbers internal to the agency.

     

    1. Under which Systems of Record notice (SOR) does the system operate? Provide number, name and publication date. (SORs can be viewed at www.access.GPO.gov)

     

USDA/NASS-03 Census of Agriculture Records

     

    1. If the system is being modified, will the SOR require amendment or revision?

     

If the scope of the personal data maintained is modified, the System of Record will be modified, accordingly.


     

TECHNOLOGY

  1. Is the system using technologies in ways not previously employed by the agency (e.g. Caller-ID)?


Yes

No. If NO, the questionnaire is complete.


    1. How does the use of this technology affect citizens and employees privacy?

     

     

     


Upon completion of this Privacy Impact Assessment for this system, the answer to

OMB A-11, Planning, Budgeting, Acquisition and Management of Capital Assets,

Part 7, Section E, Question 8c is:


1. Yes.


PLEASE SUBMIT A COPY TO

THE OFFICE OF THE ASSOCIATE CHIEF INFORMATION OFFICE/CYBER SECURITY



1 Comments of Latanya Sweeney, Ph.D., Director, Laboratory for International Data Privacy Assistant Professor of Computer Science and of Public Policy Carnegie Mellon University To the Department of Health and Human Services On "Standards of Privacy of Individually Identifiable Health Information". 26 April 2002.

FOR OFFICIAL USE ONLY


Page 13 of 13

File Typeapplication/msword
File TitlePrivacy Impact Assessment
AuthorRichard Ciampa
Last Modified ByHancDa
File Modified2008-04-24
File Created2008-04-24

© 2024 OMB.report | Privacy Policy