PRIVACY IMPACT ASSESSMENT: Human Resources - Personal InformationChange RequestPIA Template Version 3 - May, 2009 Department of EnergyPrivacy Impact Assessment (PIA)Guidance is provided in the template. See DOE Order 206.1, Department of Energy Privacy Program,Appendix A, Privacy Impact Assessments, for requirements and additional guidance for conducting aPIA: ord/206/o2061.pdfPlease complete electronically: no hand-written submissions will be accepted.This template may not be modified.MODULE 1- PRIVACY NEEDS ASSESSMENTDateDepartmentalElement & SiteIdaho National Engineering LaboratoryEngineering Research Office Building (EROB)Name of Information Human Resources - Personal Information Change RequestSystem or IT Project Business EnclaveExhibit Project UID106800 NewPIADUpdate'tlN arne, T I eSystem OwnerLocal Privacy ActOffIcerMichelle BinghamTechnical Lead, Human ResourcesDale ClaflinPrivacy Act OfficerDaniel JonesCyber SecurityTechnical Lead, Cyber SecurityExpert reviewing thisdocument (e.g. ISSM,CSSM, ISSO, etc.)I I{ I \" .\ ( " yIJIt'l IHIIContact InformationPh one, E mal'I208-526-7830Michelle. [email protected]

PRIVACY IMPACT ASSESSMENT: Human Resources - Personal InformationChange RequestPIA Template Version 3 - May, 2009 MODULE 1- PRIVACY NEEDS ASSESSMENT208-526-0478Person Completingthis DocumentScott WelchPurpose ofInfonnatlon Systemor IT ProjectProvides a means for employees to update their personal information (maritalstatus, address/phone number, emergency contact, etc.) in company [email protected] Social Security numberD Medical & Health Information e.g. blood test resultsDFinancial Information e.g. credit card numberD Clearance Information e.g. "Q"Type of InfonnatlonCollected orMaintained by theSystem:DBiometric Information e.g. finger print, retinal scanD Mother's Maiden NameDDoB, Place of BirthD Employment InformationDCriminal History Name, Phone, Address Other - Please Specify - Also collects employee emergency contact information(name and phone number of emergency contact)Has there been any attempt to verify PII does not exist on thesystem?YESDOE Order 206.1, Department of Energy Privacy Program, defines PII asany Information collected or maintained by the Department about an individual,Including but not limited to, education, financial transactions, medical historyand criminal or employment history, and information that can be used todistinguish or trace an individual's identity, such as hislher name, SocialSecurity number, date and place ofbirth, mother's malden name, biometricdata, and Including any other personal information that Is linked or linkable to aspecific Individual.If "Yell," what method was u,edto verify the system did notI) I". I \' .\ ( : )'I 'iI I l.U \ '1Manual validation was provided by2

PRIVACY IMPACT ASSESSMENT: Human Resources - Personal InformationChange RequestPIA Template Version 3 - May, 2009MODULE I - PRIVACY NEEDS ASSESSMENTcontain PII? (e.g. system scan)the Data Services group.Additionally, when performing thePrivacy Impact Assessmentinformation was verified.Threshold Questions1. Does system contain (collect and/or maintain), or plan tocontain any Information about Individuals?YES2. Is the Information in identifiable form?YES3. Is the Information about individual Members of the Public?YESYES4. Is the Information about DOE or contractor employees?D Federal Employees Contractor EmployeesModule II must be completed for all systems if the answer to any of the four (4) thresholdquestions is "Yes." All questions must be completed. If appropriate, an answer of N/A may beentered.The goal of the threshold questions is to legitimately and efficiently determine whether additionalassessment is necessary. If there is doubt, it is in the System Owners best interest to completeModule II.PIAs affecting Members of the Public are posted on the DOE Privacy website. For this reason, PIAsaffecting Members of the Public should be written in plain language and at a high level so they areeasily understandable and do not disclose sensitive information.IIEND OF PRIVACY NEEDS ASSESSMENTMODULE II - PII SYSTEMS & PROJECTSP R 1 \' 1\ (: yIIIil {.I: \ 'I3

PRIVACY IMPACT ASSESSMENT: Human Resources - Personal InfonnationChange RequestPIA Template Version 3 - May, 2009 1. AUTHORITYWhat specific authoritiesauthorize this system orproJect,andthe associatedcollection, use, and/orretention of personalInformation?DOE Contract No: DE-AC07-05ID14517As provided in DOE 0 206.1, "The Privacy Act allows an agency tomaintain information about an individual that is relevant andnecessary to the purpose of the agency as required by statute or byExecutive Order of the President."2. CONSENTWhat opportunities doIndividuals have to decline toprovide Information (e.g.where prOViding InformationIs voluntary) or to consentonly to particular uses of theInformation (other thanrequired or authorized uses)?Form is filled out by individual employee when there is a name (e.g.marital status) change, address or phone number change and/or ifthere is a change to the employee's emergency contact information.This type of information is required for various business reasons (e.g.W-2, emergency contact).3. CONTRACTSAre contractors Involved withthe design, development andmaintenance of the system?If yes, was the Privacy OrderCRD or Privacy Act clausesIncluded In their contracts?4. IMPACT ANALVSIS:How does this project orInformation system Impactprivacy?I) R I \ ,\ ( . \II H lIl tl \ \.NOThe data maintained on this system has the same potential to impactan individual's privacy as would the loss of similar data from anypublic, private, government, or other system if not properlysafeguarded.4

PRIVACY IMPACT ASSESSMENT: Human Resources - Personal InformationChange RequestPIA Template Version 3 - May, 2009 MODULE II - PII SYSTEMS & PROJECTS6. SORNsHow will the data beretrieved? Can PII beretrieved by an Identifier ( unique number orsymbol)?Yes, Data can be retrieved by name and S number.If yes, explain. and list theIdentifiers that will be used toretrieve Information on theIndividual.S. SORNsHas a Privacy Act System ofRecords Notice (SORN) beenpublished In the FederalReglstet?DOE-OSIfIYes," prOVide name ofSORN and location In theFederal Register.7. SORNsIf the Information system Isbeing modified, will theSORN(s) require amendmentor revision?NODATA SOURCESjJ8. What are the sources ofInformation about IndividualsIn the Information system orproject?The individual employee provides the information.9. Will the Information systemderive new or meta dataabout an Individual from theInformation collected?NoI{ I\', \ ( . yI ItI,It \ , I5

PRIVACY IMPACT ASSESSMENT: Human Resources - Personal InfonnationChange RequestPIA Template Version 3 - May, 2009 MODULE II - PII SYSTEMS & PROJECTS10. Are the data elementsdescribed In detail anddocumented?No - this is a stand alone form. The data from this form is entered into the employee's profile with the HR System (i.e. PeopleSoft).DATA USEThe information on this form is entered in to the HR System(PeopleSoft). It is used to make sure we have the employee's correctlegal name, home/mailing address, home phone numbers, andemergency contact information. The name, address, and phonenumber is used to contact the employee (e.g. mail company W-2) andthe emergency contact information is collected in case we need tomake notification of a work related injury.11. How will the PII be used?12. If the system derives metadata, how will the new ormeta data be used?N/AWill the new or meta data bepart of an Individual'srecord?13. With what other agencies orentities will an Indlvldual-sInfonnatlon be shared?No other agency will see the information that is stored on this form."Reports- -.-- -- - - - - ------ - -- -- - ---- -- --------:'l---No reports are generated from this specific form. As mentionedabove, the information is entered into the HR System (PeopleSoft);see PeopleSoft PIA for more details.16. What will be the use of thesereports?N/AIN/A-Monitoring17. Will this Infonnatlon systemprovide the capability toIdentify, locate, and monitorIndividuals?I) 1\ 1 \ ,\ ( . )111{l,',lr\1II- -14. What kinds of reports areproduced about Individualsor contain an individual'sdata?16. Who will have access tothese reports?.,-- - - - - ------ .:.:.:.The information gathered from this form is used to locate individual'saddresses and phone numbers, as well as emergency contact phonenumbers. Monitoring of individuals is not possible.6

PRIVACY IMPACT ASSESSMENT: Human Resources - Personal InformationChange RequestPIA Template Version 3 - May, 2009 MODULE II - PII SYSTEMS & PROJECTS18. What kinds of Information arecollected as a function of themonitoring of Individuals?19. Are controls Implemented toprevent unauthorizedmonitoring of Individuals?N/AN/ADATA MANAGEMENT & MAINTENANCE20. How, will records aboutIndividuals be kept currentand verified for accuracy,relevance and completeness?Include pil data collectedfrom sources other than DOErecords.21. Ifthe Information system isop.rated in more than onesite, how will consistent useofthe Information be ensuredat all sites?IRetention & Disposition-22. What are the retentionperiods of data In theInformation system?23. What are the procedures fordisposition of the data at theend of the retention period?It is the employee's responsibility to fill out this specific form if theyhave any change in their name, address, phone number or emergencycontact. Completed forms are maintained in the employee's personalfiles.N/A------------ --- - --- - -- -- - ---- - -, ,------ ---- -------------J-- - - -----The final hard copy form is printed out and placed in the employee file(which is scanned into our company records storage system). Theseare retained according to the INL records schedule matrix - which isbased on federal requirements and company procedures (75 yearsafter the employee die).After the retention period has expired, the records are destroyed.ACCESS, SAFEGUARDS & SECURITY24. What controls are In place toprotect the data fromunauthorized access,modification or use?26. Who will have access to PIIdata?I)I I\'\ ( : yII I, \It.h \1The INL has implemented controls per the DOE's Program CyberSecurity Plan version 1.2 and continues to operate within the guidanceof the PCSP. This system is included in the Self ManagedEnvironment Enclave, which is categorized as low, and was certifiedand accredited January 28, 2008.The employee who submitted the data. Employees within the HumanResources and Diversity department and the IT programmer.7

PRIVACY IMPACT ASSESSMENT: Human Resources - Personal InformationChange RequestPIA Template Version 3 - May, 2009MODULE II - PII SYSTEMS & PROJECTS26. How Is access to PII datadetermined?27. Do ()ther Ihformatlon systemsshare data or have access tothe data In the system? If yes,explain.28. For connecting Informationsystems, Is there anInterconnection SecurityAgreement (ISA) or otheragreement.between SystemOwners to ensure the privacyof Individuals Is protected?29. Who Is responsible forensuring the authorized useof personal Information?Strictly on a need-to-know basis in the performance of assignedduties.NoNoHR&D management.END OF MODULE IIJl IZ I\', \ ( : '1r I[ .,I( , \ f8

-".-,.PIA ApprovalSignaturesOriginal Copy Signed and On Filewith the DOE Privacy Office

PRIVACY IMPACT ASSESSMENT: Human Resources - Personal Information Change Request PIA Template Version 3 - May, 2009 MODULE I - PRIVACY NEEDS ASSESSMENT