Download:
pdf |
pdfDI-4001 (01/2015)
U.S. Department of the Interior
U.S. Department of the Interior
PRIVACY IMPACT ASSESSMENT
The Department of the Interior requires PIAs to be conducted and maintained on all IT systems whether already in
existence, in development or undergoing modification in order to adequately evaluate privacy risks, ensure the protection of
privacy information, and consider privacy implications throughout the information system development life cycle. This PIA
form may not be modified and must be completed electronically; hand-written submissions will not be accepted. See the DOI
PIA Guide for additional guidance on conducting a PIA or meeting the requirements of the E-Government Act of 2002. See
Section 6.0 of the DOI PIA Guide for specific guidance on answering the questions in this form.
NOTE: See Section 7.0 of the DOI PIA Guide for guidance on using the DOI Adapted PIA template to assess third-party
websites or applications.
Name of Project
Yukon-Kuskokwim Delta Berry Outlook
Bureau/Office
US Geological Survey
Point of Contact Email
nhmercer@usgs.gov
Bureau/Office Contact Title
Social Scientist
First Name
Nicole
M.I.
Last Name
Herman-Mercer
Phone
(303) 236-5031
Address Line 1
Denver Federal Center, MS 418
Address Line 2
City
Denver
State/Territory
Colorado
Zip
80225
A. Is a full PIA required?
Yes
Yes, information is collected from or maintained on
Members of the general public
B. What is the purpose of the system?
The USGS mission is to serve the Nation by providing reliable scientific information to describe and understand the Earth.
This project will collect information from the public to better understand the abundance, distribution, and variability of
berry resources in the Yukon-Kuskokwim Delta region of Alaska. The people of the YK delta rely on wild berries for a
substantial part of their diet and hold information about the long term distribution and abundance of berries that is useful
for understanding current and future changes to berry habitat due to climate change impacts that will effect both human
and wildlife populations of the Yukon Delta Region and Yukon Delta National Wildlife Refuge.
Page 1 of 6
C. What is the legal authority?
15 U.S.C. 2901, 2908 The National Climate Program Act of 1978 established a national climate program to assist the
Nation and the world to understand and respond to natural and man-induced climate processes and their implications.
D. Why is this PIA being completed or modified?
New Information System
E. Is this information system registered in CSAM?
No
F. List all minor applications or subsystems that are hosted on this system and covered under this privacy impact
assessment.
Subsystem Name
Purpose
Contains PII
Describe
None
NA
No
G. Does this information system or electronic collection require a published Privacy Act System of Records Notice (SORN)?
No
H. Does this information system or electronic collection require an OMB Control Number?
Yes
Describe
The information system will contain PII from ten or more members of the public from which information is collected.
A. What PII will be collected? Indicate all that apply.
Name
Religious Preference
Social Security Number (SSN)
Citizenship
Security Clearance
Personal Cell Telephone Number
Gender
Spouse Information
Tribal or Other ID Number
Birth Date
Financial Information
Personal Email Address
Group Affiliation
Medical Information
Mother’s Maiden Name
Marital Status
Disability Information
Home Telephone Number
Biometrics
Credit Card Number
Child or Dependent Information
Other Names Used
Law Enforcement
Employment Information
Truncated SSN
Education Information
Military Status/Service
Legal Status
Emergency Contact
Mailing/Home Address
Place of Birth
Driver’s License
Other
Race/Ethnicity
B. What is the source for the PII collected? Indicate all that apply.
Individual
Tribal agency
DOI records
State agency
Federal agency
Local agency
Third party source
Other
Page 2 of 6
C. How will the information be collected? Indicate all that apply.
Paper Format
Face-to-Face Contact
Fax
Telephone Interview
Email
Web Site
Other
Information Shared Between Systems
D. What is the intended use of the PII collected?
The PII will only be used in order to understand demographics of project participants and to contact participants for
project follow up and reporting.
E. With whom will the PII be shared, both within DOI and outside DOI? Indicate all that apply.
Within the Bureau/Office
Describe the bureau or office and how the data will be used.
PII will not be shared
Other Bureaus/Offices
Other Federal Agencies
Tribal, State or Local Agencies
Contractor
Other Third Party Sources
F. Do individuals have the opportunity to decline to provide information or to consent to the specific uses of their PII?
Yes
Describe the method by which individuals can decline to provide information or how individuals consent to specific uses.
Individuals will be provided with an informed consent sheet that describes their rights as a project participant and that
they may decline to answer any questions or to provide any information at no risk to them. The informed consent
sheet will further describe the uses of PII by the USGS.
G. What information is provided to an individual when asked to provide PII data? Indicate all that apply.
Privacy Act Statement
Privacy Notice
Other
None
Describe each applicable format.
The Privacy Act Statement and Privacy Notice will be printed on each informed consent sheet presented to project
participants.
H. How will data be retrieved? List the identifiers that will be used to retrieve information (e.g., name, case number, etc.).
The data will only be retrieved manually from the system, specific identifiers to aid in the retrieval will be the names of the
villages project participants live in.
I. Will reports be produced on individuals?
No
A. How will data collected from sources other than DOI records be verified for accuracy?
Individuals providing PII will be relied upon to ensure that the data they are providing is accurate.
B. How will data be checked for completeness?
Data will be complete in so far as individuals are willing to provide identifying information. The system administrator will
Page 3 of 6
check PII for completeness and accuracy as it is being collected and make a note of the reason for incomplete data i.e.
individual did not wish to provide.
C. What procedures are taken to ensure the data is current? Identify the process or name the document (e.g., data models).
Individuals will be relied upon to report current data, however data need only to be current during the period it is collected
as it is time sensitive data. Therefore no procedures will be in pace to update the data beyond the life of the data
collection procedures.
D. What are the retention periods for data in the system? Identify the associated records retention schedule for the records
in this system.
The data will be retained for as long as the system administrator is employed by the US Geological Survey or for a period
of five year, whichever comes first. Schedule N1-57-08-06, Item 906-01.
E. What are the procedures for disposition of the data at the end of the retention period? Where are the procedures
documented?
At such time as the system administrator is due to be separated from the USGS or a period of five years after data
collection all PII will be destroyed by the system administrator. PII will be purged via a shredder as all PII will be stored in
paper format and not electronically.
F. Briefly describe privacy risks and how information handling practices at each stage of the “information lifecycle” (i.e.,
collection, use, retention, processing, disclosure and destruction) affect individual privacy.
The main risk to the privacy of individuals providing information will be during the fieldwork and collection period due to
the inadvertent loss of paper copies of PII. However, the PII information will be in the possession of the system
administrator throughout the fieldwork and data collection period. No copies will be made of this information. Upon return
to the system administrator's office all papers containing PII will be stored in a locked file cabinet within a locked office.
Only the system administrator will have a key to the locked file cabinet though other system staff will have access to the
office itself. Electronic copies of PII will not be created or retained, instead individuals will be identified only be
demographic information in electronic files. Upon the system administrators separation from the USGS or a period of five
years all paper copies containing PII will be destroyed by shredding the paper copies.
A. Is the use of the data both relevant and necessary to the purpose for which the system is being designed?
Yes
Explanation
The use of data is both relevant and necessary in order to contact individuals to arrange for meeting times and places
in order to complete the fieldwork necessary for this project. It is also necessary in order to contact project participants
to follow up with participants and report results. Demographic information is necessary in order to understand the
spatial quality of the results.
B. Does this system or electronic collection derive new data or create previously unavailable data about an individual
through data aggregation?
No
C. Will the new data be placed in the individual’s record?
No
D. Can the system make determinations about individuals that would not be possible without the new data?
No
E. How will the new data be verified for relevance and accuracy?
No new data will be created about individuals.
Page 4 of 6
F. Are the data or the processes being consolidated?
No, data or processes are not being consolidated
G. Who will have access to data in the system or electronic collection? Indicate all that apply.
Users
Developers
Contractors
Other
System Administrator
H. How is user access to data determined? Will users have access to all data or will access be restricted?
Only the owner of the data will have access to PII, other uses, such as project collaborators will have access only to
demographic information such as the name of the village, age, and gender of individuals that PII is collected from.
I. Are contractors involved with the design and/or development of the system, or will they be involved with the maintenance
of the system?
No
J. Is the system using technologies in ways that the DOI has not previously employed (e.g., monitoring software,
SmartCards or Caller ID)?
No
K. Will this system provide the capability to identify, locate and monitor individuals?
No
L. What kinds of information are collected as a function of the monitoring of individuals?
Individuals will not be monitored.
M. What controls will be used to prevent unauthorized monitoring?
Individuals will not be monitored.
N. How will the PII be secured?
(1) Physical Controls. Indicate all that apply.
Security Guards
Secured Facility
Identification Badges
Combination Locks
Locked Offices
Key Cards
Closed Circuit Television
Safes
Locked File Cabinets
Cipher Locks
Other
(2) Technical Controls. Indicate all that apply.
Password
Intrusion Detection System (IDS)
Firewall
Virtual Private Network (VPN)
Encryption
Public Key Infrastructure (PKI) Certificates
User Identification
Personal Identity Verification (PIV) Card
Biometrics
Other
(3) Administrative Controls. Indicate all that apply.
Periodic Security Audits
Regular Monitoring of Users’ Security Practices
Backups Secured Off-site
Methods to Ensure Only Authorized Personnel Have Access to PII
Rules of Behavior
Encryption of Backups Containing Sensitive Data
Role-Based Training
Mandatory Security, Privacy and Records Management Training
Other
Page 5 of 6
O. Who will be responsible for protecting the privacy rights of the public and employees? This includes officials responsible
for addressing Privacy Act complaints and requests for redress or amendment of records.
Nicole Herman-Mercer will be responsible for protecting and safeguarding information.
P. Who is responsible for assuring proper use of the data and for reporting the loss, compromise, unauthorized disclosure, or
unauthorized access of privacy protected information?
Nicole Herman-Mercer will be responsible for assuring proper use of the data and reporting the loss, compromise,
unauthorized disclosure, or unauthorized access of privacy protected information.
Information System Owner
Email
rloehman@usgs.gov
First Name
Rachel
M.I.
M
Last Name
Loehman
Bureau/Agency
U.S. Geological Survey
Title
Social Scientist
Phone
(303) 236-5031
Electronically signed by: Rachel M Loehman
Date:
Reference number: DI-4001-152bc32aNH
U.S. Department of the Interior | Enterprise Forms System
Page 6 of 6
File Type | application/pdf |
File Modified | 2016-04-14 |
File Created | 2016-04-14 |