DEPARTMENT OF TRANSPORTATION
Federal Aviation Administration
Privacy Impact Assessment
OPERATIONAL AND SUPPORTABILITY IMPLEMENTATION SYSTEM (OASIS)
August 3, 2009
TABLE OF CONTENTS
Overview of Privacy Management Process
Personally Identifiable Information (PII) and OASIS
Why OASIS Collects Information
How OASIS Uses Information
How OASIS Shares Information
How OASIS Provides Notice and Consent
How OASIS Ensures Data Accuracy
How OASIS Provides Redress
How OASIS Secures Information
How Long OASIS Retains Information
System of Records
The Federal Aviation Administration (FAA), within the Department of Transportation (DOT), has been given the responsibility to carry out safety programs to ensure the safest, most efficient aerospace system in the world. The FAA is responsible for:
- Regulating civil aviation to promote safety;
- Encouraging and developing civil aeronautics, including new aviation technology;
- Developing and operating a system of air traffic control and navigation for both civil and military aircraft;
- Developing and carrying out programs to control aircraft noise and other environmental effects of civil aviation; and
- Regulating U.S. commercial space transportation.
One of the programs that helps the FAA fulfill this mission is the OPERATIONAL AND SUPPORTABILITY IMPLEMENTATION SYSTEM (OASIS), which is a system providing the capabilities for acquiring and displaying weather graphics products, emergency services, law enforcement, administrative and supervisory capabilities, flight planning and regulatory information and system maintenance functions.
The OASIS system consists of an OASIS system in the Anchorage Air Route Traffic Control Center (ZAN) and workstations at the Automated Flight Service Stations (AFSSs) and Flight Service Stations (FSSs). A common master database is at ZAN with local storage at each AFSS or FSS to provide for faster access to the common weather products.
The OASIS system contains both personally identifiable information (PII) and non-personally identifiable information pertaining to general aviation pilots. PII collected in the OASIS system is included in flight plan data. It consists of:
- pilot name
- home address
- home or cell phone number
- home base
An individual's PII is entered into the OASIS system manually via template (screen) within the system, by a flight service station specialist (FAA employee).
OASIS collects this information for Search & Rescue and Accident Investigation purposes only per FAA Order 8020.16 paragraph 72a(1).
Information in OASIS is used for Search & Rescue and Accident Investigation purposes only per FAA Order 8020.16 paragraph 72a(1). It is destroyed 15 days after each flight is completed.
PII contained in OASIS is not shared.
At the time the flight service station specialist (FAA employee) collects the PII from an individual and manually enters it into the OASIS system, the flight service station specialist provides the individual with a notice that he or she can retain and receives the individual's consent to include his or her PII in the system.
Information is provided orally by the pilot and entered into the system by the flight service station specialist. Accuracy of the data is dependent on both parties, the pilot and the flight service station specialist.
Under the provisions of the Privacy Act, individuals may request searches of the OASIS file to determine if any records have been added that may pertain to them. This is accomplished by sending a written request directly to the OASIS program office that contains name, authentication information, and information regarding the request. The FAA does not allow access through either the Internet or Intranet to the information stored in the OASIS.
As provided for by the Privacy Act System of Records notices DOT/FAA 847, individuals with questions about privacy and OASIS should contact FAA directly. For inquiries, a letter should be sent to the System Manager at the address specified below:
Flight Service Program Operations
Federal Aviation Administration
800 Independence Avenue, SW
Washington, DC 20591
OASIS takes appropriate security measures to safeguard PII and other sensitive data by not making data available to unauthorized persons.
In addition, access to OASIS PII is limited according to job function. OASIS access control privileges are set according to the following roles:
- Flight Service Station Specialist
- Flight Services Site Administrator
The matrix below describes the levels of access and safeguards around each of these roles as they pertain to PII.
Flights Service Station Specialist
|Flights Service Site Administrator||
Data in OASIS is retained for 15 days for Search & Rescue and Accident Investigation purposes only per FAA Order 8020.16 paragraph 72a(1).
A System of Records Notice (SORN) DOT/FAA 847, Aviation Records on Individuals covers this system.