CRMS (Customer Relationship Management Solution)

Overview

The Department of Labor Customer Relationship Management Solution (DOLCRM) is a cloud-based system that has been designated as a Major Application. The DOLCRM is owned by Office of the Assistant Secretary for Administration and Management (OASAM). It is available to DOL agencies as a DOL-wide program, however at this time the only client is the Office of Federal Contract Compliance Programs (OFCCP). The DOLCRM is designed to support the mission and objectives of DOL’s Customer Service Modernization Program (CSMP). DOLCRM provides the following functionality:

DOL Customer (External/Public) Functionality

The DOLCRM provides a web-based, self-service channel that allows DOL customers with the ability to do the following:

  • Search through a knowledge base for answers related to participating DOL agencies.
  • File an inquiry (via submission of an intake form) with the DOL agency through the screening process.
  • Determine the status of an existing case (by searching for matching the tracking number and the customer’s personal zip code).
  • Return results of relevant articles stored in USA Search.

DOL Agent (Internal) Functionality

The DOLCRM will provide a web-based portal that allows authorized DOL agents to do the following:

  • Review and attach research notes, comments, and knowledge base articles to customer inquiries.
  • Generate statistical reports to address service gaps to improve response times and service quality.
  • Manually track DOL inquiries received outside of the web self-service channel.
  • Review and process intake forms (submitted by DOL customers).

The following sensitive Personally Identifiable Information (PII) will be captured from DOL customers (members of the public), captured on a web-based Inquiry Intake Form, similar to the form shown below, Sample Inquiry Intake Form.


Inquiry Intake Form
 

As illustrated, the following information will be captured from DOL Customers on this Inquiry Intake Form, with sensitive PII shown in bold:

Contact Information (of DOL customer)

  • First Name
  • Last Name
  • Home Zip Code
  • Preferred Contact Method (Email or Phone)
  • Phone Number
  • Email Address

Employer Information

  • Company Name
  • Street Address
  • State
  • County
  • City
  • Workplace Zip Code
  • Category that describes situation (Customer must choose from a finite list of categories)
  • Description of question or situation (Free-form text box)

Characterization of the Information

The following questions are intended to define the scope of the information requested and/or collected as well as reasons for its collection as part of the program, system, or technology being developed.

Specify whether the System collects personally identifiable information (PII) on DOL employees, other federal employees, contractors, members of the public (U.S. citizens), foreign citizens, or minor children.

In terms of Personally Identifiable Information (PII), the Cloud CRM solution will collect first and last names, personal phone numbers, personal email addresses, and partial home addresses and business addresses when DOL customers submit an intake form. In addition, the Cloud CRM Solution will collect first and last names, business email addresses, and business phone numbers from DOL employees that are responsible for managing accounts and reviewing intake forms.

From whom is information to be collected?

Information is collected from members of the public. DOL employees provide PII in the process of establishing a user account with SalesForce.

Why is the Information being collected?

DOL customers that plan on submitting an intake form are required to provide PII. In addition, DOL agency users will need to provide PII in order to review intake forms and to manage the account.

What is the PII being collected, used, disseminated, or maintained?

The DOLCRM will collect the following PII from DOL Customers:

  • First Name
  • Last Name
  • Home Zip Code
  • Phone Number
  • Email Address

The DOLCRM will collect the following PII related to DOL personnel (employees/contractors):

  • First Name
  • Last Name
  • Business email address
  • Business phone number

How is the PII collected?

DOL Customers will use various Internet browsers on various client devices (computers, laptops, tablets, etc.) to establish a secure connection to the DOLCRM site. From there, they will provide their information when submitting an intake form.

DOL agency users will submit the required access request form(s) to gain access to the DOLCRM. This information will be populated in the proper fields related to the user’s account.

How will the information collected from individuals or derived from the system be checked for accuracy?

The PII information provided by DOL customers will not be validated, but it will be checked for accuracy by ensuring that the data provided is consistent with the expected format (i.e., proper number of digits for telephone numbers).

The PII information provided by DOL employees will not be checked for accuracy by the manager/supervisor responsible for authorizing access to the system.

What specific legal authorities, arrangements, and/or agreements defined allow the collection of PII?

The collection of information falls under the Privacy Act of 1974, PL 93-0579, as amended.

Privacy Impact Analysis

The PII provided by DOL customers and DOL personnel may include the individual’s personal or business email address. This information could be used by unauthorized people to launch a phishing or spear phishing attack (sending malicious links or attachments to users email addresses), or used to launch a spam (unwanted email) campaign. The PII provided by DOL customers and DOL personnel may also include a telephone number, which could be used by unauthorized personnel to telemarketers (unwanted telephone calls). The information captured presumably does not include enough details for an attacker to successfully compromise an individual’s identity or perform financial theft. Nevertheless, it does include PII elements (name, telephone number, email address, zip code) that could potentially be used to open accounts with organizations that do not rely on ample techniques to verify the individual’s identity. For example, the PII could be used to create an online account in systems that do not complete the registration process by responding to an email. These are believed to be the most common risks associated with this PII. However, additional, unknown risks may exist.

All PII will be transmitted over a secure HTTPS (TLS 1.1 or higher) connection. Authentication and access controls within DOLCRM will prevent unauthorized individuals from gaining access to the PII within the system. All DOL personnel will be required to sign a Rules of Behavior agreement to ensure they understand and acknowledge their responsibilities regarding the handling and protection of PII. In addition, all DOL personnel are required to attend annual privacy training, the Department of Labor Information Systems Security and Awareness (ISSPA) Training.

Describe the Uses of the PII

The following questions are intended to clearly delineate the use of information and the accuracy of the data being used.

Describe all the uses of the PII

Uses of PII for DOL Customers:

Customers will be routed to the appropriate intake form for the participating agencies based on their responses to the screening questions. Customers will then submit an inquiry and will be routed based on their employer’s address (zip code, state, or county). If the customer provides an email address on the intake form, an auto response email which contains the inquiry confirmation number will be emailed to the customer in addition to displaying the auto generated inquiry confirmation number on the web page. In addition, if a customer has multiple inquires; the inquiries will be matched to their first name, last name, and email/phone number. And finally if a customer, would like to check on the status of their inquiry, he/she will need to provide their case number and their home zip code for authentication purposes.

Uses of PII for all DOL Salesforce CRM Users:

Because Single Sign On (SSO) is not available through SalesForce.com, DOL users will need to provide their first/last name for identification purposes. In addition, a business email address will need to be provided in order to login to Salesforce.

What types of tools are used to analyze data and what type of data may be produced?

The DOLCRM will provide a web-based portal that allows authorized DOL agents with the ability to generate statistical reports to address service gaps to improve response times and service quality. Data will be analyzed by using the Salesforce-Out-Of-the-Box reporting capabilities.

Will the system derive new data, or create previously unavailable data, about an individual through aggregation of the collected information?

No, the system will not derive new data, or create previously unavailable data.

If the system uses commercial or publicly available data, please explain why and how it is used.

Not applicable.

Will the use of PII create or modify a "system of records notification" under the Privacy Act?

Not applicable. PII will not be shared with any external organizations.

Privacy Impact Analysis

The DOLCRM will collect some PII data from both customers and DOL agency users. DOLCRM has planned security controls based on NIST standards to protect the confidentiality, integrity, and availability of all PII processed, transmitted, and stored on the DOLCRM. The GSA has also provided independent security reviews of the Salesforce platform at the FIPS 199 Moderate level and determined that the risk to individuals or agency operations, agency assets, resulting from the operation of the information system is acceptable. Please refer to the System Security Plan for detailed security controls.

Retention

The following questions are intended to outline how long information will be retained after the initial collection.

What is the retention period for the data in the system?

Per the records schedule, the retention period is "as long as there is a business need, or two years".

  • Is a retention period established to minimize privacy risk?

Yes. Retention periods are defined in:

  • N1-448-01-2, Office of Federal Contract Compliance Programs
  • GRS04-2, Information Access and Protection Records (PA and FOIA Included)
  • GRS 3.1 General Information Technology Management Records
  • GRS03-2 Information Systems Security Records

Has the retention schedule been approved National Archives and Records Administration (NARA)?

Yes (August 2015, March 2001)

Per M-O7-16, Safeguarding Against and Responding to the Breach of Personally Identifiable Information; What efforts are being made to eliminate or reduce PII that is collected, stored or maintained by the system if it is no longer required?

Only the information required to contact the individual is collected, and only at the individual’s discretion. The information is not retained longer than required.

Have you implemented the DOL PII Data Extract Guide for the purpose of eliminating or reducing PII?

Not applicable; DOLCRM data requirements have previously been stripped down to the bare minimum required for operations. DOLCRM does not create PII data extracts.

How is it determined that PII is no longer required?

When the case has been closed or inactive for a sufficient period.

If you are unable to eliminate PII from this system, what efforts are you undertaking to mask, de-identify or anonymize PII.

N/A

Privacy Impact Analysis

The system collects only the data strictly required to contact the individual regarding their case, and only that information provided by the individual. Data is maintained according to the established records schedules. Data is retained as long as required, and in accordance with NARA-approved schedules, before being removed per the Records Manager’s guidance.

Internal Sharing and Disclosure

The following questions are intended to define the scope of sharing within the Department of Labor.

With which internal organization(s) is the PII shared, what information is shared, and for what purpose?

PII information will not be shared or disclosed internally. The PII that is provided from both DOL agency users and DOL customers will be sent directly to the DOLCRM and will stay within the DOLCRM.

How is the PII transmitted or disclosed?

PII information will be transmitted from the DOL customers’ browsers to the DOLCRM and will be protected using an HTTPS (TLS 1.1 or higher) connection.

The PII information will not be disclosed to any internal DOL agencies. The only DOL agencies that will have access to the PII are OASAM and the participating agencies.

Does the agency review when the sharing of personal information is no longer required to stop the transfer of sensitive information?

Not applicable; no interconnection exists.

Privacy Impact Analysis

The privacy risk is minimal in relation to internal information sharing, because the information will not be shared internally

External Sharing and Disclosure

The following questions are intended to define the content, scope, and authority for information sharing external to DOL which includes federal, state and local government, and the private sector.

With which external organization(s) is the PII shared, what information is shared, and for what purpose?

The PII information will not be shared with any external organizations.

Is the sharing of PII outside the Department compatible with the original collection? If so, is it covered by an appropriate routine use in a SORN? If so, please describe. If not, please describe under what legal mechanism the program or system is allowed to share the PII outside of DOL.

Not applicable. PII will not be shared with any external organizations.

How is the information shared outside the Department and what security measures safeguard its transmission?

Not applicable. PII will not be shared with any external organizations.

How is the information transmitted or disclosed?

Not applicable. PII will not be shared with any external organizations.

Is a Memorandum of Understanding (MOU), contract, or any agreement in place with any external organizations with whom information is shared, and does the agreement reflect the scope of the information currently shared? If yes, include who the agreement is with and the duration of the agreement.

Not applicable. PII will not be shared with any external organizations.

How is the shared information secured by the recipient?

Not applicable. PII will not be shared with any external organizations.

What type of training is required for users from agencies outside DOL prior to receiving access to the information?

Not applicable. PII will not be shared with any external organizations.

Privacy Impact Analysis

None. PII will not be shared with any external organizations.

Notice

The following questions are directed at notice to the individual of the scope of PII collected, the right to consent to uses of said information, and the right to decline to provide information.

Was notice provided to the individual prior to collection of PII? If yes, please provide a copy of the notice as an appendix. A notice may include a posted privacy policy, a Privacy Act notice on forms, or a system of records notice published in the Federal Register Notice. If notice was not provided, please explain.

Members of the public using the DOLCRM interface will see a link to a privacy statement on the bottom of the page. The link on the footer will bring users the statement below.

Thank you for visiting the Department of Labor (DOL or Department) website and reviewing our privacy and security statement. DOL is committed to maintaining the privacy of your personal information and the security of our computer systems. With respect to the collection, use and disclosure of personally identifiable information (PII), DOL makes every effort to ensure compliance with applicable federal law, including, but not limited to, the Privacy Act of 1974, the Paperwork Reduction Act of 1995, and the Freedom of Information Act.

As a general rule, the Department does not collect personally identifiable information when you visit the DOL site unless you choose to provide such information. The information collected varies based on what you do when visiting the site.

If you respond to an online request for personal information:

The information requested by the Department will be used to respond to your inquiry or to provide you with the service associated with the request. If you choose to provide personally identifiable information - that is, information that is personal in nature and which may be used to identify you, through an email message, request for information, paper or electronic form, questionnaire, customer satisfaction survey, epidemiology research study, etc. – the Department will maintain the information you provide only as long as needed to respond to your question or to fulfill the stated purpose of the communication. If DOL stores your personal information in a record system designed to retrieve information about you by personal identifier (name, personal email address, home mailing address, personal or mobile phone number, etc.) to allow for future contact, DOL will safeguard the information you provide in accordance with the Privacy Act of 1974, as amended (5 U.S.C. Section 552a).

If you visit DOL’s site to read or download information, the Department will collect and store the following information:

  • The name of the domain from which you access the Internet (for example, dol.gov, if you are connecting from the Department of Labor's computer account);
  • The date and time you access the site;
  • The Internet address of the website from which you directly linked to the site;
  • Operating system and information about the browser used when visiting the site, and
  • Pages you visited.

This information is used by software programs on the website to collect summary statistics that allows DOL to assess the number of visitors to the different sections of the site, identify what information is of most and least interest, determine technical design specifications, monitor system performance, and help DOL make the site more useful to visitors.

If you identify yourself by filling out a form containing personal information:

You may send personally identifiable information in an electronic form - for example you may give DOL your mailing address when requesting that information be mailed to you. This information is used solely for responding to your requests for information or records. The Department may forward your information to other government employees who are better able to fulfill your requests. Should you wish to file a request under the Freedom of Information Act (FOIA), instructions are provided at https://www.dol.gov/general/foia.

For security purposes and to ensure that this service remains available to all users, the DOL website also employs software programs to monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage.

Unauthorized attempts to upload information or change information on this service are strictly prohibited and may be punishable under the Computer Fraud and Abuse Act of 1986 and the National Information Infrastructure Protection Act of 1996.

Do individuals have the opportunity and/or right to decline to provide information?

DOL Customers are not required to submit an Inquiry Intake Form. If they opt to do so, they will be required to complete all of the required fields. This is necessary for the DOL agent to be able to follow-up with the customer – which is the intent of the form.

Do individuals have the right to consent to particular uses of the information? If so, how does the individual exercise the right?

No. The individuals will not be given the right to consent to particular uses. However, as indicated in the ‘Notice’ section above, the use of the customer’s PII is limited.

Privacy Impact Analysis

There is minimal risk associated with notification. Individuals are notified of their privacy expectations and rights via the posted notification. All collection is fully transparent and use is minimal.

Individual Access, Redress, and Correction

The following questions are directed at an individual’s ability to ensure the accuracy of the information collected about them.

What are the procedures that allow individuals to gain access to their own information?

DOL Customers will be provided with a case number so that they can see the status of their inquiry. However, DOL customers will not be able to gain access to the information they submitted in the inquiry intake form.

What are the procedures for correcting inaccurate or erroneous information?

Customers will enter their own information in to the inquiry intake form, however they will not be able to go back in afterward to change that information once the inquiry has been submitted. Customers can submit another inquiry that will be matched to their previous inquiry, and agency users will follow up on the latest inquiry. In addition, customer can call the agency to correct information.

How are individuals notified of the procedures for correcting their own information?

Should an individual contact DOL and note incorrect information is stored, DOL will manually correct the error.

If no formal redress is provided, what alternatives are available to the individual?

Individuals can contact the agency to correct information that was already submitted in the inquiry intake form.

Privacy Impact Analysis

There are minimal risks associated with redress because individuals can contact agency representatives to correct information that was incorrectly submitted.

Technical Access and Security

The following questions are intended to describe technical safeguards and security measures.

Which user group(s) will have access to the system? (for example, program managers, IT specialists, and analysts will have general access to the system and registered users from the public will have limited access.)

Only agency-designated program managers or IT support will have access.

Will contractors to DOL have access to the system? If so, please include a copy of the contract describing their role to the OCIO Security with this PIA.

Department contractors do not have access to the system, however they may be granted access should additional agencies join.

Does the system use "roles" to assign privileges to users of the system? If yes, describe the roles.

By default, SalesForce supports general user, specialized user, developer, deployer, and administrator roles. OFCCP currently utilizes developer, deployer, and administrator roles only.

What procedures are in place to determine which users may access the system and are they documented?

Each agency is required to establish its own list of user responsibilities. This must be approved by the agency management.

How are the actual assignments of roles and Rules of Behavior, verified according to established security and auditing procedures? How often training is provided? Provide date of last training.

Each agency is required to establish its own list of user responsibilities. This must be approved by the agency management. Because of the limited number of users, training is provided ad hoc. It is also available via a set of videos, provided on demand by SalesForce.

Describe what privacy training is provided to users, either generally or specifically relevant to the program or system?

DOL provides an annual privacy training, the Department of Labor Information Systems Security and Awareness (ISSPA) Training, to it’s agency users. However, there will be no specific privacy training that will be offered that is specific to this system.

What auditing measures and technical safeguards are in place to prevent misuse of data?

Salesforce auditing capabilities are provided by following the link below. https://help.salesforce.com/HTViewHelpDoc?id=security_overview_auditing.htm&language=en_US

Salesforce administrators can enable auditing for individual fields, which can automatically track changes in the values of selected fields. In addition, administrators can view a list of successful/and failed logins and modifications.

Is the data secured in accordance with FISMA requirements? If yes, when was Security Assessment and Authorization last completed?

DOLCRM underwent an Authorization to Operate (ATO) in June 2014.

Privacy Impact Analysis

There are risks associated with the inability to audit viewing rights because the system collects PII which can be compromised. To mitigate this risk, DOL will ensure that all users sign a Rules of Behavior form detailing their roles and responsibilities as a user of the DOLCRM. Currently no employees have view rights who are not also program personnel.

Technology

The following questions are directed at critically analyzing the selection process for any technologies utilized by the system, including system hardware, biometrics, and other technology.

Was the system built from the ground up or purchased and installed?

The system was purchased as a platform, and underwent customization to support agency operations.

Describe how data integrity, privacy and security were analyzed as part of the decisions made for your system.

The Salesforce platform is part of the Federal Risk and Authorization Management Program (FedRAMP). As such, the underlying platform undergoes rigorous testing by the General Services Administration (GSA), National Institute of Standards and Technology (NIST), Department of Homeland Security (DHS), Department of Defense (DOD), National Security Agency (NSA), Office of Management and Budget (OMB), and the Federal Chief Information Officer (CIO). DOL specifically leveraged this in order to take advantage of the significant privacy and security advantages.
The system design was managed by the DOL Office of the Chief Information Officer (OCIO). They enforced strict security and privacy controls. This included what data was collected, how it was analyzed, and what data might be transferred between systems and agencies.

What design choices were made to enhance privacy?

Collected information is reduced to the bare minimum. No PII may be transferred between systems. Users are given maximal transparency and control over their data. DOLCRM leverages strict user roles and security controls.

For systems in development, what stage of development is the system in, and what project development life cycle was used?

The system is currently in steady-state, however should additional agencies elect to participate, it would also return to the design state to support that. The system was designed using the agile methodology.

For systems in development, does the project employ technology which may raise privacy concerns? If so please discuss their implementation?

This project does not employ technology that would raise privacy concerns.

Determination

As a result of performing the PIA, what choices has the agency made regarding the information technology system and collection of information?

  • OASAM in coordination with OFCCP has completed the PIA for DOLCRM which is currently in operation. OASAM and OFCCP have determined that the safeguards and controls for this moderate system adequately protect the information.
  • OASAM and OFCCP have determined that it is collecting the minimum necessary information for the proper performance of a documented agency function.