OVERVIEW

YouthBuild's Grantee Performance Management System (GPMS) is part of the Employment and Training Administration (ETA) Appian Platform, Business Process Management Platform System (BPMP). YouthBuild's GPMS is one of the three subsystems of the BPMP that contains Protected PII.

GPMS-YouthBuild provides a web-based interface to GPMS in support of the YouthBuild effort from Grantees to Program Analyst, monitoring grantee progress, resource allocation, skill gains, and related measures.

Although GPMS is the case management system, Grant Administrators upload, review, and validate their performance data on a quarterly basis in the Workforce Integrated Performance System (WIPS). Program Analysts use the data from WIPS to monitor the core purpose of the program and the required measures asked for by the Workforce Innovation and Opportunity Act (WIOA) as it is more accurate and standardized. Please note that once data is submitted into WIPS it is sent to the Common Reporting Information System (CRIS). CRIS is a DOL administer wage record interchange process designed to provide employment and earnings outcomes for grantees which as stated above is a requirement by WIOA.

YouthBuild is a community-based pre-apprenticeship program that provides job training and educational opportunities for at-risk youth ages 16-24 who have previously dropped out of high school. Youth learn vocational skills in construction, as well as in other in-demand industries that include health care, information technology, and hospitality. Youth also provide community service through the required construction or rehabilitation of affordable housing for low-income or homeless families in their own neighborhoods. Youth split their time between the vocational training work site and the classroom, where they earn their high school diploma or equivalency degree, learn to be community leaders, and prepare for postsecondary training opportunities, including college, apprenticeships, and employment. YouthBuild includes significant support systems, such as a mentoring, follow-up education, employment, and personal counseling services; and participation in community service and civic engagement.

CHARACTERIZATION OF THE INFORMATION

The following questions are intended to define the scope of the information requested and/or
collected as well as reasons for its collection as part of the program, system, or technology being developed.
Specify whether the System collects personally identifiable information (PII) on DOL employees, other federal employees, contractors, members of the public (U.S. citizens), foreign citizens, or minor children.

Members of the public (U.S. citizens), including minor children. YouthBuild serves youth ages 16-24.

From whom is information to be collected?

GPMS collects PII of participants who have received services from a YouthBuild grant to generate reports in WIPS and facilitate program monitoring and oversight through WIPS, in addition to satisfying statutorily required performance accountability provisions.

Why is the Information being collected?

GPMS collects SSNs from participants. SSNs are necessary, for programs not administered by a public official, to obtain employment and earnings outcomes of program participants through the Common Reporting Information System (CRIS). CRIS is a DOL administered wage record interchange process designed to provide employment and earnings outcomes for grantees. GPMS is the case management system that originally houses the information that is sent to WIPS then CRIS to get back accurate data.

What is the PII being collected, used, disseminated, or maintained?

  • Name (First, Last) (Optional)
  • Personal Phone Number (Optional)
  • Ethnicity (Optional)
  • Race (Optional)
  • Residential Address
    • Zip Code, State (Required)
    • Home Address (Optional)
  • Veteran Status (Optional)
  • SSN (Optional, in accordance with TEGL 39-11)
  • Wages (Required)
  • Date of Birth (Required)
  • Personal Email (Optional)
  • Education Records (Required)

How is the PII collected?

Grant Administrators, Grant Supervisors, and Case Manages collect the data using enrollment forms then enter the PII into the GPMS System.

How will the information collected from individuals or derived from the system be checked for accuracy?

The system performs range, type, and bounds checking on PII.

What specific legal authorities, arrangements, and/or agreements defined allow the collection of PII?

  • YouthBuild program (title I of WIOA, subtitle D, Sec. 171)
  • YouthBuild's Grant Terms and Conditions, which is sent to every grantee that receives a YouthBuild grant has a section about Personally Identifiable Information. It states:

"The grant award recipient(s) must recognize and safeguard Personally Identifiable Information (PII) except where disclosure is allowed by prior written approval of the Grant Officer or by court order. Award recipients must meet the requirements in TEGL No. 39-11, Guidance on the Handling and Protection of PII, can be found at http://wdr.doleta.gov/directives/corr_doc.cfm?DOCN=7872."

  • Participant Individual Record Layout reporting requirements approved under OMB Control Number 1205-0521

Privacy Impact Analysis

The risk to privacy is inappropriate handling or disclosure of PII, especially SSNs. Access controls mitigate the risk that data will be compromised. In addition, the SSNs column is encrypted to ensure the confidentiality of this data element.

YouthBuild GPMS has also built a PII SSN Audit Log for Program Analysts. If a grantee has any issues and fear a breach of an SSN, Program Analysts can see the following in the Audit Log and communicate with the grantees:

  • Grant Number
  • Participant Name
  • Participant ID
  • Viewed By
  • Viewed Date

DESCRIBE THE USES OF THE PII

The following questions are intended to clearly delineate the use of information and the accuracy of the data being used.

Describe all the uses of the PII

The main purpose of collecting SSNs is because they are necessary for YouthBuild to obtain employment and earnings outcomes of program participants through CRIS.

We use other PII along with other data elements to pull trends out in the field to provide appropriate technical assistance to grantees.

What types of tools are used to analyze data and what type of data may be produced?

Summary reports and aggregated trend presentation on the demographic data via WIPS. No reports are generated in GPMS. Again, GPMS houses the data but reports come from WIPS.

Will the system derive new data, or create previously unavailable data, about an individual through aggregation of the collected information?

No reports are generated in GPMS. WIPS derives aggregate data from the collected information.

If the system uses commercial or publicly available data, please explain why and how it is used.

The system does not use publicly available data.

Will the use of PII create or modify a "system of records notification" under the Privacy Act?

The existing SORN, ETA-4 will be modified once all application PIAs are completed.

Privacy Impact Analysis

The following security controls have been implemented to prevent data from being compromised:

  • Encryption is utilized to manage the secure transfer of the Participant Individual Record Layout file, which contains SSNs.
  • The page for the file upload has Secure Socket Layer (SSL) enabled.
  • Secure File Transfer protocol (S-FTP) is used to transfer files from ETA to Kansas. Kansas has as S-FTP server and DOL has the S-FTP client.
  • Password protected zip files. Files within are also password protected.
  • Data is secured in transit with TLS 1.2
  • Data is secured at rest with AES-256-bit encryption

RETENTION

The following questions are intended to outline how long information will be retained after the initial collection.

What is the retention period for the data in the system?

Indefinite

Is a retention period established to minimize privacy risk?

No

Has the retention schedule been approved National Archives and Records Administration (NARA)?

No

Per M-17-12, Preparing for and Responding to a Breach of Personally Identifiable Information; what efforts are being made to eliminate or reduce PII that is collected, stored, or maintained by the system if it is no longer required?

Please see below.

How is it determined that PII is no longer required?

PII is not required anymore when a participant has fully exited the YouthBuild program.

If you are unable to eliminate PII from this system, what efforts are you undertaking to mask, de-identify or anonymize PII.

See below.

Privacy Impact Analysis

Risks associated with the length of time data is retained include inadvertent disclosure of confidential information. These risks are mitigated by the implementation of the following controls:

  • Access to the data is strictly controlled through the use of roles
  • GPMS will only decrypt an encrypted text value by using a specialized EncryptedTextField in the browser. The value remains encrypted on the server and is only decrypted when displayed in this specialized field.
  •  An encrypted text value remains encrypted when stored on the disk
  • An encrypted key is unique to each installation of the platform
  • Data is secured in transit via HTTPS (TLS 1.2)

INTERNAL SHARING AND DISCLOSURE

The following questions are intended to define the scope of sharing within the Department of Labor.

With which internal organization(s) is the PII shared, what information is shared, and for what purpose?

PII is not shared with internal organizations.

How is the PII transmitted or disclosed?

Not applicable

Does the agency review when the sharing of personal information is no longer required to stop the transfer of sensitive information?

Not applicable

Privacy Impact Analysis

Not applicable. There is no internal sharing of PII.

EXTERNAL SHARING AND DISCLOSURE

The following questions are intended to define the content, scope, and authority for information sharing external to DOL which includes federal, state, and local government, and the private
sector.

PLEASE NOTE: Information is shared externally because GPMS is not a reporting platform. It is a case management system which send information to WIPS which is then sent with CRIS.

With which external organization(s) is the PII shared, what information is shared, and for what purpose?

Information is shared with CRIS through Kansas Department of Commerce from WIPS. BPMP (which YouthBuild's GPMS is housed under) provides data to Kansas for processing by CRIS. CRIS provides common performance measures for grant programs that do not have the ability to collect common measure outcomes i.e., Entered Employment Rate, Retention Rate, and Average Earnings. Kansas does not return SSNs but rather aggregate data that cannot be attributed to a particular individual.

Is the sharing of PII outside the Department compatible with the original collection? If so, is it covered by an appropriate routine use in a SORN? If so, please describe. If not, please describe under what legal mechanism the program or system is allowed to share the PII outside of DOL.

Yes. Information collected is not altered prior to transmittal to Kansas. ETA has a Memorandum of Agreement with Kansas. In addition, a SORN has been published in the Federal Register.

How is the information shared outside the Department and what security measures safeguard its transmission?

The following controls are in place for submitting data to the Kansas Department of Commerce:

  • Encryption is utilized to manage the secure transfer of the Participant Individual Record Layout file, which contains the PII.
  • Secure File Transfer protocol (S-FTP) is used to transfer files from ETA to Kansas. Kansas has an S-FTP server and DOL has the S-FTP client.
  • The Kansas LAN has an overall Security Categorization of Moderate

How is the information transmitted or disclosed?

Secure File Transfer protocol (S-FTP) is used to transfer files from ETA to Kansas. Kansas have an S-FTP server and DOL has the S-FTP client.

Is a Memorandum of Understanding (MOU), contract, or any agreement in place with any external organizations with whom information is shared, and does the agreement reflect the scope of the information currently shared? If the answer is yes, be prepared to provide a copy of the agreement in the event of an audit as supporting evidence.

ETA has a Memorandum of Agreement with Kansas.

How is the shared information secured by the recipient?

Youth build application encrypt the PII information and store in db. Youth Build decrypt the PII information on the fly and shared with WIPS in a secure transfer CSV file. And WIPS share the PII with Kansas, for more details please refer to WIPS PIA.

What type of training is required for users from agencies outside DOL prior to receiving access to the information?

Please refer to the WIPS PIA.

Privacy Impact Analysis

Given the external sharing of data, ETA identified privacy risks to include inadvertent disclosure of confidential information. For that reason, ETA established an MOU with Kansas and implemented various security controls as mentioned above.

NOTICE

The following questions are directed at notice to the individual of the scope of PII collected, the right to consent to uses of said information, and the right to decline to provide information.

Was notice provided to the individual prior to collection of PII? If yes, please provide a copy of the notice as an appendix. A notice may include a posted privacy policy, a Privacy Act notice on forms, or a system of records notice published in the Federal

Register Notice. If notice was not provided, please explain.

Yes, notice is provided to participants. PII is collected through Grant Administrators, Grant Supervisors, and Case Managers. It is not put into the system directly from the participants.

Do individuals have the opportunity and/or right to decline to provide information?

Yes, SSN disclosure must be voluntarily provided by the individual and cannot deny the participant access to services if the SSN is not provided.

Do individuals have the right to consent to particular uses of the information? If so, how does the individual exercise the right?

No.

Privacy Impact Analysis

Participants are informed that providing SSNs is voluntary.

INDIVIDUAL ACCESS, REDRESS, AND CORRECTION

The following questions are directed at an individual's ability to ensure the accuracy of the information collected about them.

What are the procedures that allow individuals to gain access to their own information?

Participants can ask grantee staff for their enrollment form at any time. The enrollment forms contain all the data that is input in the system by Grant Administrators, Grant Supervisors, or Case Managers.

What are the procedures for correcting inaccurate or erroneous information?

Participants can update/edit their enrollment form at any time. Grant Administrators, Grant Supervisors, or Case Managers then go in and update the information into the system.

How are individuals notified of the procedures for correcting their own information?

Participants are told they can update their information when they enroll. If information needs updating, Grant Administrators, Grant Supervisors, or Case Managers can notice their participants in person, phone, or email that they have updated their information.

If no formal redress is provided, what alternatives are available to the individual?

Not applicable.

Privacy Impact Analysis

Participants always can update/edit their information. Additionally, participants have the right to withdraw from the program.

TECHNICAL ACCESS AND SECURITY

The following questions are intended to describe technical safeguards and security measures.

Which user group(s) will have access to the system? (For example, program managers, IT specialists, and analysts will have general access to the system and registered users from the public will have limited access.)

YouthBuild Program Analysts will have general access to the system but will not have access to individual participant data.

Grant Administrators, Grant Supervisors, and Case managers will have general access specific to their organizations profile.

Will contractors to DOL have access to the system? If so, please include a copy of the contract describing their role to the OCIO Security with this PIA.

Yes, please see contract attached.

Does the system use "roles" to assign privileges to users of the system? If yes, describe the roles.

Yes, please see below.

Grant Administrator

  • This user account must be created by the DOL National Office. Please reach    out to GPMS Support if you need this user account created or updated.
  • This user role is the only user that can access WIPS and submit and certify the GPMS performance reports.
  • This user role can also:
    • Create and edit other user accounts, including account deactivation
    • Assign or re-assign cases to other users
    • View and edit all case files and GPMS participant data

Grant Supervisor

  • This user role can:
    • Create and edit other user accounts, including account deactivation
    • Assign or reassign cases to other users
    • View and edit all case files and GPMS participant data

Case Manager

    • This user role can: o Create cases and view or edit all information for the case files that they have created or that have been assigned to them.

What procedures are in place to determine which users may access the system and are they documented?

Only one Grant Administrator is allowed per grant. At the beginning of the grant, each grantee determines who the grant administrator will be and notifies the program analyst that oversees the GPMS system. YouthBuild program analysts, enter the grant administrators into the system for each organization. Once a grant administrator has access to the system, they can assign user roles as appropriate to their staff (Grant Supervisor or Case Manager). Additionally, only Grant Administrators have access to the WIPS system to formally submit and validate reports to process via CRIS.

How are the actual assignments of roles and Rules of Behavior, verified according to established security and auditing procedures? How often training is provided? Provide date of last training.

Program Analysts - Rules of Behavior forms are required to be signed before a user can have their account provisioned on BPMP.  Role assignment is verified by assigning a user to the appropriate Appian Groups, which authorize the user's access to the appropriate application-level access.  Training is required for all users annually using DOL's Cybersecurity and Privacy Awareness Training.  The last round of training was completed on 6/30/2022.

Grantees-User Role assignment is explained above. Grantees do not take a privacy training or sign a Rules of Behavior form.

Describe what privacy training is provided to users, either generally or specifically relevant to the program or system?

Program Analysts – Cybersecurity and Privacy Awareness Training

Contractor – Contractor Role Based Training

What auditing measures and technical safeguards are in place to prevent misuse of data?

Data is encrypted in the database and an audit trail of activities performed on the database is tracked.  Data is also encrypted in transit using TLS 1.2.

Is the data secured in accordance with FISMA requirements? If yes, when was Security Assessment and Authorization last completed?

Yes – BPMP and is in Ongoing-Authorization which conducts a Security Assessment every year.

Privacy Impact Analysis

  • MOU between ETA and Kansas address key issues.
  • Encryption is utilized to manage the secure transfer of the Standardized Participant Information Record Data file, which contains the SSNs.
  • The page for the file upload has Secure Socket Layer (SSL) enabled but will not have third-party verification.
  • Secure File Transfer protocol (S-FTP) is used to transfer files from ET A to Kansas. Each has an S-FTP server and DOL has the S-FTP client.
  • Files are password protected

TECHNOLOGY

The following questions are directed at critically analyzing the selection process for any technologies utilized by the system, including system hardware, biometrics, and other technology.

Was the system built from the ground up or purchased and installed?

Since GPMS is part of BPMP: The BPMP applications are custom designed applications built on top of a purchased platform-as-a-service instance of Appian's low-code development software.

Describe how data integrity, privacy and security were analyzed as part of the decisions made for your system.

Since GPMS is part of BPMP: The Department of Labor built the BPMP on top of a FedRAMP-compliant Appian Cloud.  This allowed for the development of applications which leverage the built-in Appian Security Framework without writing any custom code.  Application development was preformed followed DOL Center of Excellence guidelines utilizing an Agile development process which required consistent review of all aspects of the application development.

What design choices were made to enhance privacy?

Since GPMS is part of BPMP and is an Appian application: Applications were developed used Appian best practices making use of the built-in permissions framework using Appian Groups.  Applications are reviewed for alignment with Center of Excellence guidance around least-privileged object configuration for supporting application operations

For systems in development, what stage of development is the system in, and what project development life cycle was used?

N/A

For systems in development, does the project employ technology which may raise privacy concerns? If so please discuss their implementation?

N/A

DETERMINATION

As a result of performing the PIA, what choices has the agency made regarding the information technology system and collection of information?

  • YouthBuild has completed the PIA for GPMS-YouthBuild which is currently in operation.
  • ETA has determined that the safeguards and controls for this moderate system adequately protect the information.
  • ETA has determined that it is collecting the minimum necessary information for the proper performance of a documented agency function.