February 17, 2005 DM 3515-002
United States Department of Agriculture
National Agricultural Statistics Service
NASS Survey Processing System
Privacy Impact Assessment
(PIA)
February 17, 2005
Prepared by:
National Agricultural Statistics Service
1400 Independence Ave., S.W.
Washington, DC 20250
USDA PRIVACY IMPACT ASSESSMENT FORM
Project Name: NASS Survey Processing System
Description of Your Program/Project: The system that processes survey data from NASS surveys, which includes electronic survey management, data collection, data editing, data analysis, and data summarization or tabulation.
DATA IN THE SYSTEM
1. Generally describe the information to be used in the system.
|
The NASS Survey Processing System processes data that is collected from farmers and agri-businesses under a strict pledge of confidentiality. All information collected and processed by this system, including personally identifiable information, is protected by US Code: Title 7, 2276 – Confidentiality of Information. |
2a. What are the sources of the information in the system?
|
The population of farmers and agri-businesses. |
2b. What USDA files and databases are used? What is the source agency?
|
The NASS Survey Processing System uses secure SAS data sets, proprietary data files from our CATI system Blaisé, and FoxPro files to store and process the data. |
2c. What Federal Agencies are providing data for use in the system?
|
None |
2d. What State and Local Agencies are providing data for use in the system?
|
None |
2e. From what other third party sources will data be collected?
|
None |
2f. What information will be collected from the customer?
|
The data collected are updates to existing personally identifiable information, such as name and address information, and data about their farms and agri-businesses, such as acres, economic data, and livestock numbers. |
3a. How will data collected from sources other than the USDA records and the customer be verified for accuracy?
|
N/A |
3b. How will data be checked for completeness?
|
The NASS Survey Processing System will be used to perform these checks. |
|
|
1. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Other)?
|
Data access is limited to only NASS employees who have a need to review the data for analytical purposes, and those system developers that support the system. Each employee must sign a pledge of confidentiality that carries severe legal penalties for violating the pledge. |
2. How is access to the data by a user determined? Are criteria, procedures, controls, and responsibilities regarding access documented?
|
Access is determined by the above signed pledge of confidentiality and the subject area being analyzed, such as crops, livestock, and economic areas of interest. Access is documented by our Technical Services Branch. Computer security staff shares access rights with business managers to ensure “need-to-know” access only. |
3. Will users have access to all data on the system or will the user’s access be restricted? Explain.
|
Users will have access to only those data needed to carry out their assignments. There are appropriate managerial controls for this purpose. |
4. What controls are in place to prevent the misuse (e.g. browsing, unauthorized use) of data by those having access?
|
All NASS employees must sign a pledge of confidentiality that carries severe legal penalties for violating the pledge. Also the system has design features that allow only employees working on the particular subject area to gain access. |
5a. Do other systems share data or have access to data in this system? If yes, explain.
|
No |
5b. Who will be responsible for protecting the privacy rights of the customers and employees affected by the interface.
|
N/A |
6a. Will other agencies share data or have access to data in this system (International, Federal, State, Local, Other)?
|
No |
6b. How will the data be used by the agency?
|
It will only be used for statistical purposes. |
6c. Who is responsible for assuring proper use of the data?
|
The NASS Deputy Administrator for Programs and Products |
1. Is the use of the data both relevant and necessary to the purpose for which the system is being designed?
|
Yes |
2a. Will the system derive new data or create previously unavailable data about an individual through aggregation from the information collected?
|
No |
2b. Will the new data be placed in the individual’s record (customer or employee)?
|
N/A |
2c. Can the system make determinations about customers or employees that would not be possible without the new data?
|
No |
2d. How will the new data be verified for relevance and accuracy?
|
N/A |
3a. If data is being consolidated, what controls are in place to protect the data from unauthorized access or use?
|
The same controls that are in place for the raw data collected from farmers and agri-businesses. In this case consolidation refers to the normal process of aggregation of statistical data and not personally identifiable information. |
3b. If processes are being consolidated, are the proper controls remaining in place to protect the data and prevent unauthorized access? Explain.
|
N/A |
4a. How will the data be retrieved? Can it be retrieved by personal identifier? If yes, explain.
|
Yes. The information is processed, prior to statistical aggregation, at the personal identifier level. In the case of the NASS Survey Processing System, a unique ID is assigned to each respondent, and that ID is used to retrieve and analyze the data. |
4b. What are the potential effects on the due process rights of customers:
|
Our data providers have full protection and due process rights under US Code: Title 7, 2276 – Confidentiality of Information. None of the items listed here can be used to violate these rights to due process. |
4c. How are the effects to be mitigated?
|
See above |
1a. Explain how the system and its use will ensure equitable treatment of customers.
|
The privacy and confidentiality of all data providers are covered equally by US Code: Title 7, 2276. |
2a. If the system is operated in more than one site, how will consistent use of the system and data be maintained in all sites?
|
This system operates in both a centralized mainframe environment and a distributed LAN environment. The NASS Survey Processing System is administered and controlled from our HQ site. Data processed in our Field Offices must meet the same rigor applied to our centralized mainframe environment. An extensive set of policy memoranda, instructions, and technical review teams that make regular site visits maintain the necessary consistency needed for statistical analysis and aggregation. |
2b. Explain any possibility of disparate treatment of individuals or groups.
|
This possibility does not exist because of the statistical use of the data. |
2c. What are the retention periods of data in this system?
|
Data is retained as long as the information is needed for survey data editing, analysis, estimation, and sampling. Data are retained for ten to fifteen years in electronic form. |
2d. What are the procedures for eliminating the data at the end of the retention period? Where are the procedures documented?
|
Data are expunged from electronic systems, and paper questionnaires are either sent to the National Archives or shredded. The documentation for these procedures is stored in our policy and procedures manuals and instructions. They can be found in our HQ library and in our Field Offices. |
2e. While the data is retained in the system, what are the requirements for determining if the data is still sufficiently accurate, relevant, timely, and complete to ensure fairness in making determinations?
|
Data are used only for statistical purposes and are deemed accurate, relevant, timely, and complete for such purposes as are necessary for the publication of statistical reports. |
3a. Is the system using technologies in ways not previously employed by the agency (e.g. Caller-ID)?
|
No |
3b. How does the use of this technology affect customer privacy?
|
N/A |
4a. Will this system provide the capability to identify, locate, and monitor individuals? If yes, explain.
|
No |
4b. Will this system provide the capability to identify, locate, and monitor groups of people? If yes, explain.
|
No |
4c. What controls will be used to prevent unauthorized monitoring?
|
All NASS employees must sign a pledge of confidentiality that carries severe legal penalties for violating the pledge. Also the system has design features that allow only employees working on the particular subject area to gain access. |
5a. Under which Systems of Record notice (SOR) does the system operate? Provide number and name. (SORs can be viewed at www.access.GPO.gov)
|
Only a few items on the survey questionnaires qualify under the Privacy Act of 1974 as systems of records. This system operates under USDA/NASS-1 Agricultural Survey Records |
5b. If the system is being modified, will the SOR require amendment or revision? Explain.
|
If the scope of the personal data maintained is modified, the System of Record will be modified, accordingly. |
File Type | application/msword |
File Title | CHAPTER 3, PART 2 |
Author | Sharon Hughes |
Last Modified By | HancDa |
File Modified | 2008-04-24 |
File Created | 2008-04-24 |