Privacy Impact Assessment (PIA) Service DA MA PIA

Status: Original and derived artifacts are available for this document.

Download: pdf

Privacy Impact Assessment
NASS Data and Applications Major Application

National Agricultural Statistics Service

Version: 2.2
Date: December 1, 2017
Prepared for: USDA NASS

Privacy Impact Assessment
National Agricultural Statistics Service, NASS DA MA

Privacy Impact Assessment for the
NASS Data and Applications Major
Application
(NASS DA MA)
December 1, 2017

Contact Point
Arnie Wilcox
National Agricultural Statistics Service
(202) 690-8744

Reviewing Official
Renato Chan
Chief, NASS Security
National Agricultural Statistics Service
United States Department of Agriculture
(202)720-4068

Page 3

Privacy Impact Assessment
National Agricultural Statistics Service, NASS DA MA

Abstract
This document contains the Privacy Impact Assessment (PIA) of the National Agricultural
Statistics Service (NASS) Data and Applications Major Application (DA MA). The NASS DA
MA is a UNIX-based application farm that is comprised of a number of various applications.
These applications generally support the mission of NASS.
The NASS is conducting this PIA on the NASS DA MA because the system processes and
stores personally identifiable Information of all participating farmers and ranchers in the US
which include name, address, phone number, size of operation, gender, and race. In addition,
the system processes and stores agribusiness information, including: Firm names, manager
names, address, phone number, size of operation in various categories and tax EINs.

Overview
The NASS DA MA is hosted by the NASS Infrastructure (INF) General Support System (GSS)
which is physically located at two separate locations, the NASS Headquarters (HQ) in
Washington, D.C. and the USDA National Information Technology Center (NITC), in Kansas,
City. The architecture consists of servers operating under both AIX and Linux Operating
Systems. All NASS DA MA applications are managed and maintained by various NASS
System Administrators, Database Administrators and Developers located at NASS HQ and
Colorado Field Office (FO).
The NASS DA MA mid-range server environment is distributed at the NASS INF GSS
locations. The architecture consists of servers operating under both AIX and Linux operating
systems. Our UNIX environment resides on IBM pSeries equipment. All NASS INF GSS
servers are managed from NASS HQ.
Servers located at NASS HQ are more specialized since consolidation is not as far along at this
facility. There are six production servers in NASS HQ supporting the following production
processes 1) public agricultural statistics reports and geospatial data, 2) NASS intranet backup,
3) web data collection public front end, 4) web data collection back-end database, 5) automatching to build the list and sampling frame, 6) replication of data across enterprise databases.
NASS DA MA applications work from an enterprise transactional and analytical database
environment to provide access to a database on the NASS Infrastructure (INF) GSS. NASS DA
MA has a "census" processing system that is used every five years and consists of multiple
components, i.e. data editing component, data analysis component, data tabulation/summary
component, and a data disclosure review component. NASS DA MA also includes some
isolated "survey" systems that are migrating to the UNIX environment, i.e. web data collection
and livestock slaughter applications. NASS DA MA also has some "support" applications that
service both the census and surveys, such as the sampling system, web public agricultural
statistics, public special tabulations, geospatial application, electronic images of questionnaires,
and an intranet application. Functions of the NASS DA MA applications are described in the
following paragraphs.
1. PRISM3 (Project to Reengineer and Integrate Statistical Methods): PRISM is a
major reengineering and integration effort for the Census of Agriculture designed to
Page 4

Privacy Impact Assessment
National Agricultural Statistics Service, NASS DA MA

streamline and improve the quality of census and survey processes.
2. Livestock Slaughter: The purpose of Livestock Slaughter is to edit, analyze,
summarize and publish Livestock Slaughter statistics on a monthly and annual basis.
The Livestock Slaughter report is a monthly outline of animals that have been
slaughtered in the U. S. This report provides the number of heads slaughtered, live
weight, and dressed weight of cattle and calves. Similar statistics are reported for
sheep, lamb, hogs and pigs. For federally inspected plants, statistics are reported by
class and by state. In addition, total red meat production by species is reported by
state and for the U. S.
3. Poultry Slaughter: The purpose of Poultry Slaughter is to edit, analyze, summarize
and publish Poultry Slaughter statistics on a monthly and annual basis.
4. Genesis (Generalized Enhanced Sampling and Information System): To replace all
of the disparate sampling programs, NASS developed the Generalized Enhanced
Sampling and Information System (GENESIS). As an internal tool to the NASS
survey process, GENESIS has improved the quality of NASS samples. It has also
improved the efficiency of the sampling process in terms of cost, staff time, and
calendar time.
5. ELMO (Enhanced List Maintenance Operations): ELMO is a system which is used
to manage the farm register database. The system allows the user: to search for
records based on certain name and address information, to update name, address,
and control data information either individually or in a batch mode, and to extract
lists of records in different formats.
6. Record Linkage: NASS designed Record Linkage to make the record linkage
process as simple and user friendly as possible. NASS developed record linkage
system with AutoMatch as the core.
7. EDR (Electronic Data Reporting): NASS decided that a Web-based EDR with a
secure environment would be the most suitable and effective method for NASS. It
can be used appropriately for most NASS surveys and is considered technically
superior to the other methods reviewed.
8. Quick Stats: Quick Stats is composed of two basic tools: 1) Quick Stats Query Tool
LAN and 2) Quick Stats Web App. Quick Stats Query Tool LAN is an internal
application designed to allow USDA employees to perform statistical queries on the
Agricultural Statistics Data Base. Quick Stats Web App is a web-based publicly
accessible read-only system that allows the public to view results from queries
against the Agricultural Statistics Data Base.
9. SPS (Survey Processing System): SPS is used to analyze and summarize the data in
the Statistical Analysis System (SAS) datasets.
10. ELMA (Enhanced List Maintenance Assistant): supports the centralized list frame
activities from the National Operations Center. ELMA provides an automated
process to capture and review list frame update information presented in the List
Frame Actions and Review paper reports (generated within all electronic data
collection instruments) as well as list frame update information submitted by NASS

Page 5

Privacy Impact Assessment
National Agricultural Statistics Service, NASS DA MA

Field Offices. Field Office staff utilize ELMA to interactively request list frame
updates to the sampling frames database, including name, address, telephone
number, comments, and data collection mode and to request new farm/ranch
operation additions to ELMO. Employees at the National Operations Center utilize
ELMA to process ELMO updates/requests on an interactive basis.
11. RECAP (Review Estimates & Comments, Approve & Publish): RECAP provides a
generalized set of review screens which allow employees to review the survey
indications and comments from the Field Offices and/or Headquarters, and then
either approve the estimate for public dissemination or request additional analysis
be conducted before approving the estimate.
12. CAPI (Computer Assisted Personal Interview): CAPI leverages private cloud
technology, broadband transmission, and use of computer tablets for data entry
without storing data on the tablet hard drive.
13. ARG: ARG is the agency supported software application for creation of official
releases and publications and is designed to pull data directly from a database.
14. Feith: Feith software is used to display questionnaire images, for use in data review.
Through the use of Feith software, the image of a questionnaire can be easily
retrieved to assist with the data review process, and navigation through the
questionnaire using the software capabilities is relatively effortless. Feith uses an
Oracle database running on a UNIX server under AIX for storing and retrieving the
images, with very little downtime throughout the entire data review process.

Section 1.0 Characterization of the Information
The following questions are intended to define the scope of the information requested and/or
collected as well as reasons for its collection as part of the program, system, rule, or technology
being developed.

1.1

What information is collected, used, disseminated, or maintained in
the system?
Customer information – Information on all participating farmers and ranchers in the US
which include name, address, phone number, size of operation, SSNs, gender, race.
Other – agribusiness – Firm names, manager names, address, phone number, size of
operation in various categories, tax EINs.
All information collected and processed by this system, including personally
identifiable information, is protected by US Code: Title 7, 2276 – Confidentiality of
Information.

1.2

What are the sources of the information in the system?
The population of farmers, ranchers, agri-businesses, and other federal agencies (FSA,
IRS, Census [NPC], FSIS) and InfoUSA. Third party sources include InfoUSA,
Universities (extension), commodity organizations, trade magazines.
Page 6

Privacy Impact Assessment
National Agricultural Statistics Service, NASS DA MA

FSA, IRS, FSIS and Bureau of Census provide data for use in the system.

1.3

Why is the information being collected, used, disseminated, or
maintained?
The information is used to support the Agency’s mission of providing timely, accurate,
and useful statistics in service to U.S. agriculture.

1.4

How is the information collected?
Through interviews done by telephone, paper, and electronic data collection.
FSA and FSIS provide data that are entered into the system. These are done periodically
through operator intervention (a business person with support from admin).

1.5

How will the information be checked for accuracy?
Criteria/Auditing questionnaires are provided to the individual under review asking
them to fill in the specifics for them.
Name information is not verified by inference from a source. Instead that is used to start
a questionnaire as identified above.

1.6

What specific legal authorities, arrangements, and/or agreements
defined the collection of information?
Title 7 United States Code, Section 2204; Title 44 United States Code, Section 3501;
and the Confidential Information Protection and Statistical Efficiency Act (CIPSEA) of
2002.

1.7

Privacy Impact Analysis: Given the amount and type of data
collected, discuss the privacy risks identified and how they were
mitigated.
There is always the risk of unauthorized disclosure. NASS requires all its employees
sign confidentiality statements on an annual basis. In addition, systems containing
privacy information employs additional security mechanisms to mitigate potential risks.

Section 2.0 Uses of the Information
The following questions are intended to delineate clearly the use of information and the
accuracy of the data being used.

2.1

Describe all the uses of information.
The data will only be used to support the Agency’s mission of providing timely,
accurate, and useful statistics in service to U.S. agriculture.

Page 7

Privacy Impact Assessment
National Agricultural Statistics Service, NASS DA MA

2.2

What types of tools are used to analyze data and what type of data
may be produced?
The NASS DA MA utilizes both transactional and analytical databases used in all
Census, Survey, Support and Estimation and Dissemination applications used within the
system and listed as follows: ELMO, Genesis, Record Linkage, PRISM, Quick Stats,
CPCS, Livestock Slaughter, Poultry Slaughter, and Feith.
Data are used only in support of creating statistical information for such purposes as are
necessary for the publication of statistical reports.
Source Agencies: NASS, FSA, FSIS

2.3

If the system uses commercial or publicly available data please
explain why and how it is used.
Commercial and publicly available data is used to assist in identifying duplication of
names between various probability list samples and NASS area frame surveys. They are
also used when matching names currently on NASS list sampling frame with lists
maintained by other governmental agencies as part of the NASS list building and
maintenance process.

2.4

Privacy Impact Analysis: Describe any types of controls that may be
in place to ensure that information is handled in accordance with the
above described uses.
All authorized NASS users are required to sign a pledge of confidentiality that carries
severe legal penalties for violating the pledge. NASS employs physical security
controls, logical access controls, technological controls, auditing and monitoring of
controls.

Section 3.0 Retention
The following questions are intended to outline how long information will be retained after the
initial collection.

3.1

How long is information retained?
Data are retained as long as the information is needed for list building. Census data are
retained for ten to fifteen years in electronic form.

3.2

Has the retention period been approved by the component records
officer and the National Archives and Records Administration
(NARA)?
Yes

3.3

Privacy Impact Analysis: Please discuss the risks associated with the
length of time data is retained and how those risks are mitigated.

Page 8

Privacy Impact Assessment
National Agricultural Statistics Service, NASS DA MA

There is always the risk of unauthorized disclosure. NASS requires all its employees
sign confidentiality statements on an annual basis. In addition, systems containing
privacy information employs additional security mechanisms to mitigate potential risks.

Section 4.0 Internal Sharing and Disclosure
The following questions are intended to define the scope of sharing within the United States Department
of Agriculture.

4.1

With which internal organization(s) is the information shared, what
information is shared and for what purpose?
The USDA FSA and ERS have limited access to some of the data stored in the system
and are controlled by use of both hardware and software security controls.

4.2

How is the information transmitted or disclosed?
The information is transmitted through direct use of the system. User access is
determined based on the person’s job role.

4.3

Privacy Impact Analysis: Considering the extent of internal
information sharing, discuss the privacy risks associated with the
sharing and how they were mitigated.
There is always the risk of unauthorized disclosure. NASS requires all its employees
sign confidentiality statements on an annual basis. In addition, systems containing
privacy information employs additional security mechanisms to mitigate potential risks.

Section 5.0 External Sharing and Disclosure
The following questions are intended to define the content, scope, and authority for information sharing
external to USDA which includes Federal, state and local government, and the private sector.

5.1

With which external organization(s) is the information shared, what
information is shared, and for what purpose?
Information is not shared with any external organizations

5.2

Is the sharing of personally identifiable information outside the
Department compatible with the original collection? If so, is it
covered by an appropriate routine use in a SORN? If so, please
describe. If not, please describe under what legal mechanism the
program or system is allowed to share the personally identifiable
information outside of USDA.
Not applicable, PII is not shared outside the Department.

Page 9

Privacy Impact Assessment
National Agricultural Statistics Service, NASS DA MA

5.3

How is the information shared outside the Department and what
security measures safeguard its transmission?
Not applicable, PII is not shared outside the Department.

5.4

Privacy Impact Analysis: Given the external sharing, explain the
privacy risks identified and describe how they were mitigated.
Not applicable, PII is not shared outside the Department.

Section 6.0 Notice
The following questions are directed at notice to the individual of the scope of information collected,
the right to consent to uses of said information, and the right to decline to provide information.

6.1

Was notice provided to the individual prior to collection of
information?
Yes

6.2

Do individuals have the opportunity and/or right to decline to provide
information?
Yes

6.3

Do individuals have the right to consent to particular uses of the
information? If so, how does the individual exercise the right?
Yes

6.4

Privacy Impact Analysis: Describe how notice is provided to
individuals, and how the risks associated with individuals being
unaware of the collection are mitigated.
The collection process is covered by the following NASS SORNs: Agricultural Survey
Records, USDA/NASS–1; List Sampling Frame, USDA/NASS–2; and Census of
Agriculture Records, USDA/NASS–3; which are available to the individuals through
the Federal Register.

Section 7.0 Access, Redress and Correction
The following questions are directed at an individual’s ability to ensure the accuracy of the information
collected about them.

7.1

What are the procedures that allow individuals to gain access to their
information?
Any individual may request information as to whether the system contains records
pertaining to him or her by contacting the system manager at the address specified on

Page 10

Privacy Impact Assessment
National Agricultural Statistics Service, NASS DA MA

the SORN. The request for information should contain: name, address, System of
Record name, and year that the agricultural survey questionnaire was completed.

7.2

What are the procedures for correcting inaccurate or erroneous
information?
A request is sent to the NASS Customer Service department.

7.3

How are individuals notified of the procedures for correcting their
information?
By contacting the system managers listed on the following NASS SORNs:
Agricultural Survey Records, USDA/NASS–1; List Sampling Frame, USDA/NASS–
2; and Census of Agriculture Records, USDA/NASS–3.

7.4

If no formal redress is provided, what alternatives are available to the
individual?
Not Applicable

7.5

Privacy Impact Analysis: Please discuss the privacy risks associated
with the redress available to individuals and how those risks are
mitigated.
There are no significant risks involved with the redress process.

Section 8.0 Technical Access and Security
The following questions are intended to describe technical safeguards and security measures.

8.1

What procedures are in place to determine which users may access
the system and are they documented?
Access to data is limited only to users authorized by NASS to modify, maintain and
review the data. This includes authorized managers, system administrators and
developers. Each user also signs a pledge of confidentiality that carries severe legal
penalties for violating the pledge. Business function managers define the access need
for the user based on user requirements. Local manager verifies the authenticity and
veracity of the individual who is being approved for access. Access request as well as
approval is documented accordingly by management and the Technical Services
Branch. The Computer Security Staff audits access routinely.

8.2

Will Department contractors have access to the system?
No

8.3

Describe what privacy training is provided to users either generally
or specifically relevant to the program or system?

Page 11

Privacy Impact Assessment
National Agricultural Statistics Service, NASS DA MA

All authorized NASS users are required to sign a pledge of confidentiality that carries
severe legal penalties for violating the pledge.

8.4

Has Certification & Accreditation been completed for the system or
systems supporting the program?
Yes – The system is currently undergoing the recertification process.

8.5

What auditing measures and technical safeguards are in place to
prevent misuse of data?
NASS employs physical security controls, logical access controls, technological
controls, auditing and monitoring of controls.

8.6

Privacy Impact Analysis: Given the sensitivity and scope of the
information collected, as well as any information sharing conducted
on the system, what privacy risks were identified and how do the
security controls mitigate them?
There is always the risk of unauthorized disclosure of privacy information. NASS
restricts access to information to authorized users. NASS requires all its employees sign
confidentiality statements on an annual basis. In addition, systems containing privacy
information employs additional security mechanisms to mitigate potential risks, to
include logical access controls, technical controls and auditing.

Section 9.0 Technology
The following questions are directed at critically analyzing the selection process for any technologies
utilized by the system, including system hardware and other technology.

9.1

What type of project is the program or system?
The NASS DA MA is an operational UNIX application farm and is comprised of a
number of various applications. These applications generally support the mission of
NASS.

9.2

Does the project employ technology which may raise privacy
concerns? If so, please discuss their implementation.
The project does not employ technology that raises privacy concerns.

Section 10.0 Third Party Websites/Applications
The following questions are directed at critically analyzing the privacy impact of using third
party websites and/or applications.

10.1 Has the System Owner (SO) and/or Information Systems Security
Program Manager (ISSPM) reviewed Office of Management and
Budget (OMB) memorandums M-10-22 “Guidance for Online Use of
Page 12

Privacy Impact Assessment
National Agricultural Statistics Service, NASS DA MA

Web Measurement and Customization Technology” and M-10-23
“Guidance for Agency Use of Third-Party Websites and
Applications”?
Yes.

10.2 What is the specific purpose of the agency’s use of 3rd party websites
and/or applications?
There is no 3rd party websites and/or applications in use.

10.3 What personally identifiable information (PII) will become available
through the agency’s use of 3rd party websites and/or applications.
N/A

10.4 How will the PII that becomes available through the agency’s use of
3rd party websites and/or applications be used?
N/A

10.5 How will the PII that becomes available through the agency’s use of
3rd party websites and/or applications be maintained and secured?
N/A

10.6 Is the PII that becomes available through the agency’s use of 3rd party
websites and/or applications purged periodically?
N/A
If so, is it done automatically?
N/A
If so, is it done on a recurring basis?
N/A

10.7 Who will have access to PII that becomes available through the
agency’s use of 3rd party websites and/or applications?
N/A

10.8 With whom will the PII that becomes available through the agency’s
use of 3rd party websites and/or applications be shared - either
internally or externally?
N/A

Page 13

Privacy Impact Assessment
National Agricultural Statistics Service, NASS DA MA

10.9 Will the activities involving the PII that becomes available through
the agency’s use of 3rd party websites and/or applications require
either the creation or modification of a system of records notice
(SORN)?
N/A

10.10 Does the system use web measurement and customization technology?
N/A

10.11 Does the system allow users to either decline to opt-in or decide to
opt-out of all uses of web measurement and customization
technology?
N/A
If so, does the agency provide the public with alternatives for acquiring comparable
information and services?
N/A

10.12 Privacy Impact Analysis: Given the amount and type of PII that
becomes available through the agency’s use of 3rd party websites
and/or applications, discuss the privacy risks identified and how they
were mitigated.
N/A

Page 14

Privacy Impact Assessment
National Agricultural Statistics Service, NASS DA MA

Responsible Officials
Arnie Wilcox
NASS DA MA Authorizing Official
National Agricultural Statistics Service
United States Department of Agriculture

Approval Signature

X

2017.12.01
14:49:21
-05'00'

Renato Chan
NASS CISO

Page 15