Electronic Labor Organization Reporting System (e.LORS)
Overview
The Office of Labor-Management Standards (OLMS) administers and enforces most provisions of the Labor Management Reporting and Disclosure Act (LMRDA). The LMRDA was enacted primarily to ensure basic standards of democracy and fiscal responsibility in labor organizations representing employees in private industry. Unions representing U.S. Postal Service employees became subject to the LMRDA with the passage of the Postal Reorganization Act of 1970.
Under the LMRDA, labor unions and others are required to file annual financial reports with OLMS and these reports are required to be made available for review by any interested party. In 2002 OLMS implemented electronic filing for labor organization annual reports (LM-2, 3, and 4). OLMS also created an Internet public disclosure system that provides public access to filed labor organization reports and to a searchable database of information for those reports. In 2010 OLMS implemented a modernized Electronic Filing System (EFS) which is a browser based application that provides users access to the required reporting forms via their current web browser and web submission of completed forms through the same browser. OLMS also discloses data filed on the LM-10, LM-20, LM-21, and LM-30 reports in an online searchable database. The various tasks of OLMS are managed and supported by the Electronic Labor Organization Reporting Systems (e.LORS).
e.LORS was initiated to support the President's Management Agenda to expand electronic government by automating a paper-based reporting and public disclosure system under the LMRDA. It also ensures compliance with the Government Paperwork Elimination Act, P.L. 105-277, Title XVII, by making required forms available for electronic submission.
This Privacy Impact Assessment (PIA) report seeks to identify the essential components of the OLMS e.LORS to ensure that personally identifiable information (PII) is protected by security procedures and controls commensurate with the sensitivity of the information.
Characterization of the Information
The following questions are intended to define the scope of the information requested and/or collected as well as reasons for its collection as part of the program, system, or technology being developed.
Specify whether the system collects personally identifiable information (PII) on DOL employees, other federal employees, contractors, members of the public (U.S. citizens), foreign citizens, or minor children.
What are the sources of the PII in the information system?
Under the LMRDA, labor unions are required to file annual financial reports (LM-2, 3 and 4) with OLMS.
What is the PII being collected, used, disseminated, or maintained?
Name, mailing address, and phone number.
How is the PII collected?
Annual financial reports are filed both electronically and through regular mail.
How will the information be checked for accuracy?
The data is reviewed on an annual basis.
What specific legal authorities, arrangements, and/or agreements defined the collection of information?
Labor-Management Reporting and Disclosure Act of 1959.
Privacy Impact Analysis
All OLMS employees receive annual computer security awareness training which includes information concerning each employee's responsibility to safeguard the privacy of the information received by OLMS. All employees are also responsible to be familiar with and abide by the OLMS Rules of Behavior which address proper security measures each employee must follow in order to be granted access to e.LORS and the information it contains. OLMS complies with all Federal guidelines concerning least privilege policies. e.LORS users are granted only the access they need to perform their duties and nothing more.
Uses of the PII
The following questions are intended to clearly delineate the use of information and the accuracy of the data being used.
Describe all the uses of the PII
The data contained in the annual reports submitted by unions may be used by union members, educational researchers, lawyers, and journalists among others.
What types of tools are used to analyze data and what type of data may be produced?
Users may create queries from the OLMS Internet Public Disclosure website from which they are able to select results they wish to save, and can generate a number of reports comparing data saved from multiple searches.
Will the system derive new data, or create previously unavailable data, about an individual through aggregation of the collected information?
No
If the system uses commercial or publicly available data, please explain why and how it is used.
Not applicable
Privacy Impact Analysis
OLMS/e.LORS IT Rules of Behavior
Retention
The following questions are intended to outline how long information will be retained after the initial collection.
How long is information retained in the system?
Union annual financial reports are permanently maintained by OLMS.
Has the retention schedule been approved by the DOL agency records officer and the National Archives and Records Administration (NARA)?
Approval of OLMS records retention schedule was granted by a DOL Records Officer and a National Archives and Records Administration official on 11/09/04.
Privacy Impact Analysis
Current policy requires effectively maintaining the security of PII gathered by OLMS. The current records retention schedule would be reviewed and modified as necessary if there were any significant changes to the OLMS processes in the future.
Internal Sharing and Disclosure
The following questions are intended to define the scope of sharing within the Department of Labor.
With which internal organization(s) is the PII shared, what information is shared, and for what purpose?
This information is not shared internally with any organization(s).
How is the PII transmitted or disclosed?
Labor union annual reports can be viewed via the OLMS Internet Public Disclosure website. Users can also order paper copies of reports from the website as well as in person from the OLMS Records Library.
Privacy Impact Analysis
PII gathered by OLMS is not shared internally with any offices and/or organizations.
External Sharing and Disclosure
The following questions are intended to define the content, scope, and authority for information sharing external to DOL which includes federal, state and local government, and the private sector.
With which external organization(s) is the PII shared, what information is shared, and for what purpose?
Members of the public may view the annual labor union reports submitted to OLMS pursuant to the LMRDA via the OLMS Internet Public Disclosure Room website. Users can also order paper copies of annual reports from the website. The data contained in the annual reports submitted by unions may be used by union members, educational researchers, lawyers, and journalists among others.
Is the sharing of PII outside the Department compatible with the original collection? If so, is it covered by an appropriate routine use in a SORN? If so, please describe. If not, please describe under what legal mechanism the program or system is allowed to share the PII outside of DOL.
Yes. DOL/ESA-45 (Investigative Files of the Office of Labor-Management Standards), a system maintained by the Office of Labor-Management Standards.
How is the information shared outside the Department and what security measures safeguard its transmission?
The annual reports filed by labor unions are available via the OLMS Internet Public Disclosure Room website. Users can also order paper copies of the reports from the OLMS Disclosure Room website.
Privacy Impact Analysis
The collected data is reviewed by OLMS Staff on an annual basis to ensure accuracy.
Notice
The following questions are directed at notice to the individual of the scope of PII collected, the right to consent to uses of said information, and the right to decline to provide information.
Was notice provided to the individual prior to collection of PII?
All OLMS web pages contain a link to the DOL Privacy and Security Statement which provides the public with the complete explanation of DOL privacy policies.
Do individuals have the opportunity and/or right to decline to provide information?
OLMS administers and enforces most provisions of the LMRDA. Under the LMRDA, labor unions are required to file annual financial reports (LM-2, 3 and 4) with OLMS and these reports are required to be made available for review by any interested party.
Do individuals have the right to consent to particular uses of the information? If so, how does the individual exercise the right?
All OLMS web pages contain a link to the DOL Privacy and Security Statement which provides the public with the complete explanation of DOL privacy policies.
Privacy Impact Analysis
All OLMS web pages contain a link to the DOL Privacy and Security Statement which provides the public with the complete explanation of DOL privacy policies.
1.1 Access, Redress and Correction
The following questions are directed at an individual's ability to ensure the accuracy of the information collected about them.
What are the procedures that allow individuals to gain access to their information?
Individuals may view the annual labor union reports via the OLMS Internet Public Disclosure Room website, at the OLMS Disclosure File Room at the DOL National Office or they can view reports at a local OLMS field office located throughout the country.
What are the procedures for correcting inaccurate or erroneous information?
Users may alert any OLMS staff member who can then internally correct any information found to be erroneous. If necessary, users may be required to file an amended annual report for the filing year in question. This would be determined on a case by case basis.
How are individuals notified of the procedures for correcting their information?
OLMS staff will follow up directly with the user who alerted the agency to the error.
If no formal redress is provided, what alternatives are available to the individual?
Users may file an amended annual report for the year in question.
Privacy Impact Analysis
OLMS continually reviews the information received from labor unions contained in the annual reports filed as required by the LMRDA. If errors are found, they are corrected immediately.
Technical Access and Security
The following questions are intended to describe technical safeguards and security measures.
What procedures are in place to determine which users may access the system and are they documented?
The OLMS/e.LORS IT Rules of Behavior states that the policy of least privileges is in place and enforced when granting OLMS personnel access to the e.LORS database. e.LORS user access is reviewed on a semi-annual schedule by the OLMS ISO to ensure compliance with these regulations.
Will Department contractors have access to the system?
As stated in the OLMS/e.LORS IT Rules of Behavior, OLMS developers/contractors are not permitted access to the e.LORS production system.
Describe what privacy training is provided to users, either generally or specifically relevant to the program or system?
All OLMS computer users, federal employees and contractor staff, are required to complete the annual computer security training provided by the DOL.
What auditing measures and technical safeguards are in place to prevent misuse of data?
The OLMS/e.LORS IT Rules of Behavior states that the policy of least privileges is in place and enforced when granting OLMS personnel access to the e.LORS database. e.LORS user access is reviewed on a semi-annual schedule by the OLMS ISO to ensure compliance with these regulations.
Privacy Impact Analysis
By enforcing the Rules of Behavior, OLMS can safeguard data collected from labor organizations. As stated by both OLMS and DOL, it is imperative of all employees that they be aware of their security responsibilities to protect Federal information and Federal information systems. Toward this goal, DOL provides annual computer security training for all employees and contractors entrusted with access to Federal computer systems and information.
Technology
The following questions are directed at critically analyzing the selection process for any technologies utilized by the system, including system hardware, RFID, biometrics, and other technology.
What stage of development is the system in, and what project development life cycle was used?
e.LORS is in the Operations and Maintenance phase of the computer security lifecycle.
Does the project employ technology which may raise privacy concerns? If so please discuss their implementation?
Not Applicable
Determination
As a result of performing the PIA, what choices has the agency made regarding the information technology system and collection of information?
OLMS has completed the Privacy Impact Analysis for e.LORS which is currently in operation. OLMS has determined that the safeguards and controls for this moderate computer system adequately protect the information.
OLMS has determined that it is collecting the minimum necessary information for the proper performance of a documented agency function.