Download:
pdf |
pdfU.S. Department of Transportation
Privacy Impact Assessment
Federal Aviation Administration (FAA)
CAMI UAS Market Survey
Responsible Official
Ashley Awwad
Email: [email protected]
Phone Number: 1-816-786-5716
Reviewing Official
Karyn Gorman
Acting Chief Privacy Officer
Office of the Chief Information Officer
[email protected]
April 27, 2021
1
�
U.S. Department of Transportation
Executive Summary
The Federal Aviation Administration’s (FAA) Civil Aerospace Medical Institute (CAMI) is
sponsoring the Unmanned Aircraft Systems (UAS) Market Survey. The purpose of the
survey is to obtain feedback from experts in industry and academia on aspects of operating
UAS. FAA limits participation in the survey to only those employees of organizations that
operate UAS or academic institutions that provide UAS training. The sample pool consists
of those who have submitted Part 107 Waivers relating to rules governing UAS, or identified
in academia as a UAS instructor. The survey will gain insight from those involved or who
plan to be involved in UAS air carrier operations, such as UAS engineers, operators,
instructors, and managers. These industry leaders will be able to provide insight to help
inform current and future policies regarding UAS air carrier operations. This survey
examines three areas of potential concern regarding UAS policy and operations: fatigue;
crew and staffing; and knowledge, skills, and abilities for UAS operators. The results from
this survey will also be used to inform FAA’s rulemaking activities governing UAS
operations.
The FAA is publishing this Privacy Impact Assessment (PIA) for the CAMI UAS Market
Survey in accordance with Section 208 of the E-Government Act of 2002 because the
project processes personally identifiable information (PII) from members of the public,
including members of industry and academia.
What is a Privacy Impact Assessment?
The Privacy Act of 1974 articulates concepts for how the federal government should treat
individuals and their information and imposes duties upon federal agencies regarding the
collection, use, dissemination, and maintenance of personally identifiable information (PII).
The E-Government Act of 2002, Section 208, establishes the requirement for agencies to
conduct privacy impact assessments (PIAs) for electronic information systems and
collections. The assessment is a practical method for evaluating privacy in information
systems and collections, and documented assurance that privacy issues have been identified
and adequately addressed. The PIA is an analysis of how information is handled to—i)
ensure handling conforms to applicable legal, regulatory, and policy requirements
regarding privacy; ii) determine the risks and effects of collecting, maintaining and
disseminating information in identifiable form in an electronic information system; and iii)
examine and evaluate protections and alternative processes for handling information to
mitigate potential privacy risks.1
1
Office of Management and Budget’s (OMB) definition of the PIA taken from guidance on implementing the
privacy provisions of the E-Government Act of 2002 (see OMB memo of M-03-22 dated September 26, 2003).
2
�U.S. Department of Transportation
Conducting a PIA ensures compliance with laws and regulations governing privacy and
demonstrates the DOT’s commitment to protect the privacy of any personal information we
collect, store, retrieve, use and share. It is a comprehensive analysis of how the DOT’s
electronic information systems and collections handle personally identifiable information
(PII). The goals accomplished in completing a PIA include:
-
Making informed policy and system design or procurement decisions. These
decisions must be based on an understanding of privacy risk, and of options
available for mitigating that risk;
Accountability for privacy issues;
Analyzing both technical and legal compliance with applicable privacy law and
regulations, as well as accepted privacy policy; and
Providing documentation on the flow of personal information and information
requirements within DOT systems.
Upon reviewing the PIA, you should have a broad understanding of the risks and potential
effects associated with the Department activities, processes, and systems described and
approaches taken to mitigate any potential privacy risks.
Introduction & System Overview
FAA’s Civil Aerospace Medical Institute (CAMI) is sponsoring the Unmanned Aircraft
Systems (UAS) Market Survey, pursuant to its authority under the FAA Modernization and
Reform Act of 2012 (P.L. 112-095), reauthorized under the FAA Reauthorization Act of 2018
(P.L. 115-254). The purpose of the survey is to receive feedback from experts in industry and
academia on aspects of operating UAS, such as common fatigue-related practices; minimum
knowledge, skills, abilities (KSAs) necessary to operate UAS; testing; and staffing procedures
required for operating UAS. The survey participants will be able to provide insight into UAS
air carrier operations, which in turn, will help inform FAA policy. The results from this survey
will also be used to inform rulemaking activities.
This survey is conducted in accordance with the standards and protocols common to research
involving human subjects defined in 45 CFR 46, and overseen by CAMI’s Institutional
Review Board (IRB). Participants are informed of their rights under 45 CFR 46 through the
informed consent notice.
FAA leverages Cherokee Nation 3S LLC (CN3S) contractors to develop the sample pool of
participants, submit the survey instrument to FAA/CAMI’s IRB for approval, administer the
survey, process the responses, and facilitate compensation to the participants. FAA CN3S
processes PII from members of the public, including the individual’s name, company name,
and business or personal email address to create a sample pool of survey recipients. A second
FAA contractor, Neese Personnel, collects name, mailing address, phone number, and email
3
�U.S. Department of Transportation
address to facilitate payments to respondents for their participation in the survey. The survey
business processes are described below.
The Sample Pool of Survey Participants
The sample pool consists of UAS engineers, operators, instructors, and managers who
submitted Part 107 request for waivers relating to rules governing UAS, or those identified
in academia as a UAS instructor. The initial distribution list contains 381 individuals, but
should increase as the FAA routinely updates the publicly accessible Part 107 Waivers
database, and academic institutions are continually developing new UAS programs. The
survey will collect responses from 180 participants. To ensure the representativeness of the
sample, the 180 respondents will be distributed across quotas that are set based on
occupational duties as reported by the respondent (pilot/operator = 40, cargo/sensor operator
= 40, supervisor = 40, instructors = 40, engineers = 10, other = 10).
The contact information for the survey participants is collected from the following
resources: 1) the Federal Register public dockets (which identifies corporations who
received blanket waivers from Part 107 requirements); 2) the FAA’s publicly available Part
107 Waivers website (which identifies individuals who have been granted waivers from Part
107 requirements relating to rules for operating UAS);2; and 3) research sponsors and
contractors.3 The following contact information is collected from these resources:
individual’s name, company name, and email address (business and/or personal, depending
on the email the user submitted during the wavier submission process). FAA’s in-house
contractor, CN3S, creates the sample pool by pulling this information together from the
above-mentioned sources. FAA uses this variety of sources to help ensure the
representativeness of the drawn sample.
The sample pool list of potential respondents is stored securely and is only accessible by
CN3S staff.
Survey Administration
The survey will be active for 90 days or completion of the 180-respondent limit, whichever
comes first, and will no longer be accessible by participants after the survey closes. The
survey includes questions with open text boxes, but the questions do not solicit the
participant to respond with PII. If a respondent inadvertently provides PII in an open text
CN3S uses Google searches in an effort to ensure the contact information drawn from the Part 107 Waivers
website is current.
3
During Federal Register Notice public comment period, FAA received offers from contractors and
subcontractors to assist with the survey by participating and/or by forwarding the survey to other members of
UAS community.
2
4
�
U.S. Department of Transportation
box, CN3S contractor staff will delete the PII before providing results to the FAA. The
survey also includes questions with specific responses the participant must choose (e.g., yes
or no responses), which will not solicit any PII.
The FAA’s UAS Market Survey Program has a contract in place with online survey
development software Qualtrics4 to administer the survey. CN3S uses Qualtrics to create the
survey, collect data, and create survey item reports. CN3S staff will provide their FAA email
address to create a Qualtrics user account to login with username and password.
CN3S staff sends an email to the sample pool it compiled (explained above) containing the
Uniform Resource Locator (URL) for the survey. Members of the sample pool who receive
the survey may elect to take the survey or not. In addition, the members of the sample pool
can forward the survey to a colleague for their participation by simply forwarding the email
containing the survey link.5 Recipients in the original sample pool may also opt out of
further communication by sending an email to that effect to the address listed in the email
invitation to participate in the survey. Unless the recipient opts-out, they will receive a
reminder email from CN3S approximately halfway through the data collection period.
If the recipient elects to participate in the survey, they must access the link. Once the
respondent accesses the link, they receive an informed consent notice.6 The notice contains
information about the purpose of the survey, the voluntary nature of participation and the
right to opt-out at any time without adverse consequences, participant compensation, and
how FAA will use the survey results. All participants receive the informed consent prior to
taking the survey, and if they wish to participate, must provide consent before continuing
with the study. As part of providing their consent, participants provide their name (first and
last) and email address. The informed consent states that this PII will not be associated with
the individual’s survey responses.
When a participant takes the survey, Qualtrics automatically assigns a unique ID that is used
to identify each survey response record. The survey records in Qualtrics also include the PII
collected via the informed consent (name and email address). At the conclusion of the
survey, CN3S staff logs into Qualtrics with their username and password and downloads the
survey responses to an FAA PIV-protected drive with access limited to CN3S contractors.
CN3S de-identifies the survey responses by removing the name and email address from the
In April 2018, Qualtrics achieved International Standards Organization (ISO) 27001 certification and is
Federal Risk and Authorization Management Program (FedRAMP) authorized.
5
The survey links are not specific to the individual recipients, and the survey contains a question to exclude
individuals that are outside of the targeted population noted above.
6
An Informed Consent notice is a legal and ethical requirement for research involving human participants. See
45 CFR Part 46.
5
4
�U.S. Department of Transportation
response record, along with any unsolicited PII that respondents may have provided,
unprompted, in open text boxes. CN3S then aggregates the survey responses for reporting.
Survey respondents are compensated for their participation. The survey includes a direct link
to a secure website for a third-party contractor, Neese Personnel, to directly collect
personally identifiable information from the survey respondent to facilitate payment,
including the respondent’s name, mailing address, phone, and email address. CN3S sends an
encrypted email with the survey respondent’s name to Neese to verify the participant’s
name, and Neese facilitates payment by mailing a check to the respondent. The information
Neese Personnel collects will not be shared.
Neese Personnel will maintain this information for three years to meet requirements set forth
by the Fair Labor Standards Act (FLSA).7 Neese Personnel stores any hard copy documents
in locked, access-controlled cabinets. Electronic data is stored in password- and firewallprotected systems8. At the end of the three-year retention period, any hard copy documents
are shredded and electronic files are deleted.9
Neither the survey data nor the analysis will be made available to companies or
organizations outside of the FAA. After the survey is closed, CN3S will destroy all files
containing the link between names, addresses, and unique identifiers. Informed consent
documents will be downloaded to FAA-owned servers with access limited to certain CN3S
contractor staff and FAA Management (but not Primary Investigators), as required per IRB
approval and per IRB compliance requirements.
Fair Information Practice Principles (FIPPs) Analysis
The DOT PIA template is based on the fair information practice principles (FIPPs). The
FIPPs, rooted in the tenets of the Privacy Act, are mirrored in the laws of many U.S. states,
as well as many foreign nations and international organizations. The FIPPs provide a
framework that will support DOT efforts to appropriately identify and mitigate privacy risk.
The FIPPs-based analysis conducted by DOT is predicated on the privacy control families
articulated in the Federal Enterprise Architecture Security and Privacy Profile (FEA-SPP)
v310, sponsored by the National Institute of Standards and Technology (NIST), the Office of
Management and Budget (OMB), and the Federal Chief Information Officers Council and
7
See 29 CFR 516.5
Neese Personnel may need to keep hard copy records for legal compliance, per its own record retention
policy.
9
FAA and NARA are collaborating on a schedule for survey records. Until NARA approves a record schedule
for FAA’s survey records, records relating to the survey must be maintained permanently.
10
http://www.cio.gov/documents/FEA-Security-Privacy-Profile-v3-09-30-2010.pdf
8
6
�
U.S. Department of Transportation
the Privacy Controls articulated in Appendix J of the NIST Special Publication 800-53
Security and Privacy Controls for Federal Information Systems and Organizations11.
Transparency
Sections 522a(e)(3) and (e)(4) of the Privacy Act and Section 208 of the E-Government Act
require public notice of an organization’s information practices and the privacy impact of
government programs and activities. Accordingly, DOT is open and transparent about
policies, procedures, and technologies that directly affect individuals and/or their
personally identifiable information (PII). Additionally, the Department should not maintain
any system of records the existence of which is not known to the public.
As explained above, the survey participants include those identified through the following
resources: 1) the Federal Register public dockets (which identifies corporations who
received blanket waivers from Part 107 requirements); 2) the FAA’s publicly available Part
107 Waivers website (which identifies individuals who have been granted waivers from Part
107 requirements relating to rules for operating UAS);12; and 3) research sponsors and
contractors. It also includes those individuals who receive the email with the survey link
from another participant. The FAA uses this PIA to provide transparency to all individuals
who may be included in the sample pool.
FAA also provides transparency through its informed consent notice to those individuals
who choose to take the survey. The informed consent notice is presented to individuals
within Qualtrics. The informed consent notice is a legal and ethical requirement for research
involving human participants that is reviewed and approved by the CAMI IRB. Informed
consent contains information about the purpose of the survey, the voluntary nature of
participation and the right to opt-out at any time without adverse consequences, participant
compensation, and how FAA will use the survey results. The informed consent also advises
the survey participant of FAA’s PII processing activities, such as the de-identification of
survey responses, which is designed to reduce the project’s privacy risks. Each participant
must accept the informed consent notice by clicking the “I consent to participate” button
prior to accessing the survey questions.
Individual Participation and Redress
DOT provides a reasonable opportunity and capability for individuals to make informed
decisions about the collection, use, and disclosure of their PII. As required by the Privacy
Act, individuals should be active participants in the decision-making process regarding the
11
http://csrc.nist.gov/publications/drafts/800-53-Appdendix-J/IPDraft_800-53-privacy-appendix-J.pdf
CN3S uses Google searches in an effort to ensure the contact information drawn from the Part 107 Waivers
website is current.
7
12
�U.S. Department of Transportation
collection and use of their PII and they are provided reasonable access to their PII and the
opportunity to have their PII corrected, amended, or deleted, as appropriate.
There are two components to the survey project: the sample pool, all of whom FAA contacts
to participate in the survey, and the subset of actual survey respondents.
For the sample pool subset of survey participants, the individual about whom the data
pertains is not source of the information. The individuals who receive the survey have the
right and the opportunity to choose not to participate in the survey. They can simply delete
the email used to distribute the URL to the survey, or ignore the email. In addition,
recipients in the original sample pool can opt out of further communication by sending an
email to that effect to the address listed in the email invitation to participate in the survey.
To create the sample pool CN3S collects the individual’s name, company name, and email
address from publicly available dockets in the Federal Register identifying corporations who
received blanket waivers from Part 107, the FAA’s publicly available Part 107 waivers
website, and names provided by the research sponsors and contractors. UAS operators
voluntarily submit Part 107 waivers and are made aware on FAA’s waiver submission
website that the applications are publicly available. Research sponsors and contractors were
able to self-identify and express interest to FAA in response to Federal Register postings or
via direct contact with FAA researchers.
Should the participant choose to begin the survey, they will be presented with the informed
consent notice, which advises them of the voluntary nature of the survey and of their right
and ability to opt out at any time without penalty. The participants will determine whether
they will accept the informed consent and proceed with providing any additional
information.
Should a participant want to be compensated, they can choose to access the direct link to a
secure website for a third-party contractor, Neese Personnel, to seek compensation. The
participant opts to provide Neese Personnel PII to facilitate compensation, which includes:
the respondent’s name, mailing address, phone, and email address.
Regarding redress, the informed consent notice that each participant accepts advises
respondents that they can refuse to answer questions about the survey and withdraw at any
time. The informed consent notice provides contact information for the FAA employees who
can assist with any questions. It also provides information for a person affiliated with the
IRB who can address any questions regarding a respondent’s rights as a research participant.
8
�U.S. Department of Transportation
Purpose Specification
DOT should (i) identify the legal bases that authorize a particular PII collection, activity, or
technology that impacts privacy; and (ii) specify the purpose(s) for which it collects, uses,
maintains, or disseminates PII. Ex. The PII contained in PTB is utilized for transit subsidy
usage reconciliation, reporting for the agency, monitoring, and tracking participant usage.
FAA is undertaking this survey under the authority of the FAA Modernization and Reform
Act of 2012 (P.L. 112-095), reauthorized under the FAA Reauthorization Act of 2018 (P.L.
115-254).
The CAMI UAS Market Survey collects, generates, or shares information for different
purposes related to the project. FAA collects contact information from public sources to
facilitate the sending of the survey, including: the individual’s name, company name, and
email address. This information is not used for any other purpose.
Additionally, as part of the required informed consent and acknowledgement process, FAA
collects name and email from individuals who receive the survey and choose to participate
in it. The purpose of this information collection is to satisfy requirements pertaining to
research involving human subjects, and other IRB requirements.
To facilitate the respondents receiving compensation for their participation, an FAA
contractor, Neese Personnel collects from the survey respondents their name, mailing
address, phone, and email address. As part of the process to facilitate payment, CN3S shares
with Neese, via encrypted email, the names of those survey participants who completed the
survey. The purpose of Neese’s information collection and CN3S’s information sharing is to
ensure that only those participants who completed the entire survey receive compensation.
Neese does not share data with FAA, nor is there any additional sharing of survey
participant data with Neese by FAA.
Lastly, the Qualtrics software generates a unique ID for each survey record to aid in the
processing of responses. CN3S de-identifies the survey responses upon downloading the
data from Qualtrics, so the survey ID is not linked to an individual. The survey ID assists the
processing of the data, such as creating survey item reports.
Data Minimization & Retention
DOT should collect, use, and retain only PII that is relevant and necessary for the specified
purpose for which it was originally collected.
FAA’s CAMI UAS Market Survey employs data minimization techniques in addition to
appropriate retention policies to reduce the privacy risks associated with the project.
Through its contractor, CN3S, FAA collects a minimal amount of contact information from
9
�U.S. Department of Transportation
publicly available sources to create the survey’s sample pool. In addition, FAA collects only
two data elements (name and email address) directly from respondents in conjunction with
acceptance of the informed consent notice that is required before the respondent can
participate in the survey. While the names and email addresses are captured within the
Qualtrics survey software, along with the respondent’s survey responses, CN3S, removes
this data once it downloads the batched response file, thus de-identifying the survey
responses and minimizing the PII it processes.
Lastly, Neese Personnel, collects directly from respondents the information required to
ensure the respondents are compensated for their participation. The contact information
collected: name (first and last), mailing address, phone number, and email address is only
used to ensure the compensation of survey respondents and is neither connected to survey
responses nor provided to the FAA at any time.
FAA retains the survey project data in accordance with appropriate legal and record
retention requirements. First, FAA maintains its network access records pursuant to National
Archives and Records Administration, General Records Schedule 3.2, Information System
Security Records, item 30: System access records, which are temporary, to be destroyed
when business use ceases, under DAA-GRS-2013-0006-0003. Secondly, the record
retention schedule for the survey-related data is in progress between FAA and NARA. These
survey-related records will be maintained as permanent records until NARA approves the
new schedule. Lastly, Neese Personnel retains the data related to the compensation of survey
respondents for 3 years in conjunction with Fair Labor Standards Act requirements, after
which Neese Personnel will destroy records.
Use Limitation
DOT shall limit the scope of its PII use to ensure that the Department does not use PII in any
manner that is not specified in notices, incompatible with the specified purposes for which the
information was collected, or for any purpose not otherwise permitted by law.
The survey is undertaken to collect data from a population with broad knowledge regarding
the operation of UAS. FAA will use the survey results to inform its rulemakings on UAS
operations. To that end, FAA collects a limited amount of PII to create the sample pool, and
to facilitate the survey and ensure survey participants get compensated.
First, to create the sample pool, CN3S collects the individual’s name, company name, and
email address. This data is not used for any other purpose other than to create the sample
pool and email the survey to the individuals in the sample pool. The FAA does not have
access to this information and CN3S does not share this information.
10
�U.S. Department of Transportation
Secondly, CN3S collects the informed consents required for research involving human
subjects. To participate in the survey respondents must accept the informed consent notice
by providing their first and last name and email address in the acknowledgement. CN3S
maintains this PII separately to satisfy IRB requirements, and this PII is not associated with
the survey responses. This information may be shared with FAA’s CAMI IRB upon request.
Additionally, CN3S shares with Neese Personnel via encrypted email the names of those
individuals who completed with survey to ensure that only those who completed the survey
receive compensation.
Lastly, to facilitate payment, Neese Personnel, collects the information required to
compensate the survey respondents for their participation: name (first and last), mailing
address, phone number, and email address. Neese does not share this information with FAA
or CN3S, nor is this information associated with the survey responses.
Data Quality and Integrity
In accordance with Section 552a(e)(2) of the Privacy Act of 1974, DOT should ensure that
any PII collected and maintained by the organization is accurate, relevant, timely, and
complete for the purpose for which it is to be used, as specified in the Department’s public
notice(s).
FAA CAMI employs a combination of processes to ensure the quality and integrity of the
survey project data.
Regarding data quality controls, the project collects the contact information for the survey
pool from a frequently-updated FAA database on Section 107 Waiver applicants and uses
Google searches for publicly-available data to check the accuracy of the information FAA
uses for its contact list. Academic contacts are verified using university/institutional
websites, while the contact information for contractors was collected directly from the
submitting individual. In addition, the Qualtrics survey has internal controls that limit the
information that can be input into the survey. For example, the name field does allow the
participant to include numbers, and fields that require numerical entries do not include alpha
characters. Furthermore, FAA contractor, Neese Personnel, collects PII directly from survey
respondents to ensure their accuracy, while CN3S collects PII directly from respondents for
the survey’s informed consent notice. This direct collection of PII reduces the risk of data
quality issues.
Security
DOT shall implement administrative, technical, and physical measures to protect PII
collected or maintained by the Department against loss, unauthorized access, or disclosure,
as required by the Privacy Act, and to ensure that organizational planning and responses to
privacy incidents comply with OMB policies and guidance.
11
�U.S. Department of Transportation
Secured network drives, access-controlled folders, and contract clauses re: data security.
FAA and its contractors utilize a variety of controls to ensure the security of the information
collected and processed during the survey project. First, FAA employees do not have access
to the sample pool list or the survey data processed and stored by its contractor, CN3S, or
the payment information collected and stored by Neese Personnel. Access to all project data
is limited on a need-to-know basis. FAA secures the information, providing CN3S an
access-controlled, PIV-protected network drive to store the survey data. Further, when
facilitating the verification of participation for survey respondents, CN3S sends respondent
names to Neese Personnel, securing the data via encrypted email.
Neese Personnel stores any hard copy documents in locked, access-controlled cabinets, and
electronic data is stored in password- and firewall-protected systems. At the end of the
three-year retention period, any hard copy documents are shredded and electronic files will
be deleted.
Regarding its data integrity controls, FAA employs a segregation of duties and limited
access to the survey data to reduce the risk of unauthorized processing or changing of the
data by limiting the number of people with access to the information. CN3S administers the
survey and processes the survey data, independent of FAA employees. Likewise, Neese
Personnel directly collects the information required to ensure compensation and stores and
secures this information using locked, access-controlled cabinets, and password- and
firewall-protected systems for electronic data. Neese does not share the information it
collects with FAA or CN3S.
Accountability and Auditing
DOT shall implement effective governance controls, monitoring controls, risk management,
and assessment controls to demonstrate that the Department is complying with all
applicable privacy protection requirements and minimizing the privacy risk to individuals.
FAA Order 1370.121, FAA Information Security and Privacy Program & Policy,
implements the various privacy requirements of the Privacy Act of 1974 (the Privacy Act),
the E-Government Act of 2002 (Public Law 107-347), DOT privacy regulations, Office of
Management and Budget (OMB) mandates, and other applicable DOT and FAA information
and information technology management procedures and guidance.
In addition to these practices, the FAA will implement additional policies and procedures as
they relate to the access, protection, retention, and destruction of PII. Federal employees and
contractors who work with the CAMI UAS Market Survey are given clear guidance about
their duties as related to collecting, using, and processing privacy data. Guidance is provided
in mandatory annual security and privacy awareness training, as well as FAA Order
12
�U.S. Department of Transportation
1370.121A. The FAA will conduct periodic privacy compliance reviews of the CAMI UAS
Market Survey as related to the requirements of OMB Circular A-130, Managing
Information as a Strategic Resource.
Responsible Official
Ashley Awwad
Email: [email protected]
Phone Number: 1-816-786-5716
Prepared by: Barbara Stance
Approval and Signature
Karyn Gorman
Acting Chief Privacy Officer
Office of the Chief Information Officer
13
�
| File Type | application/pdf |
| File Title | Microsoft Word - Privacy-FAA-CAMI UAS Market Survey-PIA-03.01.21.docx |
| Author | karyn.gorman |
| File Modified | 2021-04-27 |
| File Created | 2021-04-27 |