DEPARTMENT OF TRANSPORTATION
Research & Innovative Technology Administration
PRIVACY IMPACT ASSESSMENT
Volpe Physical Access Control System (V-PACS)
(Formerly, Volpe Facility Security System SAS)
June 22, 2009
TABLE OF CONTENTS
Information, Including Personally Identifiable Information (PII), in the System
Why V-PACS Collects Information
Legal Authority for Information Collection
How V-PACS Uses Information
How V-PACS Shares Information
How V-PACS Provides Notice and Consent
How V-PAC Ensures Data Accuracy
How V-PACS Provides Redress
How V-PACS Secures Information
How Long V-PACS Retains Information
System of Records
Volpe Physical Access Control System -V-PACS (Formerly, Volpe Facility Security System SAS). The system provides physical access control and badge management for employees, contractors and visitors accessing the Volpe Center campus in Cambridge, MA.
The system contains identification information for Volpe Center employees, contractors and visitors. Data elements include name, date of birth, mailing address, phone numbers, email address, biometric identifiers, photo identifiers, vehicle information, driver's license information, and employment status.
V-PACS collects identification information from each Volpe Center employee, contractor and visitor for the purpose of verifying his/her identity and issuing a common identity credential (badge) to him/her. The badges are then used to positively identify the badge-user and grant him/her physical access to protected and sensitive areas of the Volpe campus.
Homeland Security Presidential Directive 12 (HSPD-12)
The system uses information to create badge-user accounts to validate access to the Volpe Center grounds. Specifically, employees, contractors and visitors use badges to access parking lots and facility doors. The badges are scanned through an automated access control system.
V-PACS does not share a badge applicant/user's information with anyone without his/her prior written consent, except as permitted by subsection (b) of the Privacy Act, 5 U.S.C. 552a.
A Privacy Act Notice and Applicant Acknowledgement Receipt are located on the badge application form, which is reviewed and signed by individuals who provide identification information when applying for badges.
Data is collected directly from the badge applicant/user by the Guard Force, and manually entered into the system by the Guard Force. Accuracy is based upon what is provided by the badge applicant/user, as verified by comparison to the identification documents.
Individuals wishing to know if their records appear in this system may make a request in writing to the System Manager. Manual redress can be requested by a badge applicant/user, if personal information (license plate number, contact information, etc.) changes. These changes would be entered manually by the appropriate system users.
V-PACS is a closed network without any external connections. Only the Guard Force, Guard Supervisors, and System Administrator can access the system. All system users have individual log-on credentials. Three user groups exist: Guard Force, Guard Supervisors and System Administrators. The password file (containing system user passwords) is encrypted. Additionally, system users (Guards) sign a user agreement, which restricts any dissemination or transfer of badge applicants/users information.
Data of former or retired employees, visitors or contractors is purged (destroyed) two (2) years after separation from employment or visit has occurred.