Overview
The Employment and Training Administration (ETA) Reentry Employment Opportunities (REO) program provides funding authorized as Research and Evaluation under Section 169 of the Workforce Innovation and Opportunity Act (WIOA) of 2014 for justice-involved youth, between the ages from 18 to 24, and formerly incarcerated adults (ages 25 or above). Its goal is to develop strategies and partnerships that facilitate the implementation of successful programs at the state and local levels that will improve the workforce outcomes for this population. These projects are designed to test the effectiveness of successful models and practices found in community and faith-based environments and other government systems that have not been tested for their adaptability in the public workforce system.
The REO Case Management Application (CMA) is a case tracking system developed in Appian low code application development platform. The Appian instance(s) is a hosted software as a service (SaaS) product that falls within the DOL Case Management Platform (CMP). The Appian instance(s) of DOL CMP is supported by Relational Database Service (RDS) instance(s) of Oracle 12c Enterprise Edition running in AWS. The REO CMA is developed as a web-based, mobile-accessible application to support the REO program's mission and goals. It supports two categories of users; internal users (DOL users) and external users (grantee users), with different but associated sets of functions. The internal users group includes the REO Program staff, performance management/evaluation team, Field Project Officers (FPOs) and REO Technical Assistance contract team members. The external users group includes program director, data entry personnel, and lead workers supporting direct grantees and sub-grantees (intermediaries).
The REO CMA collects data from REO program grantees, which includes personally identifiable information (PII) from program participants. The REO application collects PII directly from citizens – justice involved youth, young adults, and formerly incarcerated adults that are participating in the program; mentioned throughout the document as participants. ETA shares data internally with Workforce Integrated Performance System (WIPS) applications for generating Quarterly Performance Reporting (QPR) to evaluate the effectiveness of the various REO programs. WIPS is hosted on the ETA Business Process Management (BPM) Platform.
Characterization of the Information
The following questions are intended to define the scope of the information requested and/or collected as well as reasons for its collection as part of the program, system, or technology being developed.
Specify whether the System collects personally identifiable information (PII) on DOL employees, other federal employees, contractors, members of the public (U.S. citizens), foreign citizens, or minor children.
- From whom is information to be collected?
Members of the Public - justice involved youth, young adults, and formerly incarcerated adults that are participating in the program.
- Why is the Information being collected?
The collection of PII including Social Security Numbers (SSNs) is used by ETA specifically for tracking exit-based employment measures as part of the WIOA primary performance indicators. Additionally, the last four digits of SSNs is used to generate unique participant ID numbers.
- What is the PII being collected, used, disseminated, or maintained?
Full names, personal addresses, personal emails, personal telephone numbers, dates of birth, demographic information (race, ethnicity, disability, veteran's status, and homeless status), educational information (highest level achieved), criminal record information, and SSNs.
- How is the PII collected?
REO program grantees collect PII from program participants and Case managers manually enter the data into the REO CMA.
- How will the information collected from individuals or derived from the system be checked for accuracy?
The participants provide information to grantee users verbally. The grantee users utilize publicly available information (selective service registration, County FIPs code lookup, and category of employment lookup) to validate the accuracy of the information provided (only a limited amount of information is checked for accuracy), The SSN entry does not show the characters typed by the program grantees, and another field is available for the grantee users to type the SSN again to ensure accuracy.
- What specific legal authorities, arrangements, and/or agreements defined allow the collection of PII?
Workforce Innovation and Opportunity Act (WIOA) of 2014.
- Privacy Impact Analysis
The risk to privacy is inappropriate handling or disclosure of PII, especially SSNs. Access controls mitigate the risk that data is compromised. On screen, the SSN is not visible explicitly (to avoid over-the-shoulder view of SSN). Only a limited set of grantee user roles/groups is allowed to view SSN by intentionally clicking a link to view SSN. The SSN is hidden automatically when the grantee user moves the cursor away from the SSN field or the grantee user clicks somewhere else on the screen. In addition, the SSN column is encrypted at rest and while in transit to ensure the confidentiality of this data element. There are very few grantee users who review the cases that are submitted. Only the grantee users have access to the PII information. Those grantee users (external grantee users) are required to use Login.Gov to authenticate access to REO through the DOL CMP portal.
Describe the Users of the PII
The following questions are intended to clearly delineate the use of information and the accuracy of the data being used.
- Describe all the uses of the PII
The PII will be used to follow up on participant outcomes, including whether they find employment or make unemployment insurance claims.
- What types of tools are used to analyze data and what type of data may be produced?
Not applicable. REO does not use tools to analyze the data.
- Will the system derive new data, or create previously unavailable data, about an individual through aggregation of the collected information?
No.
- If the system uses commercial or publicly available data, please explain why and how it is used.
Not applicable. REO does not use commercial or publicly available data.
- Will the use of PII create or modify a "system of records notification" under the Privacy Act?
No.
- Privacy Impact Analysis
REO employs role-based access controls to ensure only authorized individuals can access PII stored in the system. It employs audit log controls to track and record the activities of grantee users while they access the system.
Retention
The following questions are intended to outline how long information will be retained after the initial collection.
- What is the retention period for the data in the system?
Destroy after 3 years 4 months after grant performance period ends.
- Is a retention period established to minimize privacy risk?
No
- Has the retention schedule been approved National Archives and Records Administration (NARA)? Provide the retention schedule number for the schedule utilized?
No. Retention schedule DAA-0369-2013-0003 has been submitted for certification to NARA and is pending approval.
- Per M-17-12, Preparing for and Responding to a Breach of Personally Identifiable Information; what efforts are being made to eliminate or reduce PII that is collected, stored or maintained by the system if it is no longer required?
None.
- Have you implemented the DOL PII Data Extract Guide for the purpose of eliminating or reducing PII?
Yes – REO logs activities to monitor data extraction requests. The REO CMA does not support direct data extraction that includes PII from the application.
- How is it determined that PII is no longer required?
Grantees must retain data received from ETA only for the period of time required to use it for assessment and other purposes, or to satisfy applicable Federal records retention requirements, if any. Thereafter, the grantee agrees that all data will be destroyed, including the degaussing of magnetic tape files and deletion of electronic data.
- If you are unable to eliminate PII from this system, what efforts are you undertaking to mask, de-identify or anonymize PII?
SSNs in the system are masked and are made visible only when specifically requested. The database is managed on a FedRAMP certified cloud and encrypted at the database level. Any data with PII is protected at rest and while in transit.
- Privacy Impact Analysis
Risks associated with the length of time data is retained include inadvertent disclosure of confidential information. REO uses role-based access control to limit access to PII to only authorized grantee users. REO encrypts the SSN field within the database to protect against its disclosure to unauthorized individuals who may have access to the database component of REO.
Internal Sharing and Disclosure
The following questions are intended to define the scope of sharing within the Department of Labor.
- With which internal organization(s) is the PII shared, what information is shared, and for what purpose?
Not applicable. PII is not shared with other DOL organizations. It is kept within ETA.
- How is the PII transmitted or disclosed?
Not applicable. PII is not shared with internal organizations.
- Does the agency review when the sharing of personal information is no longer required to stop the transfer of sensitive information?
Not applicable. PII is not shared with internal organizations.
- Privacy Impact Analysis
Not applicable. PII is not shared with internal organizations.
External Sharing and Disclosure
The following questions are intended to define the content, scope, and authority for information sharing external to DOL which includes federal, state and local government, and the private sector.
- With which external organization(s) is the PII shared, what information is shared, and for what purpose?
Not applicable. PII is not shared with external organizations.
- Is the sharing of PII outside the Department compatible with the original collection? If so, is it covered by an appropriate routine use in a SORN? If so, provide the SORN ID in use for this system. If not, please describe under what legal mechanism the program or system is allowed to share the PII outside of DOL.
Not applicable. PII is not shared with external organizations.
- How is the information shared outside the Department and what security measures safeguard its transmission?
Not applicable. PII is not shared with external organizations.
- How is the information transmitted or disclosed?
Not applicable. PII is not shared with external organizations.
- Is a Memorandum of Understanding (MOU), contract, or any agreement in place with any external organizations with whom information is shared, and does the agreement reflect the scope of the information currently shared? If the answer is yes, be prepared to provide a copy of the agreement in the event of an audit as supporting evidence.
Not applicable. PII is not shared with external organizations.
- How is the shared information secured by the recipient?
Not applicable. PII is not shared with external organizations.
- What type of training is required for users from agencies outside DOL prior to receiving access to the information?
Not applicable. PII is not shared with external organizations.
- How is the shared information secured by the recipient?
Not applicable. PII is not shared with external organizations.
- What type of training is required for users from agencies outside DOL prior to receiving access to the information?
Not applicable. PII is not shared with external organizations.
- Privacy Impact Analysis
Not applicable. PII is not shared with external organizations.
Notice
The following questions are directed at notice to the individual of the scope of PII collected, the right to consent to uses of said information, and the right to decline to provide information.
- Was notice provided to the individual prior to collection of PII? If yes, please provide a copy of the notice as an appendix or be prepared to provide a copy of the notice during an audit request. A notice may include a posted privacy policy, a Privacy Act notice on forms, or a system of records notice published in the Federal Register Notice. If notice was not provided, please explain.
Not applicable. Notice is provided to individuals (participants) by the grantees. PII is collected through grantees, not collected directly by ETA from the individuals.
- Do individuals have the opportunity and/or right to decline to provide information?
Yes. SSN disclosure must be voluntarily provided by the individual and grantees cannot deny the participant access to services if the SSN is not provided. In such instances, the grantee is instructed to use a standard identifier in place of SSN.
- Do individuals have the right to consent to particular uses of the information? If so, how does the individual exercise the right?
Yes. Individuals have the right to consent to particular uses in writing.
- Privacy Impact Analysis
Individuals are informed that providing SSNs is voluntary.
Individual Access, Redress, and Correction
The following questions are directed at an individual’s ability to ensure the accuracy of the information collected about them.
- What are the procedures that allow individuals to gain access to their own information?
No participant has access to the system to gain direct access to their information. Only the grantees and their employees have access. However, the participant can request the grantee user to share their own information from the REO application.
- What are the procedures for correcting inaccurate or erroneous information?
The participant would need to notify the Grantee that an error exists in their information. The Program Analyst would update the information in the system.
- How are individuals notified of the procedures for correcting their own information?
No formal notification exists. If participants see an error or need to change data (name change for example), they contact the Grantee for the change.
- If no formal redress is provided, what alternatives are available to the individual?
The Grantees work with participants to address any grievances. Each Grantee maintain an organizational structure for supporting grants and participants, with the Grantee administrator being responsible for all data reported to DOL.
- Privacy Impact Analysis
Updates are made by Grantees and their employees. No external individual has access to make changes.
Technical Access and Security
The following questions are intended to describe technical safeguards and security measures.
- Which user group(s) will have access to the system? (For example, program managers, IT specialists, and analysts will have general access to the system and registered users from the public will have limited access.)
Program Administrators and Program Analysts will have general access to the system and external registered grantee users will have limited access to only the case data that pertains to their organization(s). These grantee users include grantee and sub-grantee administrators, case managers, and supervisors.
- Will contractors to DOL have access to the system? If so, please include a copy of the contract describing their role to the OCIO Security with this PIA or be prepared to provide copies during an audit request
Yes
- Does the system use "roles" to assign privileges to users of the system? If yes, describe the roles.
Yes. The roles are described below:
User Type |
Role |
Users |
Permissions |
Internal Users |
Program Administrator |
National Program Team members |
|
TA Contractors |
|
||
Program Analyst |
Field Project Officers |
|
|
External Grantee users |
Grantee Administrator |
|
|
Sub-Grantee Administrator |
|
|
|
Supervisor / Case Manager |
|
|
- What procedures are in place to determine which users may access the system and are they documented?
The DOL CMP user guide determines the roles and access for all applications built on DOL CMP. In addition, the REO CMA has clearly defined roles and permissions (shown above) for all grantee organizations.
- How are the actual assignments of roles and Rules of Behavior, verified according to established security and auditing procedures? How often training is provided. Provide date of last training.
Assignments of roles for external grantee users are done by contacting the program office when a new grantee user registers for access to the system via login.gov. The program office or the organization's administrators will assign roles using a utility built into the application to provide access to the correct roles within the organization. Internal user assignment will be done through the platform-wide User Access Management (UAM) application managed by the DOL CMP. All new grantee users will need to access the rules of behavior upon logging into the system for the first time and this is tracked in the database.
- Describe what privacy training is provided to users, either generally or specifically relevant to the program or system?
The Department of Labor provides annual security and privacy awareness training to all internal users.
- What auditing measures and technical safeguards are in place to prevent misuse of data?
Grantee users must be logged in via login.gov or via the DOL VPN on GFE (only for internal DOL users). Auditing is at the DOL CMP platform level. The REO CMA maintains access logs on grants, providing a high-level view of the data that the user accesses during their login sessions.
- Is the data secured in accordance with FISMA requirements? If yes, when was Security Assessment and Authorization last completed?
REO data is stored on the DOL CMP Enterprise Relation Database System (RDS). The DOL CMP is compliant with FISMA, and its most recent authorization date is 5/12/2021.
- Privacy Impact Analysis
Privacy risks include disclosure of PII to unauthorized grantee users or non-users of the system. REO uses role-based access control to limit access to PII to only authorized grantee users. REO encrypts the SSN field within the database to protect against its disclosure to unauthorized individuals who may have access to the database component of REO. It also employs audit log controls to track and record the activities of grantee users while they access the system.
Technology
The following questions are directed at critically analyzing the selection process for any technologies utilized by the system, including system hardware, biometrics, and other technology.
- Was the system built from the ground up or purchased and installed?
REO was built on the DOL CMP Appian platform.
- Describe how data integrity, privacy and security were analyzed as part of the decisions made for your system.
Utilizing a more normalized data structure, implementing foreign key for referential integrity, and developing real-time data validations before data is saved to the database ensures that data quality will improve over the legacy application. Privacy and security concerns are addressed by limiting access to the data based on role membership and organization association. Additionally, security controls are in place to encrypt data at rest and in transit to protect sensitive data from the public.
- What design choices were made to enhance privacy?
Authentication for all external grantee users is done via Login.gov, which is FedRAMP certified and requires multi-factor authentication. Appian as a platform is also FedRAMP and FISMA certified and utilizes role-based access to ensure that grantee users only see data pertinent to them. The connection from Appian to the RDS database occurs over an encrypted VPN tunnel and sensitive data including the SSN are encrypted at rest.
- For systems in development, what stage of development is the system in, and what project development life cycle was used?
REO is in development and uses the Agile development methodology.
- For systems in development, does the project employ technology that may raise privacy concerns? If so, please discuss their implementation?
No.
Determination
As a result of performing the PIA, what choices has the agency made regarding the information technology system and collection of information?
- ETA has completed the PIA for REO which is currently in development. ETA has determined that the safeguards and controls for this Moderate system will adequately protect the information and will be referenced in the REO System Security Plan to be completed by October 2022.
- ETA has determined that it is collecting the minimum necessary information for the proper performance of a documented agency function.