Pia

06.1 HHS Privacy Impact Assessment (Form) National Children Study at Social & Scientific Systems

PIA SUMMARY

The following required questions with an asterisk (*) represent the information necessary to complete the PIA Summary for transmission to the Office of Management and Budget (OMB) and public posting in accordance with OMB Memorandum (M) 03-22.

Note: If a question or its response is not applicable, please answer “N/A” to that question where possible. If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of personally identifiable information (PII). If no PII is contained in the system, please answer questions in the PIA Summary Tab and then promote the PIA to the Senior Official for Privacy who will authorize the PIA. If this system contains PII, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

*Is this a new PIA?

No.

If this is an existing PIA, please provide a reason for revision:

This is an annual review to the PIA but there were no changes to the document.

*1. Date of this Submission:

11/19/2018

*2. OPDIV Name:

NIH

*4. Privacy Act System of Records Notice (SORN) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):

09-25-0200

*5. OMB Information Collection Approval Number:

0925-0730

*6. Other Identifying Number(s):

Not applicable.

*7. System Name (Align with system item name):

National Children's Study (NCS) Vanguard Data and Sample Archive and Access System

*9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:

Point of Contact Information:

POC Name

Lydia Rogers

*10. Provide an overview of the system:

The NCS information system assembles 14 years of NCS knowledge and experience to serve as an ongoing resource to inform future child health and development research. The original NCS pilot determined the workability and cost of potential study design approaches for the proposed Main study. The study protocol, data collection instruments, and study variables changed during the pilot, resulting in a very complex set of data with differing degrees of data completeness, data cleaning, and compliance with variable definitions. The NCS information system is operating to provide secure access to the data collected during the pilot study to researchers. The NCS information system is designed to maximize use of NCS study data and specimens by external researchers, is cost efficient, incrementally adds value, and provides easy accessibility to external researchers.

*13. Indicate if the system is new or an existing one being modified:

Existing

*17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?

Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. If the information contained in the system ONLY represents federal contact data (i.e., federal contact name, federal address, federal phone number, and federal email address), it does not qualify as PII, according to the E-Government Act of 2002, and the response to Q.17 should be No (only the PIA Summary is required). If the system contains a mixture of federal contact information and other types of PII, the response to Q.17 should be Yes (full PIA is required).

Yes

17a. Is this a GSS PIA included for C&A purposes only, with no ownership of underlying application data? If the response to Q.17a is Yes, the response to Q.17 should be No and only the PIA Summary must be completed.

No

*19. Are records on the system retrieved by 1 or more PII data elements?

Yes

*21. Is the system subject to the Privacy Act? (If the response to Q.19 is Yes, the response to Q.21 must be Yes and a SORN number is required for Q.4)

Yes

*23. If the system shares or discloses PII, please specify with whom and for what purpose(s):

Only S-3 users with access to enclave have access to PII. Access to PII is to query and produce sample size estimation for potential researchers.

*30. Please describe in detail: (1) The information the agency will collect, maintain, or disseminate (clearly state if the information contained in the system ONLY represents federal contact data); (2) Why and for what purpose the agency will use the information; (3) Explicitly indicate whether the information contains PII; and (4) Whether submission of personal information is voluntary or mandatory:

The National Children’s Study collected information on environmental health effects on children. “Environment” was defined not only as soil, air, water, etc., but also the family and social environment in which the child lives. Therefore, PII is needed to allow for analysis of the impacts of those environmental factors. The NCS information system collects which includes the following elements of PII:

• Date of Birth

• Photographic Identifiers

• Biometric Identifiers

• Mother’s Maiden Name, Mother’s Middle Name

• Familial Structure (number of children, number of sibling, etc.)

• Personal Mailing Address

• Personal Phone Numbers

• Medical Records Numbers

• Medical Notes or Records

• Financial or Account Information

• Marital Status

• Race/Ethnicity

• Gender

• Disability Status or Disability Notes

• Certificates

• Device Identifiers

• Personal Email Address

• Education Records or Status, Child Care or Senior Care Records

• Military Status or Military Records

• Employment Status or Other Employment Information

• Primary sampling unit

• Secondary sampling unit

• Tertiary sampling unit

• Comment fields for multiple questions may include potential PII

• State, county, city, country of death

• Date of death

• Cause of death

• Medication names, diagnosis and administration method

This information is for scientific research purposes and to support tracking of participants over time in this longitudinal study.

Names, telephone numbers and personal email addresses were collected for tracking purposes. As stated in question 23, zip code and date of birth are needed to allow for analysis of the impact of environmental occurrences on health where only people born after a certain date may have been affected. Ethnicity, race and income information allows for analysis of health disparities. Information on military service by a parent may have effects on children, as can attendance at daycare, etc. PII information is needed to analyze the impact of environmental variables on children’s health.

Submission of personal information was voluntary, and consent was obtained prior to obtaining personal information. During screening, verbal consent was obtained. Prior to study enrollment for eligible participants, written consent was obtained prior to collecting any additional PII. These procedures were approved by IRB and OMB.

*31. Please describe in detail any processes in place to: (1) Notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) Notify and obtain consent from individuals regarding what PII is being collected from them; and (3) How the information will be used or shared. (Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]):

1) Notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection);

This contract uses precollected data, therefore is not responsible for informed consent.

(2) Notify and obtain consent from individuals regarding what PII is being collected from them;

This contract uses precollected data, therefore is not responsible for informed consent.

(3) How the information will be used or shared. (Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]):

This contract uses precollected data, therefore is not responsible for informed consent.

Researchers will only be given information (data, biospecimens or environmental samples) for participants for whom the study had consent at the time the data was collected.

*32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII)

No

*37. Does the website have any information or pages directed at children under the age of thirteen?

N/A

*50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN)

Yes

*54. Briefly describe in detail how the PII will be secured on the system using administrative, technical, and physical controls:

Physical:

 The NCS System is hosted at the SSS Secure Data Center (SDC) located in Ashburn, VA. The SDC operates at a tier-4, secure colocation facility with industry leading security and reliability. The facility is a SAS 70 certified data center in which physical access to the hardware is limited only to a select number of administrators and is secured through a number of physical access controls including biometric hand scanners, 24/7 guards, pin access codes, private cage access codes and man traps. The facility contains N+1 redundancy for power and standby generators, cooling and environmental systems, and a pre-stage fire-suppression system. The facility provides a number of services, including power, cooling, flood control, fire detection and suppression, and other controls.

Technical:

 SSS operates redundant encrypted communication paths between its Silver Spring and Durham locations and the SDC using site-to-site VPN connections. Data is transferred to the SDC using a Secure File Transfer (SFTP) service. The SFTP service encrypts the data during transit using a Federal Information Processing Standard (FIPS) 140-2 validated encryption algorithm that meets FISMA moderate compliance standards. The data that resides at the SDC, while at rest, is stored on encrypted drives that are dedicated to the project.

 Authorized users, such as SSS programmers and analysts, access the data via Citrix NetScaler using a FIPS 140-2 compliant encryption module.

 Access to the SAS virtual machines (VMs) is managed through Microsoft Active Directory (AD). All employees and contractors must have valid credentials with specific access granted to the SAS VM.

 SSS passwords must meet the SSS Password policy and are only valid for 90 days.

Administrative:

 Access to PII is permitted only through authorization by the Project Director, after all required data use agreements are signed and confidentiality training performed.

 SSS manages access to NCS System VMs and data enclaves through AD utilizing the “least privilege” concept.

The NCS System Security Plan (SSP) provides detailed information on how PII will be secured.

PIA REQUIRED INFORMATION

The PIA determines if Personally Identifiable Information (PII) is contained within a system, what kind of PII, what is done with that information, and how that information is protected. Systems with PII are subject to an extensive list of requirements based on privacy laws, regulations, and guidance. The HHS Privacy Act Officer may be contacted for issues related to Freedom of Information Act (FOIA) and the Privacy Act. Respective Operating Division (OPDIV) Privacy Contacts may be contacted for issues related to the Privacy Act. The Office of the Chief Information Officer (OCIO) can be used as a resource for questions related to the administrative, technical, and physical controls of the system. Please note that answers to questions with an asterisk (*) will be submitted to the Office of Management and Budget (OMB) and made publicly available in accordance with OMB Memorandum (M) 03-22.

Note: If a question or its response is not applicable, please answer “N/A” to that question where possible.

*Is this a new PIA?

No.

If this is an existing PIA, please provide a reason for revision:

This is an annual review of the existing PIA.

*1. Date of this Submission:

11/19/2018

*2. OPDIV Name:

NIH

3. Unique Project Identifier (UPI) Number for current fiscal year (Data is auto-populated from the System Inventory form, UPI table):

Not applicable. System is funded through appropriations in the President’s budget.

*4. Privacy Act System of Records Notice (SORN) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):

09-25-0200

*5. OMB Information Collection Approval Number:

0925-0730

5a. OMB Collection Approval Number Expiration Date:

February 28, 2019

*6. Other Identifying Number(s):

Not applicable.

*7. System Name: (Align with system item name)

National Children's Study (NCS) Vanguard Data and Sample Archive and Access System

8. System Location: (OPDIV or contractor office building, room, city, and state)

System Location:

OPDIV or contractor office building

Social & Scientific Systems, Inc. –

Secure Data Center (Equinix)

21721 Filigree

Room

City

Ashburn

State

Virginia

*9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:

Point of Contact Information:

POC Name

Lydia Rogers

The following information will not be made publicly available:

POC Title

Project Director

POC Organization

Social & Scientific Systems, Inc.

POC Phone

301-628-0471

POC Email

[email protected]

*10. Provide an overview of the system: (Note: The System Inventory form can provide additional information for child dependencies if the system is a GSS)

The NCS information system assembles 14 years of NCS knowledge and experience to serve as an ongoing resource to inform future child health and development research. The original NCS pilot determined the workability and cost of potential study design approaches for the proposed Main study. The study protocol, data collection instruments, and study variables changed during the pilot, resulting in a very complex set of data with differing degrees of data completeness, data cleaning, and compliance with variable definitions. The NCS information system is operating to provide secure access to the data collected during the pilot study to researchers. The NCS information system is designed to maximize use of NCS study data and specimens by external researchers, is cost efficient, incrementally adds value, and provides easy accessibility to external researchers.

SYSTEM CHARACTERIZATION AND DATA CATEGORIZATION

11. Does HHS own the system?

Yes

11a. If no, identify the system owner:

Not applicable.

12. Does HHS operate the system? (If the system is operated at a contractor site, the answer should be No)

No

12a. If no, identify the system operator:

Social & Scientific Systems, Inc. operates the system from their Secure Data Center is Ashburn, VA.

*13. Indicate if the system is new or an existing one being modified:

Existing

14. Identify the life-cycle phase of this system:

Operations

15. Have any of the following major changes occurred to the system since the PIA was last submitted?

No

Please indicate “Yes” or “No” for each category below:

Yes/No

Conversions

No

Anonymous to Non-Anonymous

No

Significant System Management Changes

No

Significant Merging

No

New Public Access

No

Commercial Sources

No

New Interagency Uses

No

Internal Flow or Collection

No

Alteration in Character of Data

No

16. Is the system a General Support System (GSS), Major Application (MA), Minor Application (child) or Minor Application (stand-alone)?

Major Application (MA)

*17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?

Yes

Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. If the information contained in the system ONLY represents business contact data (i.e., business contact name, business address, business phone number, and business email address), it does not qualify as PII, according to the E-Government Act of 2002, and the response to Q.17 should be No (only the PIA Summary is required). If the system contains a mixture of business contact information and other types of PII, the response to Q.17 should be Yes (full PIA is required).

Please indicate "Yes" or "No" for each PII category. If the applicable PII category is not listed, please use the Other field to identify the appropriate category of PII.

Categories:

Yes/No

Name (for purposes other than contacting federal employees)

Yes

Date of Birth

Yes

Social Security Number (SSN), Truncated SSN, or Other Federally Issued Identification Number

No

Photographic Identifiers

Yes

Driver’s License or other state issued identification number

No

Biometric Identifiers

Yes

Mother’s Maiden Name, Mother’s Middle Name

Yes

Familial Structure (number of children, number of sibling, etc.)

Yes

Vehicle Identifiers

No

Personal Mailing Address

Yes

Personal Phone Numbers

Yes

Medical Records Numbers

Yes

Medical Notes or Records

Yes

Financial or Account Information

Yes

Marital Status

Yes

Legal Status, or Citizenship Status

No

Race/Ethnicity

Yes

Gender

Yes

Disability Status or Disability Notes

Yes

Certificates

Yes

Legal Documents

No

Device Identifiers

No

Web Uniform Resource Locator(s) (URL)

No

Personal Email Address

Yes

Education Records or Status, Child Care or Senior Care Records

Yes

Military Status or Military Records

Yes

Employment Status or Other Employment Information

Yes

Foreign Activities

No

Other

• Primary sampling unit

• Secondary sampling unit

• Tertiary sampling unit

• Comment fields for multiple questions may include potential PII

• State, county, city, country and zip code

• Medication names, diagnosis, and administration method

• GEO Coding Information

17a. Is this a GSS PIA included for C&A purposes only, with no ownership of underlying application data? If the response to Q.17a is Yes, the response to Q.17 should be No and only the PIA Summary must be completed.

No

18. Please indicate the categories of individuals about whom PII is collected, maintained, disseminated and/or passed through. Note: If the applicable PII category is not listed, please use the Other field to identify the appropriate category of PII. Please answer "Yes" or "No" to each of these choices (NA in other is not applicable).

Categories:

Yes/No

Employees

Yes

Public Citizen

No

Patients

Yes

Business partners/contacts (Federal, state, local agencies)

No

Vendors/Suppliers/Contractors

No

Other

Yes – Research Subjects

*19. Are records on the system retrieved by 1 or more PII data elements?

Yes

Please indicate "Yes" or "No" for each PII category. If the applicable PII category is not listed, please use the Other field to identify the appropriate category of PII.

Categories:

Yes/No

Name (for purposes other than contacting federal employees)

Yes

Date of Birth

Yes

Social Security Number (SSN), Truncated SSN, or Other Federally Issued Identification Number

No

Photographic Identifiers

Yes

Driver’s License or other state issued identification number

No

Biometric Identifiers

Yes

Mother’s Maiden Name, Mother’s Middle Name

Yes

Familial Structure (number of children, number of sibling, etc.)

Yes

Vehicle Identifiers

No

Personal Mailing Address

Yes

Personal Phone Numbers

Yes

Medical Records Numbers

Yes

Medical Notes or Records

Yes

Financial or Account Information

Yes

Marital Status

Yes

Legal Status, or Citizenship Status

No

Race/Ethnicity

Yes

Gender

Yes

Disability Status or Disability Notes

Yes

Certificates

Yes

Legal Documents

No

Device Identifiers

No

Web Uniform Resource Locator(s) (URL)

No

Personal Email Address

Yes

Education Records or Status, Child Care or Senior Care Records

Yes

Military Status or Military Records

Yes

Employment Status or Other Employment Information

Yes

Foreign Activities

No

Other

• None Primary sampling unit

• Secondary sampling unit

• Tertiary sampling unit

• Comment fields for multiple questions may include potential PII

• State, county, city, country and zip code

• Medication names, diagnosis, and administration method

• GEO Coding Information

20. Are 10 or more records containing PII maintained, stored or transmitted/passed through this system?

Yes

*21. Is the system subject to the Privacy Act? (If the response to Q.19 is Yes, the response to Q.21 must be Yes and a SORN number is required for Q.4)

Yes

21a. If yes but a SORN has not been created, please provide an explanation.

N/A a SORN exist.

INFORMATION SHARING PRACTICES

22. Does the system share or disclose PII with other divisions within this agency, external agencies, or other people or organizations outside the agency?

Yes

Categories:

Yes/No

Name (for purposes other than contacting federal employees)

No

Date of Birth

Yes

Social Security Number (SSN), Truncated SSN, or Other Federally Issued Identification Number

No

Photographic Identifiers

Yes

Driver’s License or other state issued identification number

No

Biometric Identifiers

Yes

Mother’s Maiden Name, Mother’s Middle Name

No

Familial Structure (number of children, number of sibling, etc.)

Yes

Vehicle Identifiers

No

Personal Mailing Address

Yes

Personal Phone Numbers

No

Medical Records Numbers

No

Medical Notes or Records

Yes

Financial or Account Information

Yes

Marital Status

Yes

Legal Status, or Citizenship Status

No

Race/Ethnicity

Yes

Gender

Yes

Disability Status or Disability Notes

Yes

Certificates

No

Legal Documents

No

Device Identifiers

No

Web Uniform Resource Locator(s) (URL)

No

Personal Email Address

No

Education Records or Status, Child Care or Senior Care Records

Yes

Military Status or Military Records

Yes

Employment Status or Other Employment Information

Yes

Foreign Activities

No

Other

• Primary sampling unit

• Secondary sampling unit

• Tertiary sampling unit

• Comment fields for multiple questions may include potential PII

• State, county, city, country and zip code

• Medication names, diagnosis, and administration method

• GEO Coding Information

*23. If the system shares or discloses PII please specify with whom and for what purpose(s):

Only S-3 users with access to enclave have access to PII. Access to PII is to query and produce sample size estimation for potential researchers.

24. If the PII in the system is matched against PII in one or more other computer systems, are computer data matching agreement(s) in place?

No

25. Is there a process in place to notify organizations or systems that are dependent upon the PII contained in this system when major changes occur (i.e., revisions to PII, or when the system is replaced)?

No

26. Are individuals notified how their PII is going to be used?

N/A The informed consent process is owned by NICHD.

26a. If yes, please describe the process for allowing individuals to have a choice. If no, please provide an explanation.

N/A

27. Is there a complaint process in place for individuals who believe their PII has been inappropriately obtained, used, or disclosed, or that the PII is inaccurate?

N/A

27a. If yes, please describe briefly the notification process. If no, please provide an explanation.

N/A

28. Are there processes in place for periodic reviews of PII contained in the system to ensure the data’s integrity, availability, accuracy and relevancy?

No. The data is archived data as it was when the study ended in December 12, 2014.

28a. If yes, please describe briefly the review process. If no, please provide an explanation.

N/A

29. Are there rules of conduct in place for access to PII on the system?

Yes

Please indicate "Yes," "No," or "N/A" for each category. If yes, briefly state the purpose for each user to have access:

Users with access to PII

Yes/No/N/A

Purpose

User

Yes

Analyze study data

Administrators

Yes

Maintenance and troubleshooting of system

Developers

No

N/A

Contractors

No

N/A

Other

N/A

N/A

*30. Please describe in detail: (1) The information the agency will collect, maintain, or disseminate (clearly state if the information contained in the system ONLY represents federal contact data); (2) Why and for what purpose the agency will use the information; (3) Explicitly indicate whether the information contains PII; and (4) Whether submission of personal information is voluntary or mandatory:

The National Children’s Study collected information on environmental health effects on children. “Environment” was defined not only as soil, air, water, etc., but also the family and social environment in which the child lives. Therefore, PII is needed to allow for analysis of the impacts of those environmental factors. The NCS information system collects which includes the following elements of PII:

• Date of Birth

• Photographic Identifiers

• Biometric Identifiers

• Mother’s Maiden Name, Mother’s Middle Name

• Familial Structure (number of children, number of sibling, etc.)

• Personal Mailing Address

• Personal Phone Numbers

• Medical Notes or Records

• Financial or Account Information

• Marital Status

• Race/Ethnicity

• Gender

• Disability Status or Disability Notes

• Personal Email Address

• Education Records or Status, Child Care or Senior Care Records

• Military Status or Military Records

• Employment Status or Other Employment Information

• Primary sampling unit

• Secondary sampling unit

• Tertiary sampling unit

• Comment fields for multiple questions may include potential PII

• State, county, city, country and zip code

• Date of death

• Cause of death

• Medication names, diagnosis and administration method

• Geo Coding information

This information is for scientific research purposes of participants over time in this longitudinal study.

Names, telephone numbers and personal email addresses were collected for tracking purposes. As stated in question 23, zip code and date of birth are needed to allow for analysis of the impact of environmental occurrences on health where only people born after a certain date may have been affected. Ethnicity, race and income information allows for analysis of health disparities. Information on military service by a parent may have effects on children, as can attendance at daycare, etc. PII information is needed to analyze the impact of environmental variables on children’s health.

*31. Please describe in detail any processes in place to: (1) Notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) Notify and obtain consent from individuals regarding what PII is being collected from them; and (3) How the information will be used or shared. (Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]):

1) Notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection);

This contract uses precollected data, therefore is not responsible for informed consent.

(2) Notify and obtain consent from individuals regarding what PII is being collected from them;

This contract uses precollected data, therefore is not responsible for informed consent.

(3) How the information will be used or shared. (Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]):

This contract uses precollected data, therefore is not responsible for informed consent.

Researchers will only be given information (data, biospecimens or environmental samples) for participants for whom the study had consent at the time the data was collected.

WEBSITE HOSTING PRACTICES

*32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII)

No

Please indicate “Yes” or “No” for each type of site below. If the system hosts both Internet and Intranet sites, indicate “Yes” for “Both” only.

Yes/ No

If the system hosts an Internet site, please enter the site URL. Do not enter any URL(s) for Intranet sites.

Internet

Intranet

Both

33. Does the system host a website that is accessible by the public and does not meet the exceptions listed in OMB M-03-22?

Note: OMB M-03-22 Attachment A, Section III, Subsection C requires agencies to post a privacy policy for websites that are accessible to the public, but provides three exceptions: (1) Websites containing information other than "government information" as defined in OMB Circular A-130; (2) Agency intranet websites that are accessible only by authorized government users (employees, contractors, consultants, fellows, grantees); and (3) National security systems defined at 40 U.S.C. 11103 as exempt from the definition of information technology (see section 202(i) of the E-Government Act.).

34. If the website does not meet one or more of the exceptions described in Q. 33 (i.e., response to Q. 33 is "Yes"), a website privacy policy statement (consistent with OMB M-03-22 and Title II and III of the E-Government Act) is required. Has a website privacy policy been posted?

35. If a website privacy policy is required (i.e., response to Q. 34 is “Yes”), is the privacy policy in machine-readable format, such as Platform for Privacy Preferences (P3P)?

35a. If no, please indicate when the website will be P3P compliant:

36. Does the website employ tracking technologies?

Please indicate “Yes”, “No”, or “N/A” for each type of cookie below:

Yes/No/N/A

Web Bugs

Web Beacons

Session Cookies

Persistent Cookies

Other

*37. Does the website have any information or pages directed at children under the age of thirteen?

37a. If yes, is there a unique privacy policy for the site, and does the unique privacy policy address the process for obtaining parental consent if any information is collected?

38. Does the website collect PII from individuals?

Categories:

Yes/No

Name (for purposes other than contacting federal employees)

Date of Birth

Social Security Number (SSN), Truncated SSN, or Other Federally Issued Identification Number

Photographic Identifiers

Driver’s License or other state issued identification number

Biometric Identifiers

Mother’s Maiden Name, Mother’s Middle Name

Familial Structure (number of children, number of sibling, etc.)

Vehicle Identifiers

Personal Mailing Address

Personal Phone Numbers

Medical Records Numbers

Medical Notes or Records

Financial or Account Information

Marital Status

Legal Status, or Citizenship Status

Race/Ethnicity

Gender

Disability Status or Disability Notes

Certificates

Legal Documents

Device Identifiers

Web Uniform Resource Locator(s) (URL)

Personal Email Address

Education Records or Status, Child Care or Senior Care Records

Military Status or Military Records

Employment Status or Other Employment Information

Foreign Activities

Other

Yes/No

Yes/No

39. Are rules of conduct in place for access to PII on the website?

40. Does the website contain links to sites external to HHS that owns and/or operates the system?

40a. If yes, note whether the system provides a disclaimer notice for users that follow external links to websites not owned or operated by HHS.

ADMINISTRATIVE CONTROLS

Note: This PIA uses the terms “Administrative,” “Technical” and “Physical” to refer to security control questions—terms that are used in several Federal laws when referencing security requirements.

41. Has the system been certified and accredited (C&A)?

Yes

41a. If yes, please indicate when the C&A was completed (Note: The C&A date is populated in the System Inventory form via the responsible Security personnel):

07/07/2015

41b. If a system requires a C&A and no C&A was completed, is a C&A in progress?

N/A

42. Is there a system security plan for this system?

Yes

43. Is there a contingency (or backup) plan for the system?

Yes

44. Are files backed up regularly?

Yes

45. Are backup files stored offsite?

Yes

46. Are there user manuals for the system?

Yes

47. Have personnel (system owners, managers, operators, contractors and/or program managers) using the system been trained and made aware of their responsibilities for protecting the information being collected and maintained?

Yes

48. If contractors operate or use the system, do the contracts include clauses ensuring adherence to privacy provisions and practices?

Yes

49. Are methods in place to ensure least privilege (i.e., “need to know” and accountability)?

Yes

49a. If yes, please specify method(s):

The system utilizes Microsoft Active Directory to establish role-based access with permissions per user role following the practice of “least privilege” to only allow what is necessary to perform authorized business tasks.

*50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):

Yes

50a. If yes, please provide some detail about these policies/practices:

Social & Scientific Systems, Inc. maintains the NCS information system and the associated data on behalf of NICHD. At the request of the project officer, SSS will destroy the data according to SSS policy which follows NIST SP 800-88 Guidelines for Media.

TECHNICAL CONTROLS

51. Are technical controls in place to minimize the possibility of unauthorized access, use, or dissemination of the data in the system?

Yes

Please indicate “Yes” or “No” for each category below:

Yes/No

User Identification

Yes

Passwords

Yes

Firewall

Yes

Virtual Private Network (VPN)

Yes

Encryption

Yes

Intrusion Detection System (IDS)

Yes

Common Access Cards (CAC)

No

Smart Cards

No

Biometrics

Yes

Public Key Infrastructure (PKI)

No

52. Is there a process in place to monitor and respond to privacy and/or security incidents?

Yes

52a. If yes, please briefly describe the process:

SSS has a corporate Incident Response policy and associated procedures that follow the guidelines of NIST SP 800-53 as well as NIST SP 800-62. SSS reports all incidents in a timely fashion according to SSS policy.

SSS administrators actively monitor the information system for security incidents and all staff are trained annually on information security incident reporting.

In the event of a security incident, SSS notifies all relevant parties which include, but are not limited to, the system owner, the NICHD ISSO ([email protected]), the NCS Incident Response Team ([email protected]), and potentially local police if required.

PHYSICAL ACCESS

53. Are physical access controls in place?

Yes

Please indicate “Yes” or “No” for each category below:

Yes/No

Guards

Yes

Identification Badges

Yes

Key Cards

Yes

Cipher Locks

No

Biometrics

Yes

Closed Circuit TV (CCTV)

Yes

*54. Briefly describe in detail how the PII will be secured on the system using administrative, technical, and physical controls:

Administrative controls include a system security plan, contingency plan, corporate information security and privacy policies, corporate rules of behavior, project specific procedures, a configuration management plan, an incident response plan, regular backup of files, role-based access utilizing least privilege access and separation of duties.

Technical controls include user authentication utilizing dual-factor authentication for VPN remote access. The environment is protected at all ingress/egress access points by redundant firewalls as well as network traffic being actively monitored in real-time by intrusion detection systems. The data residing within the system is encrypted utilizing FIPS 140-2 compliant algorithms in transit and while at rest

Physical controls include managed access points utilizing dual-factor authentication (biometric hand scans and personalized access codes). The facility is manned by at least 2 security guards 24/7. All areas of the facility, including private cages, are monitored and recorded using closed circuit television (CCTV), and access points are controlled. The CCTV subsystem provides the display, control, digital recording, and playback of live video from cameras throughout the facility. The facility supports system availability by redundant UPS systems for uninterrupted power and diesel generators for long term power. The facility provides monitored fire protection utilizing a multi-zoned, dry-type, double interlock pre-action fire suppression system.

APPROVAL/DEMOTION

System Name:

Promotion/Demotion:

Comments:

Approval/Demotion Point of Contact:

Date:

Promotion/Demotion:

Comments:

Please print the PIA and obtain the endorsement of the reviewing official below. Once the signature has been collected, retain a hard copy for the OPDIV's records. Submitting the PIA will indicate the reviewing official has endorsed it

This PIA has been reviewed and endorsed by the OPDIV Senior Official for Privacy or Designee (Name and Date):

Name: __________________________________ Date: ________________________________________

Name:

Date:

Approved for web publishing

Date Published:

Publicly posted PIA URL or no PIA URL explanation:

PIA % COMPLETE

PIA Percentage Complete:

PIA Missing Fields: