Commodity Futures Trading CommissionPrivacy Impact AssessmentSystem Name: Learning Management System (LMS)Office: Office of Executive Director (OED), Human Resources Branch (HRB)Date: April 12, 20181.OverviewThe Human Resources Branch in coordination with the Office of Data and Technologyhas procured a 3rd party hosted Learning Management System (LMS) from CornerstoneInc. (Cornerstone). The LMS will assist the CFTC in the administration, documentation,tracking, reporting and delivery of educational courses or training programs. The intent isto help deliver material and administer training to CFTC Staff (employees, contractors,volunteers, and interns) to track progress and assist in record-keeping of trainingactivities. The LMS will enable content delivery in a variety of forms, acting as a platformfor fully online courses, as well as several hybrid forms, such as blended learning and inperson classroom sessions.2. Data Collected and Stored Within the System2.1. What information will be collected, used, disseminated or maintained in thesystem?The system stores training information (courses, training rooms, instructors, and trainingcompletion history), personally identifiable information (PII), and human resource (HR)information for CFTC Staff.Specific categories of PII may include:1. PII CategoriesName (for purposes other thancontacting federal employees)Date of BirthSocial Security Number (SSN,last 4 digits)2. Iscollected,processed,disseminated, 3. CFTCstored and/Employeesaccessed bythis systemor projectXX5. Other(e.g.4. Members contractors,of the Public othergovernmentemployees)X1Revised 2014

Tax Identification Number(TIN)Photographic IdentifiersDriver’s LicenseMother’s Maiden NameVehicle IdentifiersPersonal Mailing AddressPersonal E-Mail AddressPersonal Phone NumberMedical Records NumberMedical Notes or some otherHealth InformationFinancial Account InformationCertificates (Training)Legal DocumentsDevice IdentifiersWeb Uniform ResourceLocator(s)Education RecordsMilitary StatusEmployment TypeForeign ActivitiesOther: Employee BargainingUnit StatusOther: Employee IDXXXXXXXXXXXXX2.2. What will be the sources of the information in the system?The staff member names, employment type (contractor or Federal employee), andbargaining unit status will come from CFTC’s Management and AdministrativeEnterprise Database (MAED). The training and education information will be generatedwithin the system.2.3. Why will the information be collected, used, disseminated or maintained?The information is being collected to enable CFTC to track and administer training to itsstaff and to satisfy regulatory reporting requirements for training.2.4. How will the information be collected by the Commission?The employment-related information is imported from MAED and is generally collectedfrom CFTC’s internal Personnel Clearance System which contains biweekly dataupdates from the National Finance Center. The training related information is generatedas the staff member registers for, and completes training activities.2.5. Is the system using technologies in ways that the CFTC has not previouslyemployed (e.g., monitoring software)?2Revised 2014

No. While it is a new system, it will take the place of other existing training systems withsimilar functions and purposes including: Training Log, Training and Events RegistrationSystem, and CourseMill.2.6. What specific legal authorities authorize the collection of the information?The Government Employees Training Act; 5 U.S. Code § 4103; 5 CFR Part 410; 5 CFRPart 412; Public Law 107 – 347, E-Government Act of 2002; Executive Order 11348Providing for the further training of Government employees; Executive Order 13111,Using Technology to Improve Training Technologies for Federal GovernmentEmployees.3. Data and Records Retention3.1. For what period of time will data collected by this system be maintained and inwhat form will the data be retained?Records for this system will be maintained in accordance with the retention periods inthe disposition schedules approved by the National Archives. All approved schedulesare available at What are the plans for destruction and/or disposition of the information?The training team will adhere to the guidance and policy of the Commission and itsRecords Office. Data will be purged from the LMS system after the retention period isreached, and any hard copies will be destroyed using Federal agency and CFTCapproved secured practices for disposing of hard copy records.4. Access to and Sharing of the Data4.1. Who will have access to the information in the system (internal and externalparties), and with whom will the data be shared? If contractors, are the FederalAcquisition Regulations (FAR) clauses included in the contract (24.104 Contract clauses;52.224-1 Privacy Act Notification; and 52.224-2 Privacy Act)?Every CFTC staff member will have access to their own records. Access to the recordsof others will be limited to LMS administrators within the Training Team. Supervisors andbusiness managers will have access only to training data within their teams that includesname, certification, transcript, bargaining unit status, course information, start date, andend date. Contractors who may help in administering the system or training will haveaccess to the information on a need to know basis to perform their duties. FAR clausesrelated to the Privacy Act are included in CFTC contracts that require contractors tohave access to PII.4.2. If the data will be shared outside the Commission’s network, how will the data betransferred or shared?Training data from the LMS will be sent via Secure FTP to the Office of PersonnelManagement to satisfy monthly reporting requirements for CFTC training activities.3Revised 2014

4.3. If the data will be released to the public, consultants, researchers or other thirdparties, will it be aggregated or otherwise de-identified (i.e. anonymized)? If yes, pleasealso explain the steps that the Commission will take to aggregate or de-identify the data.The data will not be released to the public, or any other party except OPM, as required.4.4 Do the recipients of the aggregated or de-identified information have anotherdataset, or is there a publicly available dataset that could be used to re-identifyCommission information?The data is not released publically and there is no known public data set. OPM requiresidentifiable information to match the training records to existing OPM personnel filesmaintained for CFTC employees.4.5. Describe how the CFTC will track disclosures of personally identifiable informationthat will be shared with outside entities. The Privacy Act requires that the CFTC recordthe date, nature, and purpose of each disclosure of a record to any person or to anotheragency.CFTC is able to track the disclosure of personal information collected from the LMS bytracing the information back from the external request to the initial collection.4.6. Do other systems share the information or have access to the information in thissystem? If yes, explain who will be responsible for protecting the privacy rights of theindividuals affected by the interface (e.g., System Administrators, System Developers,and System Managers)?No other systems share the information or have access to the information generatedwithin the Cornerstone system. Data is imported into the system from internal CFTCsystems and exported for internal and external reporting purposes.5. Notice, Consent and Access for Individuals5.1. What notice will be provided to individuals about the collection, use, sharing andother processing of their personal data?Users of the system are presented with a Privacy Act statement the first time theyaccess the system. The Privacy Act statement provides notice to the individuals aboutthe collection, use, sharing, and processing of their personal data. Users will also havecontinued access to the Privacy Act statement via a link included on the system’s mainuser interface page.5.2. What opportunities will exist for an individual to decline to provide information or toconsent to particular uses of the information? If opportunities exist, how will this noticebe given to the individual and how will an individual grant consent?Users voluntarily access the system to participate in training. Notice of the purpose ofthe collection, use, and storage of the information is presented in a privacy notice whenthe user initially accesses the system. A user grants consent after reading the notice andproceeding to use the system.4Revised 2014

5.3. What procedures will exist to allow individuals to gain access to their informationand request amendment/correction, and how will individuals be notified of theseprocedures?Individuals will have access to their own training records, and any requests for changesto the information can be sent to the LMS administrator. Users will be notified of theseprocedures by the Training Team, or CFTC Help Desk.6. Maintenance of Controls6.1. What controls will be in place to prevent the misuse of the information by thosehaving authorized access and to prevent unauthorized access, use or disclosure of theinformation?The information is protected from misuse and unauthorized access through variousadministrative, technical, and physical security measures. Administrative safeguardsinclude agency-wide Rules of Behavior, procedures for safeguarding personallyidentifiable information, and required annual privacy and security training. Technicalsecurity measures within CFTC include restrictions on computer access to authorizedindividuals, required use of strong passwords frequently changed, use of encryption forcertain data types and transfers, and regular review of security procedures and bestpractices to enhance security. Physical measures include restrictions on building accessto authorized individuals and maintenance of records in lockable offices and filingcabinets.6.2. While the information is retained in the system, what will the requirements be fordetermining if the information is still sufficiently accurate, relevant, timely, and completeto ensure fairness in making determinations?Information retained in the system is visible to the user of the system who can determineif the information is still accurate, relevant, timely, and complete.6.3. Will this system provide the capability to identify, locate, and monitor individuals? Ifyes, explain.The system does not provide the capacity to track or monitor the location of an individualin real-time. The system will contain information regarding training approved for anindividual, along with the dates and location of the training.6.4 Does this system comply with FISMA requirements to help ensure that informationis appropriately secured?Yes, the system complies with all applicable Federal Information Security ManagementAct (FISMA) requirements. The system is hosted by a 3rd party and is FedRAMPcompliant.6.5. Describe the privacy training provided to users either generally or specificallyrelevant to the program or system.5Revised 2014

Users receive annual privacy and security training and must abide by IT Rules ofBehavior when accessing systems that contain CFTC information.7. Privacy Act7.1. Will the data in the system be retrieved by a personal identifier in the normal courseof business? If yes, explain. If not, can it be retrieved by a personal identifier?Data in the system can and will be retrieved by CFTC Staff name or employee ID.7.2 Is the system covered by an existing Privacy Act System of Records Notice(“SORN”)? Provide the name of the system and its SORN number, if applicable.The system is covered by CFTC-52, Training Records, CFTC-35, General InformationTechnology Records, and OPM GOVT-1, General Personnel Records.8. Privacy Policy8.1. Confirm that the collection, use and disclosure of the information in this systemhave been reviewed to ensure consistency with the CFTC’s Privacy Policy collection, use, and disclosure of the information in this system have been reviewedby CFTC’s Office of General Counsel, and CFTC’s Privacy Office and they areconsistent with the Commission’s Privacy Policy on Privacy Risks and Mitigation9.1. What privacy risks are associated with the collection, use, dissemination andmaintenance of the data? How have those risks been mitigated?There is a risk that the LMS collects more data than is necessary. This risk is mitigatedby the Training Team who reviewed the data elements required to properly manage thesystem and compared those data elements to the data elements mandated by OPMreporting requirements. The LMS does not require certain OPM required data elements,such as SSN, gender, race, and salary information to provide training activities.Therefore, to reduce the amount of PII collected, those elements are not collected by theLMS. The Training Team developed a secure internal process to add the LMS storeddata elements to the more sensitive OPM required data elements to ensure CFTC meetsits OPM required reporting obligations.There is a risk for misuse of information by LMS users who have administrative systemprivileges. All users have role-based access to help prevent users with elevatedprivileges from accessing information beyond their need to know. The LMS systemcontains custom reports that can be used to log actions taken by users andadministrators. In addition, the CFTC Office of Data and Technology (ODT) performsperiodic audits of system log files to ensure access controls are operating as intended.Lastly, all CFTC staff are required to take annual Security and Privacy training.6Revised 2014

There is a risk employees are not aware that CFTC is retrieving and using their PII fromother internal CFTC systems. This risk is mitigated by appropriate notice from this PIA,the Privacy Act notice that appears the first time a user accesses the system, and thepublished SORN(s) that cover this IT system.7Revised 2014

party hosted Learning Management System (LMS) from Cornerstone Inc. (Cornerstone). The LMS will assist the CFTC inthe administration, documentation, tracking, reporting and delivery of educational courses or training programs. The intent is to help deliver materialand a