Overview

  • The system name and the name of the DOL component(s) which own(s) the system: This system is EMS and is owned by the Office of Enforcement.
  • The purpose/function of the program, system, or technology and how it relates to the component’s and DOL mission is: The purpose and function of the EMS is to serve as a case tracking system by the Employee Benefits Security Administration (EBSA) Office of Enforcement (OE) for investigation of potentially fraudulent activity in our nation’s pension plans. The system directly supports the portion of EBSA’s mission which follows:

    Deter and correct violations of the relevant statutes through strong administrative, civil and criminal enforcement efforts to ensure workers receive promised benefits
  • A general description of the information in the system: EMS users access two categories of data: 1) the case information, which has been created by an investigator, and 2) the Employee Retirement Income Security Act (ERISA) Data System, which contains Form 5500 data elements that are loaded from the ERISA Filing Acceptance System (EFAST2) and entered into the EMS database. Each year, pension and welfare benefit plans generally are required to file an annual return/report regarding their financial condition, investments, and operations. The annual reporting requirement is generally satisfied by filing the Form 5500 Annual Return/Report of Employee Benefit Plan and any required attachments. The ERISA data is publicly disclosable. The case data, however, consists of investigative notes and other tracking information inserted by investigators of the Office of Enforcement. This data is treated as sensitive information and not disclosable under the Freedom of Information Act (FOIA). This investigative information is intended for viewing only by authorized users within the Agency.
  • A description of a typical transaction conducted on the system.

    A typical EMS transaction would be inputting and storing information for the initiation of an investigation of potential fraud in a pension plan. Throughout the course of the investigation, transactions include updates to information obtained and actions taken as the investigation progresses.
  • Any information sharing conducted by the program or system:

    EMS information is not shared with any organization external to EBSA. PII contained in EMS is not shared with external organizations. Macro level information, number of cases worked closed, total monetary results, number of indictments etc. is shared with the General Accounting Office (GAO) in the conduct of their examinations of the Agency’s enforcement efforts and annually with the Office of Inspector General (OIG) in their audit of information that is part of EBSA’s performance data. EMS is utilized in the annual DOL-wide Performance and Accountability Report (PAR) issued to the Congress on November 15th of each year.
  • A general description of the modules and subsystems, where relevant, and their functions.

    The EMS major application is utilized as a case tracking system by the EBSA Office of Enforcement (OE) for investigation of potentially fraudulent activity in our nation’s pension plans. EMS stores case information, which has been created by an investigator, and data from the ERISA Data System (EDS) which contains Forms 5500 data elements that are loaded from the ERISA Filing Acceptance System (EFAST2) and entered into the EMS database.
  • Where appropriate, a citation to the legal authority to operate the program or system.

    ERISA Section 504(a) [29USC1134]
    26 U.S.C. 6058 and 29 U.S.C. 1135, 1137, and 1143
  • A description of why the PIA is being conducted.

    The initial Privacy Impact Assessment (PIA) was conducted for the EBSA on the EMS in March 2003. Version 1.0 was released in April 2003. The assessment was performed according to the methodology published by the U.S. Department of Labor (DOL), Office of the Chief Information Officer (OCIO) in the DOL OCIO Privacy Impact Methodology and Assessment v 1.0, January 2003. An update to the EMS PIA was conducted in February-March 2006 and another in August, 2007. EMS PIA updates were conducted in September 2008, and again in November of 2008 to incorporate all covered sub systems. An annual update was conducted in August 2009, August 2010, and now in September 2012.These latest assessments were performed according to a new methodology, process, and template published by the U.S. Department of Labor (DOL), Office of the Chief Information Officer (OCIO) in January, 2010.

Characterization of the Information

The following questions are intended to define the scope of the information requested and/or collected as well as reasons for its collection as part of the program, system, or technology being developed.

Specify whether the system collects personally identifiable information (PII) on DOL employees, other federal employees, contractors, members of the public (U.S. citizens), foreign citizens, or minor children.

PII may be collected on anyone who is related to a case. These individuals could be from any of the listed categories. While the system does not prevent entry of information related to minor children into EMS, to the best of our knowledge, there have been no instances of minor children being entered into EMS.

What are the sources of the PII in the information system?

The PII is gathered by Investigators who are performing duties associated with investigating cases. It may also be provided voluntarily by an individual who has contacted the Agency about a potential case.

What is the PII being collected, used, disseminated, or maintained?

  • Name
  • Mailing Address
  • Phone Numbers (e.g., phone, fax, and cell)
  • Legal Documents or Notes (e.g., divorce decree, criminal records, or other)
  • Comments fields may contain miscellaneous limited PII

How is the PII collected?

PII is either provided by an individual who is calling or mailing or emailing with questions or concerns about his benefits, or it is gathered by an investigator who is working on a case or potential case.

How will the information be checked for accuracy?

Information is vetted by an EBSA employee during the resolution of an inquiry or the investigation of a case.

Also, PII and other data in the system are continually reviewed as cases are processed and resolved. Changes are made immediately when discrepancies are noted. In addition, PII and other fields are reviewed when evaluating and designing changes to the system. During this process, users have an opportunity to review proposed changes.

This meets section (e) (5) and (e) (6) of the Privacy Act of 1974 to assure fairness to the individual.

What specific legal authorities, arrangements, and/or agreements defined the collection of information?

ERISA Section 504(a) [29USC1134] authorizes the Secretary of Labor to “to make an investigation, and in connection therewith to require the submission of reports, books, and records, and the filing of data in support of any information required to be filed with the Secretary…”

EBSA is adhering to the Privacy Act of 1974 for PII that is contained within the EMS.

PII is stored for the exclusive purpose of performing the duties of EBSA. The duties center on answering questions from the public or other government personnel about the Employee Retirement Income Security Act (ERISA) regulations.

Title III of the E-Government Act of 2002 – Federal Information Security Management Act (FISMA) – Public Law 107-347: A security plan must be developed and practiced throughout all life cycles of the agency’s information systems.

Office of Management and Budget (OMB) Circular A-130, Management of Federal Information Resources: A System Security Plan (SSP) is to be developed and documented for each general support system (GSS) and major application (MA) consistent with guidance issued by the National Institute of Standards and Technology (NIST).

Federal Information Processing Standards (FIPS) Publication 199, Standards for Security Categorization of Federal Information and Information Systems: This document defines standards for the security categorization of information and information systems. System security categorization must be included in SSPs.

FIPS Publication 200, Minimum Security Requirements for Federal Information and Information Systems: This document contains information regarding specifications for minimum security control requirements for Federal information and information systems. Minimum security controls must be documented in SSPs.

NIST SP 800-53 Revision 1, Recommended Security Controls for Federal Information Systems: This document contains a list of security controls that are to be implemented into Federal information systems based on their FIPS 199 categorization. This document is used in conjunction with FIPS 200 to define minimum security controls, which must be documented in SSPs.

Privacy Impact Analysis

The PII stored in the EMS represents a very small risk to EBSA because it is well protected by numerous security controls. Privacy data is also protected by ensuring that privacy awareness training is provided annually by the DOL Solicitor’s Office (SOL). Privacy protection is also addressed in DOL’s annual Computer Security Awareness Training (CSAT), which is administered annually to all users of DOL computer systems, including EMS. Even without specific training, however, the risk of unauthorized access to the EMS data is minimal due to the existing security controls in place and the limited use of PII.

Uses of the PII

The following questions are intended to clearly delineate the use of information and the accuracy of the data being used.

Describe all the uses of the PII

The PII is stored for the exclusive purpose of performing the duties of the EBSA Office of Enforcement. The duties center around ERISA enforcement: specifically, discovering and stopping fraudulent activity. All PII is well protected by numerous security controls. The residual risk of misuse or loss of this PII is minimal.

What types of tools are used to analyze data and what type of data may be produced?

EMS includes built-in reports which may help organize and analyze data. In addition, industry standard database reporting tools are used to generate ad-hoc and standing reports.

Will the system derive new data, or create previously unavailable data, about an individual through aggregation of the collected information?

EMS does not derive new data, or create previously unavailable data, about an individual through aggregation of the collected information.

If the system uses commercial or publicly available data, please explain why and how it is used.

EMS does not use commercial or publicly available data.

Privacy Impact Analysis

The EMS Rules of Behavior (RoB) contains specific guidelines for the handling of sensitive data.

Mandatory Security Awareness training by EBSA employees and contractors is conducted annually and addresses the handling of PII.

Retention

The following questions are intended to outline how long information will be retained after the initial collection.

How long is information retained in the system?

Information is retained in the system indefinitely.

Has the retention schedule been approved by the DOL agency records officer and the National Archives and Records Administration (NARA)?

Yes.

How is it determined that PII is no longer required?

There is no process currently in place for determining that PII is no longer required.

What efforts are being made to eliminate or reduce PII that is collected, stored or maintained by the system if it is no longer required?

The question of how to eliminate or reduce unneeded PII is under consideration but no procedures have been defined or adopted.

Privacy Impact Analysis

All data on EBSA computer hard drives and any removable media are encrypted to assure confidentiality. In addition, old EMS data is archived into ‘frozen’ databases, where the data may be retrieved but not modified, by users when required.

Internal Sharing and Disclosure

The following questions are intended to define the scope of sharing within the Department of Labor.

With which internal organization(s) is the PII shared, what information is shared, and for what purpose?

EMS is used by EBSA Office of Enforcement (OE), for the purpose of investigating potential fraudulent activities. It is not shared with other organizations.

How is the PII transmitted or disclosed?

N/A PII is not shared with internal organizations at DOL.

Privacy Impact Analysis

N/A PII is not shared with internal organizations at DOL.

External Sharing and Disclosure

The following questions are intended to define the content, scope, and authority for information sharing external to DOL which includes federal, state and local government, and the private sector.

With which external organization(s) is the PII shared, what information is shared, and for what purpose?

EMS data is not shared with other organizations.

Is the sharing of PII outside the Department compatible with the original collection? If so, is it covered by an appropriate routine use in a SORN? If so, please describe. If not, please describe under what legal mechanism the program or system is allowed to share the PII outside of DOL.

N/A Data is not shared.

How is the information shared outside the Department and what security measures safeguard its transmission?

N/A Data is not shared.

Privacy Impact Analysis

N/A Data is not shared with external organizations.

Notice

The following questions are directed at notice to the individual of the scope of PII collected, the right to consent to uses of said information, and the right to decline to provide information.

Was notice provided to the individual prior to collection of PII?

No notice was provided to individuals prior to collection of the PII as this is done as part of an active investigation.

Do individuals have the opportunity and/or right to decline to provide information?

Individuals participating in the case do have the opportunity and/or right to decline to provide information. Information about an individual that is acquired by an Investigator during work on a case may be gathered without that particular individual’s permission.

Due to the enforcement and criminal nature of the EMS, it is exempt from some subsections of the Privacy Act, as identified in the SORN.

Do individuals have the right to consent to particular uses of the information? If so, how does the individual exercise the right?

Individuals do not have the right to consent to particular uses of the information.

Due to the enforcement and criminal nature of the EMS, it is exempt from some subsections of the Privacy Act, as identified in the System of Records Notice (SORN).

Privacy Impact Analysis

N/A Notice is not provided to individuals whose names come up during the investigation of a case.

A Federal Register entry (SORN) has been published for the EMS. Individuals wishing to inquire whether this system of records contains information about them should contact the appropriate system manager described in the SORN. Individuals should furnish their full name, address, and employee benefit plan association and should identify the employee benefit plan by name, address, and Employee Identification Number (EIN) (if known).

Access, Redress, and Correction

The following questions are directed at an individual’s ability to ensure the accuracy of the information collected about them.

What are the procedures that allow individuals to gain access to their information?

Individuals wishing to inquire whether this system of records contains information about them should contact the appropriate system manager described [in the SORN]. Individuals should furnish their full name, address, and employee benefit plan association and should identify the employee benefit plan by name, address, and EIS (if known).

Request for access to records should follow the Notification procedure described above. Specific materials in the system have been exempted from Privacy Act provisions under 5 U.S.C. 552a(j)(2) and (k)(2). To the extent that this system of records is not subject to exemption, it is subject to access, contest of the content of the record, and appeal of a denial to access. A determination as to exemption shall be made at the time a request for access is received.

Access procedures are the same as the Notification procedures described above. Individuals requesting access must also comply with Privacy Act regulations on verification of identity and access to records (29 CFR 71.2).

What are the procedures for correcting inaccurate or erroneous information?

Same as the Notification procedure above, except individuals desiring to contest or amend information maintained in the system should direct their written request to the appropriate System Manager listed above, state clearly and concisely what information is being contested, the reasons for contesting it, and the proposed amendment to the information sought pursuant to 29 CFR 71.9.

How are individuals notified of the procedures for correcting their information?

The information is published in the Federal Register entry for the system. They can also be informed by Investigators.

If no formal redress is provided, what alternatives are available to the individual?

N/A

Privacy Impact Analysis

Changes to the PII can only be made by authorized personnel at the request of the individual. This is automatically enforced by Windows by requiring authentication prior to accessing the application and by the application allowing a pre-defined level of access based on unique username and password.

Technical Access and Security

The following questions are intended to describe technical safeguards and security measures.

What procedures are in place to determine which users may access the system and are they documented?

EBSA has a policy in place which regulates the use of passwords. Username and password authentication is used at EBSA to restrict and control access to EMS records.

Will Department contractors have access to the system?

Yes, EMS is accessed by program developers who are authorized contractors of the Department of Labor for the purpose of developing, testing, administering and operating the system.

Describe what privacy training is provided to users, either generally or specifically relevant to the program or system?

Mandatory Security Awareness Training is provided to all employees and contractors of EBSA, including a PII training course “Safeguarding All Personally Identifiable Information”.

What auditing measures and technical safeguards are in place to prevent misuse of data?

EBSA adheres to standards and requirements set forth by the Department of Labor in the areas of auditing and providing technical safeguards for the data.

EMS has an auditing function which records: user login and logout, failed login attempts, password changes, penalties, solicitor dockets, account creation, disabling or deleting an account, and execution of admin privileges (limited to changes in staff information). In the next release, changes made by an administrator to a data field are also logged.

Privacy Impact Analysis

PII stored on the EMS is limited to information necessary for the Agency to carry out its duties and is well protected by numerous security controls which are in conformance with Department of Labor requirements. There is no direct connection between EMS and the Internet. EMS does not interface with any other systems except its host system, the GSS. Sharing of the information is conducted solely at the discretion of the investigator and only for the purpose of resolving the case and is done with in the application and supporting GSS controls.

Technology

The following questions are directed at critically analyzing the selection process for any technologies utilized by the system, including system hardware, radio frequency identification (RFID), biometrics, and other technology.

What stage of development is the system in, and what project development life cycle was used?

EMS is in the operations/maintenance stage of the software development life-cycle.

Does the project employ technology which may raise privacy concerns? If so please discuss their implementation?

These technologies do not raise privacy concerns as their use does not pose a threat of any exposure of PII. The use of these technologies does not have the potential to yield unauthorized access to PII.

Determination

As a result of performing the PIA, what choices has the agency made regarding the information technology system and collection of information?

  • EBSA has completed the PIA for EMS which is currently in operation. EBSA has determined that the safeguards and controls for this moderate system adequately protect the information.
  • EBSA has determined that it is collecting the minimum necessary information for the proper performance of a documented agency function.