Policy Document

You are here

PIA - Investigative Tracking System (ITS)

DEPARTMENT OF TRANSPORTATION

Federal Aviation Administration

Privacy Impact Assessment
Investigative Tracking  System (ITS)

January 5, 2009


System Overview

The Federal Aviation Administration (FAA), within the Department of Transportation (DOT), has been given the responsibility to carry out safety programs and is responsible for providing the safest, most efficient aerospace system in the world. The FAA is responsible for:

  • Regulating civil aviation to promote safety;
  • Encouraging and developing civil aeronautics, including new aviation technology;
  • Developing and operating a system of air traffic control and navigation for both civil and military aircraft;
  • Developing and carrying out programs to control aircraft noise and other environmental effects of civil aviation; and
  • Regulating U.S. commercial space transportation.

One of the programs that helps FAA fulfill its safety mission is the Investigative Tracking  System (ITS), which records, tracks, and reports on investigations pertaining to security background checks and clearances on employees, contractors and other individuals with access to FAA facilities, systems or information, as well as internal administrative investigations relative to inappropriate conduct and associated disciplinary actions and tort claims against FAA.  The ITS also supports the FAA’s mandate to investigate the actual or probable violation by pilots, aircraft owners, or aircraft mechanics of civil and criminal laws regulating controlled substances.  Within FAA, the Office of the Assistant Administrator for Security and Hazardous Materials has the lead responsibility for managing ITS and all related investigatory activities.

Information, Including Personally Identifiable Information (PII), in the System

The ITS system contains Personally Identifiable Information (PII) pertaining to the following categories of individuals,  consisting of current or former employees and contractors (many of whom work in safety sensitive positions), other individuals with access to FAA facilities, systems or information, individuals involved in tort claims against FAA, and members of the public who are subjects of investigations regarding the actual or probable violation of civil and criminal laws regulating controlled substances:

  • current and former applicants for FAA employment;
  • current and former FAA employees;
  • individuals considered for access to classified information or restricted areas and/or security determinations such as current and former contractors, employees of contractors, experts, instructors, and consultants to federal programs;
  • aircraft owners;
  • flight instructors;
  • airport operators;
  • pilots, mechanics, designated FAA representatives;
  • other individuals certificated by FAA;
  • individuals involved in tort claims against the FAA;
  • employees, grantees, subgrantees, contractors, subcontractors, and applicants for FAA-funded programs; and
  • other individuals who are of interest to the FAA, law enforcement, or other  agencies investigating personnel or safety-related complaints.

PII is collected and entered into ITS in two major ways: by manual data entry and by automated agency downloads.  Manually-entered PII consists of the following information which is collected from the individuals through the Office of Personnel Management (OPM) e-QIP (Electronic Questionnaire for Investigations Processing), the Standard Form 85p Questionnaire for Public Trust Positions or the DOT Form 1681 Identification Card/Credential Application when they apply for jobs at FAA or request a FAA identification badge:

  • name,
  • date of birth,
  • place of birth,
  • social security number (SSN),
  • employment status,
  • organizational and employment affiliations,
  • foreign national status,
  • results of background checks,
  • home mailing address, and home and work phone number(s).

Manually-entered PII is entered into ITS by FAA Human Resource personnel and FAA ASH personnel security specialists during the employment suitability determination or FAA identification badge issuance process. Additionally, FAA internal investigators may enter data into ITS that they have collected verbally through interviews with the individual, review of records provided by the individual as well as from other Federal, State, tribal, local and foreign investigative and law enforcement agencies, and other authorized applicable investigative techniques.

Downloaded PII consists of  results of investigations and inquiries conducted by the FAA Office of the Assistant Administrator for Security and Hazardous Materials and the FAA Security and Hazardous Materials Divisions in regional offices and designated FAA centers; information received in various formats as the result of investigations conducted by  Federal, State, local, and foreign investigative or law enforcement  agencies, which relate to the mission and function of the Assistant  Administrator for Security and Hazardous Materials and field offices; and information received in various formats as the result of investigations conducted by authorized personnel of the FAA, other Federal agencies, and State and local drug enforcement agencies regarding the actual or probable violation by pilots, aircraft owners, or aircraft mechanics of civil and criminal laws regulating controlled substances.

Downloaded PII is received via regular downloads from the following internal and external Federal agency databases, as necessary to directly support FAA’s personnel and other security investigative efforts:

  • Federal Personnel and Payroll System (FPPS) maintained by the Department of Interior (DOI) and accessed via DOT’s FPPS Web Printing system;
  • Personnel Investigations Processing System maintained by Office of Personnel Management (PIPS/OPM);
  • FAA Medical Certification System, called MedXPress, maintained by  FAA Civil Aerospace Medical Institute (CAMI);
  • National Driver Registry (NDR) maintained by DOT’s National Highway Traffic Safety Administration (NHTSA);
  • FAA Aviation Safety - Flight Standards Service  Airmen and Aircraft Registry database ; and 
  • Identification Management System (IDMS) maintained by FAA ASH internally (expected in future).

To monitor these downloads, the FAA’s Office of the Assistant Administrator for Security and Hazardous Materials has a Memorandum of Understanding (MOU) between ASH and FAA’s Human Resource Management Office (AHR) to share data with the FPPS system. Similar MOUs are in-progress and being established for sharing data with PIPS/OPM, MedXPress/CAMI, NDR/NHTSA, and AFS/Airmen and Aircraft Registry database systems.

Why ITS Collects Information

PII is collected by ITS to facilitate the FAA’s security programs and its mission to promote civil aviation safety.  The PII collected by ITS allows the FAA to conduct its investigations and personnel security programs in an efficient manner and document official actions taken on the basis of information contained in these records.  The PII within ITS is used to maintain the categories of records listed above, as well as for uses associated with the following programs:

Access to Classified Information
National Industrial Security Program.

Legal Authority for Information Collection

Authority for maintenance of the ITS system and collection of the PII data is provided by:  Title 49 U.S.C., chapter 449, Air Transportation Security, enacted as Pub. L. 103-272 on July 5, 1994; Transportation Safety Act  of 1974; FAA Drug Enforcement Assistance Act of 1988; Executive Order (E.O.) 10450, Security Requirements for Government Employment; E.O. 12968, and E.O. 12829. The ITS is subject to the Privacy Act. Portions of the ITS system are exempt from provisions of the Privacy Act under 5 U.S.C. 552a (j)(2) and 5 U.S.C. 552a (k)(1), (2) and (5).

How ITS Uses Information

The ITS is a web-based application system and an on-line repository of sensitive, unclassified information that can be accessed only by authorized FAA users in ASH (personnel security specialists, internal investigators, system administrators) and AHR (human resource specialists).  

The information contained in the ITS is used to do the following:

  • Monitor the status of a wide range of FAA personnel security investigations. These investigations include current employees as well as those of applicants, contract employees and any other individuals with access to FAA facilities, systems, or information.
  • Track internal investigations involving the following types of allegations: alleged employee misconduct, alleged criminal activity by airmen and other FAA certificate holders, unapproved aircraft parts, counterfeit certificates, falsification of official documents, security violations, property theft, and other investigative services as requested by other FAA organizational elements.
  • Check the records of airmen (i.e., commercial and private pilots) contained in the FAA Airmen and Aircraft Registry database against a “Driving Under the Influence (DUI)/Driving While Intoxicated (DWI)” module within ITS.  This module is designed to assist the FAA in matching airmen who have recently completed their medical exams to the National Driver Register’s (NDR) list of individuals who have a DUI or DWI conviction or administrative action.
  • Track the assignment of correspondence through a “control assignments” module in ITS.  This module assists FAA in tracking and responding to complaints received about individuals through the FAA Administrator Hotline (1-866-835-5322), FAA Safety hotline (1-866-835-5322), or from the DOT Office of the Inspector General; or through Freedom of Information Act (FOIA) and Privacy Act requests from individuals interested in and/or subject to investigations; or through other controlled correspondence related to those individuals.
  • Track support provided to law enforcement agencies regarding certificated airmen or aircraft via a “Law Enforcement (LE) support” module in ITS.  This module assists FAA with monitoring and documenting the sharing of pertinent investigatory information with those authorized individuals at the Federal, State, tribal, local and foreign levels. In addition, ITS is used to grant and monitor access to Classified and National Security Information for authorized individuals.

The ITS is a system of records subject to the Privacy Act and uses information only in accordance with the Privacy Act System of Records Notices

How ITS Shares Information

The ITS shares information with individuals within DOT/FAA who are authorized to access the system in order to conduct the above-mentioned investigations.  The ITS also shares the results of investigations with the following systems:

  • Department of Interior’s Federal Personnel and Payroll System (FPPS) – information is electronically sent and received to FAA daily using a secure connection,
  • Office of Personnel Management (OPM) – information is received daily using a secure connection provided by OPM,
  • FAA Civil Aerospace Medical Institute (CAMI) – information is received weekly using a secure File Transfer Protocol (FTP) connection,
  • NHTSA’s National Driver Registry (NDR) – information is sent and received weekly using a secure VPN connection provided by DOT, and
  • The FAA AFS Airmen and Aircraft Registry database – information is received-only on a weekly basis using a secure FTP connection.

Finally, the ITS shares information with authorized individuals at other Federal, State, tribal, local and foreign law enforcement agencies actively involved in these investigations on an as-needed basis using a secure connection or portable media with digital encryption to protect the data from unauthorized access.

The ITS is a system of records subject to the Privacy Act and shares information only in accordance with the Privacy Act System of Records Notices

How ITS Provides Notice and Consent

For an individual’s PII to be included in the ITS, that individual must have applied for employment with the FAA or a credential to access FAA facilities, or have been the subject of a safety-related complaint or investigation.  With respect to information received through subject interviews, review of records, and other authorized applicable investigative techniques, the individual subject receives a Privacy Act Statement that is issued from the investigator during the investigative interview.  Employees, contractors and applicants also receives a privacy act statement through the Office of Personnel Management (OPM) e-QIP (Electronic Questionnaire for Investigations Processing), the Standard Form 85p Questionnaire for Public Trust Positions or the DOT Form 1681 Identification Card/Credential Application when they apply for jobs at FAA or request a FAA identification badge. Notice also is provided to employees, contractors, grant recipients, and credential applicants through the applicable Privacy Act System of Records Notice, DOT/FAA 815, Investigative Records System.  Employment applicants consent to submission and release of PII when they complete the employment application forms to apply for FAA jobs.  The FAA Office of the Assistant Administrator for Security and Hazardous Materials and the FAA Security and Hazardous Materials Divisions in regional offices and designated FAA centers;  receives information in various formats as the result of investigations conducted and provides notice to employees, contractors and applicants on FAA Form 1600-73 and FAA Form 1600-73.  These forms notify employees, contractors and applicants of the scope of information requested, the routine uses and allow them to consent or decline to provide the information.

How ITS Ensures Data Accuracy

The ITS receives PII directly from the FPPS and OPM system daily and NDR/CAMI/Airmen database system on a weekly basis.  System owners of these source systems are responsible for sending accurate files and changing records appropriately.  Data collected by an investigator through subject interviews, review of records, and other authorized applicable investigative techniques is entered directly into ITS by the investigator.  The investigator entering the data is responsible for its accuracy. The following documents are scanned into ITS. DOT Form 1681 Identification Card/Credential Application, OPM Forms SF-85, SF-85p, or SF-86 and FAA Form 1600-73, FAA Form 1600-73

Additionally, the ITS has programmatic checks that prevent records with duplicate SSN to be stored within the system. An audit trail for the ITS system is maintained.  PII changes are validated electronically.

Under the provisions of the Privacy Act, individuals may request searches of the ITS system to determine if any records have been added that may pertain to them and if such records are accurate.  This is accomplished by sending a letter to the system manager at the address provided in the section below on “How ITS Provides Redress.”

The FAA protects the integrity of the information in ITS by allowing Internet and Intranet access to a limited number of authorized FAA personnel whose official duties require them to access and use the information.  Only the Site Administrator can change or delete information in ITS. Other system users can only make changes to their user group profile information.

How ITS Provides Redress

Additions, deletions, and changes to the PII in ITS on FAA employees are obtained from the FPPS system daily.  Additionally, PII updates are obtained from the National Driver Registry (NDR) on a weekly basis.  Individuals interested in any challenges to these data items should contact the source system / agency for corrections noted in the section “Information, Including Personally Identifiable Information (PII), in the System”

For all other inquiries, a letter should be sent to the system manager at the address specified below:

Office of the Assistant Administrator for Security and Hazardous Materials
Federal Aviation Administration
800 Independence Avenue, SW
Washington, DC 20591

Individuals with concerns about privacy and ITS may also email the FAA Privacy Officer via the contact information provided in the privacy policy on the FAA’s web site (www.faa.gov/privacy).

How ITS Secures Information

ITS system has a number of security measures and safeguards in place to protect the PII that it stores:

  • The ITS records are stored in approved security file cabinets and containers, in file folders, on lists and forms, and in computer storage media.
  • Access to and use of these records is limited to those persons whose official duties require such access and use.
  • Computer processing of information is conducted according to established FAA computer security regulations.
  • A risk assessment of the FAA computer facility that has physical controls used to process this system of records has been performed and any weaknesses resolved .
  • All users have signed a system “rules of behavior” document.   

The following matrix describes the levels of access and safeguards around each of these roles as they pertain to PII.

ROLEACCESSSAFEGUARDS
User (Level 3)
  • Assigned to a personnel security specialist or investigator to perform job relevant functions
  • Access granted by User (Level 2) or Site Administrator
  • Update own profile information
  • User-set user name and password
  • Account set-up approved by User (Level 2) and Administrator (Level 1)
  • Access can be granted or revoked to each module separately by User (Level 2) and Administrator (Level 1). In addition, access can be granted/revoked by region and/or by individual functions within each module
  • Passwords expire after a set period
  • Minimum length of passwords is 8 characters
  • Passwords must be combination of alpha/numeric/special characters
  • Accounts are locked after a set number of incorrect log-in attempts
  • Must access system from a computer that has a valid digital certificate issued by FAA ASH
User (Level 2)
  • Assigned to Branch Managers in the field or Regional Office Administrators
  • Request User (Level 3) account for personnel security specialists and investigators within their region or group
  • Access and change own profile information
  • Search, view, and change User (Level 3) profile information within their region or group
  • User-set user name and password
  • Account set-up approved by Site Administrator (Level 1)
  • Access can be granted or revoked to each module separately by Site Administrator (Level 1). In addition, access can be granted/revoked by region and/or by individual functions within each module
  • Passwords expire after a set period
  • Minimum length of passwords is 8 characters
  • Passwords must be combination of alpha/numeric/special characters
  • Accounts are locked after a set number of incorrect attempts
  • Must access system from a computer that has a valid digital certificate issued by FAA ASH
Site Administrator
  • Assigned to National Administrator or National Coordinator for ITS system
  • Search and view user names and profile information
  • Grant User (levels 2 and 3) accounts, reset account passwords, view access log information
  • View, search, add, and change all information in database
  • Make profiles inactive within the database for any user in the database
  • User-set user name and password
  • Account set-up approved by FAA ASH IT management
  • Passwords expire after a set period
  • Minimum length of passwords is 8 characters
  • Passwords must be combination of alpha/numeric/special characters
  • Accounts are locked after a set number of incorrect attempts
  • Must access system from a computer that has a valid digital certificate issued by FAA ASH

ITS is certified and accredited to ensure the protection of system information in accordance with the National Institute of Standards and Technology (NIST).  NIST issues guidance for the protection of information systems in the Federal government.  

How Long ITS Retains Information

Paper records generated by ITS will be retained in accordance with the current version of FAA Order 1350.15, Records Organization, Transfer and Destruction Standards, which provides a retention period of approximately 5 years (see https://employees.faa.gov/tools_resources/orders_notices).  The electronic records generated by ITS are currently unscheduled with the National Archives and Records Administration (NARA).  A retention period of approximately 5 years is proposed for the records.  Until they are scheduled, the electronic records will be maintained indefinitely, as required by 36 CFR 1228.26(a)(1) and (2).

System of Records

The ITS is a system of records subject to the Privacy Act and uses information only in accordance with the Privacy Act System of Records Notices:  DOT/FAA 815, Investigative Record System.

Last updated: 1/8/2009

Updated: Friday, April 12, 2013