new Word PIA

Attach 2-PIA-HHS Approved-Future Fellows 2018.12.03.docx

National Cancer Institute (NCI) Future Fellows Resume Databank

new Word PIA

OMB: 0925-0759

Document [docx]
Download: docx | pdf

Save

Shape1

Privacy Impact Assessment Form

v 1.47.4


Question Answer


  1. OPDIV: NIH

  2. PIA Unique Identifier: P-5704358-458090


2a Name: Future Fellows






  1. The subject of this PIA is which of the following?





3a Identify the Enterprise Performance Lifecycle Phase of the system.


3b Is this a FISMA-Reportable system?


Does the system include a Website or online


General Support System (GSS) Major Application

Minor Application (stand-alone) Minor Application (child) Electronic Information Collection Unknown

Operations and Maintenance


Yes No

Yes

  1. application available to and for the use of the general

public? No


  1. Agency

    Contractor

    Identify the operator.



POC Title Program Coordinator




  1. Point of Contact (POC):

POC Name Angela Jones


POC Organization National Cancer Institute (NCI) POC Email [email protected]

Shape2 POC Phone 240-276-5631

  1. New

    Existing

    Is this a new or existing system?

  2. Yes

    No

    Does the system have Security Authorization (SA)?

Mar 31, 2018

8a Date of Security Authorization

Future Fellows/Find Fellows is a web application that enables postdoctoral candidates to submit resumes and curriculum

11 Describe the purpose of the system.

Shape3 Shape4 Shape17 Shape18 Shape5 Shape6 Shape7 Shape8 Shape9 Shape10 Shape11 Shape12 Shape13 Shape14 Shape15 Shape16


12

Describe the type of information the system will

collect, maintain (store), or share. (Subsequent questions will identify if this information is PII and ask about the specific data elements.)

The type of information collected is as follows: name, phone number, mailing address, e-mail address, citizenship, education, employment histories, resumes, and CVs.


13

Provide an overview of the system and describe the information it will collect, maintain (store), or share, either permanently or temporarily.

The Future Fellows/Find Fellows application enables postdoctoral candidates to submit resumes and curriculum vitae (CV) for referral within the National Cancer Institute.


14


Does the system collect, maintain, use or share PII?

Yes

No













15













Indicate the type of PII that the system will collect or maintain.

Social Security Number Name

Driver's License Number Mother's Maiden Name

E-Mail Address Phone Numbers

Medical Notes Certificates Education Records

Military Status

Foreign Activities Taxpayer ID Citzenship

Resumes CVs

Date of Birth

Photographic Identifiers Biometric Identifiers

Vehicle Identifiers

Mailing Address

Medical Records Number Financial Account Info Legal Documents

Device Identifiers Employment Status

Passport Number






16




Indicate the categories of individuals about whom PII is collected, maintained or shared.

Employees Public Citizens

Business Partners/Contacts (Federal, state, local agencies) Vendors/Suppliers/Contractors

Patients

Other


17

How many individuals' PII is in the system?


<100




18



For what primary purpose is the PII used?

The Personally Identifiable Information (PII) is used for recruitment purposes. The information collected allows NCI staff to identify candidates for training fellowships; and for contacting candidates.


19

Describe the secondary uses for which the PII will be used (e.g. testing, training or research)


N/A



20


Describe the function of the SSN.


N/A


Shape19 Shape20 Shape28 Shape30 Shape21 Shape22 Shape23 Shape24 Shape25 Shape26 Shape27 Shape29


20a Cite the legal authority to use the SSN. N/A

21 Identify legal authorities governing information use Public Health Service Act, Section 411 (42 USC 285a) and disclosure specific to the system and program.

Are records on the system retrieved by one or more Yes

22 PII data elements? No

09-25-0158 Administration: Records of Published: Applicants and Awardees of the NIH Intramural

Research Training Awards Program, HHS/NIH/


Identify the number and title of the Privacy Act

System of Records Notice (SORN) that is being used Published: 22a to cover the system or identify if a SORN is being

developed.

Published:


In Progress

Directly from an individual about whom the information pertains

In-Person Hard Copy: Mail/Fax

Email Online

Other Government Sources

Within the OPDIV Other HHS OPDIV

23 Identify the sources of PII in the system. State/Local/Tribal

Foreign Other Federal Entities

Other Non-Government Sources

Members of the Public Commercial Data Broker Public Media/Internet

Private Sector

Other

A new Paperwork Reduction Act (PRA) submission is in the 23a Identify the OMB information collection approval approval process. Once the Office of Management and Budget

number and expiration date. approves and assigns an OMB control number, the Privacy

Impact Assessment (PIA) will be updated.

Yes

24 Is the PII shared with other organizations?

No

Describe the process in place to notify individuals The information that is being collected is done voluntarily. A

25 that their personal information will be collected. If notice is posted on the website that the collection of contact no prior notice is given, explain the reason. information and resumes is voluntary.

Shape32 Shape33 Shape34 Shape35 Shape42 Shape43 Shape44 Shape31 Shape36 Shape37 Shape38 Shape39 Shape40 Shape41


26

Is the submission of PII by individuals voluntary or mandatory?

Voluntary

Mandatory



27

Describe the method for individuals to opt-out of the collection or use of their PII. If there is no option to object to the information collection, provide a reason.

It is optional for applicants to submit their resume/CV to the system. However, if they choose not to submit their resume it will exclude them from being searchable by NCI Staff for future position openings. Therefore, they must provide the specific information.




28

Describe the process to notify and obtain consent

from the individuals whose PII is in the system when

major changes occur to the system (e.g., disclosure If changes occur a notice will be posted on the website for

and/or data uses have changed since the notice at prospective trainees to become aware prior to uploading their

the time of original collection). Alternatively, describe resumes, curriculum vitae (CV) and submission of application

why they cannot be notified or have their consent information.

obtained.




29

Describe the process in place to resolve an individual's concerns when they believe their PII has been inappropriately obtained, used, or disclosed, or that the PII is inaccurate. If no process exists, explain why not.

This message is posted on the site: "NCI maintains a resume databank of interested candidates to be considered for postdoctoral fellowship, intern and professional positions in science. Candidates are welcomed and encouraged to post their contact information and resume here." Individuals post their information voluntarily.


30

Describe the process in place for periodic reviews of

PII contained in the system to ensure the data's integrity, availability, accuracy and relevancy. If no processes are in place, explain why not.

There are no periodic reviews of PII as PII is only held for up to 12 months during the vetting process. However, applicant information is verified when an applicant is selected.








31







Identify who will have access to the PII in the system and the reason why they require access.


Users

Authorized NCI staff are granted access to candidates' records for recruitment purposes.


Administrators

To review resumes for eligibility .


Developers

To maintain system and assist with any issues; also, to grant access to authorized NCI staff.

Contractors


Shape45

Others


Shape46


32

Describe the procedures in place to determine which system users (administrators, developers, contractors, etc.) may access PII.

All requests for access to the Future Fellows system will be assigned an appropriate profile (role) and approved by the System Owner before being implemented by the technical


33

Describe the methods in place to allow those with

access to PII to only access the minimum amount of information necessary to perform their job.

Role based access controls are used to limit users' access to PII based on their defined job function and system role.




34

Identify training and awareness provided to personnel (system owners, managers, operators, contractors and/or program managers) using the system to make them aware of their responsibilities for protecting the information being collected and maintained.

The NIH Security Awareness Training course is used to satisfy this requirement. According to NIH policy, all personnel who use NIH applications must attend security awareness training every year. There are four categories of mandatory IT training (Information Security, Counterintelligence, Privacy Awareness, and Records Management). Training is completed on the http://irtsectraining.nih.gov site with valid NIH credentials.

Shape47 Shape49 Shape50 Shape51 Shape48 Shape52 Shape53 Shape54 Shape55 Shape56

Describe training system users receive (above and

35 beyond general security and privacy awareness None. training).

Do contracts include Federal Acquisition Regulation Yes

36 and other appropriate clauses ensuring adherence to

privacy provisions and practices? No

Records are maintained within Future Fellows for one year Describe the process and guidelines in place with after the date of submission with NARA record retention

37 regard to the retention and destruction of PII. Cite schedule:

specific records retention schedules. 2.1.060, Human Resources; Job application packages; DAA-

GRS-2014-0002-0011

Administrative Controls: Access to administrative features of the system will be controlled by Information System Security Officer (ISSO) and access permissions will be reviewed periodically to ensure that users are aged out of the system.


Physical Controls: The system is operated inside the NCI Managed Data Center, within a dedicated federally leased building with armed guards, badge access, video surveillance


Technical Controls: The application is operated within the NCI's General Support System (GSS), which provides numerous

Describe, briefly but with specificity, how the PII will technical security controls on behalf of its customers including

38 be secured in the system using administrative, firewalls, Intrusion Detection/Prevention, vulnerability technical, and physical controls. scanners, centralized patching, host-based malware detection

and prevention, and log aggregation and analyses.


Administrative access to the system is controlled by IMS, and external visitors are controlled by NIH-compliant username/ passwords, both of which authenticate the user prior to granting access. Access level and permissions are controlled by the system and based on user, role, organizational unit, and status of the report. All servers have been configured to remove all unused applications and system files and all local account access except when necessary to manage the system and maintain integrity of data.

39 Identify the publicly-available URL: https://futurefellows.cancer.gov/

Yes

40 Does the website have a posted privacy notice?

No

Is the privacy policy available in a machine-readable Yes 40a format? No

Does the website use web measurement and Yes

41 customization technology? No

Does the website have any information or pages Yes

42 directed at children under the age of thirteen? No

Does the website contain links to non- federal Yes

43 government websites external to HHS? No

Shape57 Shape58 Shape59




General Comments



This component is under the Frederick General Support System (GSS), whose Universal Unique Identifier (UUID) is: 697BA9A3-E8E3-46AB-BB03-13517D104D6A.

Digitally signed by

OPDIV Senior Official Celeste E. Celeste E. Dade-vinson -S

for Privacy Signature Dade-vinson -S Date: 2018.11.30 15:04:45

-05'00'

HHS Senior Bridget M.

Digitally signed by Bridget M. Guenther -S

DN: c=US, o=U.S. Government, ou=HHS, ou=OS, ou=People,

Agency Official 0.9.2342.19200300.100.1.1=2001734030,

for Privacy Guenther -S cn=Bridget M. Guenther -S

Date: 2018.12.03 15:03:43 -05'00'


Page 2 of 6


File Typeapplication/vnd.openxmlformats-officedocument.wordprocessingml.document
File Modified0000-00-00
File Created2021-01-15

© 2024 OMB.report | Privacy Policy