DEPARTMENT OF TRANSPORTATION
Federal Aviation Administration

PRIVACY IMPACT ASSESSMENT

Labor and Employee Relations Information System (LERIS)

March 2010

System Overview

The Federal Aviation Administration (FAA), within the Department of Transportation (DOT), has been given the responsibility to carry out safety programs to ensure the safest, most efficient aerospace system in the world. The FAA is responsible for:

Regulating civil aviation to promote safety;
Encouraging and developing civil aeronautics, including new aviation technology;
Developing and operating a system of air traffic control and navigation for both civil and military aircraft;
Developing and carrying out programs to control aircraft noise and other environmental effects of civil aviation; and
Regulating United States (U.S.) commercial space transportation.

One of the programs that helps the FAA fulfill this mission is the labor and Employee Relations Information System (LERIS), which is a comprehensive workload tracking system for labor-management relations, employee disciplinary matters, and Employee Assistance Program activities.

The LERIS system tracks work in progress and stores historical workload and case data for research and analysis.

Information, Including Personally Identifiable Information (PII), in LERIS

LERIS contains both personally identifiable information (PII) and non-personally identifiable information pertaining to current and past FAA employees. PII collected in LERIS includes:

First and Last Name
Social Security Number
Limited medical information, in some cases.

An individual’s PII is entered into LERIS via electronic interface between LERIS and the Federal Personnel/Payroll System (FPPS).

Why LERIS Collects PII Information

LERIS collects information in order to accurately identify employees involved in grievances and disciplinary actions.

Legal Authority for Information Collection

5 U.S.C. 7125; 5 CFR Part 771

How LERIS Uses Information

Information in LERIS is used by Human Resources Specialists throughout the FAA to ensure proper record keeping regarding the work they perform.

How LERIS Shares Information

PII contained in LERIS is shared only with Human Resources Specialists for the performance of labor and employee relations responsibilities.

How LERIS Provides Notice and Consent

For an individual’s PII to be included in LERIS that individual must have filed or been involved with a grievance while at the FAA.

How LERIS Ensures Data Accuracy

LERIS receives data from Department of Transportation IR; which interfaces with National Business Center Federal Personnel/Payroll System (FPPS) and uses the FPPS DataMart. The accuracy of the data received is assumed from these databases or record. Case management data is entered by the appropriate specialists within the FAA.

Under the provisions of the Privacy Act, individuals may request searches of the LERIS records to determine if any records have been added that may pertain to them. This is accomplished by contacting their servicing Human Resource Management Division (HRMD). HRMDs are located in each region, which includes the Mike Maroney Aeronautical Center, the William J. Hughes Technical Center, and the FAA Headquarters. Depending on the nature of the employee’s request, a signed written request may be required by the HRMD. The FAA does not allow access through either the Internet or Intranet to the information stored in LERIS.

How LERIS Provides Redress

Concerns regarding privacy of LERIS data may be addressed directly to the HRMD or through the applicable union or administrative grievance procedures.

In the event that inaccurate personal data is received by LERIS from FPPS via the DOT IR, such data must be corrected in the FPPS database through procedures established for that system. Corrected data will then be transferred to LERIS where the records will be updated.

How LERIS Secures PII Information

LERIS takes appropriate security measures to safeguard PII and other sensitive data. Complete details are provided in the Information System Security Plan provided to the FAA. GDCI LERIS is housed in a TIER-3 data center with redundancy provided with a TIER-3 data center located in a separate geographical region. Access via the web requires passing the GDCI Firewall-DMZ-Firewall-Security Module ConnectHR-LERIS Application Authentication and Database. A graphical view is provided in the LERIS ISSP.

In addition, access to LERIS PII is limited according to job function.

How Long LERIS Retains PII

Data in LERIS is retained, archived, and/or destroyed in accordance with agency policy as described in FAA Order 1350.15c or its successor(s).

LERIS System of Records Notice (SORN)

LERIS is a system of records subject to the Privacy Act because it is searched by Name. The SORNs that apply to this system are the following:

DOT/ALL 1 – DOT Grievance Records Files

You can find LERIS’s system of records notice at:

http://www.dot.gov/privacy/privacyactnotices/ DOT/FAA, Grievance Records Files.