Primavera ProSight Form Report Smith, Marcia Copyright 1998-2006 Primavera Systems, inc. All Rights Reserved. Smith, Marcia 6.0.6211 SP2 06.1 HHS Privacy Impact Assessment (Form) / NIH FIC CareerTrac (Item) Primavera ProSightForm Report, printed by: Smith, Marcia, Jul 31, 2009 PIA SUMMARY1The following required questions with an asterisk (*) represent the information necessary to complete the PIA Summary for transmission to the Office of Management and Budget (OMB) and public posting in accordance with OMB Memorandum (M) 03-22.Note: If a question or its response is not applicable, please answer “N/A” to that question where possible. If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of personally identifiable information (PII). If no PII is contained in the system, please answer questions in the PIA Summary Tab and then promote the PIA to the Senior Official for Privacy who will authorize the PIA. If this system contains PII, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.2Summary of PIA Required Questions*Is this a new PIA?:NoIf this is an existing PIA, please provide a reason for revision:PIA Validation*1. Date of this Submission:Jul 31, 2009*2. OPDIV Name:NIH*3. Unique Project Identifier (UPI) Number for current fiscal year:009-25-01-05-02-1903-00*4. Privacy Act System of Records Notice (SORN) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):09-25-0156*5. OMB Information Collection Approval Number:0925-0568*6. Other Identifying Number(s):N/A*7. System Name (Align with system item name):CareerTrac*9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:Point of Contact InformationPOC NameLinda Kupfer*10. Provide an overview of the system:CareerTrac is a global trainee tracking and evaluation system for the Fogarty International Center (FIC), National Institutes of Health. The goal of this system is to create a complete trainee roster for all FIC research training programs and to monitor outputs, outcomes and impacts of FIC international trainees.*13. Indicate if the system is new or an existing one being modified:New*17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?:YesNote: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation.*21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):Yes*23. If the system shares or discloses PII, please specify with whom and for what purpose(s):FIC takes every reasonable precaution to protect information. CareerTrac system is securely hosted under NIH firewall and the password is encrypted. FIC maintains appropriate physical, electronic and procedural safeguards to ensure the security, integrity and privacy of trainee’s personal information. Unless legally mandated, FIC will not disclose any of the following information: employment history, phone, fax, year of birth, biographical data, gender (except in aggregate), minority status (except in aggregate), current training status, return home (except in aggregate), and career accomplishments (only in aggregate – except where in the public domain). FIC understands the delicate balance between protecting the data and permitting access to those who need to use the data for authorized purposes. Access to CareerTrac data will be granted only to those organizations/individuals, which must, in the course of exercising their responsibilities, use the specific information. The requests for access to CareerTrac data will be carefully reviewed and the following information may be disclosed for routine uses: trainee’s name, area of training, country of origin, work email, degrees earned through FIC funded programs, accomplishments that are public products, and career highlights of the trainee information. The audience for this information may include, but not restricted to: The FIC, NIH, HHS and Congress for reporting and evaluation purposes; The Principal Investigator (PI) and Collaborators for the purpose of monitoring the program, submitting progress reports and grant applications and writing journal articles describing the programs; FIC co-funding partners and Co-sponsors of FIC programs for the purpose of reporting progress and conducting evaluations of the programs Interested public, for example, for the purpose of convening a scientific meeting in a particular country to which former trainees will be invited*30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:The system will collect, track, and report on information about international trainees - such as trainee name, contact information, biographical information, and training information. The system also supports tracking of trainee accomplishments - such as fellowships, awards, employment, other education, product or policy developments, publications, funding received, presentations, posters at scientific conferences, and students taught. The purpose of the system is to enable effectiveness evaluations of health research training programs, funded by NIH/FIC, for international trainees. The information may be used by or disclosure may be made to (1) the FIC, NIH, HHS and Congress for reporting and evaluation purposes; (2) the academic community (including PIs and Collaborators) for the purpose of monitoring the program submitting progress reports and grant applications and writing journal articles describing the programs; (3) FIC co-funding partners and co-sponsors of FIC programs for the purpose of reporting progress and conducting evaluations of the programs; (4) interested public, for example for the purpose of convening a scientific meeting in a particular country to which former trainees will be invited. The personal information is submitted on a voluntary basis.*31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. (Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])We will provide the trainees with a written document that will notify the trainees about the purpose of data and how it will be used and shared. The trainees will have to read Privacy Act Disclosure and sign 'Certificate and Acceptance' form (which is part of the document) before PIs can enter their personal information into the system.*32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII)Yes*37. Does the website have any information or pages directed at children under the age of thirteen?:No*50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):Yes*54. Briefly describe in detail how the PII will be secured on the system using administrative, technical, and physical controls.:A variety of safeguards are implemented in order to protect the information collected through CareerTrac system. Regular access to information in CareerTrac is limited to PHS or to contractor employees who are conducting, reviewing or contributing to the system. Other access is granted only on a case-by-case basis, consistent with the restrictions, as authorized by the system manager or designated responsible official. Administrative Control: CareerTrac has a system security plan and backup plan. The files are backedup regularly and they are stored in secure offsite locations. Technical Control: CareerTrac system is securely hosted under NIH firewall and the password is encrypted and changed routinely. PIs can only view the trainees from their grant. FIC maintains appropriate physical, electronic and procedural safeguards to ensure the security, integrity and privacy of trainee's information. Physical access controls are in place for CareerTrac. Records are stored in closed or locked containers, in areas which are not accessible to unauthorized users, and in facilities which are locked when not in use. Sensitive records are not left exposed to unauthorized persons at any time. The following are some of the physical controls in place to safeguard system and data collected: closed circuit TV, identification badges and guards.PIA REQUIRED INFORMATION1HHS Privacy Impact Assessment (PIA)The PIA determines if Personally Identifiable Information (PII) is contained within a system, what kind of PII, what is done with that information, and how that information is protected. Systems with PII are subject to an extensive list of requirements based on privacy laws, regulations, and guidance. The HHS Privacy Act Officer may be contacted for issues related to Freedom of Information Act (FOIA) and the Privacy Act. Respective Operating Division (OPDIV) Privacy Contacts may be contacted for issues related to the Privacy Act. The Office of the Chief Information Officer (OCIO) can be used as a resource for questions related to the administrative, technical, and physical controls of the system. Please note that answers to questions with an asterisk (*) will be submitted to the Office of Management and Budget (OMB) and made publicly available in accordance with OMB Memorandum (M) 03-22.Note: If a question or its response is not applicable, please answer “N/A” to that question where possible.2General Information*Is this a new PIA?:NoIf this is an existing PIA, please provide a reason for revision:PIA Validation*1. Date of this Submission:Jul 31, 2009*2. OPDIV Name:NIH*3. Unique Project Identifier (UPI) Number for current fiscal year:009-25-01-05-02-1903-00 If the system does not have a UPI, please explain why it does not:*4. Privacy Act System of Records Notice (SORN) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):09-25-0156*5. OMB Information Collection Approval Number:0925-0568 OMB Collection Approval Number Expiration Date:*6. Other Identifying Number(s):N/A*7. System Name: (Align with system item name)CareerTrac8. System Location: (OPDIV or contractor office building, room, city, and state)System Location:OPDIV or contractor office buildingNCI\NIHRoomNot AvailableCityBethesdaStateMD*9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:Point of Contact InformationPOC NameLinda KupferThe following information will not be made publicly available:POC TitleEvaluation OfficerPOC OrganizationFICPOC Phone301-496-3288POC Emailkupferl@mail.nih.gov*10. Provide an overview of the system:CareerTrac is a global trainee tracking and evaluation system for the Fogarty International Center (FIC), National Institutes of Health. The goal of this system is to create a complete trainee roster for all FIC research training programs and to monitor outputs, outcomes and impacts of FIC international trainees.SYSTEM CHARACTERIZATION AND DATA CATEGORIZATION1System Characterization and Data Configuration11. Does HHS own the system?:Yes If no, identify the system owner:12. Does HHS operate the system?:Yes If no, identify the system operator:*13. Indicate if the system is new or an existing one being modified:New14. Identify the life-cycle phase of this system:Operations/Maintenance15. Have any of the following major changes occurred to the system since the PIA was last submitted?:NoPlease indicate “Yes” or “No” for each category below: Yes/NoConversionsNoAnonymous to Non-AnonymousNoSignificant System Management ChangesNoSignificant MergingNoNew Public AccessNoCommercial SourcesNoNew Interagency UsesNoInternal Flow or CollectionNoAlteration in Character of DataNo16. Is the system a General Support System (GSS), Major Application (MA), Minor Application (child) or Minor Application (stand-alone)?:Minor Application (stand-alone)*17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?:YesNote: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or whether it is personal information about business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation.Please indicate "Yes" or "No" for each PII category. If the applicable PII category is not listed, please use the Other field to identify the appropriate category of PII.Categories: Yes/NoNameYesDate of BirthNoSocial Security Number (SSN)NoPhotographic IdentifiersNoDriver’s LicenseNoBiometric IdentifiersNoMother’s Maiden NameNoVehicle IdentifiersNoMailing AddressNoPhone NumbersNoMedical Records NumbersNoMedical NotesNoFinancial Account InformationNoCertificatesNoLegal DocumentsNoDevice IdentifiersNoWeb Uniform Resource Locator(s) (URL)NoEmail AddressYesEducation RecordsNoMilitary StatusNoEmployment StatusNoForeign ActivitiesNoOtherCareer achievements18. Please indicate the categories of individuals about whom PII is collected, maintained, disseminated and/or passed through. Note: If the applicable PII category is not listed, please use the Other field to identify the appropriate category of PII. Please answer "Yes" or "No" to each of these choices (NA in other is not applicable).Categories: Yes/NoEmployeesNoPublic CitizenYesPatientsNoBusiness partners/contacts (Federal, state, local agencies)NoVendors/Suppliers/ContractorsNoOtherNon-US citizen19. Are records on the system retrieved by one or more data elements?:YesPlease indicate "Yes" or "No" for each PII category. If the applicable PII category is not listed, please use the Other field to identify the appropriate category of PII.Categories: Yes/NoNameYesDate of BirthNoSSNNoPhotographic IdentifiersNoDriver’s LicenseNoBiometric IdentifiersNoMother’s Maiden NameNoVehicle IdentifiersNoMailing AddressNoPhone NumbersNoMedical Records NumbersNoMedical NotesNoFinancial Account InformationNoCertificatesNoLegal DocumentsNoDevice IdentifiersNoWeb URLsNoEmail AddressNoEducation RecordsNoMilitary StatusNoEmployment StatusNoForeign ActivitiesNoOther20. Are 10 or more records containing PII maintained, stored or transmitted/passed through this system?:Yes*21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):Yes 21 A. If yes, but a SORN has not been created, please provide an explanation:INFORMATION SHARING PRACTICES1Information Sharing Practices22. Does the system share or disclose PII with other divisions within this agency, external agencies, or other people or organizations outside the agency?:Yes Please indicate “Yes” or “No” for each category below:Yes/NoNameYesDate of BirthNoSSNNoPhotographic IdentifiersNoDriver’s LicenseNoBiometric IdentifiersNoMother’s Maiden NameNoVehicle IdentifiersNoMailing AddressNoPhone NumbersNoMedical Records NumbersNoMedical NotesNoFinancial Account InformationNoCertificatesNoLegal DocumentsNoDevice IdentifiersNoWeb URLsNoEmail AddressYesEducation RecordsNoMilitary StatusNoEmployment StatusNoForeign ActivitiesNoOtherCareer training achievements*23. If the system shares or discloses PII please specify with whom and for what purpose(s):FIC takes every reasonable precaution to protect information. CareerTrac system is securely hosted under NIH firewall and the password is encrypted. FIC maintains appropriate physical, electronic and procedural safeguards to ensure the security, integrity and privacy of trainee’s personal information. Unless legally mandated, FIC will not disclose any of the following information: employment history, phone, fax, year of birth, biographical data, gender (except in aggregate), minority status (except in aggregate), current training status, return home (except in aggregate), and career accomplishments (only in aggregate – except where in the public domain). FIC understands the delicate balance between protecting the data and permitting access to those who need to use the data for authorized purposes. Access to CareerTrac data will be granted only to those organizations/individuals, which must, in the course of exercising their responsibilities, use the specific information. The requests for access to CareerTrac data will be carefully reviewed and the following information may be disclosed for routine uses: trainee’s name, area of training, country of origin, work email, degrees earned through FIC funded programs, accomplishments that are public products, and career highlights of the trainee information. The audience for this information may include, but not restricted to: The FIC, NIH, HHS and Congress for reporting and evaluation purposes; The Principal Investigator (PI) and Collaborators for the purpose of monitoring the program, submitting progress reports and grant applications and writing journal articles describing the programs; FIC co-funding partners and Co-sponsors of FIC programs for the purpose of reporting progress and conducting evaluations of the programs Interested public, for example, for the purpose of convening a scientific meeting in a particular country to which former trainees will be invited24. If the PII in the system is matched against PII in one or more other computer systems, are computer data matching agreement(s) in place?:No25. Is there a process in place to notify organizations or systems that are dependent upon the PII contained in this system when major changes occur (i.e., revisions to PII, or when the system is replaced)?:No26. Are individuals notified how their PII is going to be used?:YesIf yes, please describe the process for allowing individuals to have a choice. If no, please provide an explanation:The data is placed into CareerTrac by the Principal Investigators on a voluntary basis. The PIs will need to collect the signed consent forms from the trainees before s/he can enter trainee data into the CareerTrac system.27. Is there a complaint process in place for individuals who believe their PII has been inappropriately obtained, used, or disclosed, or that the PII is inaccurate?:YesIf yes, please describe briefly the notification process. If no, please provide an explanation:The contestant will have to write to their Principal Investigartor who will in turn forward it to their Program Officer. The contestant should reasonably identify the record and specify the information being contested, the corrective action sought, and the reasons for requesting the correction, along with supporting information to show how the record is inaccurate, incomplete, untimely or irrelevant. The right to contest records is limited to information which is incomplete, irrelevant, incorrect, or untimely (obsolete).28. Are there processes in place for periodic reviews of PII contained in the system to ensure the data’s integrity, availability, accuracy and relevancy?:YesIf yes, please describe briefly the review process. If no, please provide an explanation:FIC Program Officers (PO) will periodically review reports for their programs to ensure data quality. Specifically, POs will review the data for consistency, anomalies, missing records, missing data elements and other discrepancies.29. Are there rules of conduct in place for access to PII on the system?:YesPlease indicate "Yes," "No," or "N/A" for each category. If yes, briefly state the purpose for each user to have access:Users with access to PIIYes/No/N/APurposeUserYesdata entry, review, report and updateAdministratorsYesmanage user accounts, system level data, data analysis and integrityDevelopersYesapplication maintenance and enhancementContractorsNoOtherNo*30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:The system will collect, track, and report on information about international trainees - such as trainee name, contact information, biographical information, and training information. The system also supports tracking of trainee accomplishments - such as fellowships, awards, employment, other education, product or policy developments, publications, funding received, presentations, posters at scientific conferences, and students taught. The purpose of the system is to enable effectiveness evaluations of health research training programs, funded by NIH/FIC, for international trainees. The information may be used by or disclosure may be made to (1) the FIC, NIH, HHS and Congress for reporting and evaluation purposes; (2) the academic community (including PIs and Collaborators) for the purpose of monitoring the program submitting progress reports and grant applications and writing journal articles describing the programs; (3) FIC co-funding partners and co-sponsors of FIC programs for the purpose of reporting progress and conducting evaluations of the programs; (4) interested public, for example for the purpose of convening a scientific meeting in a particular country to which former trainees will be invited. The personal information is submitted on a voluntary basis.*31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. (Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])We will provide the trainees with a written document that will notify the trainees about the purpose of data and how it will be used and shared. The trainees will have to read Privacy Act Disclosure and sign 'Certificate and Acceptance' form (which is part of the document) before PIs can enter their personal information into the system.WEBSITE HOSTING PRACTICES1Website Hosting Practices*32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII)YesPlease indicate “Yes” or “No” for each type of site below. If the system hosts both Internet and Intranet sites, indicate “Yes” for “Both” only.Yes/ NoIf the system hosts an Internet site, please enter the site URL. Do not enter any URL(s) for Intranet sites.InternetYeshttps://careertrac.f...ic.nih.govIntranetNoBothNo33. Is the website accessible by the public or other entities (i.e., Federal, state, and/or local agencies, contractors, third party administrators, etc.)?:Yes34. Is a website privacy policy statement (consistent with OMB M-03-22 and Title II and III of the E-Government Act) posted on the website? (Note: A website privacy policy is required for Internet sites only.)Yes35. Is the website’s privacy policy in machine-readable format, such as Platform for Privacy Preferences (P3P)? (Note: Privacy policy in machine-readable format is required for Internet sites only.)Not Applicable If no, please indicate when the website will be P3P compliant:36. Does the website employ tracking technologies?:NoPlease indicate “Yes”, “No”, or “N/A” for each type of cookies below:Yes/No/N/AWeb BugsNoWeb BeaconsNoSession CookiesNoPersistent CookiesNoOtherNo*37. Does the website have any information or pages directed at children under the age of thirteen?:No If yes, is there a unique privacy policy for the site, and does the unique privacy policy address the process for obtaining parental consent if any information is collected?:38. Does the website collect PII from individuals?:YesPlease indicate “Yes” or “No” for each category below:Yes/NoNameYesDate of BirthNoSSNNoPhotographic IdentifiersNoDriver's LicenseNoBiometric IdentifiersNoMother's Maiden NameNoVehicle IdentifiersNoMailing AddressNoPhone NumbersNoMedical Records NumbersNoMedical NotesNoFinancial Account InformationNoCertificatesNoLegal DocumentsNoDevice IdentifiersNoWeb URLsNoEmail AddressYesEducation RecordsNoMilitary StatusNoEmployment StatusNoForeign ActivitiesNoOtherCareer Achievements39. Are rules of conduct in place for access to PII on the website?:No40. Does the website contain links to sites external to the OPDIV that owns and/or operates the system?:NoIf yes, note whether the system provides a disclaimer notice for users that follow external links to websites not owned or operated by the OPDIV.:ADMINISTRATIVE CONTROLS1Administrative ControlsNote: This PIA uses the terms “Administrative,” “Technical” and “Physical” to refer to security control questions—terms that are used in several Federal laws when referencing security requirements.241. Has the system been certified and accredited (C&A)?:Yes41a. If yes, please indicate when the C&A was completed (Note: The C&A date is populated in the System Inventory form via the responsible Security personnel):41b. If a system requires a C&A and no C&A was completed, is a C&A in progress?:42. Is there a system security plan for this system?:No43. Is there a contingency (or backup) plan for the system?:Yes44. Are files backed up regularly?:Yes45. Are backup files stored offsite?:Yes46. Are there user manuals for the system?:Yes47. Have personnel (system owners, managers, operators, contractors and/or program managers) using the system been trained and made aware of their responsibilities for protecting the information being collected and maintained?:Yes48. If contractors operate or use the system, do the contracts include clauses ensuring adherence to privacy provisions and practices?:No49. Are methods in place to ensure least privilege (i.e., “need to know” and accountability)?:Yes If yes, please specify method(s).:Users are assigned access to the system based on their role in the organization and reporting process. This role limits access within the application*50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):YesIf yes, please provide some detail about these policies/practices.:CareerTrac system tracks trainees career achievements over their lifetime. In order to track the trainee's lifetime achievements, FIC plans to retain the IIF data for as long as it is required and reasonable. TECHNICAL CONTROLS1Technical Controls51. Are technical controls in place to minimize the possibility of unauthorized access, use, or dissemination of the data in the system?:YesPlease indicate “Yes” or “No” for each category below: Yes/NoUser IdentificationYesPasswordsYesFirewallYesVirtual Private Network (VPN)NoEncryptionYesIntrusion Detection System (IDS)YesCommon Access Cards (CAC)NoSmart CardsNoBiometricsNoPublic Key Infrastructure (PKI)No52. Is there a process in place to monitor and respond to privacy and/or security incidents?:YesIf yes, please briefly describe the process:The application is hosted at NIH/NCI and the system is being monitored by NCIPHYSICAL ACCESS1Physical Access53. Are physical access controls in place?:YesPlease indicate “Yes” or “No” for each category below:Yes/NoGuardsYesIdentification BadgesYesKey CardsNoCipher LocksNoBiometricsNoClosed Circuit TV (CCTV)Yes*54. Briefly describe in detail how the PII will be secured on the system using administrative, technical, and physical controls.:A variety of safeguards are implemented in order to protect the information collected through CareerTrac system. Regular access to information in CareerTrac is limited to PHS or to contractor employees who are conducting, reviewing or contributing to the system. Other access is granted only on a case-by-case basis, consistent with the restrictions, as authorized by the system manager or designated responsible official. Administrative Control: CareerTrac has a system security plan and backup plan. The files are backedup regularly and they are stored in secure offsite locations. Technical Control: CareerTrac system is securely hosted under NIH firewall and the password is encrypted and changed routinely. PIs can only view the trainees from their grant. FIC maintains appropriate physical, electronic and procedural safeguards to ensure the security, integrity and privacy of trainee's information. Physical access controls are in place for CareerTrac. Records are stored in closed or locked containers, in areas which are not accessible to unauthorized users, and in facilities which are locked when not in use. Sensitive records are not left exposed to unauthorized persons at any time. The following are some of the physical controls in place to safeguard system and data collected: closed circuit TV, identification badges and guards.APPROVAL/DEMOTION1System InformationSystem Name:CareerTrac2PIA Reviewer Approval/Promotion or DemotionPromotion/Demotion:PromoteComments:updated PIA (minor changes to form based on submission of C&A and hosting site - no major system changes)Approval/Demotion Point of Contact:Marcia SmithDate:Jul 31, 20093Senior Official for Privacy Approval/Promotion or DemotionPromotion/Demotion:PromoteComments:4OPDIV Senior Official for Privacy or Designee ApprovalPlease print the PIA and obtain the endorsement of the reviewing official below. Once the signature has been collected, retain a hard copy for the OPDIV's records. Submitting the PIA will indicate the reviewing official has endorsed itThis PIA has been reviewed and endorsed by the OPDIV Senior Official for Privacy or Designee (Name and Date):Name: __________________________________ Date: ________________________________________Name:Karen PláDate:Sep 3, 20085Department Approval to Publish to the WebApproved for web publishingYesDate Published:Jun 1, 2009Publicly posted PIA URL or no PIA URL explanation:% COMPLETE1PIA CompletionPIA Percentage Complete:100.00PIA Missing Fields: