Privacy Impact Assessment

Save

Privacy Impact Assessment Form
v 1.21
Status

Form Number

Form Date

Question

Answer

1

OPDIV:

CDC

2

PIA Unique Identifier:

0923-18AJA

2a Name:

10/11/18

Environmental Health and Land Reuse Certification
General Support System (GSS)
Major Application

3

The subject of this PIA is which of the following?

Minor Application (stand-alone)
Minor Application (child)
Electronic Information Collection
Unknown

3a

Identify the Enterprise Performance Lifecycle Phase
of the system.

Implementation
Yes

3b Is this a FISMA-Reportable system?

4

Does the system include a Website or online
application available to and for the use of the general
public?

5

Identify the operator.

6

Point of Contact (POC):

7

Is this a new or existing system?

8

Does the system have Security Authorization (SA)?

No
Yes
No
Agency
Contractor
POC Title

Environmental Health Scientist

POC Name

Laurel Berman

POC Organization CDC/NCEH/ATSDR
POC Email

[email protected]

POC Phone

312-886-7476
New
Existing
Yes
No

8b Planned Date of Security Authorization
Not Applicable

Page 1 of 9

Save

8c

Briefly explain why security authorization is not
required

Two authorized CDC systems will be used for this electronic
data collection: Training and Continuing Education Online
(TCEO) for registration info and testing and Anonymous
Instance - Research Electronic Data Capture (REDCap) for a
course follow-up survey.

10

Describe in further detail any changes to the system
that have occurred since the last PIA.

Not applicable - new ICR and new PIA
The goal of the information collection is to collect participant
feedback on the environmental health land reuse certificate
course content developed by ATSDR and its collaborator.

11 Describe the purpose of the system.

This ICR does not involve creation of a new IT system by
ATSDR. ATSDR intends to host an Environmental Health and
Land Reuse course using the Centers for Disease Control and
Prevention's (CDC) system Training and Continuing Education
Online (TCEO). TCEO will offer continuing education credits for
the 5-part training. TCEO is an authorized CDC information
system. It was authorized to operate on 5/16/2018 and has
PRA clearance # 0920-0017; 5/15/2019. Its approved Privacy
Impact Assessment authorizes it to store, process, and transmit
Personally Identifiable Information (PII). The TCEO registration
system will collect information in identifying form (IIF) such as
name, address, email, phone number and zip code to complete
participant registration and course content engagement, such
as to receive continuing education credits or a course
completion certificate. ATSDR will ask the National
Environmental Health Association (NEHA) as well as other
partners (e.g. tribal entities) to provide participant names and
emails for users who have taken the training in order to
conduct a one time follow up survey. To protect the personally
identifiable information of the participants, ATSDR’s Land
Reuse Team will store information in a secure fileshare. This
system will be used to store participant email information in a
secure computer system drive with protected access. The team
lead will contact individual participants with a link to a secure
survey. The survey will use the CDC authorized system
Anonymous Instance - Research Electronic Data Capture
(REDCap). REDCap was authorized to operate on 10/18/2017.
REDCap is a secure web application for building and managing
online surveys and databases. REDCap will be used to manage
and store the follow up feedback data. Anonymous survey
data from REDCap will be downloaded and securely stored on
a file-share. Information collected and stored will be removed
by the Land Reuse Team from the secure drive after three
years.
Data collection will be conducted through support of two
systems, TCEO and REDCap. TCEO system will collect
registration data for participants.

Describe the type of information the system will
collect, maintain (store), or share. (Subsequent
12
questions will identify if this information is PII and ask
REDCap will capture feedback data on participants. The
about the specific data elements.)
participant evaluation feedback will occur one time through an
anonymous survey, post-training certification.

Page 2 of 9

Save
This ICR will use two systems for its data needs: TCEO will be
used to collect participant registration data and REDCap to
obtain feedback data.

Provide an overview of the system and describe the
13 information it will collect, maintain (store), or share,
either permanently or temporarily.

TCEO system uses the HTTPS protocol on a CDC web server
that uses encryption to protect the information participants
provide. Information in an individual’s TCEO account is
accessible to that individual and CDC for reporting purposes
and to provide assistance. Some account information is
accessible by the TCEO Learner Support Team to help
participants access their accounts or use the system. For
reporting purposes, TCEO data is shared with accrediting
organizations as required and course data (information about
the group of people who took a course) may be summarized
and shared with course providers for evaluation and program
improvement purposes. TCEO asks participants to create a
password for registration. TCEO collects participants' email,
name, address, city, country, postal code, daytime telephone
number, and job-related information (employer, education,
work setting, primary profession).
REDCap will be used for collecting participant feedback, this
electronic survey will be completed one time, six to 12 months
post-certification. The feedback questions are designed to take
up to 20 minutes to complete. The majority of the questions
are selection (e.g. select one or all that apply) with fill-in
options, e.g., “other”. The feedback survey will assess
participant's increased awareness, skills, and knowledge in
environmental health and land reuse.
Yes

14 Does the system collect, maintain, use or share PII?

Indicate the type of PII that the system will collect or
15
maintain.

No
Social Security Number

Date of Birth

Name

Photographic Identifiers

Driver's License Number

Biometric Identifiers

Mother's Maiden Name

Vehicle Identifiers

E-Mail Address

Mailing Address

Phone Numbers

Medical Records Number

Medical Notes

Financial Account Info

Certificates

Legal Documents

Education Records

Device Identifiers

Military Status

Employment Status

Foreign Activities

Passport Number

Taxpayer ID
Job Category
Job Title

Page 3 of 9

Save
Employees
Public Citizens
16

Business Partners/Contacts (Federal, state, local agencies)

Indicate the categories of individuals about whom PII
is collected, maintained or shared.

Vendors/Suppliers/Contractors
Patients
Other Environmental Professionals who are citizens and
typically employed or are adult students

17 How many individuals' PII is in the system?
18 For what primary purpose is the PII used?

19

Describe the secondary uses for which the PII will be
used (e.g. testing, training or research)

500-4,999
Online registration for trainings and notification of new
trainings
One-time participant follow up to determine effectiveness of
training, which may be used for evaluation or publications.
Email addresses will be provided by NEHA or known cohorts
(e.g. tribal entities, state cooperative agreement partners or
graduate students) for this follow-up.

20 Describe the function of the SSN.

N/A

20a Cite the legal authority to use the SSN.

N/A

The legal authorities are the Comprehensive Environmental
Identify legal authorities governing information use Response, Compensation, and Liability Act of 1980 (CERCLA),
21
the 1984 amendments to the Resource Conservation and
and disclosure specific to the system and program.
Recovery Act of 1976 (RCRA) and the Superfund Amendments
and Reauthorization Act of 1986 (SARA).
22

Yes

Are records on the system retrieved by one or more
PII data elements?

No
Published:

Identify the number and title of the Privacy Act
System of Records Notice (SORN) that is being used
22a
to cover the system or identify if a SORN is being
developed.

Published:
Published:
In Progress

Page 4 of 9

Save
Directly from an individual about whom the
information pertains
In-Person
Hard Copy: Mail/Fax
Email
Online
Other
Government Sources
23

Within the OPDIV
Other HHS OPDIV
State/Local/Tribal
Foreign
Other Federal Entities
Other

Identify the sources of PII in the system.

Non-Government Sources
Members of the Public
Commercial Data Broker
Public Media/Internet
Private Sector
Other
23a

Identify the OMB information collection approval
number and expiration date.

24 Is the PII shared with other organizations?

OMB Control No. 0923-NEW
Yes
No
Within HHS

Identify with whom the PII is shared or disclosed and
24a
for what purpose.

Other Federal
Agency/Agencies
State or Local
Agency/Agencies
Private Sector

Describe any agreements in place that authorizes the
information sharing or disclosure (e.g. Computer
24b Matching Agreement, Memorandum of
Understanding (MOU), or Information Sharing
Agreement (ISA)).
24c

Describe the procedures for accounting for
disclosures

Page 5 of 9

Save

Describe the process in place to notify individuals
25 that their personal information will be collected. If
no prior notice is given, explain the reason.

26

Is the submission of PII by individuals voluntary or
mandatory?

Individuals will be notified as to what PII is being collected
from them and how the information will be used or shared
when they first log into the system as applicants or alumni and
will be available for their review every time they log in
thereafter, and alumni will provide electronic consent before
they can enter their data.
Otherwise, CDC requires the governmental or nongovernmental source contributing the information to have
obtained the participant's consent with the research or public
health event by capturing a certified electronic signature from
each participant in the research protocol or study beforehand.
Voluntary
Mandatory

Describe the method for individuals to opt-out of the
Individuals can't opt-out of collection or use of their PII other
collection or use of their PII. If there is no option to
27
than not participating in the training. The survey doesn't
object to the information collection, provide a
collect PII.
reason.
Should major changes ever occur to the system, CDC/CSELS/
DSEPD administrators will notify individuals whose PII is in the
system by email asking them to provide consent as
appropriate by either written or electronic notice.
Otherwise, CDC requires the entity contributing the
information to obtain participant consent with the research or
public health event by capturing a certified electronic
signature for each participant in the research protocol or study
Describe the process to notify and obtain consent
from the individuals whose PII is in the system when providing their PII. As part of the official record, each project's
program/principal investigator (PI) is responsible for
major changes occur to the system (e.g., disclosure
implementing processes to ensure records belonging to the
28 and/or data uses have changed since the notice at
the time of original collection). Alternatively, describe individual participants are maintained, transferred and
destroyed according to either the general or project specific
why they cannot be notified or have their consent
record retention requirements. If major changes to the
obtained.
disclosure and/or data uses of PII occur during this retention
period, this consent document will be used to notify and
update the consenting individuals.
As the CDC owner of the PII collected, each PI is responsible for
both identifying major PII data use and disclosure changes and
ensuring that the consenting individual is properly notified.
The PI acknowledges this responsibility through the
completion and acceptance of the project request form.

Page 6 of 9

Save
The process of handling a user's concern with PII of the system
would be to contact the email address listed on the webpage.
The system administrator would then be responsible for
resolving the issue.
Describe the process in place to resolve an
individual's concerns when they believe their PII has
29 been inappropriately obtained, used, or disclosed, or
that the PII is inaccurate. If no process exists, explain
why not.

Otherise, individuals with concerns that their PII is inaccurate
or may have been inappropriately obtained, used, or disclosed
should first contact the contributing entity governmental or
non-governmental organization to which they initially
disclosed the information. If unsatisfied with that collecting
organization's response, the individual can contact CDC
directly for assistance identifying the appropriate principal
investigator (PI); as the CDC owner of the PII collected, each PI
is responsible for working with individuals to resolve these
types of concerns. The PI acknowledges this responsibility
through the completion and acceptance of the project request
form.
Data is maintained by the end user.

Describe the process in place for periodic reviews of
PII contained in the system to ensure the data's
30
integrity, availability, accuracy and relevancy. If no
processes are in place, explain why not.

Otherwise, each individual project's program/PI is responsible
for periodic reviews of the integrity, availability, accuracy, and
relevancy of PII collected. The PI is notified of and
acknowledges these responsibilities through the completion
and acceptance of the project request form.
Users
Administrators

31

Identify who will have access to the PII in the system
and the reason why they require access.

TCEO staff to issue continuing
education credits, credit for contract

Developers
Contractors
Others

A formal request must be sent to them approved by the
Business Steward prior to access being granted. Users can only
Describe the procedures in place to determine which access their own profile. Administration privileges are only
32 system users (administrators, developers,
granted to the staff of the Continuing Education group.
contractors, etc.) may access PII.
Otherwise, role-based access controls are used to determine
which system users may access PII.
Describe the methods in place to allow those with
33 access to PII to only access the minimum amount of
information necessary to perform their job.

The application utilizes the principle of least privilege access;
the least privilege model is used to allow those with access to
PII to only access the minimum amount of information
necessary to perform their job.

Identify training and awareness provided to
personnel (system owners, managers, operators,
contractors and/or program managers) using the
34
system to make them aware of their responsibilities
for protecting the information being collected and
maintained.

All CDC users are required to take Security and Privacy
Awareness Training at least annually.

Page 7 of 9

Save
Describe training system users receive (above and
35 beyond general security and privacy awareness
training).

None

Do contracts include Federal Acquisition Regulation
36 and other appropriate clauses ensuring adherence to
privacy provisions and practices?
Describe the process and guidelines in place with
37 regard to the retention and destruction of PII. Cite
specific records retention schedules.

Yes
No
Records are maintained in agency for two years. Disposal
methods include erasing computer tapes, burning or
shredding paper materials or transferring records to the
Federal Records Center when no longer needed for evaluation
and analysis. Records destroyed by paper recycling process
after 12 years, unless needed for further study.
Administrative, technical, and physical controls are in place to
protect PII contained in the TCEO and RedCap systems.
Participant emails for courses will be protected by various
controls.

Describe, briefly but with specificity, how the PII will
38 be secured in the system using administrative,
technical, and physical controls.

Administrative - Principal investigator limits access to the
network share to only authorized individuals working on the
study and specifically the follow-up survey. Access is reviewed
when users leave the project, ATSDR, or CDC.
Technical - The PII is secured using the CDC/IS Active Directory
authentication and share access controls. All data is processed
on CDC encrypted laptops. Data is monitored by Network and
IT security controls which are administered by OCISO and ITSO.
Physical - Guards, ID badges and key card restrictions restrict
access to buildings and rooms that have computers and
servers containing the collected information.

REVIEWER QUESTIONS: The following section contains Reviewer Questions which are not to be filled out unless the user is an OPDIV
Senior Officer for Privacy.

Reviewer Questions
1

Are the questions on the PIA answered correctly, accurately, and completely?

Answer
Yes
No

Reviewer
Notes
2

Does the PIA appropriately communicate the purpose of PII in the system and is the purpose
justified by appropriate legal authorities?

Yes

Do system owners demonstrate appropriate understanding of the impact of the PII in the
system and provide sufficient oversight to employees and contractors?

Yes

No

Reviewer
Notes
3

No

Reviewer
Notes
4

Does the PIA appropriately describe the PII quality and integrity of the data?

Yes
No

Page 8 of 9

Save
Reviewer Questions

Answer

Reviewer
Notes
5

Is this a candidate for PII minimization?

Yes
No

Reviewer
Notes
6

Does the PIA accurately identify data retention procedures and records retention schedules?

Yes
No

Reviewer
Notes
7

Are the individuals whose PII is in the system provided appropriate participation?

Yes
No

Reviewer
Notes
8

Does the PIA raise any concerns about the security of the PII?

Yes
No

Reviewer
Notes
9

Is applicability of the Privacy Act captured correctly and is a SORN published or does it need
to be?

Yes
No

Reviewer
Notes
10

Is the PII appropriately limited for use internally and with third parties?

Yes
No

Reviewer
Notes
11

Does the PIA demonstrate compliance with all Web privacy requirements?

Yes
No

Reviewer
Notes
12

Were any changes made to the system because of the completion of this PIA?

Yes
No

Reviewer
Notes

General Comments

OPDIV Senior Official
for Privacy Signature

Jarell
Oshodi -S

Digitally signed by Jarell
HHS Senior
Oshodi -S
Agency Official
Date: 2018.10.26
for Privacy
12:09:29 -04'00'

Page 9 of 9