Policy Document

You are here

PIA - Railroad Enforcement System (RES)

DEPARTMENT OF TRANSPORTATION
Federal Railroad Administration (FRA)

PRIVACY IMPACT ASSESSMENT
  Railroad Enforcement System (RES)

April 21, 2009


TABLE OF CONTENTS

System Overview
Personally Identifiable Information (PII) in RES
Why RES Collects Information
How RES Uses information
How RES Shares Information
How RES Provides Notice and Consent
How RES Ensures Data Accuracy
How RES Provides Redress
How RES Secures Information
How Long RES Retains Information
System of Records

System Overview

The United States Department of Transportation (DOT) Federal Railroad Administration (FRA) Railroad Enforcement System (RES) is a major application. The RES application provides computerized support for the Office of Chief Counsel (OCC) attorneys in the issuance of civil penalty demand letters and other documents related to the violations of railroad safety laws and in the compilation of reports related to the railroad safety enforcement process. There are three major segments in the new system:

  •     Civil Penalty Case Generation System
  •     Civil Penalty Case Report Generation System
  •     Individual Liability Cases

The first segment, Civil Penalty Case Generation System, contains most of the data entry, update, and query screens for case generation; look-up screens for supporting information; and the Region Violation Report Status Screen through Oracle Web Forms and Oracle Application Server. This segment is of primary interest to those who enter data on enforcement cases.  

The second segment, Civil Penalty Case Report Generation System, consists of various Structured Query Language (SQL) reports used for tracking violation reports and cases. They are published to the Internet, intranet, or both, in either Hypertext Markup Language (HTML) or Portable Document Format (PDF) format.  

The third segment, Individual Liability Cases, is designed for actions against individuals in violation of the safety laws, including civil penalties, disqualification orders, and warning letters. It contains both data entry/query screens and SQL reports.

 
Personally Identifiable Information (PII) in RES

The RES system contains both PII and non-PII is used in the system supports the organization's ability to track the legal liability actions surrounding the violations of railroad safety laws, RES may contain the following PII on members of the public: name, postal address, email address, phone number, title, position, organization, fax number and Website URL. Designated FRA employees and contractors have access to the RES system, as managed by username and password. Therefore, RES also contains names and passwords of designated FRA employees and associates those data with these individuals.


Why RES Collects Information

The information is collected for the ability to identify and prosecute individual employees, due to the negligence of a specific individual.

How RES Uses Information

The intended uses of the information is to correctly identify individuals who have been identified by railroad inspectors as having acted in negligence.

How RES Shares Information

The Violation Generation, and Tracking System (VGTS) application is capable of submitting Transmittal of Violation Reports (TFR) to RES. However VGTS is not used when dealing with individual liability cases.

How RES Provides Notice and Consent

All users of the RES system must sign a Rules of Behavior document that outlines their responsibilities while handling the sensitive data in RES.

How RES Ensures Data Accuracy

Once the information is entered into the RES system by RCC staff, it is forwarded to the RCC Attorney for review, and finally to the individual involved.

How RES Provides Redress

Under the provisions of the Privacy Act, individuals may contact the RES system manager, as listed in the Privacy Act System of Records notice, with privacy questions and grievances. 

How RES Secures Information

Privileges are granted to users such that they can view/edit the corresponding data for which they are responsible. Authorized users are provided accounts on the system with access commensurate to the job function. These accounts are paired with unique passwords, for authentication.

How Long RES Retains Information

Under the provisions of the Privacy Act, individuals may contact the RES system manager, as listed in the Privacy Act System of Records notice, with privacy questions and grievances.

System of Records

RES is a system of records subject to the Privacy Act because it is searched by name or other unique identifier. FRA is currently in the process of complying with the requirements of the Privacy Act, including posting a Privacy Act System of Records Notice. FRA has certified and accredited the security of RES in accordance with DOT information technology security standard requirements.

Updated: Tuesday, April 3, 2012