Policy Document

You are here

PIA - Federal Personnel Payroll Systems (FPPS) Web Printing

DEPARTMENT OF TRANSPORTATION
Office of the Secretary

PRIVACY IMPACT ASSESSMENT
Federal Personnel Payroll
Systems Web Printing

February 27, 2007


TABLE OF CONTENTS

Overview of Privacy Management Process
Personally Identifiable Information (PII) and FPPS Web Printing
Why FPPS Web Printing Collects Information
How FPPS Web Printing uses information
How FPPS Web Printing Shares Information
How FPPS Web Printing Provides Notice and Consent
How FPPS Web Printing Ensures Data Accuracy
How FPPS Web Printing Provides Redress
How FPPS Web Printing Secures Information
How Long FPPS Web Printing Retains Information
System of Records

Overview of Privacy Management Process

The Office of the Secretary (OST), within the Department of Transportation (DOT), has been given the responsibility of formulating national transportation policy and promoting intermodal transportation. Other responsibilities include negotiation and implementation of international transportation agreements, assuring the fitness of U.S. airlines, enforcing airline consumer protection regulations, issuing regulations to prevent alcohol and illegal drug misuse in transportation systems, improving the security of the national transportation system, and preparing transportation legislation.  

As part of its operations, the Departmental Office of Human Resource Management (M-10) is responsible for managing the personal information of all DOT Federal personnel. M-10 often obtains this personal information from the Department of the Interior’s (DOI) Federal Personnel Payroll Systems (FPPS). This personal information is specifically limited to the information collected on the Office of Personnel Management’s Standard Forms 50 and 52 (SF-50, Notification of Personnel Action, and SF-52, Request for Personnel Action, respectively). DOT’s Web Printing interfaces with the DOI FPPS and has a Memorandum of Understanding (MOU) in place to ensure that each agency’s security and privacy standards are equally stringent.

DOT’s Web Printing system contains personally identifiable information (PII) on current and former DOT employees in order to facilitate and support M-10’s mission. In the routine usage of Web Printing, there is no exchange or sharing of any PII with other agencies. As a system of records under the Privacy Act, DOT may share information from Web Printing in accordance with, and as required by, the law. Because of the PII contained within the system, privacy management is an integral part of Web Printing. DOT has implemented a thorough privacy management program, utilizing proven technologies, methodologies, and sound policies and procedures.  This Privacy Impact Assessment (PIA) describes these policies and procedures in greater detail.

The privacy management process is built upon a methodology that has been developed and implemented in leading companies around the country and globally.  The methodology is designed to help ensure that DOT will have the information, tools, and technology necessary to manage privacy effectively and employ the highest level of fair information practices while allowing DOT to achieve its mission of protecting and enhancing all U.S. civil transportation systems.  The methodology is based upon the following:

  •     Establish priority, authority, and responsibility. Appoint a cross-functional privacy management team to ensure input from systems architecture, technology, security, legal, and other disciplines necessary to ensure that an effective privacy management program is developed.
  •     Assess the current privacy environment.  This involved interviews with key individuals involved in Web Printing to ensure that all uses of PII, along with the risks involved with such use, are identified and documented.
  •     Organize the resources necessary for the project’s goals.  Internal DOT resources, along with outside experts, are involved in reviewing the technology, data uses and associated risks.  They are also involved in developing the necessary redress systems and training programs.
  •     Develop the policies, practices, and procedures.  The resources identified in the paragraph immediately above work to develop an effective policy or policies, practices, and procedures to ensure compliance with fair information practices.  The policies effectively protect privacy while allowing DOT to achieve its mission.
  •     Implement the policies, practices, and procedures.  Once the policies, practices, and procedures are developed, they must be implemented.  This involves training of all individuals who will have access to and/or process personally identifiable information.  It also entails working with vendors to ensure that they maintain the highest standard for privacy while providing services to the DOT project.
  •     Maintain policies, practices, and procedures.  Due to changes in technology, personnel, and other aspects of any program, effective privacy management requires that technology and information be available to the privacy management team to ensure that privacy policies, practices, and procedures continue to reflect actual practices.  Regular monitoring of compliance with privacy policies, practices, and procedures is required.
  •     Manage exceptions and/or problems with the policies, practices, and procedures.  This step involves the development and implementation of an effective redress and audit system to ensure that any complaints are effectively addressed and corrections made, if necessary.

Personally Identifiable Information (PII) and Web Printing

In the course of their duties, HR specialists are required to access DOT personnel records, such as the SF Form 50, Notification of Personnel Action, and SF Form 52, Request for Personnel Action, which are contained in Web Printing.  Both of these OPM standard forms contain PII, including, but not limited to, name, home address, phone number, social security number, date of birth, salary grade, title, employment history, and veteran’s preference. This information pertains only to current and former DOT Federal employees. Web Printing does not directly collect any information about members of the public or DOT contract employees. This information is electronically retrieved from DOI’s FPPS database and populated in Web Printing. This information is not altered by DOT employees in any way. DOT HR specialists can view and print these standard forms but cannot modify them in any way. The only PII that pertains to members of the public is PII associated with former DOT employees who have left the Department and are considered members of the public because they are no longer employed by the Department.

Once an employee’s PII is available in Web Printing, it can be retrieved by searching for that individual’s name or social security number. HR specialists, system administrators, and technical database administrators have access to the PII contained in Web Printing. Web Printing uses logon names and passwords to control access and contains the name and password of the DOT users with access to the system.

Why Web Printing Collects Information

Web Printing does not directly collect any information from any individuals. All information contained in Web Printing is retrieved from DOI’s FPPS database. HR specialists require this information for the performance of their duties. This information is retrieved from DOI’s FPPS so that HR specialists do not have to duplicate a Federal Government information collection system.

How Web Printing Uses Information

Web Printing uses the information it receives from DOI FPPS to automatically populate the SF Form 50, Notification of Personnel Action, and SF Form 52, Request for Personnel Action. These two standard forms are used by HR specialists when a DOT employee’s status of employment changes, such as a hiring, firing, pay increase, grade increase, reassignment, or any other administrative-type action that would require a formal change in the employee’s official HR file.

How Web Printing Shares Information

In the routine usage of Web Printing, there is no exchange or sharing of any PII with non-DOT entities. As a system of records under the Privacy Act, DOT may share information from Web Printing in accordance with, and as required by, the law.

How Web Printing Provides Notice and Consent

Since Web Printing does not directly collect information, there is no immediate notice given or consent collected from the individuals whose data are contained in the system. This PIA serves as notice to any members of the public, in this case retired or former DOT Federal employees, whose information may be contained in the system. Only PII on current or former DOT Federal employees is contained in Web Printing.

How Web Printing Ensures Data Accuracy

In order to ensure the integrity and accuracy of the information, the data contained in Web Printing cannot be modified from its original format.  Users and administrators may only view, read, and print information.

How Web Printing Provides Redress

After reviewing their printed SF Form 50, Notification of Personnel Action, individuals are responsible for contacting their HR representative to have their data corrected in FPPS.

How Web Printing Secures Information

Web Printing takes appropriate security measures to safeguard PII and other sensitive data.  Web Printing applies DOT security standards, including but not limited to routine scans and monitoring, back-up activities, and background security checks of DOT employees and contractors.

RoleAccessSafeguards
User (HR Specialist)Read and print Web Printing records.User IDs and passwords are established in accordance with the DOT Rules of Behavior/User Access Agreement policy.
System AdministratorRead and print Web Printing recordsUser IDs and passwords are established in accordance with the DOT Rules of Behavior/User Access Agreement policy.
    Can reset, modify Users account at the request of the User, or in the event of a suspected violation of access privileges.
Technical Database AdministratorRead and print Web Printing records   User IDs and passwords are established in accordance with the DOT Rules of Behavior/User Access Agreement policy.
    Can reset, modify Users account at the request of the User, or in the event of a suspected violation of access privileges.

How Long Web Printing Retains Information

Records are stored in Web Printing are retained and disposed in compliance with the  General Records Schedules, National Archives and Records Administration, Washington, DC 20408. The following schedules apply: General Records Schedule 1, Civilian Personnel Records, pages 1 thru 22, Items 1 through 39; and General Records Schedule 2, Payrolling and Pay Administration Records, Pages 1 thru 6, Items 1 thru 28.

System of Records

The information contained in Web Printing is subject to the Privacy Act because it is routinely searched by an individual’s name or other unique identifier. DOT is currently in the process of complying with the requirements of the Privacy Act, including publishing a System of Record Notice in the Federal Register.

Updated: Wednesday, April 4, 2012