Administration for Children and Families Privacy Impact Assessments
06.3 HHS PIA Summary for Posting (Form) / ACF OA GrantSolutions.gov/Grants Administration Tracking & Evaluation System [System] PIA SUMMARY AND APPROVAL COMBINED PIA Summary Is this a new PIA 2011? No If this is an existing PIA, please provide a reason for revision: Initial PIA Migration to ProSight 1. Date of this Submission: 8/18/2005 2. OPDIV Name: ACF 3. Unique Project Identifier (UPI) Number: 009-70-04-00-01-1300-00-101-003 4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): Not applicable. 5. OMB Information Collection Approval Number: Not applicable. 6. Other Identifying Number(s): OA-OFS-001 7. System Name (Align with system Item name): Grants Administration Tracking and Evaluation System 9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Paul Hasz 10. Provide an overview of the system: This system is designed to automate the process of awarding discretionary, formula, block and entitlement grants. The system maintains a nationwide database of grant program and fiscal information provides management reports; compiles post-award monitoring information: safeguards Federal funds through management of funding limits and facilitates the closeout of grants and the archiving of program and fiscal performance information. It serves as the grants host system for a number of federal agencies. 13. Indicate if the system is new or an existing one being modified: Existing 17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Not shared outside grantor organizations. 30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: This application contains proprietary business information and other financial information and is used to allow agencies to oversee grants that fund a range of services across the country. Telephone, address and email addresses are work numbers, not home or personal and are publicly accessible elsewhere on government sites. 31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. (Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) All Grantee information is voluntarily provided (e.g., names, telephone, number, addresses, and e-mail addresses of officers in grantee organization). 32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 37. Does the website have any information or pages directed at children under the age of thirteen?: No 50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): No 54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Implementation and testing of controls (including Identification and Authentication, Access Controls) in accordance with NIST SP800-53/53A and other applicable Federal and Departmental regulations. PIA Approval PIA Reviewer Approval: Promote PIA Reviewer Name: Sr. Official for Privacy Approval: Promote Sr. Official for Privacy Name: David Jenkins Sign-off Date: 6/30/2006 Approved for Web Publishing: Yes Date Published: 9/6/2012 _____________________________________________________________________________ 06.3 HHS PIA Summary for Posting (Form) / ACF OA Temporary Assistance to Needy Families Data Reporting System [System] PIA SUMMARY AND APPROVAL COMBINED PIA Summary Is this a new PIA 2011? No If this is an existing PIA, please provide a reason for revision: Initial PIA Migration to ProSight 1. Date of this Submission: 11/26/2003 2. OPDIV Name: ACF 3. Unique Project Identifier (UPI) Number: 009-70-01-07-02-1003-00-101-003 4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-90-0151 5. OMB Information Collection Approval Number: 0970-0199 6. Other Identifying Number(s): OPRF-TANF-001 7. System Name (Align with system Item name): Final TANF Data Reporting System (FTDRS) 9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: David Jenkins 10. Provide an overview of the system: The Personal Responsibility and Work Opportunity Reconciliation Act of 1996 (PRWORA) established data reporting requirements for States operating the Temporary Assistance for Needy Families (TANF) program. On April 12, 1999 the Department of Health and Human Services (DHHS) issued final regulations on TANF data reporting requirements.
The Division of Application Development Services(DADS) provides States Territories and Tribes with a computer software package (FTDRS) that permits States to enter the required TANF and SSP-MOE data into the system, edit the data and create the transmission files. States may use this software package to create their transmission files or may pull the required data directly from their mainframe computers and place the data into the required transmission formats. DADS provides the edits and transmission file layouts to facilitate the latter approach. The edits are basic and directly reflect the instructions for completing the TANF Data Report and the SSP-MOE Data Report as published with the final TANF rules. Once the file is created the file is then uploaded to the NIH mainframe using either FTP or Connect:Direct. The data is then re-validated and used to update the National TANF database. Notification of the results from validation and the number of records added, changed or deleted from the National TANF database is then e-mailed to all interested parties within the state territory or tribe. 13. Indicate if the system is new or an existing one being modified: Existing 17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Not applicable. 30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: States are required to collect monthly and report quarterly disaggregated data on families and individuals receiving assistance under the State TANF program, disaggregated data on families and individuals no longer receiving assistance under the State TANF program, and aggregated data on applications, active TANF families and recipients, closed cases, etc. At State option, if the State wants to receive a high performance bonus or qualify for caseload reduction credit, the State must also submit data on its separate State programs. The SSP-MOE Data Report collects data similar to data on the TANF Data Report. All data is to be reported electronically.
OPRE is responsible for compiling, and analyzing the data collected with the FTDRS. Each quarter they produce several reports that show TANF Work Participation Rates and Characteristics and Financial Circumstances of TANF Recipients. These reports are important for determining the success of the TANF program. 31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. (Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Not applicable. 32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 37. Does the website have any information or pages directed at children under the age of thirteen?: No 50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): No 54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Not applicable. PIA Approval PIA Reviewer Approval: Promote PIA Reviewer Name: Sr. Official for Privacy Approval: Promote Sr. Official for Privacy Name: David Jenkins Sign-off Date: 6/30/2006 Approved for Web Publishing: Yes Date Published: 9/6/2012 _____________________________________________________________________________ 06.3 HHS PIA Summary for Posting (Form) / ACF OCC Federal Child Care Information System [System] PIA SUMMARY AND APPROVAL COMBINED PIA Summary Is this a new PIA 2011? No If this is an existing PIA, please provide a reason for revision: Initial PIA Migration to ProSight 1. Date of this Submission: 7/28/2005 2. OPDIV Name: ACF 3. Unique Project Identifier (UPI) Number: 009-70-01-08-02-1002-00-101-003 4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): Not Applicable 5. OMB Information Collection Approval Number: 0980-0267 6. Other Identifying Number(s): Not applicable. 7. System Name (Align with system Item name): Child Care Bureau Information System (CCBIS) 9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: David Jenkins 10. Provide an overview of the system: The state case level report, or ACF-801, is one of the data collections undertaken by the Child Care Bureau pursuant to the requirements of the Child Care and Development Block Grant of 1990 (42 USC 9801 et seq.) as amended by the Personal Responsibility and Work Opportunity Reconciliation Act of 1996 (PL 104-93) and the Balanced Budget Act of 1997 (PL 105-33). All Child Care and Development Fund (CCDF) lead agencies in the states, the District of Columbia, and territories (including Puerto Rico, American Samoa, Guam, Northern Mariana Islands, and the US Virgin Islands) are responsible for completing the ACF-801 13. Indicate if the system is new or an existing one being modified: Existing 17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Not applicable. 30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The information is collected in an electronic format, which is transmitted directly to the National Institute of Health’s National Information Center. The data are collected from all Child Care and Development Fund (CCDF) lead agencies in the states, the District of Columbia, and territories (including Puerto Rico, American Samoa, Guam, Northern Marianna Islands, and the US Virgin Islands). The CCDF lead agencies are responsible for completing the ACF-801. Consent is not required. 31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. (Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Not applicable. 32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 37. Does the website have any information or pages directed at children under the age of thirteen?: No 50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): No 54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Not applicable. PIA Approval PIA Reviewer Approval: Promote PIA Reviewer Name: Sr. Official for Privacy Approval: Promote Sr. Official for Privacy Name: David Jenkins Sign-off Date: 6/30/2006 Approved for Web Publishing: Yes Date Published: 9/6/2012 _____________________________________________________________________________ 06.3 HHS PIA Summary for Posting (Form) / ACF OCSE Federal Parent Locator Service Enterprise Services Portal [System] PIA SUMMARY AND APPROVAL COMBINED PIA Summary Is this a new PIA 2011? Yes If this is an existing PIA, please provide a reason for revision: 1. Date of this Submission: 8/12/2010 2. OPDIV Name: ACF 3. Unique Project Identifier (UPI) Number: 4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): FPLS ESP 09-80-0387 5. OMB Information Collection Approval Number: National Directory of New Hires, OMB NO: 0970-0166, Expiration 6/30/2013; FCR: 0980-0271 Expiration 4/30/2011, FPLS ESP 11/30/2012 FCR: 0980-0271 6. Other Identifying Number(s): N/A 7. System Name (Align with system Item name): ACF OCSE FPLS Enterprise Systems Portal (FPLS ESP) 9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Donna Bonar 10. Provide an overview of the system: The Federal Parent Locator Service Enterprise Services Portal (FPLS ESP) is designed to allow authorized users to access the FPLS applications that are housed on the portal. The FPLS ESP has two parts: the FPLS State Services Portal (FSSP) and the FPLS Child Support Services Portal (FCSSP). Users must register to gain access to the FPLS ESP. The FPLS Security Framework User Guide describes the user registration process. The FPLS Portal Administration User Manual describes the procedures to authorize a user and assign the appropriate roles. The roles and accessibility are described in the portal access document in the Enterprise Service Portal Software Design Document. The OCSE Manassas Data Facility (MDF) hosts the FPLS ESP applications, servers, and networks. The OCSE FPLS ESP provides a Web interface for authorized parties to securely send, retrieve, and view appropriate CSE information. 13. Indicate if the system is new or an existing one being modified: New 17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Information may be disclosed to appropriate federal agencies and Department contractors that have a need to know the information for the purpose of assisting the Department’s efforts to respond to a suspected or confirmed breach of the security or confidentiality of information maintained in this system of records and the information disclosed is relevant and necessary for that assistance. 30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: FPLS ESP Information relating to registration requests by individuals seeking access to the portal and its services, including the individual’s name, Social Security number (SSN), date of birth, and the address and Federal Employer Identification Number (FEIN) of the individual’s employer. The individual’s SSN is encrypted and access to, and viewing of, the SSN is restricted to designated employees and contractors of OCSE solely for the purpose of verifying the identity of a registrant or a user of the portal. Submission of the PII is voluntary. 1. Records, or information contained therein, may be disclosed to designated employees and contractors of OCSE for the purpose of identifying individuals and organizations, including third-parties conducting business on behalf of another business or organization, which apply for, and are granted, access privileges to the FPLS Child Support Services Portal and its services. 2. Information may be disclosed to appropriate federal agencies and Department contractors that have a need to know the information for the purpose of assisting the Department’s efforts to respond to a suspected or confirmed breach of the security or confidentiality of information maintained in this system of records and the information disclosed is relevant and necessary for that assistance. Location and Collection System (LCS): Information in the NDNH portion of the LCS pertaining to quarterly wages and unemployment insurance is collected from state workforce agencies. Information pertaining to newly hired employees is collected from each states Directory of New Hires. Federal agencies report directly to the NDNH. The information collected is used to locate individuals for the purpose of establishing parentage, establishing, setting the amount of, modifying, or enforcing child support obligations, or enforcing child custody and visitation orders. The information collected is also used by authorized Federal and State agencies to prevent and recoup erroneous payments under Federal benefit programs. The LCS also collects from state Child Support Enforcement (CSE) agencies information pertaining to past-due child support owed by noncustodial parents. This information is compared against information pertaining to Federal tax refunds, Federal administrative payments, and U.S. passports to collect past-due support. Information collected from state CSE agencies on individuals with past-due child support is also compared with information maintained by insurers (or their agents) and state Workman's Compensation agencies concerning insurance claims, settlements, awards, and payments to collect child support. The data collected is mandatory. Federal law requires the collection of information for child support and other authorized purposes.
Federal Case Registry (FCR): As required by Federal law, each state child support enforcement (CSE) agency maintains, within its automated system, a State Case Registry (SCR). The records in the SCR include information pertaining to all child support cases and orders established or modified in the state on or after October 1, 1998. The FCR includes abstracts of this information, provided by each CSE agency. The FCR system of records contains the following information: names (including alternative names); social security numbers (including alternative numbers); birth dates; participant type (custodial party, noncustodial parent, putative father, child); sex; case type (IVD, referring to a case in which the family is receiving services from the CSE agency, or non-IVD); indication of an order; family violence indicator (domestic violence or child abuse); state Federal Information Processing Standard code; county code; state case identification number; and state member identification number. Information maintained in the FCR is matched against information maintained in the National Directory of New Hires (NDNH), another component of the Federal Parent Locator Service, to determine if 31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. (Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) FPLS ESP OCSE employees and contractors, and individuals voluntarily register to access the system and its services solely for the purpose(s) for which they have been authorized. Location and Collection System (LCS): Information is collected from the following sources. Information pertaining to newly-hired employees is collected from each State Directory of New Hires, which receives the information from employers. Quarterly wage and unemployment insurance information is collected from the State Workforce Agencies. Federal agencies report information directly to the NDNH. Information pertaining to past-due child support owed by noncustodial parents and individuals is collected from state CSE agencies. State CSE agencies can obtain access, subject to privacy safeguards, to government and private records, including information about assets held by financial instiutions (including insurance companies), and records held by private entities with respect to individuals who owe child support (42 USC 666 (c)1D). Information contained in the system is not directly collected from individuals and is for the routine uses specified in the system of records notice pertaining to the LCS. 5 U.S.C. 552a(b)(3). Information required by Federal law is supplied by state CSE agencies. 42 U.S.C. 652 (k) and (l), 653, 664 and 666(a)(17). Note that The back of the W-4 is this notification of use of the data in the NDNH: Privacy Act and Paperwork Reduction Act Notice. We ask for the information on this form to carry out the Internal Revenue laws of the United States. The Internal Revenue Code requires this information under sections 3402(f)(2)(A) and 6109 and their regulations. Failure to provide a properly completed form will result in your being treated as a single person who claims no withholding allowances; providing fraudulent information may also subject you to penalties. Routine uses of this information include giving it to the Department of Justice for civil and criminal litigation, to cities, states, and the District of Columbia for use in administering their tax laws, and using it in the National Directory of New Hires. We may also disclose this information to other countries under a tax treaty, to federal and state agencies to enforce federal nontax criminal laws, or to federal law enforcement and intelligence agencies to combat terrorism. Any changes in routine use of the data or in the recipients of the data is published in the Federal Registry with appropriate comment periods before implementation.
Federal Case Registry (FCR): As required by Federal law, the FCR information is collected from each state CSE agency, which maintains the information in its State Case Registry. Information contained in the FCR is not directly collected from individuals and is for the routine uses specified in the system of records notice pertaining to the FCR. 32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 37. Does the website have any information or pages directed at children under the age of thirteen?: No 50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes 54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The information is secured in accordance with the security controls specified in an up-to-date security plan. This plan restricts access and disclosure to persons as authorized in the statute, provides administrative, physical, and technical system controls, requires monitored access and promotes security training. All personnel with access to the system are required to take a non-disclosure oath and attend annual security awareness training. PIA Approval PIA Reviewer Approval: Promote PIA Reviewer Name: David Jenkins Sr. Official for Privacy Approval: Promote Sr. Official for Privacy Name: David Jenkins Sign-off Date: 8/27/2010 Approved for Web Publishing: Yes Date Published: 9/6/2012 _____________________________________________________________________________ 06.3 HHS PIA Summary for Posting (Form) / ACF OHS Head Start Enterprise System [System] PIA SUMMARY AND APPROVAL COMBINED PIA Summary Is this a new PIA 2011? Yes If this is an existing PIA, please provide a reason for revision: 1. Date of this Submission: 5/5/2008 2. OPDIV Name: ACF 3. Unique Project Identifier (UPI) Number: 009-70-01-04-02-1009-00 4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): n/a 5. OMB Information Collection Approval Number: n/a 6. Other Identifying Number(s): n/a 7. System Name (Align with system Item name): Head Start Enterprise System 9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Fran Majestic 10. Provide an overview of the system: HSES supports enterbrise functions for the Office of Head Start. Consolidates data across all OHS applications. 13. Indicate if the system is new or an existing one being modified: New 17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 23. If the system shares or discloses IIF please specify with whom and for what purpose(s): HSES is a system meant for public use. 30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: OHS collects grant information from grant administrators for Head Start grants. HSES does not collect information from the public. 31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. (Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) HSES does not collect information from the public. 32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 37. Does the website have any information or pages directed at children under the age of thirteen?: No 50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes 54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: HSES follows OMB and Department requirements, as well as NIST SP800-53 and SP800-53A guidance for securing IIF. PIA Approval PIA Reviewer Approval: PIA Reviewer Name: Sr. Official for Privacy Approval: Promote Sr. Official for Privacy Name: David Jenkins Sign-off Date: 5/15/2008 Approved for Web Publishing: Yes Date Published: 9/6/2012 _____________________________________________________________________________ Back to top |
|