Policy Document

You are here

PIA - Operational And Supportability Implementation System (OASIS)

DEPARTMENT OF TRANSPORTATION
Federal Aviation Administration

  Privacy Impact Assessment
  OPERATIONAL AND SUPPORTABILITY IMPLEMENTATION SYSTEM (OASIS)

August 3, 2009


TABLE OF CONTENTS

Overview of Privacy Management Process
Personally Identifiable Information (PII) and OASIS
Why OASIS Collects Information
How OASIS Uses Information
How OASIS Shares Information
How OASIS Provides Notice and Consent
How OASIS Ensures Data Accuracy
How OASIS Provides Redress
How OASIS Secures Information
How Long OASIS Retains Information
System of Records

Overview of Privacy Management Process

The Federal Aviation Administration (FAA), within the Department of Transportation (DOT), has been given the responsibility to carry out safety programs to ensure the safest, most efficient aerospace system in the world. The FAA is responsible for:   

  • Regulating civil aviation to promote safety; 
  • Encouraging and developing civil aeronautics, including new aviation technology; 
  • Developing and operating a system of air traffic control and navigation for both civil and military aircraft; 
  • Developing and carrying out programs to control aircraft noise and other environmental effects of civil aviation; and 
  • Regulating U.S. commercial space transportation. 

One of the programs that helps the FAA fulfill this mission is the OPERATIONAL AND SUPPORTABILITY IMPLEMENTATION SYSTEM (OASIS), which is a system providing the capabilities for acquiring and displaying weather graphics products, emergency services, law enforcement, administrative and supervisory capabilities, flight planning and regulatory information and system maintenance functions.  

The OASIS system consists of an OASIS system in the Anchorage Air Route Traffic Control Center (ZAN) and workstations at the Automated Flight Service Stations (AFSSs) and Flight Service Stations (FSSs). A common master database is at ZAN with local storage at each AFSS or FSS to provide for faster access to the common weather products. 

Personally Identifiable Information (PII) and OASIS

The OASIS system contains both personally identifiable information (PII) and non-personally identifiable information pertaining to general aviation pilots. PII collected in the OASIS system is included in flight plan data. It consists of:   

  • pilot name 
  • home address 
  • home or cell phone number 
  • home base 

An individual's PII is entered into the OASIS system manually via template (screen) within the system, by a flight service station specialist (FAA employee). 

Why OASIS Collects Information

OASIS collects this information for Search & Rescue and Accident Investigation purposes only per FAA Order 8020.16 paragraph 72a(1).

How OASIS Uses Information

Information in OASIS is used for Search & Rescue and Accident Investigation purposes only per FAA Order 8020.16 paragraph 72a(1). It is destroyed 15 days after each flight is completed.

How OASIS Shares Information

PII contained in OASIS is not shared.

How OASIS Provides Notice and Consent

At the time the flight service station specialist (FAA employee) collects the PII from an individual and manually enters it into the OASIS system, the flight service station specialist provides the individual with a notice that he or she can retain and receives the individual's consent to include his or her PII in the system.

How OASIS Ensures Data Accuracy

Information is provided orally by the pilot and entered into the system by the flight service station specialist. Accuracy of the data is dependent on both parties, the pilot and the flight service station specialist.  

Under the provisions of the Privacy Act, individuals may request searches of the OASIS file to determine if any records have been added that may pertain to them. This is accomplished by sending a written request directly to the OASIS program office that contains name, authentication information, and information regarding the request. The FAA does not allow access through either the Internet or Intranet to the information stored in the OASIS. 

How OASIS Provides Redress

As provided for by the Privacy Act System of Records notices DOT/FAA 847, individuals with questions about privacy and OASIS should contact FAA directly. For inquiries, a letter should be sent to the System Manager at the address specified below:

   Flight Service Program Operations
   Federal Aviation Administration
   800 Independence Avenue, SW
   Washington, DC 20591 

Individuals with concerns about privacy and OASIS may also email the FAA Privacy Officer via the contact information provided in the privacy policy on the FAA's web site (www.faa.gov/privacy) .

How OASIS Secures Information

OASIS takes appropriate security measures to safeguard PII and other sensitive data by not making data available to unauthorized persons.  

In addition, access to OASIS PII is limited according to job function. OASIS access control privileges are set according to the following roles:

  • Flight Service Station Specialist
  • Flight Services Site Administrator

The matrix below describes the levels of access and safeguards around each of these roles as they pertain to PII.

Role Access Safeguards

Flights Service Station Specialist

  • Submit new flight plan
  • Update existing flight plan
  • Access and change own profile information
  • User-set user name and password
  • Account set-up approved by Administrator
  • Passwords expire after a set period
  • Minimum length of passwords is 8 characters
  • Passwords must be combination of alpha/numeric/special characters
  • Accounts are locked after a set number of incorrect log-in attempts
Flights Service Site Administrator
  • Search and view user names and profile information
  • Grant User accounts, reset account passwords, view access log information
  • Delete profiles (without viewing full profile information)
  • View, search, add, change, and delete all information in database
  • User-set user name and password
  • Account set-up approved by FAA program office
  • Passwords expire after a set period
  • Minimum length of passwords is 8 characters
  • Passwords must be combination of alpha/numeric/special characters
  • Accounts are locked after a set number of incorrect log-in attempts
  • Must access system from limited number of computers, each of which also has user name/password access control.

How Long OASIS Retains Information

Data in OASIS is retained for 15 days for Search & Rescue and Accident Investigation purposes only per FAA Order 8020.16 paragraph 72a(1).

System of Records

A System of Records Notice (SORN) DOT/FAA 847, Aviation Records on Individuals covers this system.
 

Updated: Friday, April 12, 2013