OVERVIEW
The Division of Indian and Native American Program's (DINAP) Grantee Performance Management System (GPMS) is part of the Employment and Training Administration (ETA) Appian Platform, Business Process Management Platform System (BPMP). DINAP's GPMS is one of the three subsystems of the BPMP that contains Protected PII.
Provides a web-based interface for managing grants, once they have been awarded under the Division of Indian and Native American Programs (DINAP) Workforce Innovation and Opportunity Act (WIOA) Section 166 grantees and the Department of Labor share a vision of providing quality employment and training services to tribes, tribal organizations, Alaska Native entities, Indian controlled organizations and Native Hawaiian organizations serving unemployed and low income Native Americans, Alaska Natives and Native Hawaiians. In addition, Program Analyst can see aggregate level data to monitor grantee progress in real-time, this feature enhances technical assistance and training to the grantees.
Although GPMS is the case management system, Grant Administrators upload, review, and validate their performance data on a quarterly basis in the Workforce Integrated Performance System (WIPS). Program Analysts use the data from WIPS to monitor the core purpose of the program and the required measures defined in the Workforce Innovation and Opportunity Act (WIOA). Please note that once individual data is submitted into WIPS the SSNs (if provided by the grantee) are used to determine employment outcomes by a process known as the Common Reporting Information System (CRIS). CRIS is a DOL administered wage record interchange process designed to provide employment and earnings outcomes for grantees at an aggregate level which as stated above is a requirement by WIOA. This process reduces the reporting burden on grantees and improves performance measures.
The Division of Indian and Native American Program (DINAP), authorized under WIOA Section 166, establishes a unique and special direct relationship between the federal government and Indian tribal governments. The statutory purpose of the program goes beyond simply improving the employability of individuals who are American Indian, Alaska Native, and Native Hawaiian. The program also promotes "the economic and social development of Indian, Alaska Native, and Native Hawaiian communities in accordance with the goals and values of such communities" (WIOA, Section 166(a)(1)).
By law, the program is administered in a manner consistent with the principles of the Indian Self-Determination and Education Act, which recognizes the unique government-to-government relationship between tribes and the federal government.
CHARACTERIZATION OF THE INFORMATION
DINAP GPMS collects and reports information for eligible WIOA Indian and Native American participants in accordance with the specification set forth in OMB Control Number 1205-0521.
From whom is information to be collected?
DINAP grant organizations collect PII of participants who have received services. Grant organizations are only able to view records for their specific grant. The PII is protected, secured, and only accessible to specific users with permission to work with the participant case. DINAP grantees submit quarterly performance reports to DOL ETA's Workforce Integrated Performance System (WIPS) which fulfills statutory performance requirements and accountability.
Why is the Information being collected?
Personal Identifiable Information (PII) is being collected to meet the reporting requirements as established in OMB Control Number 1205-0521. This was the major driver for developing this new modernized system. GPMS was designed to meet Workforce Innovation and Opportunity Act (WIOA) reporting requirements and legislative mandates. The system integrates with DOL ETA's Workforce Integrated Performance System (WIPS) for Participant Individual Record Layout (PIRL) compliance and Quarterly Performance Report (QPR) generation.
DINAP GPMS reduces the reporting burden on tribal grantees who lack the resources and infrastructure to develop their own system to meet DOL ETA's reporting requirements.
What is the PII being collected, used, disseminated, or maintained?
- Name (First, Last)
- Personal Phone Number (Optional)
- Tribal Affiliation
- Residential Address
- Zip Code, County, State (Required)
- Home Address (Optional)
- Veteran Status (Optional)
- SSN (Optional, in accordance with TEGL 39-11)
- Wages (if applicable)
- Date of Birth (Required)
- Personal Email (Optional)
- Education Records (Optional)
How is the PII collected?
Grant Administrators, Grant Supervisors, and Case Manages collect the data using enrollment and/or intake forms then enter the PII into the GPMS web-based application system.
How will the information collected from individuals or derived from the system be checked for accuracy?
GPMS was designed to improve grantee reporting by seamless reporting to WIPS and incorporating reporting logical rules, valid values, and duplicate rules edit checks that are specific
to DOL DINAP reporting requirements. GPMS is consistent with and supports the data validation framework outlined in Guidance for Validating Required Performance Data Submitted by Grant Recipients of U.S. Department of Labor (DOL) Workforce Programs, TEGL 23-19, change 1.
What specific legal authorities, arrangements, and/or agreements defined allow the collection of PII?
- Indian and Native American Program (authorized under WIOA Section 166)
- Implementation of an Integrated Performance Reporting System for Multiple Employment and Training Administration (ETA) and Veterans' Employment and Training Service (VETS) Administered Programs, Training and Employment Notice 8-16
- DOL-Department of Labor (DOL) - Only Performance Accountability Information and Reporting System, OMB Control No. 1205-0521
- Timeline for data collection and reporting using the renewed ICRs for performance data collection approved by the Office of Management and Budget (OMB) (OMB Control Numbers 1205-0521), including amendments to the Participant Individual Record Layout (PIRL) and submission through WIPS, Training and Employment Notice 8-21
- Aligning Performance Accountability Reporting, Definitions, and Policies Across Workforce Employment and Training Programs Administered by the U.S. Department of Labor (DOL), Training and Guidance Letter 14-18
- Guidance on the use of Supplemental Wage Information to implement the Performance Accountability Requirements under the Workforce Innovation and Opportunity Act, Training and Employment Guidance Letter 26-16
- DINAP's Grant Terms and Conditions, which is sent to every grantee that receives a grant has a section about Personally Identifiable Information. It states:
"The grant award recipient(s) must recognize and safeguard Personally Identifiable Information (PII) except where disclosure is allowed by prior written approval of the Grant Officer or by court order. Award recipients must meet the requirements in TEGL No. 39-11, Guidance on the Handling and Protection of PII, can be found at http://wdr.doleta.gov/directives/corr_doc.cfm?DOCN=7872."
Privacy Impact Analysis
The risk to privacy is inappropriate handling or disclosure of PII, especially SSNs. Access controls mitigate the risk that data will be compromised. In addition, the SSNs column is encrypted to ensure the confidentiality of this data element.
GPMS has also built a PII SSN Audit Log for Program Analysts. If a grantee has any issues and fear a breach of an SSN, Program Analysts can see the following in the Audit Log and communicate with the grantees:
- Grant Number
- Participant Name
- Participant ID
- Viewed By
- Viewed Date
DESCRIBE THE USES OF THE PII
The following questions are intended to clearly delineate the use of information and the accuracy of the data being used.
Describe all the uses of the PII
The purpose of collecting PII is to fulfill reporting requirement authorized under OMB Control Number 1205-0521.
What types of tools are used to analyze data and what type of data may be produced?
Only aggregate information is used for producing data analyzation.
Will the system derive new data, or create previously unavailable data, about an individual through aggregation of the collected information?
No reports are generated in GPMS. WIPS derives aggregate data from the collected information.
If the system uses commercial or publicly available data, please explain why and how it is used.
The system does not use publicly available data.
Will the use of PII create or modify a "system of records notification" under the Privacy Act?
A Public Burden Statement was published under the OMB Control Number 1205-0521 for the collection of information and reporting requirements under the Workforce Innovation and Opportunity Act.
Privacy Impact Analysis
The following security controls have been implemented to prevent data from being compromised:
- Encryption is utilized to manage the secure transfer of the Participant Individual Record Layout file, which contains SSNs.
- The page for the file upload has Secure Socket Layer (SSL) enabled.
- Secure File Transfer protocol (S-FTP) is used to transfer files from ETA to Kansas. Kansas has as S-FTP server and DOL has the S-FTP client.
- Password protected zip files. Files within are also password protected.
- Data is secured in transit with TLS 1.2
- Data is secured at rest with AES-256-bit encryption
RETENTION
The following questions are intended to outline how long information will be retained after the initial collection.
What is the retention period for the data in the system?
Indefinite
Is a retention period established to minimize privacy risk?
No
Has the retention schedule been approved National Archives and Records Administration (NARA)?
No
Per M-17-12, Preparing for and Responding to a Breach of Personally Identifiable Information; what efforts are being made to eliminate or reduce PII that is collected, stored, or maintained by the system if it is no longer required?
Please see below.
How is it determined that PII is no longer required?
PII is collected at the time of intake, it is not required when a participant has fully exited the program.
If you are unable to eliminate PII from this system, what efforts are you undertaking to mask, de-identify or anonymize PII.
See below.
Privacy Impact Analysis
Risks associated with the length of time data is retained include inadvertent disclosure of confidential information. These risks are mitigated by the implementation of the following controls:
- Access to the data is strictly controlled through the use of user roles
- Implementation of login.gov
- GPMS will only decrypt an encrypted text value by using a specialized Encrypted Text Field in the browser. The value remains encrypted on the server and is only decrypted when displayed in this specialized field.
- An encrypted text value remains encrypted when stored on the disk
- An encrypted key is unique to each installation of the platform
- Data is secured in transit via HTTPS (TLS 1.2)
INTERNAL SHARING AND DISCLOSURE
The following questions are intended to define the scope of sharing within the Department of Labor.
With which internal organization(s) is the PII shared, what information is shared, and for what purpose?
Grant organizations will transmit PII from GPMS to WIPS through the Participant Information Record Layout (PIRL). DINAP PIRL reporting has been approved for collection in OMB Control Number 1205-0521.
How is the PII transmitted or disclosed?
DINAP application encrypt the PII information and store in db. DINAP decrypt the PII information on the fly and shared with WIPS in a secure transfer CSV file.
WIPS share the PII with Kansas, for more details please refer to WIPS PIA. WIPS is covered under the BPMP PIA.
Does the agency review when the sharing of personal information is no longer required to stop the transfer of sensitive information?
Refer to WIPS PIA
Privacy Impact Analysis
Refer to WIPS PIA
EXTERNAL SHARING AND DISCLOSURE
The following questions are intended to define the content, scope, and authority for information sharing external to DOL which includes federal, state, and local government, and the private
sector.
With which external organization(s) is the PII shared, what information is shared, and for what purpose?
GPMS information is reported to WIPS and WIPS in turn will share data through the Common Reporting Information System process. The Kansas Department of Commerce will process the file to obtain national program outcomes and grantee level employment performance results. BPMP (through WIPS) provides data to Kansas. CRIS provides performance results for grant programs that do not have the ability to collect performance indicators i.e., Employment in the 2nd Quarter after Exit Rate, Employment in the 4th Quarter after Exit Rate, and Median Earnings. Kansas does not return SSNs but rather aggregate data that cannot be attributed to a particular individual.
Is the sharing of PII outside the Department compatible with the original collection? If so, is it covered by an appropriate routine use in a SORN? If so, please describe. If not, please describe under what legal mechanism the program or system is allowed to share the PII outside of DOL.
Yes. Information collected is not altered prior to transmittal to Kansas. ETA has a Memorandum of Agreement with Kansas. In addition, a SORN has been published in the Federal Register.
How is the information shared outside the Department and what security measures safeguard its transmission?
The following controls are in place for submitting data to the Kansas Department of Commerce:
- Encryption is utilized to manage the secure transfer of the Participant Individual Record Layout file, which contains the PII.
- Secure File Transfer protocol (S-FTP) is used to transfer files from ETA to Kansas. Kansas has an S-FTP server and DOL has the S-FTP client.
- The Kansas LAN has an overall Security Categorization of Moderate
How is the information transmitted or disclosed?
Secure File Transfer protocol (S-FTP) is used to transfer files from ETA to Kansas. Kansas have an S-FTP server and DOL has the S-FTP client.
Is a Memorandum of Understanding (MOU), contract, or any agreement in place with any external organizations with whom information is shared, and does the agreement reflect the scope of the information currently shared? If the answer is yes, be prepared to provide a copy of the agreement in the event of an audit as supporting evidence.
ETA has a Memorandum of Agreement with Kansas.
How is the shared information secured by the recipient?
WIPS shared the information with Kansas, WIPS is covered under the BPMP PIA. For more information, please refer to WIPS PIA.
What type of training is required for users from agencies outside DOL prior to receiving access to the information?
See above response
Privacy Impact Analysis
Given the external sharing of data, ETA identified privacy risks to include inadvertent disclosure of confidential information. For that reason, ETA established an MOU with Kansas and implemented various security controls as mentioned above.
NOTICE
The following questions are directed at notice to the individual of the scope of PII collected, the right to consent to uses of said information, and the right to decline to provide information.
Was notice provided to the individual prior to collection of PII? If yes, please provide a copy of the notice as an appendix. A notice may include a posted privacy policy, a Privacy Act notice on forms, or a system of records notice published in the Federal
Register Notice. If notice was not provided, please explain.
Yes, notice is provided to participants and built into the enrollment process. PII is collected through Grant Administrators, Grant Supervisors, and Case Managers. It is not put into the system directly from the participants.
Do individuals have the opportunity and/or right to decline to provide information?
Yes, SSN disclosure must be voluntarily provided by the individual and cannot deny the participant access to services if the SSN is not provided. GPMS was developed in line with guidance set forth in Training and Employment Guidance Letter 05-08, Policy for Collection and Use of Workforce System Participants' Social Security Numbers.
Do individuals have the right to consent to particular uses of the information? If so, how does the individual exercise the right?
No.
Privacy Impact Analysis
Participants are informed that providing SSNs is voluntary.
INDIVIDUAL ACCESS, REDRESS, AND CORRECTION
The following questions are directed at an individual's ability to ensure the accuracy of the information collected about them.
What are the procedures that allow individuals to gain access to their own information?
Participants can ask grantee staff for their enrollment form at any time. The enrollment forms contain all the data that is input in the system by Grant Administrators, Grant Supervisors, or Case Managers.
Furthermore, effective 12/31/2021, all GPMS users were required to create login.gov accounts in order (two-factor authentication) to access the system.
What are the procedures for correcting inaccurate or erroneous information?
Participants can update/edit their enrollment form at any time. Grant Administrators, Grant Supervisors, or Case Managers then go in and update the information into the system.
How are individuals notified of the procedures for correcting their own information?
Participants are told they can update their information when they enroll. If information needs updating, Grant Administrators, Grant Supervisors, or Case Managers can notify their participants in person, phone, or email that they have updated their information.
If no formal redress is provided, what alternatives are available to the individual?
Not applicable.
Privacy Impact Analysis
Participants always can update/edit their information prior to fully exiting the program. Additionally, participants have the right to withdraw from the program.
TECHNICAL ACCESS AND SECURITY
The following questions are intended to describe technical safeguards and security measures.
Which user group(s) will have access to the system? (For example, program managers, IT specialists, and analysts will have general access to the system and registered users from the public will have limited access.)
Program Analysts will have general access to the system but will not have access to individual participant data.
Grant Administrators, Grant Supervisors, and Case managers will have general access specific to their organizations profile.
Effective 12/31/2021, all GPMS users were required to use login.gov (two-factor authentication) to access the system.
Will contractors to DOL have access to the system? If so, please include a copy of the contract describing their role to the OCIO Security with this PIA.
Yes, please see contract attached.
Does the system use "roles" to assign privileges to users of the system? If yes, describe the roles.
Yes, please see below.
Grant Administrator |
|
Grant Supervisor |
|
Case Manager |
|
What procedures are in place to determine which users may access the system and are they documented?
Only one Grant Administrator is allowed per grant organization. At the beginning of the grant, each grantee determines who the grant administrator will be and notifies the program analyst that oversees the GPMS system. The Program analysts, enter the grant administrators into the system for each organization. Once a grant administrator has access to the system, they can assign user roles as appropriate to their staff (Grant Supervisor or Case Manager). Additionally, only Grant Administrators have access to the WIPS system to formally submit and validate reports to process via CRIS.
How are the actual assignments of roles and Rules of Behavior, verified according to established security and auditing procedures? How often training is provided? Provide date of last training.
Program Analysts - Rules of Behavior forms are required to be signed before a user can have their account provisioned on BPMP. Role assignment is verified by assigning a user to the appropriate Appian Groups, which authorize the user's access to the appropriate application-level access. Training is required for all users annually using DOL's Cybersecurity and Privacy Awareness Training. The last round of training was completed on 9/30/2022.
Grantees-User Role assignment is explained above. Grantees do not take a privacy training or sign a Rules of Behavior form. Grantees are provided training monthly basis. Training includes, how to create user accounts, using login.gov, how to enter a new case and manage services and outcomes. The last training was provided on 1/19/2023.
Describe what privacy training is provided to users, either generally or specifically relevant to the program or system?
Program Analysts – Cybersecurity and Privacy Awareness Training
Contractor – Contractor Role Based Training
What auditing measures and technical safeguards are in place to prevent misuse of data?
Data is encrypted in the database and an audit trail of activities performed on the database is tracked. Data is also encrypted in transit using TLS 1.2.
Is the data secured in accordance with FISMA requirements? If yes, when was Security Assessment and Authorization last completed?
Yes, this is completed during each production deployment. The last time this was completed was 1/13/2023.
Privacy Impact Analysis
- MOU between ETA and Kansas address key issues.
- Encryption is utilized to manage the secure transfer of the Participant Information Record Layout file, which contains the SSNs.
- The page for the file upload has Secure Socket Layer (SSL) enabled but will not have third-party verification.
- Secure File Transfer protocol (S-FTP) is used to transfer files from ETA to Kansas. Each has an S-FTP server and DOL has the S-FTP client.
- Files are password protected
TECHNOLOGY
The following questions are directed at critically analyzing the selection process for any technologies utilized by the system, including system hardware, biometrics, and other technology.
Was the system built from the ground up or purchased and installed?
Since GPMS is part of BPMP: The BPMP applications are custom designed applications built on top of a purchased platform-as-a-service instance of Appian's low-code development software.
Describe how data integrity, privacy and security were analyzed as part of the decisions made for your system.
Since GPMS is part of BPMP: The Department of Labor built the BPMP on top of a FedRAMP-compliant Appian Cloud. This allowed for the development of applications which leverage the built-in Appian Security Framework without writing any custom code. Application development was preformed followed DOL Center of Excellence guidelines utilizing an Agile development process which required consistent review of all aspects of the application development.
What design choices were made to enhance privacy?
Since GPMS is part of BPMP and is an Appian application: Applications were developed used Appian best practices making use of the built-in permissions framework using Appian Groups. Applications are reviewed for alignment with Center of Excellence guidance around least-privileged object configuration for supporting application operations
For systems in development, what stage of development is the system in, and what project development life cycle was used?
N/A
For systems in development, does the project employ technology which may raise privacy concerns? If so please discuss their implementation?
N/A
DETERMINATION
As a result of performing the PIA, what choices has the agency made regarding the information technology system and collection of information?
- ETA has completed the PIA for DINAP which is currently in operation.
- ETA has determined that the safeguards and controls for this moderate system adequately protect the information.
- ETA has determined that it is collecting the minimum necessary information for the proper performance of a documented agency function.