Privacy Impact Assessment - List Sampling Frame

Download: docx | pdf

United States Department of Agriculture

National Agricultural Statistics Service

NASS List Sampling Frame

Privacy Impact Assessment

(PIA)

September 28, 2007

Prepared by:

National Agricultural Statistics Service

1400 Independence Ave., S.W.

Washington, DC 20250

USDA PRIVACY IMPACT ASSESSMENT FORM

Agency: National Agricultural Statistics Service

     

System Name: NASS List Sampling Frame

     

System Type: Major Application

General Support System

Non-major Application

System Categorization (per FIPS 199): High

Moderate

Low

Description of the System:

The NASS List Sampling Frame provides samples of farms, ranches, and agri-businesses for NASS’ annual survey program and to provide the Census Mail List (CML) for the Census of Agriculture every five years.

     

Who owns this system? (Name, agency, contact information)

Stan Hoge

National Agricultural Statistics Service

1400 Independence Ave., S.W.

Washington, DC 20250

Tel.No. (202)720-8853

     

Who is the security contact for this system? (Name, agency, contact information)

Renato Chan     

National Agricultural Statistics Service

1400 Independence Ave., S.W.

Washington, DC 20250

Tel.No. (202)720-4068

     

Who completed this document? (Name, agency, contact information)

Renato Chan     

National Agricultural Statistics Service

1400 Independence Ave., S.W.

Washington, DC 20250

Tel.No. (202)720-4068

DOES THE SYSTEM CONTAIN INFORMATION ABOUT INDIVIDUALS IN AN IDENTIFIABLE FORM?

Indicate whether the following types of personal data are present in the system

QUESTION 1 Does the system contain any of the following type of data as it relates to individual:	Citizens	Employees
Name	Yes	No
Social Security Number	Yes	No
Telephone Number	Yes	No
Email address	Yes	No
Street address	Yes	No
Financial data (i.e. account numbers, tax ids, etc)	Yes	No
Health data	No      	No
Biometric data	No      	No
QUESTION 2 Can individuals be uniquely identified using personal information such as a combination of gender, race, birth date, geographic indicator, biometric data, etc.? NOTE: 87% of the US population can be uniquely identified with a combination of gender, birth date and five digit zip code1	Yes	No
Are social security numbers embedded in any field?	No	No
Is any portion of a social security numbers used?	Yes	No
Are social security numbers extracted from any other source (i.e. system, paper, etc.)?	Yes	No

If all of the answers in Questions 1 and 2 are NO,

You do not need to complete a Privacy Impact Assessment for this system and the answer to OMB A-11, Planning, Budgeting, Acquisition and Management of Capital Assets,

Part 7, Section E, Question 8c is:

3. No, because the system does not contain, process, or transmit personal identifying information.

If any answer in Questions 1 and 2 is YES, provide complete answers to all questions below.

DATA COLLECTION

3. Generally describe the data to be used in the system.

Data contained in the system include information on all participating farmers, ranchers, and agri-businesses in the United States. All information collected and processed by this system is protected by US Code: Title 7, 2276 – Confidentiality of Information.

3. Is the collection of the data both relevant and necessary to the purpose for which the system is designed? In other words, the data is absolutely needed and has significant and bearing on the system’s purpose.

Yes

No. If NO, go to question 5

1. Explain.

     

The system is designed to process and store data as described above. Without this data, the system will have no purpose.

3. Sources of the data in the system.

   1. What data is being collected from citizens and/or employees?

     

Information on farmers, ranchers, and agri-business operators include: (1) name, (2) address, (3) telephone number, (4) age, (5) race or ethnic origin, (6) gender, (7) social security number/employer identification number, and (8) previous data for efficiently selecting agricultural samples..

          

2. What USDA agencies are providing data for use in the system?

     

Farm Service Agency (FSA), NASS.

     

3. What government agencies (state, county, city, local, etc.) are providing data for use in the system?

Internal Revenue Service (IRS), Social Security Administration (SSA).

     

4. From what other third party sources is data being collected?

     

InfoUSA.     

     

3. Will data be collected from sources outside your agency? For example, citizens and employees, USDA sources (i.e. NFC, RD, etc.) or Non-USDA sources.

Yes

No. If NO, go to question 7

1. How will the data collected from citizens and employees be verified for accuracy, relevance, timeliness, and completeness?

     

Data collected are compared against other list sources to ensure data is accurate, relevant, timely and complete.

          

2. How will the data collected from USDA sources be verified for accuracy, relevance, timeliness, and completeness?

Data collected are compared against other list sources to ensure data is accurate, relevant, timely and complete.

     

3. How will the data collected from non-USDA sources be verified for accuracy, relevance, timeliness, and completeness?

Data collected are compared against other list sources to ensure data is accurate, relevant, timely and complete.

     

     

DATA USE

3. Individuals must be informed in writing of the principal purpose of the information being collected from them. What is the principal purpose of the data being collected?

The list sampling frame is used to provide samples of farms, ranches, and agri-businesses for NASS’ annual survey program and to provide the census mail list for the Census of Agriculture every five years.

     

3. Will the data be used for any other purpose?

Yes

No. If NO, go to question 9

1. What are the other purposes?

     

N/A.

     

3. Is the use of the data both relevant and necessary to the purpose for which the system is being used? In other words, the data is absolutely needed and has significant and demonstrable bearing on the system’s purpose.

Yes

No. If NO, go to question 10

1. Explain.

The system is designed to process and store respondent data as described in Section 3 above. Without this data, the system will have no purpose.     

          

3. Will the system derive new data or create previously unavailable data about an individual through aggregation from the information collected (i.e. aggregating farm loans by zip codes in which only one farm exists.)?

Yes

No. If NO, go to question 11

1. Will the new data be placed in the individual’s record (citizen or employee)?

Yes

No

2. Can the system make determinations about citizens or employees that would not be possible without the new data?

Yes

No

3. How will the new data be verified for relevance and accuracy?

Data collected are compared against other list sources to ensure data is accurate, relevant, timely and complete.

     

3. Individuals must be informed in writing of the routine uses of the information being collected from them. What are the intended routine uses of the data being collected?

Information collected will be used to create samples of farms, ranches, and agri-businesses for NASS’ annual survey program and creation of the census mail list for the Census of Agriculture every five years.

     

3. Will the data be used for any other purpose (other than indicated in question 11)?

Yes

No. If NO, go to question 13

1. What are the other purposes?

     

N/A.

     

3. Automation of systems can lead to the consolidation of data – bringing data from multiple sources into one central location/system – and consolidation of administrative controls. When administrative controls are consolidated, they should be evaluated so that all necessary privacy controls remain in place to the degree necessary to continue to control access to and use of the data. Is data being consolidated?

Yes

No. If NO, go to question 14

1. What controls are in place to protect the data and prevent unauthorized access?

All system users are required to sign a pledge of confidentiality that carries severe legal penalties for violating the pledge. NASS employs physical security controls, logical access controls, technological controls, auditing and monitoring of controls.

     

3. Are processes being consolidated?

Yes

No. If NO, go to question 15

1. What controls are in place to protect the data and prevent unauthorized access?

All system users are required to sign a pledge of confidentiality that carries severe legal penalties for violating the pledge. NASS employs physical security controls, logical access controls, technological controls, auditing and monitoring of controls.

     

     

     

DATA RETENTION

3. Is the data periodically purged from the system?

Yes

No. If NO, go to question 16

1. How long is the data retained whether it is on paper, electronically, in the system or in a backup?

Retention and disposal practices are in accordance with approved National Archives and Records Administration (NARA) schedules.

          

2. What are the procedures for purging the data at the end of the retention period?

Retention and disposal practices are in accordance with approved National Archives and Records Administration (NARA) schedules.

          

3. Where are these procedures documented?

Retention and disposal practices are in accordance with approved National Archives and Records Administration (NARA) schedules.

     

          

3. While the data is retained in the system, what are the requirements for determining if the data is still sufficiently accurate, relevant, timely, and complete to ensure fairness in making determinations?

Data are compared against other list sources to ensure data is accurate, relevant, timely and complete.     

          

3. Is the data retained in the system the minimum necessary for the proper performance of a documented agency function?

Yes

No

DATA SHARING

3. Will other agencies share data or have access to data in this system (i.e. international, federal, state, local, other, etc.)?

Yes

No. If NO, go to question 19

1. How will the data be used by the other agency?

     

N/A.

     

2. Who is responsible for assuring the other agency properly uses of the data?

     

N/A.

     

3. Is the data transmitted to another agency or an independent site?

Yes

No. If NO, go to question 20

1. Is there the appropriate agreement in place to document the interconnection and that the PII and/or Privacy Act data is appropriately protected?      

     

     

2. Where are those documents located?

     

3. Is the system operated in more than one site?

Yes

No. If NO, go to question 21

1. How will consistent use of the system and data be maintained in all sites?

     

DATA ACCESS

Who will have access to the data in the system (i.e. users, managers, system administrators, developers, etc.)?

Only authorized sworn NASS employees will have access to the system. It includes a very limited number of NASS managers, users, system administrators and developers. All system users are required to sign a pledge of confidentiality that carries severe legal penalties for violating the pledge.

     

     

3. How will user access to the data be determined?

User access will be determined based on the job function. Access for these users are reviewed by their respective manager then presented for approval to the system owner.     

     

1. Are criteria, procedures, controls, and responsibilities regarding user access documented?

Yes

No. If NO, go to question 23

2. Where are criteria, procedures, controls, and responsibilities regarding user access documented?

Electronic records of authorized requests for user accounts are maintained. Data access is strictly limited to NASS employees that have been officially authorized to have access. All NASS employees are required to sign a pledge of confidentiality that carries severe legal penalties for violating the pledge. NASS employs physical security controls, logical access controls, technological controls, auditing and monitoring of controls.

          

     

3. How will user access to the data be restricted?

Users are validated at several levels, including the network, database, internal application access controls and role level security before being allowed to access the data. NASS employs physical security controls, logical access controls, technological controls, auditing and monitoring of controls to accommodate this.

               

1. Are procedures in place to detect or deter browsing?

Yes

No

     

2. Are procedures in place to detect or deter unauthorized user access?

Yes

No

3. Does the system employ security controls to make information unusable to unauthorized individuals (i.e. encryption, strong authentication procedures, etc.)?

Yes

No

CUSTOMER PROTECTION

3. Who will be responsible for protecting the privacy rights of the citizens and employees affected by the interface (i.e. office, person, departmental position, etc.)?

It is the responsibility of all NASS employees and sworn agents to protect the privacy rights of citizens and employees affected by the interface. All NASS employees are required to sign a pledge of confidentiality that carries severe legal penalties for violating the pledge.

     

     

3. How can citizens and employees contact the office or person responsible for protecting their privacy rights?

NASS officials can be contacted in Headquarters and each Field Office.

     

3. A “breach” refers to a situation where data and/or information assets are unduly exposed. Is a breach notification policy in place for this system?

Yes - If YES, where is the breach notification policy located?

The policy is located in the Security office at NASS Headquarters in Washington, D.C.

          

No - If NO, please enter the POAM number with the estimated completion date:

     

     

3. Consider the following:

• Consolidation and linkage of files and systems

• Derivation of data

• Accelerated information processing and decision making

• Use of new technologies

Is there a potential to deprive a citizens and employees of fundamental rules of fairness (those protections found in the Bill of Rights)?

Yes

No. If NO, go to question 29

1. Explain how this will be mitigated?

     

N/A.

     

3. How will the system and its use ensure equitable treatment of citizens and employees?

     

The privacy and confidentiality of all data providers are covered equally by US Code: Title 7, 2276.

     

3. Is there any possibility of treating citizens and employees differently and unfairly based upon their individual or group characteristics?

Yes

No. If NO, go to question 31

1. Explain

     

N/A.

     

SYSTEM OF RECORD

3. Can the data be retrieved by a personal identifier? In other words, does the system actually retrieve data by the name of an individual or by some other unique number, symbol, or identifying attribute of the individual?

Yes

No. If NO, go to question 32

1. How will the data be retrieved? In other words, what is the identifying attribute (i.e. employee number, social security number, etc.)?

     

Data can be retrieved by unique identification numbers internal to the agency.

     

2. Under which Systems of Record notice (SOR) does the system operate? Provide number, name and publication date. (SORs can be viewed at www.access.GPO.gov)

     

USDA/NASS-2 List Sampling Frame Records

     

3. If the system is being modified, will the SOR require amendment or revision?

     

If the scope of the personal data maintained is modified, the System of Record will be modified, accordingly.

     

TECHNOLOGY

3. Is the system using technologies in ways not previously employed by the agency (e.g. Caller-ID)?

Yes

No. If NO, the questionnaire is complete.

1. How does the use of this technology affect citizens and employees privacy?

     

N/A.

     

Upon completion of this Privacy Impact Assessment for this system, the answer to

OMB A-11, Planning, Budgeting, Acquisition and Management of Capital Assets,

Part 7, Section E, Question 8c is:

1. Yes.

PLEASE SUBMIT A COPY TO

THE OFFICE OF THE ASSOCIATE CHIEF INFORMATION OFFICE/CYBER SECURITY

File Type	application/vnd.openxmlformats-officedocument.wordprocessingml.document
File Title	Privacy Impact Assessment
Author	Richard Ciampa
File Modified	0000-00-00
File Created	2021-01-22