DI-4001 Privacy Impact Assessment

DI-4001 (01/2015)
U.S. Department of the Interior

U.S. Department of the Interior
PRIVACY IMPACT ASSESSMENT

The Department of the Interior requires PIAs to be conducted and maintained on all IT systems whether already in
existence, in development or undergoing modification in order to adequately evaluate privacy risks, ensure the protection of
privacy information, and consider privacy implications throughout the information system development life cycle. This PIA
form may not be modified and must be completed electronically; hand-written submissions will not be accepted. See the DOI
PIA Guide for additional guidance on conducting a PIA or meeting the requirements of the E-Government Act of 2002. See
Section 6.0 of the DOI PIA Guide for specific guidance on answering the questions in this form.
NOTE: See Section 7.0 of the DOI PIA Guide for guidance on using the DOI Adapted PIA template to assess third-party
websites or applications.

Name of Project
Date
Proposed Information Collection: Use of iNaturalist by the NPS to Record Natural History Observations 12-28-2015
Bureau/Office
NPS - NRSS
Point of Contact Email
[email protected]

Bureau/Office Contact Title
Data Manager
First Name
Simon

M.I.
D

Last Name
Kingston

Phone
(970) 225-3551

Address Line 1
1201 Oakridge Drive
Address Line 2
Suite 150
City
Fort Collins

State/Territory
Colorado

Zip
80525

A. Is a full PIA required?
Yes
Yes, information is collected from or maintained on
All
B. What is the purpose of the system?
The information in iNaturalist is entered into the NPS NPSpecies data system. NPSpecies is used to record the
occurrence of wildlife and plants in NPS units (parks). The information from iNaturalist helps to substantiate the
occurrence of wildlife and invertebrate species (observations) in those NPS units. This includes species that are
threatened and endangered. This information will enable parks to report accurate numbers to the Fish and Wildlife
Service on expenditures by the NPS to improve park habitat and increase protections for those listed species. The
information is also used to create species checklists for use by park visitors. The information can also be used to alert
Page 1 of 8

park managers about the status of species that may be of local management concern or are categorized as invasive or
noxious and require coordinated treatment efforts.
The Natural Resource Stewardship and Science Directorate (NRSS) provides scientific, technical, and administrative
support to national parks for the management of natural resources. NRSS develops, utilizes, and distributes the tools of
natural and social science to help the National Park Service (NPS) fulfill its core mission: the protection of park resources
and values.
NRSS provides leadership and expertise to ensure understanding, awareness, representation, and stewardship of the
natural resources of the NPS so that they remain unimpaired for future generations.
C. What is the legal authority?
16 U.S.C. 1, National Park Service Organic Act; 16 U.S.C. 3, Rules and regulations of national parks, reservations, and
monuments
D. Why is this PIA being completed or modified?
New Electronic Collection
E. Is this information system registered in CSAM?
No
F. List all minor applications or subsystems that are hosted on this system and covered under this privacy impact
assessment.
Subsystem Name
Purpose
Contains PII
Describe
None
NA
No

G. Does this information system or electronic collection require a published Privacy Act System of Records Notice (SORN)?
No
H. Does this information system or electronic collection require an OMB Control Number?
Yes
Describe
Control # is pending

Page 2 of 8

A. What PII will be collected? Indicate all that apply.
Name

Religious Preference

Social Security Number (SSN)

Citizenship

Security Clearance

Personal Cell Telephone Number

Gender

Spouse Information

Tribal or Other ID Number

Birth Date

Financial Information

Personal Email Address

Group Affiliation

Medical Information

Mother’s Maiden Name

Marital Status

Disability Information

Home Telephone Number

Biometrics

Credit Card Number

Child or Dependent Information

Other Names Used

Law Enforcement

Employment Information

Truncated SSN

Education Information

Military Status/Service

Legal Status

Emergency Contact

Mailing/Home Address

Place of Birth

Driver’s License

Other

Race/Ethnicity

Specify the PII collected.
iNaturalist.org system username
B. What is the source for the PII collected? Indicate all that apply.
Individual

Tribal agency

DOI records

State agency

Federal agency

Local agency

Third party source

Other

C. How will the information be collected? Indicate all that apply.
Paper Format

Face-to-Face Contact

Fax

Telephone Interview

Email

Web Site

Other

Information Shared Between Systems

Describe
Download data from third-party iNaturalist website (www.inaturalist.org) after public has entered information using
either mobile devices (e.g., iPhone or Android phone) or website. These data submitted to iNaturalist are available for
public use with attribution. No special agreement is required to download the data.
D. What is the intended use of the PII collected?
We intend to use the username and/or individual’s name to comply with license requirements for attribution present on
each observation record in iNaturalist when using natural history observation information from the iNaturalist system.
E. With whom will the PII be shared, both within DOI and outside DOI? Indicate all that apply.
Within the Bureau/Office
Describe the bureau or office and how the data will be used.
The observer’s name or iNaturalist username will be available in the NPSpecies data system when a natural history
observation made by that observer is displayed, in order to properly attribute the observation to that individual.
Other Bureaus/Offices
Describe the bureau or office and how the data will be used.
The observer’s name or iNaturalist username will be available in the NPSpecies data system when a natural history
observation made by that observer is displayed, in order to properly attribute the observation to that individual.
Other Federal Agencies
Describe the federal agency and how the data will be used.
The observer’s name or iNaturalist username will be available in the NPSpecies data system when a natural history
observation made by that observer is displayed, in order to properly attribute the observation to that individual.
Tribal, State or Local Agencies
Page 3 of 8

Describe the Tribal, state or local agencies and how the data will be used.
The observer’s name or iNaturalist username will be available in the NPSpecies data system when a natural history
observation made by that observer is displayed, in order to properly attribute the observation to that individual.
Contractor
Describe the contractor and how the data will be used.
The observer’s name or iNaturalist username will be available in the NPSpecies data system when a natural history
observation made by that observer is displayed, in order to properly attribute the observation to that individual.
Other Third Party Sources
Describe the third party source and how the data will be used.
The observer’s name or iNaturalist username will be available in the NPSpecies data system when a natural history
observation made by that observer is displayed, in order to properly attribute the observation to that individual.
The NPSpecies data system has a public-facing interface. Therefore, the information will be available to anyone who
accesses the NPSpecies system.
F. Do individuals have the opportunity to decline to provide information or to consent to the specific uses of their PII?
Yes
Describe the method by which individuals can decline to provide information or how individuals consent to specific uses.
- Individuals may decline to post observation to iNaturalist when on NPS lands
- Per the iNaturalist Privacy Policy, “visitors can always refuse to supply personally-identifying information, with the
caveat that it may prevent them from engaging in certain website-related activities”
- Individuals may restrict rights to reuse observations in iNaturalist
G. What information is provided to an individual when asked to provide PII data? Indicate all that apply.
Privacy Act Statement

Privacy Notice

Other

None

Describe each applicable format.
The third-party iNaturalist.org website provides an explicit Privacy Policy at http://www.inaturalist.org/pages/privacy

H. How will data be retrieved? List the identifiers that will be used to retrieve information (e.g., name, case number, etc.).
Data collected from the iNaturalist.org website will be entered into the NPSpecies System where observations will be
retrieved by selecting a NPS unit (e.g., park, monument, national historic site) or by a taxon (organism) and an NPS unit.
I. Will reports be produced on individuals?
No

A. How will data collected from sources other than DOI records be verified for accuracy?
Verification of data accuracy is done at the iNaturalist.org website. The iNaturalist Terms of Service govern rules for
creating an iNaturalist account NPS collects the data from iNatualist.org as provided by the individual to the iNaturalist.
org website.
B. How will data be checked for completeness?
Verification for completeness of data is done at the iNaturalist.org website. The iNaturalist Terms of Service govern rules
for creating an iNaturalist account. NPS collects the data from iNaturalist.org as provided by the individual to the
iNaturalist.org website.
C. What procedures are taken to ensure the data is current? Identify the process or name the document (e.g., data models).
The username and/or actual name associated with an observation are automatically added to the observation in
Page 4 of 8

iNaturalist by virtue of the account that was logged in when the observation was created. This information should not
change as it is a fundamental property of the unique observation.
D. What are the retention periods for data in the system? Identify the associated records retention schedule for the records
in this system.
Per the NPS Records Schedule of February, 2010 (NI-79-08-1), natural resource records are considered permanent
records. These records will be transferred to NARA after three years, though they will still be maintained in the
NPSpecies system.
E. What are the procedures for disposition of the data at the end of the retention period? Where are the procedures
documented?
Per the NPS Records Schedule of February, 2010 (NI-79-08-1), natural resource records are considered permanent
records. These records will be transferred to NARA after three years, though they will still be maintained in the
NPSpecies system.
F. Briefly describe privacy risks and how information handling practices at each stage of the “information lifecycle” (i.e.,
collection, use, retention, processing, disclosure and destruction) affect individual privacy.
Privacy risks associated with the third-party iNaturalist system are mitigated per the Privacy Policy detailed on that site at
http://www.inaturalist.org/pages/privacy
Privacy risks associated with the natural history observations that are loaded into the NPSpecies data system from the
iNaturalist system are minimal. This is because the only PII that is included in the NPSpecies data system is iNaturalist
username and/or actual name (if provided) of the individual who observed an organism in an NPS unit. This information
alone does not provide contact information for an individual.

A. Is the use of the data both relevant and necessary to the purpose for which the system is being designed?
Yes
Explanation
The purpose of adding iNaturalist observations to the NPSpecies system is to help substantiate the occurrence of
wildlife and invertebrate species in NPS units. This includes species that are threatened and endangered. This
information will enable parks to report accurate numbers to the Fish and Wildlife Service on expenditures by the NPS
to improve park habitat and increase protections for those listed species. The information is also used to create
species checklists for use by park visitors. The information can also be used to alert park managers about the status of
species that may be of local management concern or are categorized as invasive or noxious and require coordinated
treatment efforts.
The observer’s name or iNaturalist username will be available in the NPSpecies data system when a natural history
observation made by that observer is displayed, in order to properly attribute the observation to that individual.
B. Does this system or electronic collection derive new data or create previously unavailable data about an individual
through data aggregation?
No
C. Will the new data be placed in the individual’s record?
No
D. Can the system make determinations about individuals that would not be possible without the new data?
No
E. How will the new data be verified for relevance and accuracy?
Not applicable.

Page 5 of 8

F. Are the data or the processes being consolidated?
No, data or processes are not being consolidated
G. Who will have access to data in the system or electronic collection? Indicate all that apply.
Users

Developers

Contractors

Other

System Administrator

H. How is user access to data determined? Will users have access to all data or will access be restricted?
Natural history observations in the NPSpecies data system will be available to the general public through the web-based
application. The username and/or actual name of the observer is part of this information.
I. Are contractors involved with the design and/or development of the system, or will they be involved with the maintenance
of the system?
Yes
Were Privacy Act contract clauses included in their contracts and other regulatory measures addressed?
Contractors are employed in the development of the software for the NPSpecies system. Contractors are required to
adhere to directives and policies related to practices
and procedures required by the U.S. Department of the Interior (DOI), the National Park Service, and any other
government oversight offices.
J. Is the system using technologies in ways that the DOI has not previously employed (e.g., monitoring software,
SmartCards or Caller ID)?
No
K. Will this system provide the capability to identify, locate and monitor individuals?
No
L. What kinds of information are collected as a function of the monitoring of individuals?
Not applicable.

M. What controls will be used to prevent unauthorized monitoring?
Not applicable.

N. How will the PII be secured?

Page 6 of 8

(1) Physical Controls. Indicate all that apply.
Security Guards
Secured Facility

Identification Badges

Combination Locks
Locked Offices

Key Cards

Closed Circuit Television

Safes

Locked File Cabinets

Cipher Locks

Other

(2) Technical Controls. Indicate all that apply.
Password
Intrusion Detection System (IDS)
Firewall

Virtual Private Network (VPN)

Encryption

Public Key Infrastructure (PKI) Certificates

User Identification

Personal Identity Verification (PIV) Card

Biometrics
Other
(3) Administrative Controls. Indicate all that apply.
Periodic Security Audits
Regular Monitoring of Users’ Security Practices
Backups Secured Off-site

Methods to Ensure Only Authorized Personnel Have Access to PII

Rules of Behavior

Encryption of Backups Containing Sensitive Data

Role-Based Training

Mandatory Security, Privacy and Records Management Training

Other
O. Who will be responsible for protecting the privacy rights of the public and employees? This includes officials responsible
for addressing Privacy Act complaints and requests for redress or amendment of records.
Natural Resource Stewardship and Science Directorate (NRSS) staff responsible for the management and operation of
the NPSpecies data system.
P. Who is responsible for assuring proper use of the data and for reporting the loss, compromise, unauthorized disclosure, or
unauthorized access of privacy protected information?
Natural Resource Stewardship and Science Directorate (NRSS) staff responsible for the management and operation of
the NPSpecies data system.

Information System Owner
Email
[email protected]
First Name
Marianne

M.I.

Last Name
Tucker

Bureau/Agency
National Park Service

Title
Deputy Chief IMD
Phone
(970) 225-3589

Electronically signed by: Marianne Tucker
Date: Thu Dec 17 2015 10:31:44 GMT-0700
Reference number: DI-4001-a1978593MT
U.S. Department of the Interior | Enterprise Forms System

Page 7 of 8

Information System Security Officer
Email
[email protected]
First Name
Ken

M.I.

Last Name
Bernitt

Title
IT Security Manager

Bureau/Agency
National Park Service

Phone
(970) 225-3562

Electronically signed by: Ken Bernitt
Date: Thu Dec 17 2015 10:40:17 GMT-0700
Reference number: DI-4001-a1978593MT
U.S. Department of the Interior | Enterprise Forms System

Privacy Officer
Email
[email protected]
First Name
Felix

M.I.

Last Name
Uribe

Title
Privacy Officer

Bureau/Agency
National Park Service

Phone
(202) 354-6925

Electronically signed by: Felix Uribe
Date: Thu Dec 17 2015 12:47:57 GMT-0500
Reference number: DI-4001-a1978593MT
U.S. Department of the Interior | Enterprise Forms System

Reviewing Official
Email
[email protected]
First Name
Jeffrey

M.I.
S

Last Name
Compton

Bureau/Agency
National Park Service

Title
Associate Director/CIO
Phone
(202) 208-2433

Electronically signed by: Jeffrey S Compton
Date: Mon Dec 28 2015 11:24:11 GMT-0500
Reference number: DI-4001-a1978593MT
U.S. Department of the Interior | Enterprise Forms System

Page 8 of 8