Download:
pdf |
pdfPRIVACY IMPACT ASSESSMENT (PIA)
PRESCRIBING AUTHORITY: DoD Instruction 5400.16, "DoD Privacy Impact Assessment (PIA) Guidance". Complete this form for Department of Defense
(DoD) information systems or electronic collections of information (referred to as an "electronic collection" for the purpose of this form) that collect, maintain, use,
and/or disseminate personally identifiable information (PII) about members of the public, Federal employees, contractors, or foreign nationals employed at U.S.
military facilities internationally. In the case where no PII is collected, the PIA will serve as a conclusive determination that privacy requirements do not apply to
system.
1. DOD INFORMATION SYSTEM/ELECTRONIC COLLECTION NAME:
CWBI - CIVIL WORKS BUSINESS INTELLIGENCE
3. PIA APPROVAL DATE:
2. DOD COMPONENT NAME:
United States Army
US Army Corps of Engineers
SECTION 1: PII DESCRIPTION SUMMARY (FOR PUBLIC RELEASE)
a. The PII is: (Check one. Note: Federal contractors, military family members, and foreign nationals are included in general public.)
From members of the general public
From Federal employees
from both members of the general public and Federal employees
Not Collected (if checked proceed to Section 4)
b. The PII is in a: (Check one.)
New DoD Information System
New Electronic Collection
Existing DoD Information System
Existing Electronic Collection
Significantly Modified DoD Information System
c. Describe the purpose of this DoD information system or electronic collection and describe the types of personal information about individuals
collected in the system.
CWBI directly supports the Corps of Engineers Civil Works in the area of performance measures for Water Resources by consolidating,
integrating, and displaying geospatial data in the business areas of Navigation, Environmental Stewardship, Safety, Recreation, Hydropower,
Flood Risk Management, and Regulatory and providing one-time, single point data entry for these systems. The system includes a data
warehouse that merges financial data with the business function output and inventory data to produce performance measures of efficiency
and effectiveness for the Operations and Maintenance community. Life-cycle phase is mixed operations and maintenance. CWBI databases
are located on servers at the two processing centers within the USACE Enterprise Infrastructure Services (CIO/G6) network. CWBI data
tables are not directly linked to other USACE data tables for data sharing although data is uploaded to and/or extracted from other USACE
data tables; CWBI does not interconnect with any system outside the CIO/G6 production environment. System backup is provided by CIO/
G6 using servers located at the processing centers.
The Recreation module in the database includes the following primary personal information: individual’s name, address, and vehicle
information: tag number, make, model, body style, and color. The source of this information is directly from the individual record subject.
The Regulatory database includes the following primary personal information: individual’s name, address, telephone number, fax number,
and email address. The source of this information is directly from the individual record subject, a member of the public.
d. Why is the PII collected and/or what is the intended use of the PII? (e.g., verification, identification, authentication, data matching, mission-related use,
administrative use)
Recreation: Park rangers use the recreation module to collect data about the citations they issue to the public for misuse of Corps recreation
areas.
Regulatory: The Mission of the Regulatory system is to assist in the processing of permit applications from individuals in order to allow
reasonable development while protecting the Nation’s waters and wetlands.
e. Do individuals have the opportunity to object to the collection of their PII?
Yes
No
(1) If "Yes," describe the method by which individuals can object to the collection of PII.
(2) If "No," state the reason why individuals cannot object to the collection of PII.
Recreation and Safety: Personal data is voluntarily given by the applicant and collected via manual forms.
Regulatory: Personal data is voluntarily given by the applicant and collected via electronic forms on the Internet Accessible segment of the
USACE network or manual forms submitted to the district USACE Regulatory office. The ePermit form contains an applicable privacy
statement.
DD FORM 2930, JUN 2017
PREVIOUS EDITION IS OBSOLETE.
AEM Designer
Page 1 of 9
f. Do individuals have the opportunity to consent to the specific uses of their PII?
Yes
No
(1) If "Yes," describe the method by which individuals can give or withhold their consent.
(2) If "No," state the reason why individuals cannot give or withhold their consent.
Recreation and Safety: Personal data is voluntarily given by the applicant and collected via manual forms.
Regulatory: Personal data is voluntarily given by the applicant and collected via electronic forms on the Internet Accessible segment of the
USACE network or manual forms submitted to the district USACE Regulatory office. The ePermit form contains an applicable privacy
statement.
g. When an individual is asked to provide PII, a Privacy Act Statement (PAS) and/or a Privacy Advisory must be provided. (Check as appropriate and
provide the actual wording.)
Privacy Act Statement
Privacy Advisory
Not Applicable
Recreation: Individual is presented with a citation, ENG 4381, that has the Privacy Act Statement on the reverse side. This is a Title 36
citation authority under Flood Act of 1970, Public Law 91-611.
Regulatory: Individual voluntarily fills out the ENG 4345 standard form that has the Privacy Act Statement on the face of the form. Form is
approved by OMB No. 0710-0003.
h. With whom will the PII be shared through data/system exchange, both within your DoD Component and outside your Component?
(Check all that apply)
Within the DoD Component
Specify.
Other DoD Components (i.e. Army, Navy, Air Force)
Specify.
Other Federal Agencies (i.e. Veteran’s Affairs, Energy, State)
Specify.
State and Local Agencies
Specify.
Contractor (Name of contractor and describe the language in
the contract that safeguards PII. Include whether FAR privacy
clauses, i.e., 52.224-1, Privacy Act Notification, 52.224-2,
Privacy Act, and FAR 39.105 are included in the contract.)
Other (e.g., commercial providers, colleges).
USACE Regulatory Permit team has access to the regulatory
information. USACE Recreation team has access to the
citation information.
Regulatory data will be shared among state regulatory
agencies to enable processing of joint federal and state
permit applications.
Recreation data will be shared with local law enforcement
agencies.
Regulatory data will be shared among state regulatory
agencies to enable processing of joint federal and state
permit applications.
Standard contract language should be contained in the
contracts; however, as contracts are renewed the new
standard statement per DoD memorandum “DoD
Specify.
Component Responsibility to Ensure Government Contract
Compliance with the Privacy Act” (28 JAN 2015) shall
replace current statements.
Specify.
i. Source of the PII collected is: (Check all that apply and list all information systems if applicable)
Individuals
Databases
Existing DoD Information Systems
Commercial Systems
Other Federal Information Systems
The source of the PII is from the individual for both the Recreation collection and the Regulatory collection.
j. How will the information be collected? (Check all that apply and list all Official Form Numbers if applicable)
E-mail
Official Form (Enter Form Number(s) in the box below)
In-Person Contact
Paper
Fax
Telephone Interview
Information Sharing - System to System
Website/E-Form
Other (If Other, enter the information in the box below)
Recreation: personal information is provided by the individual record subject via personal interview. ENG FORM 4381, MAR 2015.
DD FORM 2930, JUN 2017
PREVIOUS EDITION IS OBSOLETE.
AEM Designer
Page 2 of 9
Regulatory: provided by the individual record subject by telephone interview or completion of electronic form ENG 4345, FEB 2019.
k. Does this DoD Information system or electronic collection require a Privacy Act System of Records Notice (SORN)?
A Privacy Act SORN is required if the information system or electronic collection contains information about U.S. citizens or lawful permanent U.S. residents that
is retrieved by name or other unique identifier. PIA and Privacy Act SORN information must be consistent.
Yes
No
If "Yes," enter SORN System Identifier
A0015-2-2 CE and A1145b CE; currently
SORN Identifier, not the Federal Register (FR) Citation. Consult the DoD Component Privacy Office for additional information or http://dpcld.defense.gov/
Privacy/SORNs/
or
If a SORN has not yet been published in the Federal Register, enter date of submission for approval to Defense Privacy, Civil Liberties, and Transparency
Division (DPCLTD). Consult the DoD Component Privacy Office for this date
If "No," explain why the SORN is not required in accordance with DoD Regulation 5400.11-R: Department of Defense Privacy Program.
l. What is the National Archives and Records Administration (NARA) approved, pending or general records schedule (GRS) disposition authority
for the system or for the records maintained in the system?
(1) NARA Job Number or General Records Schedule Authority.
400 and 1145b1 through b4
(2) If pending, provide the date the SF-115 was submitted to NARA.
(3) Retention Instructions.
Recreation: Record Series 400: Information Management 400B Information Management, Military Publications, Temporary Keep 0 - 6 years
based on the Disposition Instructions.
Regulatory: Standard permits at HQ USACE are kept until no longer needed for conducting business but not longer than 6 years, then
destroyed. Standard permits at field offices: (1) Issued permits: kept until revocation, expiration, or removal of the object to which the permit
pertains and then until no longer needed for conducting business, then retire to Records Holding Area/Army Electronic Archives (RHA/
AEA). The RHA/AEA will destroy the records 7 years after the event. (2) Denied permits: Destroyed 3 years after denial. (3) Issued permits,
in paper or microform, retired to Federal Archives and Records Centers prior to 1 January 1981: Retained until 2055 at which time they will
be reviewed for possible destruction. Official record copies used for litigation will be destroyed with those files.
m. What is the authority to collect information? A Federal law or Executive Order must authorize the collection and maintenance of a system of
records. For PII not collected or maintained in a system of records, the collection or maintenance of the PII must be necessary to discharge the
requirements of a statue or Executive Order.
(1) If this system has a Privacy Act SORN, the authorities in this PIA and the existing Privacy Act SORN should be similar.
(2) If a SORN does not apply, cite the authority for this DoD information system or electronic collection to collect, use, maintain and/or disseminate PII.
(If multiple authorities are cited, provide all that apply).
(a) Cite the specific provisions of the statute and/or EO that authorizes the operation of the system and the collection of PII.
(b) If direct statutory authority or an Executive Order does not exist, indirect statutory authority may be cited if the authority requires the
operation or administration of a program, the execution of which will require the collection and maintenance of a system of records.
(c) If direct or indirect authority does not exist, DoD Components can use their general statutory grants of authority (“internal housekeeping”) as
the primary authority. The requirement, directive, or instruction implementing the statute within the DoD Component must be identified.
Regulatory authority: Rivers and Harbors Acts of 1899 (33 U.S.C. 401, et seq.); Section 10 (33 U.S.C. 403).
Recreation authority:
Debt Collection Improvement Act of 1996, 31 U.S.C. 7701(c)
Title 36, Chapter III, CFR 327- Rules and Regulations Governing Public Use Of Water Resources Development Projects administered by the
Chief of Engineers Executive Order 9397
n. Does this DoD information system or electronic collection have an active and approved Office of Management and Budget (OMB) Control
Number?
Contact the Component Information Management Control Officer or DoD Clearance Officer for this information. This number indicates OMB approval to
collect data from 10 or more members of the public in a 12-month period regardless of form or format.
DD FORM 2930, JUN 2017
PREVIOUS EDITION IS OBSOLETE.
AEM Designer
Page 3 of 9
Yes
No
Pending
(1) If "Yes," list all applicable OMB Control Numbers, collection titles, and expiration dates.
(2) If "No," explain why OMB approval is not required in accordance with DoD Manual 8910.01, Volume 2, " DoD Information Collections Manual:
Procedures for DoD Public Information Collections.”
(3) If "Pending," provide the date for the 60 and/or 30 day notice and the Federal Register citation.
Form 4345 Application for a Department of the Army Permit U.S. Army Corps of Engineers (USACE) APPLICATION FOR
DEPARTMENT OF THE ARMY PERMIT 33 CFR 325. The proponent agency is CECW-CO-R. Form Approved - OMB No. 0710-0003
Expires: 02-28-2022
DD FORM 2930, JUN 2017
PREVIOUS EDITION IS OBSOLETE.
AEM Designer
Page 4 of 9
File Type | application/pdf |
File Title | DD 2930, Privacy Impact Assessment (PIA), Jun 2017.pdf |
Author | SchuffNA |
File Modified | 2022-02-14 |
File Created | 2022-02-14 |