DEPARTMENT OF TRANSPORTATION
Office of Inspector General
PRIVACY IMPACT ASSESSMENT
Transportation Inspector General Reporting System (TIGR)
August 20, 2004
Table of Contents
Overview of Office of Inspector General (OIG) privacy management process for TIGR
Personally Identifiable Information (PII) and TIGR
Why TIGR collects information
How TIGR uses information
How TIGR shares information
How TIGR provides notice and consent
How TIGR ensures data accuracy
How TIGR provides redress
How TIGR secures information
System of records
The Office of Inspector General (OIG) within the Department of Transportation (DOT) has been given the responsibility to promote efficiency and effectiveness and to prevent and detect waste and abuse in departmental programs and operations. OIG does this through audits and investigations. OIG also consults with the Congress about programs in progress and proposed new laws and regulations.
The Inspector General Act of 1978 established the Office of Inspector General as an independent entity within the Department. This Act prohibits agency officials from interfering with audits or investigations. However, much of OIG's most significant work is accomplished with the cooperation of the officials whose programs are being reviewed.
One of the systems that helps OIG fulfill this mission is the Transportation Inspector General Reporting System (TIGR). This system allows OIG to maintain and manage pertinent records on many OIG activities, including:
- OIG audits and investigations
- Labor Distribution
- Cost management
Though TIGR has been in existence for more than 10 years, recent improvements have made the system Web-enabled. However, TIGR remains accessible only to OIG employees and contractors through an Intranet Website.
Privacy management is an integral part of the TIGR system. DOT/OIG has retained the services of privacy experts to help assess its privacy management program, utilizing proven technology, sound policies and procedures, and proven methodologies.
The privacy management process is built upon a methodology that has been developed and implemented in leading companies around the country and globally. The methodology is designed to help ensure that DOT and OIG will have the information, tools, and technology necessary to manage privacy effectively and employ the highest level of fair information practices while allowing OIG to achieve its mission of protecting and enhancing a most important U.S. transportation system. The methodology is based upon the following:
- Establish priority, authority, and responsibility. Appointing a cross-functional privacy management team to ensure input from systems architecture, technology, security, legal, and other disciplines necessary to ensure that an effective privacy management program is developed.
- Assess the current privacy environment. This involves interviews with key individuals involved in the TIGR system to ensure that privacy risks are identified and documented.
- Organize the resources necessary for the project's goals. Internal DOT/OIG resources, along with outside experts, are involved in reviewing the technology, data uses, and associated risks. They are also involved in developing the necessary redress systems and training programs.
- Develop the policies, practices, and procedures. The resources identified in the paragraph above work to develop an effective policy or policies, practices, and procedures to ensure that fair information practices are complied with. The policies are designed to protect privacy effectively while allowing DOT/OIG to achieve its mission.
- Implement the policies, practices, and procedures. Once the policies, practices, and procedures are developed, they must be implemented. This involves training all individuals who will have access to and/or process personally identifiable information (PII). It also entails working with vendors to ensure that they maintain the highest standard for privacy while providing services to the OIG project.
- Maintain policies, practices, and procedures. Due to changes in technology, personnel, and other aspects of any program, effective privacy management requires that technology and information be available to the privacy management team to ensure that privacy policies, practices, and procedures continue to reflect actual practices. Regular monitoring of compliance is required.
- Manage exceptions and/or problems with the policies, practices, and procedures. This step involves the development and implementation of an effective redress and audit system to ensure that any complaints are effectively addressed and corrections made if necessary.
As part of its duties, OIG must conduct investigations under its jurisdiction. In some cases, members of the public may be involved in these investigations, either as subjects or contributors of information. In these cases, PII of these individuals may be included in TIGR, including: Name Date of birth Social security number Contact information Legal documents For a member of the publics PII to be included in TIGR, that individual must be associated with an OIG investigation. In addition, TIGR may include the PII of Federal government employees, including OIG employees.
OIG is responsible for conducting fair and accurate investigations. This process requires the gathering of information, some of which may be personal information. OIG uses this PII to ensure that individuals are correctly identified, contact individuals in the course of an investigation, track investigation processes, and make decisions.
OIG also uses TIGR to manage data on basic OIG operations, as well as internal audits and investigations. Therefore, TIGR may use PII on Federal government employees and contractors, including OIG employees and contractors, to track time, manage travel and expenses, and conduct internal audits and investigations.
In addition, TIGR supports restricted access functionality to all parts of the system. Therefore, TIGR contains usernames and passwords for OIG employees and associates those data with individuals accessing TIGR.
TIGR is primarily used as an internal tool to collect and manage data involved in OIG activities. OIG uses PII in TIGR only for these primary purposes, except as may be authorized by law.
In some cases, OIG may need to share some information in TIGR within OIG, or perhaps other government agencies, such as law enforcement. Policies detailed in OIG's Operating Procedures Manual define routine data sharing protocols, security and authorized uses. OIG does not share PII from TIGR outside of the Federal government, except as may be authorized by law.
For a member of the public's PII to be in TIGR, he or she must be somehow associated with an investigation. In some cases, an individual will know of the investigation and his or her involvement, and in other cases, not.
Notice is provided through the applicable Privacy Act System of Records notice, DOT/OST 101 - Inspector General Reporting System, TIGR.
OIG employees and contractors with approved access to TIGR provide PII associated with their login and password to the system. In these cases, OIG staff members must read a notice and disclosure statement on logging in that describes obligations and privacy protections.
TIGR receives most PII either directly through interactions with the individual in question, or through additional outside research. The length of time a record remains on the TIGR system is governed by federal guidelines, with inactive records being destroyed after two years. Information on this retention policy is provided in Privacy Act System of Records notice DOT/OST 101. Under the provisions of the Privacy Act, individuals may request searches of some TIGR data to determine if any records have been added that may pertain to them. This is accomplished by contacting the System Manager as directed in the Privacy Act System of Records notice DOT/OST 101. OIG does not allow public access to the information stored in the TIGR, except as may be authorized by law.
As provided for by the System of Records notice under the Privacy Act, individuals with questions about privacy and TIGR may contact the TIGR System Manager. In addition, privacy concerns can be directed to OIG's Privacy Officer.
TIGR takes appropriate security measures to safeguard PII and other sensitive data. TIGR applies DOT security standards, including but not limited to routine scans and monitoring, back-up activities, and background security checks of OIG employees and contractors.
In addition, OIG access to TIGR PII is limited according to job function. There is a formal approval process that must occur, in which one or more managers approve an individual's TIGR access, before that access is granted. OIG controls access privileges according to the minimum necessary rule.
The following access safeguards are also implemented:
- Passwords expire after a set period.
- Accounts are locked after a set period of inactivity.
- Minimum length of passwords is eight characters.
- Passwords must be a combination of letters and numbers
- Accounts are locked after a set number of incorrect attempts.
TIGR contains information that is part of an existing System of Records subject to the Privacy Act, because it is searched by an individual's name or unique identifiers. You can find TIGR's system of records notice, under DOT/OST 101 - Transportation Inspector General Reporting System, TIGR, at http://cio.ost.dot.gov/policy/records.html.
OIG has certified and accredited the security of TIGR in accordance with DOT information technology security standard requirements.