Privacy Impact Assessment (PIA) Service UNIX MA

PIA - NASS UNIX MA Oct. 2011.doc

Childhood Injury and Adult Occupational Injury Survey

Privacy Impact Assessment (PIA) Service UNIX MA

OMB: 0535-0235

Document [doc]
Download: doc | pdf

Privacy Impact Assessment

National Agricultural Statistics Service, NASS UNIX MA




P rivacy Impact Assessment for the

National Agricultural Statistics Service UNIX MA


October 11, 2011



Contact Point

Joel DeArmitt

National Agricultural Statistics Service

202-720-5275



Reviewing Official

Renato Chan

Chief, Security

National Agricultural Statistics Service

United States Department of Agriculture

2 02-720-4068



Abstract

This document contains the Privacy Impact Assessment (PIA) of the National Agricultural Statistics Service (NASS) UNIX Major Application (UNIX MA). The NASS UNIX MA is a UNIX application farm that is comprised of a number of various applications. These applications generally support the mission of NASS.

The NASS is conducting this PIA on the UNIX MA because the system processes and stores personally identifiable Information of all participating farmers and ranchers in the US which include name, address, phone number, size of operation, gender, and race. In addition, the system processes and stores agribusiness information, including: Firm names, manager names, address, phone number, size of operation in various categories and tax EINs.

Overview

The NASS UNIX MA is hosted by the NASS Unix General Support System which is physically located at three separate locations, the NASS Headquarters (HQ) in Washington, D.C., the NASS Field Services Office in Lakewood, CO, and the USDA National Information Technology Center (NITC), in Kansas, City. The architecture consists of servers operating under both AIX and Linux Operating Systems. All Unix Major Applications are managed and maintained by various NASS System Administrators, Database Administrators and Developers located at NASS HQ and Colorado Field Office (FO).

The NASS Unix mid-range server environment is distributed in two locations, the NASS HQ in Washington, D.C., and the USDA NITC, in Kansas, City. The architecture consists of servers operating under both AIX and Linux operating systems. Our UNIX environment resides on IBM pSeries equipment. All UNIX servers are managed from NASS HQ.

Servers located at NASS HQ are more specialized since consolidation is not as far along at this facility. There are six production servers in NASS HQ supporting the following production processes 1) public agricultural statistics reports and geospatial data, 2) NASS intranet backup, 3) web data collection public front end, 4) web data collection back-end database, 5) auto-matching to build the list and sampling frame, 6) replication of data across enterprise databases.

NASS UNIX MA applications work from an enterprise transactional and analytical database environment to provide access to a database on UNIX GSS. NASS UNIX MA has a "census" processing system that is used every five years and consists of multiple components, i.e. data editing component, data analysis component, data tabulation/summary component, and a data disclosure review component. NASS UNIX MA also includes some isolated "survey" systems that are migrating to the UNIX environment, i.e. web data collection and livestock slaughter applications. NASS UNIX MA also has some "support" applications that service both the census and surveys, such as the sampling system, web public agricultural statistics, public special tabulations, geospatial application, electronic images of questionnaires, and an intranet application. Functions of the NASS UNIX MA applications are described in the following paragraphs.

  1. ARMS III (Agricultural Resources Management Survey III): The annual Agricultural Resources Management Survey (ARMS) jointly sponsored with the Economic Research Service (ERS) is USDA’s primary vehicle for obtaining information on a broad range of issues about the farm sector financial conditions and agricultural resource use. ARMS provide the most definitive, annual description of the rapidly changing structure of the nation’s farms. While a smaller number of large farms account for a growing proportion of agricultural production, other farms maintain profitability by entering into production and marketing agreements with agri-businesses. ARMS provide an annual measure of the effect agri-business has on farm income through such contracts. Without the ARMS, important measures such as farm income, farm operator income, and farm household income would not be available. This program also provides the critical information to analyze the effect government programs, such as loan deficiency payments, are having on net farm income by size and type of farm. Equally important, ARMS data can be used to evaluate the possible effects of alternative government policies and programs such as formulating indices, cost estimates, and farm economic indicators. Data from the ARMS survey are the foundation for the body of research that has led to the recognition on the part of decision-makers of the diversity of the farm sector and the differential impact of alternative policies and programs across the farm sector and among farm families.

  2. PRISM (Project to Reengineer and Integrate Statistical Methods): PRISM is a major reengineering and integration effort for the Census of Agriculture designed to streamline and improve the quality of census and survey processes.

  3. CPCS (Crop Progress and Conditions Survey): The Crop Progress and Condition report is a weekly report on crop progress and conditions compiled from reports submitted from local experts throughout the country.

  4. Livestock Slaughter: The purpose of Livestock Slaughter is to edit, analyze, summarize and publish Livestock Slaughter statistics on a monthly and annual basis. The Livestock Slaughter report is a monthly outline of animals that have been slaughtered in the U. S. This report provides the number of heads slaughtered, live weight, and dressed weight of cattle and calves. Similar statistics are reported for sheep, lamb, hogs and pigs. For federally inspected plants, statistics are reported by class and by state. In addition, total red meat production by species is reported by state and for the U. S.

  5. Poultry Slaughter: The purpose of Poultry Slaughter is to edit, analyze, summarize and publish Poultry Slaughter statistics on a monthly and annual basis.

  6. Dairy Product Prices: The purpose of Dairy Product Prices is to collect, edit, analyze, summarize and publish Dairy Product Price statistics on a monthly and annual basis.

  7. Feith: Feith software is used to display questionnaire images, for use in data review. Through the use of Feith software, the image of a questionnaire can be easily retrieved to assist with the data review process, and navigation through the questionnaire using the software capabilities is relatively effortless. Feith uses an Oracle database running on a UNIX server under AIX for storing and retrieving the images, with very little downtime throughout the entire data review process.

  8. Genesis (Generalized Enhanced Sampling and Information System): To replace all of the disparate sampling programs, NASS developed the Generalized Enhanced Sampling and Information System (GENESIS). As an internal tool to the NASS survey process, GENESIS has improved the quality of NASS samples. It has also improved the efficiency of the sampling process in terms of cost, staff time, and calendar time.

  9. ELMO (Enhanced List Maintenance Operations): ELMO is a system which is used to manage the farm register database. The system allows the user: to search for records based on certain name and address information, to update name, address, and control data information either individually or in a batch mode, and to extract lists of records in different formats.

  10. Record Linkage: NASS designed Record Linkage to make the record linkage process as simple and user friendly as possible. NASS developed record linkage system with AutoMatch as the core.

  11. EDR (Electronic Data Reporting): NASS decided that a Web-based EDR with a secure environment would be the most suitable and effective method for NASS. It can be used appropriately for most NASS surveys and is considered technically superior to the other methods reviewed.

  12. IRS: IRS supports the extraction of new farm data from IRS records. IRS data is received via tape and uploaded to a standalone server. This data is then compared against other NASS data to determine if there are additional farms to be added to the NASS statistical databases. NASS anticipates receiving information for over 2 million IRS records each year, which are handled under strict confidentiality requirements. No information is provided back to IRS from NASS. After record linkage processing, approximately 700,000 potential farms are added to our farm register. NASS treats information with utmost security and have several controls in place to ensure protection.

  13. Quick Stats: Quick Stats is composed of two basic tools: 1) Quick Stats Query Tool LAN and 2) Quick Stats Web App. Quick Stats Query Tool LAN is an internal application designed to allow USDA employees to perform statistical queries on the Agricultural Statistics Data Base. Quick Stats Web App is a web-based publicly accessible read-only system that allows the public to view results from queries against the Agricultural Statistics Data Base.

Section 1.0 Characterization of the Information

The following questions are intended to define the scope of the information requested and/or collected as well as reasons for its collection as part of the program, system, rule, or technology being developed.

1.1 What information is collected, used, disseminated, or maintained in the system?

Customer information – Information on all participating farmers and ranchers in the US which include name, address, phone number, size of operation, SSNs, gender, race.


Other – agribusiness – Firm names, manager names, address, phone number, size of operation in various categories, tax EINs.


All information collected and processed by this system, including personally identifiable information, is protected by US Code: Title 7, 2276 – Confidentiality of Information as well as the Confidential Information Protection and Statistical Efficiency Act (CIPSEA) of 2002 (Public Law 107-347).

1.2 What are the sources of the information in the system?

The population of farmers, ranchers, agri-businesses, and other federal agencies (FSA, NRCS, RMA, IRS, Census [NPC], FSIS) and InfoUSA. Third party sources include InfoUSA, Universities (extension), commodity organizations, trade magazines.


FSA, NRCS, RMA, IRS, FSIS and Bureau of Census provide data for use in the system.

1.3 Why is the information being collected, used, disseminated, or maintained?

The information is used to support the Agency’s mission of providing timely, accurate, and useful statistics in service to U.S. agriculture.

1.4 How is the information collected?

Through interviews done by face-to-face or telephone using the following enumeration media: paper, wireless portable electronic devices, and on-line electronic data collection. A separate security risk assessment was conducted to ensure security of wireless enumeration activities.


FSA, NRCS, RMA and FSIS provide data that are entered into the system. These are done periodically through operator intervention (a business person with support from admin).

1.5 How will the information be checked for accuracy?

Criteria/Auditing questionnaires are provided to the individual under review asking them to fill in the specifics for them.


Name information is not verified by inference from a source. Instead that is used to start a questionnaire as identified above.

1.6 What specific legal authorities, arrangements, and/or agreements defined the collection of information?

Title 7 United States Code (USC), Section 2204; Title 7 Chapter 55 Section 2204 (g) (Public Law 105-113) Authority of the Secretary of Agriculture to Conduct the Census of Agriculture; Title 7 USC, Chapter 55, Section 2276, Confidentiality of Data; Title 7 USC, Section 3601.1, General Statement of Public Information; Title 18, Chapter 93, Section 1905, Disclosure of confidential information; Title 44 USC, Section 3501; and the Confidential Information Protection and Statistical Efficiency Act (CIPSEA) of 2002 (Public Law 107-347).

1.1Privacy Impact Analysis: Given the amount and type of data collected, discuss the privacy risks identified and how they were mitigated.

There is always the risk of unauthorized disclosure. NASS requires all its employees and contractors sign confidentiality statements as well as take security awareness training on an annual basis. In addition, systems containing privacy information employs additional security mechanisms to mitigate potential risks.

Section 2.0 Uses of the Information

The following questions are intended to delineate clearly the use of information and the accuracy of the data being used.

2.1 Describe all the uses of information.

The data will only be used to support the Agency’s mission of providing timely, accurate, and useful statistics in service to U.S. agriculture.

2.2 What types of tools are used to analyze data and what type of data may be produced?

The NASS Unix Major Application utilizes both transactional and analytical databases used in all Census, Survey, Support and Estimation and Dissemination applications used within the system and listed as follows: ELMO, Genesis, Record Linkage, PRISM, ARMS III, Quick Stats, CPCS, Livestock Slaughter, Poultry Slaughter, Dairy Product Prices, Feith, EDR.

Data are used only in support of creating statistical information for such purposes as are necessary for the publication of statistical reports.

Source Agencies: NASS, FSA, FSIS

2.3 If the system uses commercial or publicly available data please explain why and how it is used.

Commercial and publicly available data is used to assist in identifying duplication of names between various probability list samples and NASS area frame surveys. They are also used when matching names currently on NASS list sampling frame with lists maintained by other governmental agencies as part of the NASS list building and maintenance process.

2.4 Privacy Impact Analysis: Describe any types of controls that may be in place to ensure that information is handled in accordance with the above described uses.

All authorized NASS users are required to sign a pledge of confidentiality that carries severe legal penalties for violating the pledge. NASS also requires all its employees and contractors take security awareness training on an annual basis. NASS employs physical security controls, logical access controls, technological controls, auditing and monitoring of controls.

Section 3.0 Retention

The following questions are intended to outline how long information will be retained after the initial collection.

3.1 How long is information retained?

Data are retained as long as the information is needed for list building. Census data are generally retained for ten to fifteen years in electronic form. In some instances, data are retained longer when needed.

3.2 Has the retention period been approved by the component records officer and the National Archives and Records Administration (NARA)?

Yes

3.3 Privacy Impact Analysis: Please discuss the risks associated with the length of time data is retained and how those risks are mitigated.

There is always the risk of unauthorized disclosure. NASS requires all its employees sign confidentiality statements on an annual basis. It also requires all its employees and contractors take security awareness training on an annual basis. In addition, systems containing privacy information employs additional security mechanisms to mitigate potential risks.

Section 4.0 Internal Sharing and Disclosure

The following questions are intended to define the scope of sharing within the United States Department of Agriculture.

4.1 With which internal organization(s) is the information shared, what information is shared and for what purpose?

The USDA FSA, ERS, NRCS, RMA have limited access to some of the data stored in the system and are controlled by use of both hardware and software security controls.

4.2 How is the information transmitted or disclosed?

Information is transmitted to/from the FSA, ERS and RMA through direct use of the system. User access is determined based on the person’s job role. Information is transmitted to/from NRCS through other secured electronic means.

4.3 Privacy Impact Analysis: Considering the extent of internal information sharing, discuss the privacy risks associated with the sharing and how they were mitigated.

There is always the risk of unauthorized disclosure. NASS requires all its employees and contractors sign confidentiality statements on an annual basis. It also requires all its employees and contractors take security awareness training on an annual basis. In addition, systems containing privacy information employs additional security mechanisms to mitigate potential risks.

Section 5.0 External Sharing and Disclosure

The following questions are intended to define the content, scope, and authority for information sharing external to USDA which includes Federal, state and local government, and the private sector.

5.1 With which external organization(s) is the information shared, what information is shared, and for what purpose?

Name and address information is shared with the National Processing Center, Bureau of Census. Use of information is limited to printing address labels for mail outs.

5.2 Is the sharing of personally identifiable information outside the Department compatible with the original collection? If so, is it covered by an appropriate routine use in a SORN? If so, please describe. If not, please describe under what legal mechanism the program or system is allowed to share the personally identifiable information outside of USDA.

Yes, sharing of information is compatible with the original collection. It is covered by the USDA/NASS-3, “Census of Agriculture Records” SORN.

5.3 How is the information shared outside the Department and what security measures safeguard its transmission?

Name and address information is shared through secured electronic file transfers.

5.4 Privacy Impact Analysis: Given the external sharing, explain the privacy risks identified and describe how they were mitigated.

Privacy risks are at a minimum as information shared are also publicly available from other sources, i.e. phonebook, Internet searches, etc. NASS requires all its employees and contractors sign confidentiality statements as we ll as take security awareness training on an annual basis.

Section 6.0 Notice

The following questions are directed at notice to the individual of the scope of information collected, the right to consent to uses of said information, and the right to decline to provide information.

6.1 Was notice provided to the individual prior to collection of information?

Notice is provided in most cases though there are instances where it is given at the time of the interview.

6.2 Do individuals have the opportunity and/or right to decline to provide information?

Census and Census follow on surveys are mandated by Title 7 Section 2204(g), but all other surveys are voluntary in nature.

6.3 Do individuals have the right to consent to particular uses of the information? If so, how does the individual exercise the right?

No.

6.4 Privacy Impact Analysis: Describe how notice is provided to individuals, and how the risks associated with individuals being unaware of the collection are mitigated.

The collection process is covered by a SORN which is available to the individuals through the Federal Register. NASS requires all its employees and contractors sign confidentiality statements as well as take security awareness training on an annual basis.

Section 7.0 Access, Redress and Correction

The following questions are directed at an individual’s ability to ensure the accuracy of the information collected about them.

7.1 What are the procedures that allow individuals to gain access to their information?

Any individual may request information as to whether the system contains records pertaining to him or her by contacting the system manager at the address specified on the SORN. The request for information should contain: name, address, System of Record name, and year that the agricultural survey questionnaire was completed.

7.2 What are the procedures for correcting inaccurate or erroneous information?

A request is sent to the NASS Customer Service department.

7.3 How are individuals notified of the procedures for correcting their information?

By contacting the system manager listed on the SORN.

7.4 If no formal redress is provided, what alternatives are available to the individual?

Not Applicable

7.5 Privacy Impact Analysis: Please discuss the privacy risks associated with the redress available to individuals and how those risks are mitigated.

There are no significant risks involved with the redress process. NASS requires all its employees and contractors sign confidentiality statements as well as take security awareness training on an annual basis.

Section 8.0 Technical Access and Security

The following questions are intended to describe technical safeguards and security measures.

8.1 What procedures are in place to determine which users may access the system and are they documented?

Access to data is limited only to users authorized by NASS to modify, maintain and review the data. This includes authorized managers, system administrators and developers. Each user also signs a pledge of confidentiality that carries severe legal penalties for violating the pledge. Business function managers define the access need for the user based on user requirements. Local manager verifies the authenticity and veracity of the individual who is being approved for access. Access request as well as approval is documented accordingly by management and the Technical Services Branch. The Computer Security Staff audits access routinely.

8.2 Will Department contractors have access to the system?

No

8.3 Describe what privacy training is provided to users either generally or specifically relevant to the program or system?

All authorized NASS users are required to sign a pledge of confidentiality that carries severe legal penalties for violating the pledge. NASS also requires all its employees and contractors take security awareness training on an annual basis.

8.4 Has Certification & Accreditation been completed for the system or systems supporting the program?

Yes.

8.5 What auditing measures and technical safeguards are in place to prevent misuse of data?

NASS employs physical security controls, logical access controls, technological controls, auditing and monitoring of controls.

8.6 Privacy Impact Analysis: Given the sensitivity and scope of the information collected, as well as any information sharing conducted on the system, what privacy risks were identified and how do the security controls mitigate them?

There is always the risk of unauthorized disclosure of privacy information. NASS restricts access to information to authorized users. NASS requires all its employees and contractors sign confidentiality statements and take security awareness training on an annual basis. In addition, systems containing privacy information employs additional security mechanisms to mitigate potential risks, to include logical access controls, technical controls and auditing.

Section 9.0 Technology

The following questions are directed at critically analyzing the selection process for any technologies utilized by the system, including system hardware and other technology.

9.1 What type of project is the program or system?

The NASS UNIX Major Application is an operational UNIX application farm and is comprised of a number of various applications. These applications generally support the mission of NASS.

9.2 Does the project employ technology which may raise privacy concerns? If so please discuss their implementation.

The NASS UNIX MA employs wireless portable electronic devices in support of its Computer Assisted Personal Interviewing (CAPI) initiative. NASS has performed a security risk assessment on the collection and transmission of data. All identified risks have been mitigated in compliance with current FISMA requirements.



Section 10.0 Third Party Websites/Applications

The following questions are directed at critically analyzing the privacy impact of using third party websites and/or applications.



This system does not employ third party website.



Page 14


File Typeapplication/msword
Authordlochte-henley
Last Modified ByHancDa
File Modified2011-10-14
File Created2011-10-14

© 2024 OMB.report | Privacy Policy