Cloud Platform Services
The purpose of the ETA Cloud Platform Services project is to provide a data and computing services environment for the modernized applications and to provide a highly scalable and adaptive virtual utilities; with secure services catalog; to support ETA analysis, classification, categorization, recommendations and prediction; models, reports and graphs.
The first module deployed onto this platform will be:
- Workforce Investment Opportunities Act — Performance Reporting System (eDRVS 2.0): Provides report validation and data element validation for the Workforce Innovation and Opportunity Act (WIOA) program. This software allows the States to upload, review, and validate their WIOA reporting data before final submission to the National Office (NO).
A Privacy Impact Assessment is being conducted since this system stores and transmits Personally Identifiable Information that includes social security numbers.
Characterization of the Information
Personally identifiable information (PII) is collected on members of the public who participate in certain grant programs.
From whom is information to be collected?
Grantees collect PII from participants in the program.
Why is the Information being collected?
The PII is collected to access to wage records from the Wage Record Interchange System (WRIS) and the Federal Employment Data Exchange System (FEDES) and compute the common measures
What is the PII being collected, used, disseminated, or maintained?
- Date of birth
- Social Security Number (SSN)
How is the PII collected?
PII data is included in the Comma Separated Value file containing participant level records uploaded into the system by grantee.
How will the information collected from individuals or derived from the system be checked for accuracy?
At the grantee level, where PII is initially collected, staff review participant identification and validate all PII before entering it into their respective systems.
What specific legal authorities, arrangements, and/or agreements defined allow the collection of PII?
- Workforce Innovation and Opportunity Act (WIOA)
- Section 303(a)(6) of the Social Security Act
Privacy Impact Analysis
The risk to privacy is inappropriate handling or disclosure of PII, especially SSNs. Access controls mitigate the risk that data will be compromised. In addition, the SSN data is encrypted to ensure the confidentiality of this data element.
Describe the Uses of the PII
Describe all the uses of the PII
DOL/ETA and the Kansas Department of Commerce (Kansas) have a Memorandum of Understanding that allows ETA’s national program grantees access to wage records through the Wage Record Interchange System (WRIS) and the Federal Employment Data Exchange System (FEDES) in order to calculate the common measures. This arrangement is the Common Reporting Information System (CRIS).
- National program grantees submit program exiter information to DOL’s Enterprise Business Support System (EBSS). NFJP grantees submit their information to Social Policy Research Associates (SPRA).
- DOL sends program exiter information, including social security numbers (SSNs), from EBSS to Kansas via secure File Transit Protocol (sFTP). SPRA sends NFJP data directly to Kansas via sFTP.
- Kansas submits SSNs to the WRIS and FEDES operators. WRIS matches wage data to program exiters covered in the nation’s Unemployment Insurance (UI) system. FEDES matches wage records to program exiters employed in the Federal workforce.
- The WRIS operator transmits SSNs to state UI agencies that have indicated wages exist for that SSN. The state processes the request and returns this information to the WRIS operator. The FEDES operator transmits SSNs to the Office of Personnel Management, the Department of Defense, and the U.S. Postal Service. If these departments have a wage record for the SSN, they return this information to the FEDES operator.
- The WRIS and FEDES operators return matched wage records to Kansas. Kansas compiles this information and calculates aggregate, program specific common measures reports.
- Kansas submits these common measures reports to DOL. These reports do NOT contain personally identifiable information (PII).
- These aggregate, program specific, common measures reports are available on the CRIS portal. Users can select reports based by program and time period. Both national and grantee-specific reports are available.
What types of tools are used to analyze data and what type of data may be produced?
Tableau is used for data analysis of non-PII data which results in summary information.
Will the system derive new data, or create previously unavailable data, about an individual through aggregation of the collected information?
The system does NOT derive new data through aggregation of collected information.
If the system uses commercial or publicly available data, please explain why and how it is used.
The system does NOT use publicly available data
Will the use of PII create or modify a “system of records notification” under the Privacy Act?
The system does NOT create or modify a “system of records notification” under the Privacy Act.
Privacy Impact Analysis
- Each grantee is assigned a unique user name and password.
- Encryption is utilized to manage the secure transfer of the data file which contains SSNs.
- The page for the file upload has Secure Socket Layer (SSL) enabled.
- The file is encrypted at the 256-bit Advanced Encryption Standard (AES-256) level on the target server.
Retention
What is the retention period for the data in the system?
Records are maintained indefinitely to allow historical analysis.
Is a retention period established to minimize privacy risk?
Necessary security provisions are in place to minimize privacy risks throughout the retention period.
Has the retention schedule been approved National Archives and Records Administration (NARA)?
The System Owner has approved the retention schedule but there is no contract/agreement with National Archives and Records Administration (NARA).
- Per M-O7-16, Safeguarding Against and Responding to the Breach of Personally Identifiable Information; What efforts are being made to eliminate or reduce PII that is collected, stored or maintained by the system if it is no longer required?
The minimum required PII is being collected to meet the mission essential functions.
Have you implemented the DOL PII Data Extract Guide for the purpose of eliminating or reducing PII?
The minimum required PII is being collected and retained subject to all DOL policies and guidelines.
How is it determined that PII is no longer required?
ETA depends on outside systems that require the use of PII and hence will need a combined effort to determine all issues related to PII.
If you are unable to eliminate PII from this system, what efforts are you undertaking to mask, de-identify or anonymize PII.
The minimum required PII is being collected and retained. The date of birth and social security number are the PII collected.
Privacy Impact Analysis
The minimum required PII is being collected and retained subject to all DOL policies and guidelines.
- Each grantee is assigned a unique user name and password.
- Encryption is utilized to manage the secure transfer of the data file which contains SSNs.
- The page for the file upload has Secure Socket Layer (SSL) enabled.
- The file is encrypted at the 256-bit Advanced Encryption Standard (AES-256) level on the target server.
Internal Sharing and Disclosure
With which internal organization(s) is the PII shared, what information is shared, and for what purpose?
PII is NOT shared with internal organizations.
How is the PII transmitted or disclosed?
N/A since it is not shared internally within Department of Labor.
Does the agency review when the sharing of personal information is no longer required to stop the transfer of sensitive information?
N/A since it is not shared internally within Department of Labor.
Privacy Impact Analysis
N/A since it is not shared internally within Department of Labor.
External Sharing and Disclosure
With which external organization(s) is the PII shared, what information is shared, and for what purpose?
Information is shared with CRIS through Kansas. EBSS provides SSNs to Kansas for processing by CRIS. CRIS provides common performance measures for grant programs that do not have the ability to collect common measure outcomes i.e. Entered Employment Rate, Retention Rate, and Average Earnings. Kansas does not return SSNs but rather aggregate data that cannot be attributed to a particular individual.
Is the sharing of PII outside the Department compatible with the original collection? If so, is it covered by an appropriate routine use in a SORN? If so, please describe. If not, please describe under what legal mechanism the program or system is allowed to share the PII outside of DOL.
There is an existing Interconnection Security Agreement (ISA) between ETA and Kansas which provides a legal mechanism for sharing this information. Information collected is not altered prior to transmittal to Kansas.
How is the information shared outside the Department and what security measures safeguard its transmission?
Information is transmitted to Kansas for processing. The following security controls have been put in place:
- Encryption is utilized to manage the secure transfer of the Standardized Participant Information Record Data file, which contains the SSNs.
- The page for the file upload (for grantees) has Secure Socket Layer (SSL) enabled
- Secure File Transfer protocol (S-FTP) is used to transfer files from ETA to Kansas. Kansas has an S-FTP server and DOL has the S-FTP client.
- Data returned by Kansas do not include SSNs.
- Data are not returned by Kansas if there are fewer than 4 records.
How is the information transmitted or disclosed?
- Secure File Transfer protocol (S-FTP) is used to transfer files from ETA to Kansas. Kansas has an S-FTP server and DOL has the S-FTP client.
- Data returned by Kansas do not include SSNs.
Is a Memorandum of Understanding (MOU), contract, or any agreement in place with any external organizations with whom information is shared, and does the agreement reflect the scope of the information currently shared? If yes, include who the agreement is with and the duration of the agreement.
There is an existing Interconnection Security Agreement (ISA) between ETA and Kansas which provides a legal mechanism for sharing this information. Information collected is not altered prior to transmittal to Kansas.
How is the shared information secured by the recipient?
There is an existing Interconnection Security Agreement (ISA) between ETA and Kansas. The recipient secures it as per their internal security policies, procedures and controls described in the ISA.
What type of training is required for users from agencies outside DOL prior to receiving access to the information?
There is an existing Interconnection Security Agreement (ISA) between ETA and Kansas. The recipient secures PII and trains, as per their internal security policies, procedures and controls described in the ISA.
Privacy Impact Analysis
Given the external sharing of data, ETA identified privacy risks to include inadvertent disclosure of confidential information. For that reason, ETA established an ISA with Kansas and also implemented the necessary technical security controls as mentioned above.
Notice
Was notice provided to individuals prior to collection of PII? If yes, please provide a copy of the notice as an appendix. A notice may include a posted privacy policy, a Privacy Act notice on forms, or a system of records notice published in the Federal Register Notice. If notice was not provided, please explain.
Yes; notice is provided to individuals (participants). PII is collected through grantees, not collected directly from the individuals.
Do individuals have the opportunity and/or right to decline to provide information?
Yes. SSN disclosure must be voluntarily provided by the individual and grantees cannot deny the participant access to services if the SSN is not provided. In such instances, the grantee is instructed to use an alternate unique identifier.
Do individuals have the right to consent to particular uses of the information? If so, how does the individual exercise the right?
Yes. Individuals have the right to consent to particular uses in writing.
Privacy Impact Analysis
Individuals are informed that providing SSNs is voluntary and they have an option to use an alternate unique identifier
Individual Access, Redress, and Correction
What are the procedures that allow individuals to gain access to their own information?
Individuals do not have access to the system; only grantees can access the system. Individuals will contact Grantees to access their own information.
What are the procedures for correcting inaccurate or erroneous information?
This system is not the system of record for the individual’s data. They would need to work with the grantees to have their data amended in the originating systems.
How are individuals notified of the procedures for correcting their own information?
N/A; Grantees and Individuals providing PII work out a procedure independent of ETA.
If no formal redress is provided, what alternatives are available to the individual?
N/A; Grantees and Individuals providing PII work out a procedure independent of ETA.
Privacy Impact Analysis
Individuals have the right to withdraw from the program.
Technical Access and Security
Which user group(s) will have access to the system? (For example, program managers, IT specialists, and analysts will have general access to the system and registered users from the public will have limited access.)
The ETA system administrators and developers will have (after signing rules of behavior) access to the system using a two factored authentication. This process is documented.
Will contractors to DOL have access to the system? If so, please include a copy of the contract describing their role to the OCIO Security with this PIA.
Yes, designated contractors will have access to the system, after signing the necessary rules of behavior.
Does the system use “roles” to assign privileges to users of the system? If yes, describe the roles.
Yes, the system will assign roles to users to access the system. The regular users (Developers) will have limited access to perform their business functions after individually signing the rules of behavior. The privileged users (System Administrators) will manage the regular access users, after verifying their signed rules of behavior and obtaining other approvals. The privileged users also sign separate rules of behavior.
What procedures are in place to determine which users may access the system and are they documented?
The access roles and the related procedures are documented in multiple sections of the system security plan.
How are the actual assignments of roles and Rules of Behavior, verified according to established security and auditing procedures? How often is training provided? Provide date of last training.
ETA users annually take a computer security training course and agree to the documented Rules of Behavior for the system. The last training was completed in September 2015. In addition account recertification procedures are implemented to verify the continued access requirements and privileges.
Describe what privacy training is provided to users, either generally or specifically relevant to the program or system?
ETA users annually take a computer security training course and agree to the documented Rules of Behavior for the system. For select ETA users additional role based security training courses are provided as well. Privacy related topics are included in both types of training.
What auditing measures and technical safeguards are in place to prevent misuse of data?
Data are encrypted in the database and file system and an audit trail of activities performed on the database is tracked.
Is the data secured in accordance with FISMA requirements? If yes, when was Security Assessment and Authorization last completed?
Yes, this system is being secured in accordance with FISMA requirements. The Security Assessment and Authorization was concluded and the ATO approved on June 30, 2016.
Privacy Impact Analysis
Given the sensitivity and scope of the information collected, as well as any information sharing conducted on the system, privacy risks identified include inadvertent disclosure and misuse of confidential information. These risks are mitigated by the implementation of the following controls:
- ISA between ETA and Kansas to address key issues.
- Encryption is utilized to manage the secure transfer of the Standardized Participant Information Record Data file, which contains the SSNs.
- Secure File Transfer protocol (S-FTP) is used to transfer files from ETA to Kansas. Kansas has an S-FTP server and DOL has the S-FTP client.
Technology
Was the system built from the ground up or purchased and installed?
The Cloud Platform Services system is built from the ground up. It uses the FedRAMP certified Infrastructure as a Service (IaaS) provided by Amazon Web Services.
Describe how data integrity, privacy and security were analyzed as part of the decisions made for your system.
Data integrity, privacy and security of the system were analyzed resulting in the use of FedRAMP certified Infrastructure As A Service (IAAS) provided by Amazon Web Services.
What design choices were made to enhance privacy?
Privacy and security of the system are enhanced by the use of FedRAMP-certified Infrastructure as a Service (IAAS) provided by Amazon Web Services. The PII data is encrypted while in transit and in storage using AES 256 encryption. In addition direct access to this system is quite limited. Most users would access the PII data once transferred to ETA’s BPMS (with ATOs and PIAs) and subsequent to that from ETA’s EBSS; both ETA BPMS and EBSS have Security Assessment Authorizations and PIA in place as per DOL policies.
For systems in development, what stage of development is the system in, and what project development life cycle was used?
This system (CPS) is now deployed on October 1, 2016. However the system that will extract the PII from CPS is EPA BPMS and from there ETA EBSS. Both BPMS and EBSS are operational with approved PIAs; the system development conforms to computer security lifecycle defined in the DOL System Development Lifecycle Management Manual (SDLCMM). Based on the SDLCMM the system is in the ‘Operations and Maintenance’ phase.
For systems in development, does the project employ technology which may raise privacy concerns? If so please discuss their implementation?
The system does NOT employ technology which may raise privacy concerns.
On the contrary the highest well-established and time-tested encryption technology is used to protect the PII in transit and in storage.
Determination
As a result of performing the PIA, what choices has the agency made regarding the information technology system and collection of information?
- ETA has completed the PIA for Cloud Platform Services (CPS) which is now in production. ETA has determined that the safeguards and controls for this Moderate system will adequately protect the information and will be referenced in CPS System Security Plan.
- ETA has determined that it is collecting the minimum necessary information for the proper performance of a documented agency function.