Workforce Recruitment Program (WRP) 

Overview

The Workforce Recruitment Program (WRP) Minor Application is managed by the Office of Disability Employment Policy and operated by Development InfoStructure, Inc. (Devis). The system provides Federal and private sector employers a database resource of college students with disabilities from which to identify qualified temporary and permanent employees in a variety of fields.

The WRP system contains the student's name, address, telephone number, e-mail address, college, major, credits earned, degree sought, job preference categories, job location preference, type of disability, job accommodation information, and the recruiter's summary of student's interview.

WRP also contains information from employers, recruiters, and school coordinators. Employer data includes name, job title, organization, address, telephone number, and e-mail address. Recruiter data includes name, job title, agency, address, telephone number, e-mail address, and government pay grade. School coordinator data includes name, school name, job title, address, telephone number, and e-mail address.

Collection of this information is authorized by 5 U.S.C. 301 and Executive Order 9397.

Potential employers can search through the system to identify qualified temporary and permanent employees in a variety of fields. This information is only available to registered employers in the system.

The PIA is being conducted as part of the annual review required of systems containing PII.

Characterization of the Information

The following questions are intended to define the scope of the information requested and/or collected as well as reasons for its collection as part of the program, system, or technology being developed.

Specify whether the system collects personally identifiable information (PII) on DOL employees, other federal employees, contractors, members of the public (U.S. citizens), foreign citizens, or minor children.

WRP collects PII on: DOL employees, other Federal employees, contractors, and members of the public (U.S. citizens).

What are the sources of the PII in the information system?

  • College students with disabilities seeking employment.
  • Employers, recruiters, and school coordinators.

What is the PII being collected, used, disseminated, or maintained?

  • The student's name, address, telephone number, e-mail address, college, major, credits earned, degree sought, job preference categories, job location preference, type of disability, job accommodation information, and the recruiter's summary of student's interview.
  • Employer data includes name, job title, organization, address, telephone number, and e-mail address. Recruiter data includes name, job title, agency, address, telephone number, e-mail address, and government pay grade. School coordinator data includes name, school name, job title, address, telephone number, and e-mail address.

How is the PII collected?

Secure, encrypted web form.

How will the information be checked for accuracy?

Reviewed by applicant and trained WRP recruiter.

What specific legal authorities, arrangements, and/or agreements defined the collection of information?

U.S.C. 301 and Executive Order 9397.

Privacy Impact Analysis

The system does collect PII. The Agency is very aware of the sensitivity of this information and has taken several steps to reduce or eliminate risks associated with its collection, use, and storage.

Risks identified and mitigation activities:

Online PII data disclosed to registered system user-

  1. All system users are approved by the WRP Program Director
  2. System restricts access to data by role
  3. All role access is approved by the WRP Program Director
  4. User accounts are monitored and managed to maintain a timely list of authorized users; inactive accounts are disabled

Online PII data disclosed to unauthorized system user-

  1. Only authorized users with active accounts are granted access to the system
  2. Unauthorized access attempts are logged, monitored, and investigated
  3. Access to system is via encrypted internet protocol (HTTPS)
  4. System resides in secure, controlled access facility with limited physical access by only authorized individuals

Archived PII data disclosed to unauthorized persons-

  1. Archived data is restricted to use by only the WRP Program Director

Loss or theft of PII data-

  1. Data stored in secured electronic system
  2. Access to system is via encrypted internet protocol (HTTPS)
  3. System resides in secure, controlled access facility with limited physical access by only authorized individuals

Uses of the PII

The following questions are intended to clearly delineate the use of information and the accuracy of the data being used.

Describe all the uses of the PII

Relevant information concerning student interviewees may be disclosed to interested federal and private sector employers.
Disability information concerning interviewees is disclosed to interested federal employers but not to private sector employers.

What types of tools are used to analyze data and what type of data may be produced?

Web forms and reports.

Will the system derive new data, or create previously unavailable data, about an individual through aggregation of the collected information?

The system does not derive new data, but collects existing data for the purpose of the program.

If the system uses commercial or publicly available data, please explain why and how it is used.

All data is provided by the program participants.

Privacy Impact Analysis

The WRP Program Director approves all employee participants; the respective colleges approve all participating students.

Retention

The following questions are intended to outline how long information will be retained after the initial collection.

How long is information retained in the system?

The program operates on an annual basis; therefore student data is only available to employers for the designated program year. Participant data is then archived indefinitely for use only by the WRP Program Director for long-term employment trend analysis and generation of performance metrics.

Has the retention schedule been approved by the DOL agency records officer and the National Archives and Records Administration (NARA)?

Yes.

How is it determined that PII is no longer required?

Non-sensitive PII within the system (name, address, phone number, email address) is required to contact individual participants in the program and, as such, will always be required.

What efforts are being made to eliminate or reduce PII that is collected, stored or maintained by the system if it is no longer required?

Currently, all PII data collection is voluntary; however, as participants are seeking employment by virtue of their participation, appropriate contact information is required for interested employers to contact participants.

Privacy Impact Analysis

Data is available in the system only during the designated program year for student, recruiter, and employer participants. Data is then archived offline and is only available to the WRP Program Director. This minimizes the risk to data, while providing the access necessary for historical trend analysis and performance metric reporting.

Internal Sharing and Disclosure

The following questions are intended to define the scope of sharing within the Department of Labor.

With which internal organization(s) is the PII shared, what information is shared, and for what purpose?

Access to data via Employer role granted within the Agency for those authorized individuals with hiring authority.

How is the PII transmitted or disclosed?

Via encrypted web form

Privacy Impact Analysis

Internal sharing produces no additional risks than those already described.

External Sharing and Disclosure

The following questions are intended to define the content, scope, and authority for information sharing external to DOL which includes federal, state and local government, and the private sector.

With which external organization(s) is the PII shared, what information is shared, and for what purpose?

The student's name, address, telephone number, e-mail address, college, major, credits earned, degree sought, job preference categories, job location preference, type of disability, job accommodation information, and the recruiter's summary of student's interview are shared with authorized program recruiters and authorized employers for the purpose of matching students with disabilities to job opportunities.

Is the sharing of PII outside the Department compatible with the original collection? If so, is it covered by an appropriate routine use in a SORN? If so, please describe. If not, please describe under what legal mechanism the program or system is allowed to share the PII outside of DOL.

Yes, and it is covered in the SORN.

How is the information shared outside the Department and what security measures safeguard its transmission?

Access is provided to authorized users via encrypted web forms.

Privacy Impact Analysis

As previously described above.

Notice

The following questions are directed at notice to the individual of the scope of PII collected, the right to consent to uses of said information, and the right to decline to provide information.

Was notice provided to the individual prior to collection of PII?

Yes.

Do individuals have the opportunity and/or right to decline to provide information?

Yes.

Do individuals have the right to consent to particular uses of the information? If so, how does the individual exercise the right?

Use of the information is not subdivided into particular uses.

Privacy Impact Analysis

Notice is provided on the system on the data entry web form and by one-on-one communication with program recruiters.

Access, Redress, and Correction

The following questions are directed at an individual’s ability to ensure the accuracy of the information collected about them.

What are the procedures that allow individuals to gain access to their information?

Secured access is provided for individuals to review and update their own personal information.

What are the procedures for correcting inaccurate or erroneous information?

Individuals can update their own information in the system.

How are individuals notified of the procedures for correcting their information?

One-on-one communication with a program recruiter.

If no formal redress is provided, what alternatives are available to the individual?

N/A

Privacy Impact Analysis

Individuals can update their own information in the system.

Technical Access and Security

The following questions are intended to describe technical safeguards and security measures.

What procedures are in place to determine which users may access the system and are they documented?

Described in detail in WRP SSP

Will Department contractors have access to the system?

Yes.

Describe what privacy training is provided to users, either generally or specifically relevant to the program or system?

Annual Privacy training conducted by Department for program staff and contractors.

What auditing measures and technical safeguards are in place to prevent misuse of data?

Described in detail in WRP SSP

Privacy Impact Analysis

Described in detail in WRP SSP

Technology

The following questions are directed at critically analyzing the selection process for any technologies utilized by the system, including system hardware, RFID, biometrics, and other technology.

What stage of development is the system in, and what project development life cycle was used?

Steady-state operations and maintenance. The system was developed in compliance with the Department’s SDLC.

Does the project employ technology which may raise privacy concerns? If so please discuss their implementation?

Yes, internet-based web access. All communication is encrypted.

Determination

As a result of performing the PIA, what choices has the agency made regarding the information technology system and collection of information?

  • ODEP has completed the PIA for Workforce Recruitment Program which is currently in operation. ODEP has determined that the safeguards and controls for this moderate system adequately protect the information referenced in WRP System Security Plan detailed in CSAM.
  • ODEP has determined that it is collecting the minimum necessary information for the proper performance of a documented agency function.