Download:
pdf |
pdfPRIVACY ~MPACT AsseSSMENT (PIA)
For the
Leaders to Sea Data Base
U. S. Navy - Chief of Naval Information
SECTION 1: IS A PIA REQUIRED?
a. Will this Department of Defense (000) information system or efectronic coUection of
information (referred to as an "electronic collection" for the purpose of dlCs 4onn) collect,
maintain, use, and/or disseminate PII about members of the public, Fe4:feral personnel,
contraotOf'S or foreign nationals employed at U.S. military facilities internationally? Choose
one option from the choices below. (Choose (3) (or foreign nationals).
~,
(1) Yes, from members of the general public.
L'
(2) Yes. from Federal personnel" and/or Federal contractors.
o
o
(3) Yes, from both members of the general public and federal personnel and/or Federal-contraetors.
(4) No
• "Federal personnel" are referred to in the 000 IT Portfolio Repository (DITPR) as
"fede~al
employees."
b. If "No," ensure that DITPR or the authoritative database that updates OITP'R fS annotated
for the reason(s) why a PIA is not required. if the 000 information sysCem or electronic
collection is not in OITPR, ensure that the reason(s) are recorded in appropriate
documentation.
c. If "Yes," then a PIA is required. Proceed to Section 2.
DO FORM J930 NOV 2008
Pag€ 1 of 15
�SECTION 2: PIA SUMMARY INFORMATION
a. Why is this
IA being created or updated? Choose one:
New DoD Information System
New Eiectronic Cofleotion
Existin DoD Information System
Existing Electronic CoHection
Significantly Modified 000 tnformation
System
b. Is this 000 information system registered in the DITPR or the 000 Secret mternet f'rotocol
Router Network (SIPRNET) IT Registry?
Yes, DITPR
Enter DITPR System Identification Number
c
Yes, SIPRNET
Enter SIPRNET Identification Number
~'
No
c. Does this 000 information system have an IT investment Unique Project Identifier 1UPt), required
by section 53 of Office of Management and Budget (OMS) Circufar A·11?
c
~
Yes
No
If "Yes," enter UPI
If unsure. consult the Component IT Budget Point of Contact to obtain the UPI.
d. Does this 0 0 information system or electronic collection requir-e a Privacy Act System of
ecords Notic (SO N)?
A Privacy Act SORN is required if the information system or electronic collection contains information about U.S. citizens
or lawful permanent U.S residents that is retrieved by name or other unique identifier. PIA and Privacy Act SORN
information should be consistent.
o
Yes
No
If "Yes," enter Privacy Act SORN Identifier
DoD Component-assigned designator. not the Federal Register number.
Consult the Component Privacy Office for additional information or
access DoD Privacy Act SORNs at http://www.defenselink.mil/privacy/notices/
or
Date of submission for approval to Defense Privacy Office
Consult the Component Privacy Office for this date.
DD FORM 2930 NOV 2008
Page 2 of 15
�e. Does this DoD information -sys~m or electronic <:oHection have an OMS Control Number?
Contact the Component Information Management Control Officer or 000 Clearance Officer for this information.
This number indicates OMS approval to collect data from 10 or more members of the public in a 12-month period
regardless of form or format.
Q
Yes
Enter OMS Control Number
Enter Expiration Date
~
No
f. Authority to collect information. A Federal faw, EXKutive Order of the President ~EO), or 000
requirement must authorize the coHection and maintenance of a system of records.
(1) If this system has a Privacy Act SORN. the authorities in this PIA and the existing Privacy Act
SORN should be the same.
(2) Cite the authority for this 000 information system or electronic collection to collect. use, maintain
and/or disseminate PII. (If multiple authorities are cited. provide all that apply.)
(a) Whenever possible. cite the specific previsions of the statute and/or EO that authorizes
the operation of the system and the collection of PII
(b) If a specific statute or EO does not exist. determine if an indirect statutory authority can
be cited An indirect authority may be cited if the authority requires the operation or administration of
a program. the execution of which will require the collection and maintenance of a system of records.
(c) 000 Components can use their general statutory grants of authority ('"internal
housekeeping") as the primary authority The requirement. directive. or instruction implementing the
statute within the 000 Component should be identified.
10 US.C 5013, Secretary of the Navy
000 Instuction 5400.13 Public Affairs (' A) perations
OPNAV Instruction 5726.8 OUTREACH AMERICA'S NAVY
DD FORM 2930 NOV 2008
Page 3 of 15
�g. Summary of 000 information system or e'ectronic coHection. Answers to these questions
shoufdbe consistent with security gUide'cnes for release of information to the public.
(1) Describe the purpose of this DoD information system or electronic collection and briefly
describe the types of personal information about individuals collected in the sy m.
The purpose of this DoD information system is to gather information about individuals who want to embark
on Navy ve~ ls. A Navy public affairs officer will review this information to determine if the person qualifies
for an embarkment.
The types of personal information collected by this system include: Name. Date and Place of Birth. Home
Address. Home Telephone Number and Personal Cell Telephone Numbers. Personal Email. Gender.
Medical Information (consisting of current medications and dosages; medical alert tag status and reason;
existence of medical conditions or history such as asthma. diabetes. stoke. etc.; and consent to treatment).
Emergency Contact. Food Restrictions. and Occupation.
(2) Briefly describe the privacy risks associated with the PII collected and how these risks are
addressed to safeguard privacy.
Identity theft is a privacy risk if personal information is mishandled. This risk has been mitigated through
administrative, technical, and physical safeguards.
i
I
i
I
Administrative, physical, and technical safeguards employed by the program are commensurate with the sensitivity
of personal data to ensure preservation of intE"grity and to preclude unauthorized use/disclosure. Access is limited
to those individuals who require the records in performance of their official duties. Access is further restricled by tne I
use of password~ which are changed periodically. Physical entry is restricted by the use of locks, guards, and
administrative procedures.
!
I
I
I
Administrative: Access to the system will be controlled through a secure web login interface. Designated personnel I
will only have access to particular arEas of sitE that have been deemed necessary for the individual to perform his or .
her duties. Administrators will haVE access to all ~ystem records.
Physical: All personnel entering the computer room must have appropriate identification. Visitors to the room ar€
always escorted. The computer room is a restricted area and access is permitted to only authorized personnel only.
Physical entry is restricted by the use of locks and administrative procedures. Servers and workstations require
privileged authentication and access is limited to approved administrators.
Technical: Data is stored on a secure database server. An end user, using their web browser, will pass through the
firewall to the web server. This connection between the end user and the web server is a secure encrypted S5L
session. The web server provides the interface with the database server that processes the transaction and passes
the data back to the end user's browser.
h. With whom will the PII be shared through data exchange, both within your DoC Component and
outside your Component (e.g., other 000 Components, federal Agencies)? Indicate all that apply.
[g
Within the 000 Component.
Specify.
c:
INavy Type Command Public Affairs Officers
Other 000 Components.
Specify.
C
Other fe
ral A
nci
Specify.
DO FORM 2930 NOV 2008
Page4of15
�C)
State and local Agenctes.
Specify.
o
Contractor (Enter name and describe the language in the contract that safeguards PI!.)
Specify.
o
Other (e.g .. commercial providers. colleges).
Specify.
i. Do individuals have the opportunity to object to the collection of their Ptl?
~
o
Yes
No
(1) If "Yes," describe method by which individuals can object to the collection of PII.
Individuals will have the opportunity to object to the collection of their PII by electing not to enter the
requested information. If the individual does object they will not be considered for an embark.
(2) If "No." state the reason why individuals cannot object.
j. Do individuals have he opportu i y to
[gi
Yes
D
s nl t
th
s
ific uses of heir 'PIl?
No
(1) If "Yes," describe the method by which individuals can give or withhold their·consent.
Individuals will check a block 10 indicate consent. The PII is necessary to determine if the person qualifieS
for an embark.
(2) If "No," state the reason why individuals cannot give or withhold their conseflt.
DO
fdRM 1930 NOV 1008
fayEl 5 of 15
�k. What information is provided to an individual when asked to provide PII data? Indicate all that
apply.
cg:
Privacy Act Statement
Privacy Adv4sory
C
Other
None
Describe Format: Web site banner across the top of the web form.
each
applicable Authority to request this information is derived from 10 U.SC. 5013, Executive Order 9397 (SSN) as
format.
amended, and departmental regulations. The principal purpose of the information r.equested is to
facilitate embark on a U.S. Navy surface ship or submarine, including notification of nex1 of kin in the .
event of death or serious injury. and to permit transmission of public affairs information from the Navy:
to the individual concerned. Completion of the information is completely voluntary: failure to provide
required information may result in denial of embark request.
NOTE:
Sections 1 and 2 above are to be posted to the Component's Web site. Posting of these
Sections indicates that the PIA has been reviewed to enstlre that appropriate safeguards are in
place to protect privacy.
A Component may restrict the publication of Sections 1 and/or 2 if they contain information that
would reveal sensitive information or raise security concerns.
DD FORM 2930 NOV 2008
Page60f 15
�| File Type | application/pdf |
| Subject | new scanned document |
| File Modified | 2010-09-20 |
| File Created | 2010-08-17 |