DEPARTMENT OF TRANSPORTATION
Office of Secretary (OST)
PRIVACY IMPACT ASSESSMENT
December 3, 2003
Table of Contents
Overview of OST (OST) privacy management process for Delphi
Personally-identifiable information and Delphi
Why Delphi collects information
How Delphi uses information
How Delphi shares information
How Delphi provides notice and consent
How Delphi ensures data accuracy
How Delphi provides redress
How Delphi secures information
System of records
The Office of the Secretary (OST), within the Department of Transportation (DOT), has been given the responsibility of formulating national transportation policy and promoting intermodal transportation. Other responsibilities include negotiation and implementation of international transportation agreements, assuring the fitness of US airlines, enforcing airline consumer protection regulations, issuing regulations to prevent alcohol and illegal drug misuse in transportation systems, improving the security of the national transportation system, and preparing transportation legislation.
As part of its support function for DOT, OST manages an accounting system, Delphi,
that manages a full range of financial services, including account payable and account receivable functions. To accomplish this, Delphi stores and maintains data on employees, contractors, and vendors, as well as interfaces with human resources (HR) and procurement systems.
Privacy management is an integral part of the Delphi project. DOT/OST has retained the services of privacy experts to help assess its privacy management program, utilizing proven technology, sound policies and procedures, and proven methodologies.
The privacy management process is built upon a methodology that has been developed and implemented in leading companies around the country and globally. The methodology is designed to help ensure that DOT and OST will have the information, tools, and technology necessary to manage privacy effectively and employ the highest level of fair information practices while allowing OST to achieve its mission of protecting and enhancing all U.S. civil transportation systems. The methodology is based upon the following:
- Establish priority, authority, and responsibility. Appoint a cross-functional privacy management team to ensure input from systems architecture, technology, security, legal, and other disciplines necessary to ensure that an effective privacy management program is developed.
- Assess the current privacy environment. This involved interviews with key individuals involved in the Delphi system to ensure that all uses of Personally Identifiable Information (PII), along with the risks involved with such use, are identified and documented.
- Organize the resources necessary for the project's goals. Internal DOT/OST resources, along with outside experts, are involved in reviewing the technology, data uses and associated risks. They are also involved in developing the necessary redress systems and training programs.
- Develop the policies, practices, and procedures. The resources identified in the paragraph immediately above work to develop an effective policy or policies, practices, and procedures to ensure that fair information practices are complied with. The policies effectively protect privacy while allowing DOT/OST to achieve its mission.
- Implement the policies, practices, and procedures. Once the policies, practices, and procedures are developed, they must be implemented. This involves training of all individuals who will have access to and/or process personally identifiable information. It also entails working with vendors to ensure that they maintain the highest standard for privacy while providing services to the OST project.
- Maintain policies, practices, and procedures. Due to changes in technology, personnel, and other aspects of any program, effective privacy management requires that technology and information be available to the privacy management team to ensure that privacy policies, practices and procedures continue to reflect actual practices. Regular monitoring of compliance with privacy policies, practices, and procedures is required.
- Manage exceptions and/or problems with the policies, practices, and procedures. This step involves the development and implementation of an effective redress and audit system to ensure that any complaints are effectively addressed and corrections made if necessary.
The Delphi system uses both Personally Identifiable Information (PII) and non-personally identifiable data to manage accounting functions throughout DOT. In addition to employee and contractor PII, Delphi may also contain a vendor's name, date of birth, social security number, mailing address, financial account information, salary information, and email address. Since Delphi also manages payments to and from other government agencies, including State and local entities, the system may also contain similar information on individuals within those organizations.
An individual's PII enters the Delphi system when a vendor submits a proposal or invoice, or when DOT enters a relationship with an individual or organization that requires an accounting relationship. Typically, a Delphi user keys vendor PII into the system.
Delphi collects information in order to fulfill basic accounting functions, such as paying vendors, receiving payments from or providing payments to State and local organizations, and completing payroll accounting activities. Delphi interfaces with HR systems, for example, to gather information necessary to record employee pay appropriately. Likewise, Delphi collects contact and payment information from vendors in order to process payments appropriately. The Delphi system collects PII only when an individual requires an accounting relationship with DOT.
Information in an identifiable form is used to monitor and manage accounting functions. In addition to controlling the accounting functions listed previously, OST may also in the future use Delphi to review accounting trends for spend analyses.
Delphi shares PII with other HR- and procurement-related systems. Each agency within DOT is responsible for its own accounting processes, so Delphi must share appropriate information across and within those agencies.
Entry of PII into Delphi is a necessary condition of any employment relationship, payment, or other financial transaction with DOT.
Much of Delphi PII on a vendor is received from that vendor through information he or she provides on a proposal, invoice, or other related document. Appropriate Delphi users in each DOT agency enter this PII into the system.
Delphi does provide some functionality that checks for completion of some required fields. The DOT agency Delphi user is responsible for data accuracy and completeness.
A vendor may request information on what PII the Delphi system contains and request some changes through his or her contact at the ODOT agency with which he or she has the accounting relationship. Procedures for this access and redress for privacy concerns vary across DOT agencies.
The Delphi system is housed at Oklahoma City, Oklahoma. Personnel with physical access have all undergone and passed DOT background checks.
In addition to physical access, electronic access to PII in Delphi is limited according to a matrix of job function and accounting activities. Though different users are provided different levels of access, all users currently see a Delphi header file for each account that includes names, address, and social security number. Plans are underway to eliminate the visibility of social security numbers for some Delphi users.
OST controls access privileges through the following roles:
- Access Control Officer
- Technical Administrators
The following table describes the process of adding a Delphi user and setting his or her permissions.
|Operating Administration Security Officer||Each DOT agency has an Access Control Officer who fills out a Web form, authorizing the addition of a Delphi user and describing the appropriate Delphi permissions. The DOT agency Security Officer sends this completed form to a Technical Administrator.|
|Technical Administrator||A Technical Administrator reviews the form for completeness and sets up access, with appropriate permissions, for the Delphi user.|
Access for all Delphi users, regardless of permissions, is protected through a user ID and password combination with the following safeguards:
- Passwords expire after a set period
- Accounts are locked after a set period
- Minimum length of passwords is eight characters
- Accounts are locked after a set number of incorrect attempts
- A Delphi session closes after a period of inactivity
In addition, Delphi maintains an audit trail of all Delphi transactions, when those transactions are processed, and the individual(s) who initiated them. OST regularly monitors this audit trail.
OST trains users on the Delphi and privacy responsibilities through instructor-led training. In addition, OST staff complete annual specialized security training.
Delphi is a system of records subject to the Privacy Act; for that purpose it is known as the Departmental Accounting and Financial Information System (DAFIS) and Delphi Accounting System. OST has documented the system as such, and it has certified and accredited Delphi in accordance with DOT requirements.