Pia

U.S. Department of the Interior
PRIVACY IMPACT ASSESSMENT

Introduction
The Department of the Interior (DOI) requires PIAs to be conducted and maintained on all IT systems
whether already in existence, in development or undergoing modification in order to adequately evaluate
privacy risks, ensure the protection of privacy information, and consider privacy implications throughout
the information system development life cycle. This PIA form may not be modified and must be
completed electronically; hand-written submissions will not be accepted. See the DOI PIA Guide for
additional guidance on conducting a PIA or meeting the requirements of the E-Government Act of 2002.
See Section 6.0 of the DOI PIA Guide for specific guidance on answering the questions in this form.
Name of Project: Evaluating Connections: BOEM’s Environmental Studies and Assessments
Bureau/Office: Bureau of Ocean Energy Management (BOEM)
Date: 3/3/2021
Point of Contact:
Name: Melissa Allen
Title: BOEM Associate Privacy Officer
Email: [email protected]
Phone: 202-208-7160
Address: 1849 C Street, NW, Washington, DC 20240

Section 1. General System Information
A. Is a full PIA required?
☒ Yes, information is collected from or maintained on
☒ Members of the general public
☒ Federal personnel and/or Federal contractors
☐ Volunteers
☐ All
☐ No
B. What is the purpose of the system?
The mission of the Bureau of Ocean Energy Management (BOEM) is to manage the
development of U.S. Outer Continental Shelf (OCS) energy and mineral resources in an
environmentally and economically responsible way. Section 20 of the OCS Lands Act (OCSLA)
(43 U.S.C. 1346) requires the Secretary of the Interior to conduct studies that establish
information needed for the assessment and management of environmental impacts of oil and gas
and other mineral development on the human, marine, and coastal environments. BOEM’s

Evaluating Connections: BOEM’s Environmental Studies and Assessments
Privacy Impact Assessment

Environmental Studies Program (ESP), part of the bureau’s Office of Environmental Programs
(OEP), carries out this requirement.
In fulfilling its mission, BOEM must comply with a range of environmental laws and
regulations. To comply with relevant statutes and policies, BOEM develops “environmental
assessments,” including National Environmental Policy Act analyses, consultation documents,
and other analyses that require up-to-date and relevant scientific information. “Environmental
studies” sponsored by the ESP provide scientific information to inform BOEM’s environmental
assessments. BOEM describes the process by which environmental studies inform environmental
assessments and environmental assessments inform environmental studies as a “feedback loop.”
To determine how well this feedback loop is functioning and to identify potential improvements
in the science-to-policy process, BOEM is pursuing an evaluation of the linkages between the
scientific research it is funding and the information needs within its assessments. The evaluation
will include contractor-implemented activities such as an internal survey, an external survey, and
interviews of BOEM ESP and assessment program partners both within and outside the bureau.
Results of the internal survey, which a contractor will administer online to approximately 141
individuals through a third-party service (SurveyMonkey), will help BOEM understand the
extent to which the bureau incorporates study results into assessments, information needs are
identified through the assessment process, and studies and assessments are informing policy
decisions. The respondents will be BOEM employees who work on environmental studies and/or
assessments or manage staff who do, as identified by BOEM environmental studies and
assessment staff during study scoping meetings. The information that internal respondents
provide will help to inform the study findings regarding the effectiveness of the feedback loop,
as well as help to inform recommendations to strengthen the feedback loop to ultimately better
inform agency decisions.
The goal of the external (i.e., outside of BOEM) survey, which a contractor will administer
online to up to 880 individuals using SurveyMonkey, is to conduct a network analysis focusing
on the information exchange between BOEM ESP and assessment programs and their external
program partners. BOEM will use the survey results to understand how external program
partners (i.e., other federal agencies, state agencies, academics, tribes, and consultants) use
BOEM’s study and assessment information and the network through which this information is
disseminated. BOEM can use this network analysis to understand the network structure, possible
network influence on outcomes, and people or organizations that the bureau could target or
connect to in order to achieve better expected outcomes.
For internal interviews, the contractor will use Microsoft Teams to conduct semi-structured
interviews with approximately 40 select BOEM employees involved in environmental studies or
assessments to seek detailed information of how the feedback loop is implemented across the
agency; this information may help explain how or why the feedback loop is or is not working.
The BOEM Evaluation Team will select interviewees as a purposive sample to ensure adequate
representation across key offices and staff roles. Each type of interviewee will answer a distinct
2

Evaluating Connections: BOEM’s Environmental Studies and Assessments
Privacy Impact Assessment

set of interview questions based on their role. As a semi-structured interview, the interviewer
will have the opportunity to ask follow-up questions based on initial responses.
The contractor will contact agencies, organizations, and institutions that BOEM identifies as key
contacts for understanding the feedback loop to conduct approximately 70 interviews using
Microsoft Teams or conference calls during the external interview phase. Each type of
interviewee will answer questions tailored to their type of organization. The questions will ask
about the respondents’ roles or positions within their organizations, how they use BOEM’s
environmental studies and assessment information in their organizations’ work, and how their
organizations contribute to studies and/or assessments. Additionally, the interviews will elicit
suggestions and recommendations on ways to strengthen linkages moving forward. As a semistructured interview, the interviewer will have the opportunity to ask follow-up questions based
on initial responses.
C. What is the legal authority?
A key part of BOEM’s mission is ensuring environmental protection through compliance with
environmental statutes, regulations, and executive orders. Relevant statutes and regulations that
authorize BOEM activities and this study include the following:
•
•
•
•
•
•
•
•
•
•
•
•

OCS Lands Act (OCSLA) of 1953;
Energy Policy Act of 2005;
National Environmental Policy Act (NEPA);
National Historic Preservation Act (NHPA);
Magnuson-Stevens Fishery Conservation and Management Act (FCMA);
Endangered Species Act (ESA);
Air Quality Act (1967) or the Clean Air Act (CAA);
Coastal Zone Management Act (CZMA);
Marine Mammal Protection Act (MMPA);
Paperwork Reduction Act of 1995 (44 U.S.C. § 3501 et seq.);
Presidential Memorandum on Transparency and Open Government, January 21, 2009; and
Office of Management and Budget (OMB) M-10-06, Open Government Directive,
December 8, 2009.

D. Why is this PIA being completed or modified?
☐ New Information System
☒ New Electronic Collection
☐ Existing Information System under Periodic Review
☐ Merging of Systems
☐ Significantly Modified Information System
☐ Conversion from Paper to Electronic Records
3

Evaluating Connections: BOEM’s Environmental Studies and Assessments
Privacy Impact Assessment

☐ Retiring or Decommissioning a System
☐ Other
E. Is this information system registered in CSAM?
☐ Yes
☒ No
F. List all minor applications or subsystems that are hosted on this system and covered under
this privacy impact assessment.
Subsystem Name

Purpose

Contains PII

Describe

None

None

No

N/A

G. Does this information system or electronic collection require a published Privacy Act
System of Records Notice (SORN)?
☐ Yes
☒ No
H. Does this information system or electronic collection require an OMB Control Number?
☒ Yes: The external surveys and interviews require OMB approval. BOEM OEP is coordinating
with the BOEM Information Collection Clearance Officer to obtain approval and comply with
Paperwork Reduction Act requirements.
☐ No

Section 2. Summary of System Data
A. What PII will be collected? Indicate all that apply.
☒ Name
☒ Other: The contractor will seek to collect only limited non-sensitive, business-related contact
information (i.e., business-related email addresses and/or telephone numbers) from participants
during the study-related activities. The contact information of BOEM employees that BOEM
staff will provide to the contractor is accessible and verifiable through the employee directory.

4

Evaluating Connections: BOEM’s Environmental Studies and Assessments
Privacy Impact Assessment

Internal and external surveys: Internal surveys contain two parts. During the first part, the
contractor will collect the office and supervisory status of the respondent. During the second
part, the contractor will request confirmation of the respondent’s name and their organization.
The contractor will also request the names/organizations of internal and external individuals the
internal survey respondent has interacted with at least once within the last 12 months on the
development or implementation of studies, the development of assessments, or the dissemination
of information about studies or assessments. (The contractor will request that internal survey
respondents optionally provide a non-sensitive, business-related email address for external
contacts.) Responses for the first part of the internal survey are anonymous. The contractor will
never link the responses provided for parts 1 and 2. For external surveys, the contractor will ask
respondents about their role or position, from whom they receive and share BOEM
environmental study and assessment information, and how they use that information for their
organization’s work.
Interviews: With the permission of interviewees, the contractor will develop either video or audio
recordings of interviews (dependent upon the preference of the interviewee) to ensure it
accurately captures the conversations. The contractor will not solicit any additional PII from
internal and external interviewees.
SurveyMonkey and Microsoft outline the types of personal data they collect as part of delivering
their services in their respective privacy policies. Neither BOEM nor the contractor will have
access to diagnostic and service-related data collected by these services.
B. What is the source for the PII collected? Indicate all that apply.
☒ Individual
☐ Federal agency
☐ Tribal agency
☐ Local agency
☒ DOI records
☒ Third party source
☐ State agency
☒ Other: BOEM staff will provide the names and email addresses of BOEM employees to the
contractor. The contractor will use the internal survey results to determine which identified
external stakeholders may receive the external survey.
C. How will the information be collected? Indicate all that apply.
☐ Paper Format
☒ Email
☐ Face-to-Face Contact
☒ Website
5

Evaluating Connections: BOEM’s Environmental Studies and Assessments
Privacy Impact Assessment

☐ Fax
☒ Telephone Interview
☐ Information Shared Between Systems
☒ Other: The contractor conducted nine evaluation scoping interviews with Environmental
Studies and Assessment managers in BOEM Headquarters and the Alaska, Pacific, and Gulf of
Mexico Regions to develop the evaluation methodology and determine which BOEM employees
will receive the internal survey. BOEM staff will provide the contact information of proposed
internal survey respondents to the contractor via email. The contractor will use the internal
survey results to determine which external stakeholders may receive the external survey.
The contractor will implement the internal and external surveys using SurveyMonkey, a cloudbased software as a service company that enables its users to create, collect, and analyze
information through surveys, forms, questionnaires, and polls.
The contractor will conduct interviews with internal personnel using Microsoft Teams. External
interviews will be conducted using Microsoft Teams or conference calls depending upon the
preference of the interviewee.
D. What is the intended use of the PII collected?
The contractor will use the employee contact information provided by BOEM staff to send out
internal surveys and conduct internal interviews to collect in-depth qualitative information about
the environmental studies and assessments feedback loop. The second part of the internal survey
(the Social Network Analysis (SNA) portion) involves the collection of the names of internal and
external individuals that the internal survey respondent has interacted with at least once within
the last 12 months on the development or implementation of studies, the development of
assessments, or the dissemination of information about studies or assessments. Unless the
internal survey respondent raises any objections or other factors intervene, the contractor will
subsequently survey the identified external individuals and contact individuals at all agencies,
organizations, and institutions that BOEM identifies as important for understanding the feedback
loop for an interview during an OMB-approved information collection to understand BOEM’s
studies and assessments network. The contractor will use video and/or voice recordings of
interviews solely to accurately capture conversations.
SNA looks at the ties (connections) between organizations or individuals (nodes) and quantifies
the number and characteristics of those relationships. Relationships are the unit of analysis,
although data is collected at the individual level. Once the network of interest is defined, along
with expected outcomes because of these relationships, further analysis can be done comparing
characteristics of the network (and characteristics of the individuals themselves, such as their
office/region/organization or the frequency of their interactions with bureau officials) and
observed outcomes. The typical output from an SNA includes maps and metrics that illustrate the
presence and strength of relationships in a network. This can be used to understand the network
6

Evaluating Connections: BOEM’s Environmental Studies and Assessments
Privacy Impact Assessment

structure, possible network influence on outcomes, and people or organizations that could be
targeted or connected to achieve better expected outcomes.
E. With whom will the PII be shared, both within DOI and outside DOI? Indicate all that
apply.
☒ Within the Bureau/Office: BOEM staff will coordinate to identify potential internal study
participants and provide the contact information of those individuals to the contractor.
☐ Other Bureaus/Offices
☐ Other Federal Agencies
☐ Tribal, State or Local Agencies
☒ Contractor: BOEM will share the names and email addresses of identified internal study
participants with the contractor so it can carry out study-related activities. Responses to the SNA
questions in the second part of the internal survey will contain the names and non-sensitive,
business-related email addresses of potential external survey respondents. In their responses,
external survey respondents may share the names of professional contacts from whom they
receive and share BOEM environmental study and assessment information.
☐ Other Third Party Sources:
F. Do individuals have the opportunity to decline to provide information or to consent to the
specific uses of their PII?
☒ Yes: Participation in any study-related activity is voluntary. Individuals may decline to
participate in either a survey or an interview without facing any negative consequences. In
declining to participate, however, the universe of participants decreases in size and study quality
may be impacted.
☐ No
G. What information is provided to an individual when asked to provide PII data? Indicate
all that apply.
☐ Privacy Act Statement
☒ Privacy Notice: BOEM OEP is responsible for coordinating with the BOEM APO to ensure
that its contractor provides adequate notice to study participants (i.e., internal and external survey
respondents and interviewees) with a Privacy Notice prior to collecting their information. The
7

Evaluating Connections: BOEM’s Environmental Studies and Assessments
Privacy Impact Assessment

Privacy Notice will inform study participants about the authority for the collection, purpose of
the collection, method of the collection, who will have access to the collected information, how
BOEM and its contractor will maintain and use the collected information, and who they can
contact if they have questions about the study activity.
Individuals are also provided notice through this PIA, as published on the DOI PIA Web page.
☒ Other: The collection of information from external survey respondents requires compliance
with the Paperwork Reduction Act. BOEM will publish an information collection notice in the
Federal Register to provide the general public and other federal agencies with an opportunity to
comment on the proposed collection of information. According to the Paperwork Reduction Act
of 1995, no persons are required to respond to a collection of information unless such collection
displays a valid OMB control number. External study participants will have an opportunity to
review the approved information collection’s Paperwork Reduction Act Statement and verify
that the collection has a valid OMB control number before participating in any study-related
activity.
Both internal and external survey respondents will have access to the SurveyMonkey Privacy
Notice and Security Statement as part of the Privacy Notice that BOEM will ensure that the
contractor provides at the point of information collection. The SurveyMonkey Privacy Notice
specifies what PII and non-personal data the service collects from users and how it uses the
information to manage its services and business. SurveyMonkey provides information about its
security infrastructure and practices through its Security Statement.
Both internal and external interviewees who take part in a contractor-led interview via Microsoft
Teams will have an opportunity to review the Microsoft Privacy Statement as part of the Privacy
Notice that BOEM will ensure that the contractor provides to interviewees prior to conducting
the interviews. The contractor will provide a notice to the interviewees before activating the
recording function. When an interview recording starts, Teams will show a banner notification to
all participants. The recording notification is also posted to the chat history. By remaining in the
meeting, interviewers and participants are granting consent.
☐ None
H. How will the data be retrieved? List the identifiers that will be used to retrieve information
(e.g., name, case number, etc.).
An exploration of the linkages between BOEM and its external program partners at the
organizational level is a goal of the study. Accordingly, the contractor will not retrieve individual
data records by the names of either survey respondents or interviewees.
The contractor will quantitatively analyze and summarize survey responses based on the
percentage of respondents answering each of the possible responses for the individual questions.
8

Evaluating Connections: BOEM’s Environmental Studies and Assessments
Privacy Impact Assessment

Responses will be summarized overall and broken out by type of respondent. Data will be
exported from SurveyMonkey as an Excel spreadsheet with a unique alphanumeric identifier for
each survey record. For interviews, the contractor will conduct a thematic coding analysis of
interview responses and present results at the organizational level.
I. Will reports be produced on individuals?
☐ Yes
☒ No

Section 3. Attributes of System Data
A. How will data collected from sources other than DOI records be verified for accuracy?
The qualitative information provided by internal and external survey respondents and
interviewees is presumed to be accurate at the time of submission by the participants. The
contractor will verify the contact information for external individuals against publicly available
information.
B. How will data be checked for completeness?
The contractor will design the internal and external surveys to ensure that the survey tool,
SurveyMonkey, will validate that respondents have completed all the questions that require a
response to enable submission.
The study-related interviews are semi-structured in nature, so the interviewer will have the
opportunity to ask follow-up questions based on initial responses.
C. What procedures are taken to ensure the data is current? Identify the process or name the
document (e.g., data models).
The qualitative information provided by internal and external survey respondents and
interviewees is assumed to be current at the time of submission. The contractor will collect the
information only once during the specified study period and will produce the study deliverables
shortly thereafter.
D. What are the retention periods for data in the system? Identify the associated records
retention schedule for the records in this system.
BOEM OEP has coordinated with the BOEM Records Officer to identify retention periods for all
study-related records. The survey and interview records fall under the Long-term Administration
Records schedule (DAA-0048-2013-0001-0002). The survey and interview records may be
9

Evaluating Connections: BOEM’s Environmental Studies and Assessments
Privacy Impact Assessment

destroyed 7 years after the fiscal year in which the activities are completed (assuming there is no
longer a business need for the records and no litigation hold exists that affects these records).
The contractor will prepare deliverables for BOEM OEP in accordance with ESP Data and
Information Specifications. BOEM will retain these deliverables in accordance with BOEM
Bucket 5 – Regulatory Oversight and Stewardship, Item 5B(6) – Analysis and Evaluation of
OCS Environmental Compliance. The records under this schedule have a temporary disposition.
The cut off is at the close of the fiscal year or when the activity is completed. The records are to
be retained on-site or at the Federal Records Center and may be deleted/destroyed 25 years after
the cutoff.
E. What are the procedures for disposition of the data at the end of the retention period?
Where are the procedures documented?
BOEM disposes of records in accordance with the applicable records retention schedules,
Departmental policy, and NARA guidelines. BOEM shreds paper records and degausses or
erases records contained on electronic media in accordance with 384 Department Manual 1.
F. Briefly describe privacy risks and how information handling practices at each stage of the
“information lifecycle” (i.e., collection, use, retention, processing, disclosure and
destruction) affect individual privacy.
There are limited privacy risks to internal and external study participants that BOEM and its
contractor can mitigate through a combination of employed technical, physical, and
administrative controls.
All proposed BOEM collections of information—regardless of whether they trigger the
Paperwork Reduction Act—must be reviewed by the BOEM Associate Privacy Officer (APO) to
evaluate potential privacy risks and determine mitigation strategies. Based upon the information
that BOEM OEP provided in the Privacy Threshold Analysis (PTA) to determine the study’s
overall privacy requirements, the BOEM APO determined that a full PIA was required. BOEM
OEP and its contractor coordinated with the BOEM APO to document the scope of study-related
activities and the privacy risks within this PIA.
The contractor will collect the least amount of PII necessary to conduct study-related internal and
external surveys and interviews. The contractor has developed questions tailored for each role.
To mitigate the risks that survey respondents or interviewees may provide personal contact
information, sensitive PII, or PII that would become sensitive if viewed in context, BOEM OEP
will ensure that the contractor provides study participants with a Privacy Notice before
proceeding with any study-related activity. BOEM also provides general notice through the
publication of this PIA, requests for comment published in the Federal Register, and a Paperwork
Reduction Act Statement. Participation in any study-related activity is voluntary. Study
participants may also contact the BOEM APO with any privacy-related questions or concerns.
10

Evaluating Connections: BOEM’s Environmental Studies and Assessments
Privacy Impact Assessment

The use of third-party services may introduce security and privacy risks. SurveyMonkey
maintains and regularly reviews and updates its information security policies, at least on an
annual basis. Employees must acknowledge policies on an annual basis and undergo additional
training, and job specific security and skills development and/or privacy law training for key job
functions. SurveyMonkey conducts background screening at the time of hire (to the extent
permitted or facilitated by applicable laws and countries). In addition, SurveyMonkey
communicates its information security policies to all personnel (who must acknowledge this),
requires new employees to sign non-disclosure agreements, and provides ongoing privacy and
security training.
The contractor must use SurveyMonkey in accordance with the SurveyMonkey Terms of Use
while protecting the privacy of survey respondents. Survey respondents are not required to create
a SurveyMonkey account to participate in the survey. The contractor will collect anonymous
responses for the first part of the survey and will configure SurveyMonkey settings to further
protect the anonymity of respondents by refraining from associating responses with Internet
Protocol (IP) addresses. The contractor will not attempt to re-associate contact information with
the survey responses and will not track email invitations. SurveyMonkey data is encrypted both
in transit and at-rest.
Although users can integrate SurveyMonkey with Microsoft Teams, the contractor will not
employ this capability. Enabling individuals outside the contractor’s network to participate in
Teams meetings can be very useful, but it entails some security risks. Microsoft Teams offers a
variety of privacy and security controls that enable the contractor to manage who participates in
Teams meetings during interviews and who has access to stored meeting information. External
guests can only attend a Teams-hosted interview when they receive and accept an invitation from
the contractor (i.e., the Teams meeting organizer). Meeting organizers are responsible for
ensuring meeting invitations are only shared for authorized purposes, and that all expected
participant information is accurate. Guests will remain in the Teams lobby until the meeting
organizer grants them access. Guests will receive notice to wait to be granted access to the
meeting. Moderation will allow the contractor to control who can post and share content to the
dedicated Teams space. Microsoft Teams encrypts data both in transit and at-rest.
The contractor will mitigate the risk that interviewees may unknowingly be recorded without
consent by notifying interviewees of the intention to record interviews and giving them an option
to decline being recorded prior to the start of the meeting (whether the interview occurs via
Teams or a conference call). The contractor will announce when recording has started. When an
interview recording starts, Teams will show a banner notification to all participants. The
recording notification is also posted to the chat history. By remaining in the meeting,
interviewers and participants are granting consent; Teams does not allow multiple recordings of
the same meeting at the same time. There are risks that individuals may take screenshots during a
Teams video call and screenshare activities without notifying participants or the individual
sharing their computer screen, or that interview recordings may be shared outside the authorized
11

Evaluating Connections: BOEM’s Environmental Studies and Assessments
Privacy Impact Assessment

group of personnel. These privacy risks are further mitigated by the contractor’s ethical
standards, strict contract clauses, and privacy training.
The contractor is responsible for safeguarding PII and study-related data in accordance with
applicable federal and DOI requirements. The contractor will ensure that all study-related data
and records are protected by applicable privacy and security controls to control viewing,
downloading, deleting, and sharing permissions within the Teams space where study-related
records will be stored during the study period. Access to the study’s dedicated Teams space is
limited to contractors directly involved in the study who have signed a non-disclosure agreement.
Usernames and passwords are required to access the contractor’s secure networks, computers,
and its SurveyMonkey account.
The contractor is responsible for reporting the loss, compromise, unauthorized disclosure, or
unauthorized access of privacy-protected information in accordance with the DOI Privacy
Breach Response Plan. In the event of a privacy breach, the privacy impact would be minimal, as
only non-sensitive PII is collected and the survey and interview questions are not of a personal
nature. However, a breach would impact the confidentiality of survey responses.
The contractor will engage with BOEM throughout the study and will present several
deliverables, including, but not limited to, Final Reports; Final Technical Summaries; and oral
presentations of the Final Reports. To protect the confidentiality of participants, the contractor
will present interview and survey results in an aggregated fashion. At the conclusion of the study
period, BOEM must ensure that study-related records are securely retained in accordance with
the identified records retention schedules. BOEM OEP will coordinate with the BOEM Freedom
of Information Act (FOIA) Office to address any FOIA requests for study-related records not
made publicly available by the bureau.

Section 4. PIA Risk Review
A. Is the use of the data both relevant and necessary to the purpose for which the system is
being designed?
☒ Yes: The information that BOEM will obtain from the study-related activities is not otherwise
available and will help inform the bureau’s efforts to improve the feedback loop process and
ultimately better inform bureau decisions.
☐ No

12

Evaluating Connections: BOEM’s Environmental Studies and Assessments
Privacy Impact Assessment

B. Does this system or electronic collection derive new data or create previously unavailable
data about an individual through data aggregation?
☐ Yes
☒ No
C. Will the new data be placed in the individual’s record?
☐ Yes
☒ No
D. Can the system make determinations about individuals that would not be possible without
the new data?
☐ Yes
☒ No
E. How will the new data be verified for relevance and accuracy?
Not applicable. The study-related activities do not derive new data or create previously
unavailable data about individuals through data aggregation.
F. Are the data or the processes being consolidated?
☐ Yes, data is being consolidated.
☐ Yes, processes are being consolidated.
☒ No, data or processes are not being consolidated.
G. Who will have access to data in the system or electronic collection? Indicate all that apply.
☐ Users
☒ Contractors
☐ Developers
☒ System Administrator

13

Evaluating Connections: BOEM’s Environmental Studies and Assessments
Privacy Impact Assessment

☒ Other: Internal and external survey respondents will have two weeks from the time they
receive the survey link to input and submit their responses. They will only be able to access their
own survey information during the survey period.
SurveyMonkey and Microsoft will have access to diagnostic and service-related data during the
contractor’s use of those services to implement study-related activities.
Authorized contractor personnel will have access to 1) the surveys (through SurveyMonkey) to
manage implementation of the surveys and export collected data; 2) exported survey data; and
interview and/or audio recordings or transcripts.
H. How is user access to data determined? Will users have access to all data or will access be
restricted?
Authorized contractor personnel who have signed non-disclosure agreements and completed
applicable training requirements will have access to survey respondent contact information and
survey/interview responses.
The contractor will engage with BOEM throughout the study and will present several
deliverables, including, but not limited to, Final Reports; Final Technical Summaries; and oral
presentations of the Final Reports. To protect the confidentiality of participants, the contractor
will present interview and survey results to BOEM in an aggregated fashion. The contractor may
provide illustrative quotations, but it will not attribute quotations to individuals and will not
include any other identifying information.
I. Are contractors involved with the design and/or development of the system, or will they be
involved with the maintenance of the system?
☒ Yes: The contractor has conducted scoping interviews, developed the evaluation
methodology, and will implement the surveys, conduct interviews, compile results, and deliver
Final Reports. The appropriate privacy clauses have been included in contract-related
documents.
☐ No

14

Evaluating Connections: BOEM’s Environmental Studies and Assessments
Privacy Impact Assessment

J. Is the system using technologies in ways that the DOI has not previously employed (e.g.,
monitoring software, SmartCards or Caller ID)?
☐ Yes
☒ No
K. Will this system provide the capability to identify, locate and monitor individuals?
☒ Yes: The study-related activities are not intended to monitor individuals. The services that the
contractor will use to implement study-related activities may monitor user activities for the
limited purposes outlined in their respective privacy policies.
☐ No
L. What kinds of information are collected as a function of the monitoring of individuals?
SurveyMonkey records data in a log each time a device accesses a server. The SurveyMonkey
log contains data about the nature of access, for example, originating IP addresses, Internet
service providers, the files viewed on the site (like Hypertext Markup Language pages, graphics,
etc.), operating system versions, device type, and timestamps. According to its Security
Statement, SurveyMonkey uses log data to monitor abuse and troubleshoot site and security
issues, improve the product functionality and create new features, track behavior for content and
services at an aggregate level (for example, to monitor service requests or service denial on the
site over time to ensure the site remains stable), and to fix bugs or functionality issues.
SurveyMonkey also uses and analyzes usage information about survey responses:
•
•
•
•

To make recommendations around surveys or services included on the website at the end of
a survey taking experience more relevant;
To improve the user interface;
To maintain a consistent and reliable user experience; and
To improve services by looking at what questions survey creators are asking and the quality
of their responses and response rates so the service can enhance its existing features and
build new ones to optimize question/answer rates for creators.

SurveyMonkey uses the IP address of survey respondents to ensure that survey respondents do
not complete the same survey twice if the survey creator has included settings to avoid this; for
abuse monitoring purposes (so SurveyMonkey can identify a survey respondent who abused the
survey-taking experience in a manner contrary to the service’s usage policies); or to facilitate the
survey creator’s compliance with their own legal obligations. By enabling the Anonymous
Responses collector option, the contractor ensures that IP addresses will not be tied to survey
results to maintain confidentiality.
15

Evaluating Connections: BOEM’s Environmental Studies and Assessments
Privacy Impact Assessment

Microsoft processes the personal data in Microsoft Teams to deliver the agreed-upon services
defined in the Online Services Terms and ultimately for the purposes determined by the data
controller obtaining the service. To the extent Microsoft Teams processes personal data in
connection with Microsoft's legitimate business operations, Microsoft will be an independent
data controller for such use and will be responsible for complying with all applicable laws and
controller obligations. Microsoft Teams, as a cloud-based service, processes various types of
personal data as part of delivering the service. This personal data includes:
•
•
•
•
•
•

Content (meetings and conversations, chats, voicemail, shared files, recordings and
transcriptions);
Profile data (licensed user data such as email address, profile picture, and phone number);
Call history;
Call quality data;
Support/feedback data (information related to troubleshooting tickets or feedback
submission to Microsoft); and
Diagnostic and service data (diagnostic data related to service usage that allows Microsoft
to troubleshoot, secure, update the product, and monitor performance).

M. What controls will be used to prevent unauthorized monitoring?
Within SurveyMonkey, access to SurveyMonkey’s technology resources is only permitted
through secure connectivity (e.g., Virtual Private Network (VPN), Secure Shell (SSH)) and
requires multi-factor authentication. SurveyMonkey’s production password policy requires
complexity, expiration, and lockout and disallows reuse. SurveyMonkey grants access on the
principle of least privilege, reviews permissions quarterly, and revokes access immediately after
employee termination. Employees must acknowledge policies on an annual basis and undergo
additional training and job specific security and skills development and/or privacy law training
for key job functions. The training schedule is designed to adhere to all specifications and
regulations applicable to SurveyMonkey.
The contractor controls and manages the administration of surveys using SurveyMonkey and
can, to an extent, control how SurveyMonkey uses survey responses by adjusting its Account
settings. The contractor will not track email invitations, will turn off the tracking of IP addresses,
and will turn on Anonymous Responses. The contractor will dedicate its SurveyMonkey account
to the Evaluating Connections study for the duration of the survey. During the survey
administration period, access to the contractor’s SurveyMonkey account will be restricted by
password to an individual in the contractor’s organization who is directly involved in the study
and has signed a non-disclosure agreement. Following survey administration, all survey response
data will be exported and then deleted from the SurveyMonkey account.
Within one week of closing the survey, the contractor will export the survey data and delete the
records from SurveyMonkey. Exported survey data will be stored in the contractor’s Microsoft
Teams site during the study period, which is accessible only to the contractors who have signed
16

Evaluating Connections: BOEM’s Environmental Studies and Assessments
Privacy Impact Assessment

non-disclosure agreements for the Evaluating Connections project. The contractor will store
interview records in the same location. Microsoft Teams audit capabilities are available to
designated administrators only. For Microsoft Teams, the audit log can help administrators
investigate the creation of teams, removal of teams, added channels, potential incidents, and
settings changes (e.g., assigning roles to team members or modifying access to a team).
Administrator reviews of audit logs will help prevent any unauthorized monitoring or user
behaviors.
N. How will the PII be secured?
(1) Physical Controls. Indicate all that apply.
☒ Security Guards
☐ Key Guards
☐ Locked File Cabinets
☒ Secured Facility
☒ Closed Circuit Television
☐ Cipher Locks
☒ Identification Badges
☐ Safes
☐ Combination Locks
☒ Locked Offices
☐ Other
(2) Technical Controls. Indicate all that apply.
☒ Password
☒ Firewall
☒ Encryption
☒ User Identification
☐ Biometrics
☒ Intrusion Detection System (IDS)
☒ Virtual Private Network (VPN)
☒ Public Key Infrastructure (PKI) Certificates
☒ Personal Identity Verification (PIV) Card
☐ Other

17

Evaluating Connections: BOEM’s Environmental Studies and Assessments
Privacy Impact Assessment

(3) Administrative Controls. Indicate all that apply.
☒ Periodic Security Audits
☐ Backups Secured Off-site
☒ Rules of Behavior
☒ Role-Based Training
☒ Regular Monitoring of Users’ Security Practices
☒ Methods to Ensure Only Authorized Personnel Have Access to PII
☐ Encryption of Backups Containing Sensitive Data
☒ Mandatory Security, Privacy and Records Management Training
☐ Other
O. Who will be responsible for protecting the privacy rights of the public and employees? This
includes officials responsible for addressing Privacy Act complaints and requests for
redress or amendment of records.
The Information System Owner and the Information System Security Officer, both Marine
Biologists in the BOEM OEP, are the officials responsible for coordinating with the contractor
during the study period to protect the privacy rights of BOEM employees and external
participants in compliance with federal and DOI privacy requirements. The Information System
Owner will promptly address privacy-related inquiries and issues in coordination with the
BOEM APO.
P. Who is responsible for assuring proper use of the data and for reporting the loss,
compromise, unauthorized disclosure, or unauthorized access of privacy protected
information?
The Information System Owner and the Information System Security Officer, both Marine
Biologists in the BOEM OEP, will liaison with the contractor during the study period and are
responsible for the oversight and management of the security and privacy controls for the
described activities, as well as for ensuring that BOEM employees and contractors properly
manage study-related data and records. The Information System Owner, Information System
Security Officer, and contractor are responsible for ensuring that any loss, compromise,
unauthorized access, or disclosure of any privacy-protected data or records is reported to DOICIRC within 1-hour of discovery in accordance with federal policy and established DOI
procedures.

18