Download:
pdf |
pdfPrivacy Impact Assessment
for the
DHS Hiring and On-Boarding Process
DHS/ALL/PIA-043
April 22, 2013
Responsible Official
Catherine V. Emerson
Chief Human Capital Officer
Office of the Chief Human Capital Officer
(202) 282-8000
Reviewing Official
Jonathan R. Cantor
Acting Chief Privacy Officer
Department of Homeland Security
(202) 343-1717
Privacy Impact Assessment
DHS-Wide, Hiring and On-Boarding Process PIA
Page 1
Abstract
The Department of Homeland Security (DHS), including its components, is committed to
hiring and retaining a qualified and dedicated workforce of almost a quarter million federal
employees. To coordinate the hiring and on-boarding process for new and prospective DHS
employees, DHS relies on the Chief Human Capital Officer and Component Human Capital
Officers throughout the Department to serve as their component hiring authorities. DHS hiring
authorities are responsible for posting vacancy announcements, producing certificates of referral
for hiring managers, and extending tentative and final job offers to new employees. DHS is
conducting this Privacy Impact Assessment (PIA) because these activities require DHS hiring
authorities to receive Personally Identifiable Information (PII) from job candidates and new
employees during the hiring and on-boarding processes within the DHS-wide organization.
Overview
The Department of Homeland Security (DHS) has a vital mission: to ensure a homeland
that is safe, secure, and resilient against terrorism and other hazards. This requires the dedication
of more than 240,000 employees in jobs that range from aviation and border security to emergency
response, from cybersecurity analyst to chemical facility inspector. The mission of the Office of
the Chief Human Capital Officer (OCHCO) and its respective DHS component hiring authorities,
is to conduct all hiring, on-boarding, and career process-related activities for all DHS
organizations. To further its mission of recruiting and hiring qualified and dedicated employees,
OCHCO and the component human capital officers collect and use PII from all prospective and
new employees of the Department.
While DHS employees focus on protecting the American people, reducing the risk of
terrorist attacks, securing U.S. borders, and enhancing the nation’s preparedness and response
capabilities, the DHS hiring authorities focus on the human capital solutions DHS needs to be
successful. Each DHS component has its own hiring authority, with OCHCO serving as the hiring
authority for the DHS headquarters components only. This PIA describes the general hiring and
on-boarding process for all potential DHS employees, since the purpose of collection and uses of
information is similar regardless of DHS hiring authority. The specific IT systems used by the
individual DHS component hiring authorities to complete the hiring and on-boarding process are
detailed in the Appendix.
Within each DHS hiring authority, Human Resources (HR) Specialists implement the
federal government human resources functions of the Department. HR Specialists and program
managers are responsible for classifying, evaluating, and assessing positions within the
Department, and conducting job analyses to develop effective recruitment, selection, performance
management, and career development methodologies. HR Specialists at each DHS hiring authority
Privacy Impact Assessment
DHS-Wide, Hiring and On-Boarding Process PIA
Page 2
fulfill the following requirements under the Office of Personnel Management’s (OPM) delegated
examining authority:
1. Recruitment and public notice: Members of the public must have an opportunity to
compete for most vacant positions. DHS hiring authorities are responsible for providing
public notice of the opportunity to compete by listing all job announcements on
USAJOBS.gov.1
2. Establishing an agency policy on accepting and processing applications: DHS hiring
authorities are responsible for establishing policies and procedures for accepting and
processing applications from all applicants, including status applicants,2 and clearly
specifying filing instructions and conditions in the job announcement.
3. Assessment instruments and forms: DHS hiring authorities acquire and maintain
adequate supplies of the forms necessary for conducting examining operations.
4. Rating and ranking applications: DHS hiring authorities screen applications for
minimum qualifications, rate applications, rank eligible candidates based on their
ratings, apply veterans’ preference, and notify the applicants of the status of their
applications.
5. Screening for potential suitability concerns: DHS hiring authorities partner with their
respective Personnel Security Officer to screen for and evaluate suitability issues in
cases involving applicants for most competitive service positions (some must be
referred to OPM).3
6. Issuing certificates: DHS hiring authorities issue certificates of eligible candidates (lists
submitted to hiring managers) and establish procedures for how to object or pass over
certain candidates.
7. Auditing, accountability, and recordkeeping: DHS hiring authorities must keep
accurate accounting and recordkeeping for standard reporting requirements to OPM.
USAJOBS.gov is the federal government’s website for posting civil service job opportunities with federal
agencies. The site is operated by the OPM. For additional information, please see
http://www.opm.gov/privacy/PIAs/USAJOBS.pdf.
2
“Status” or “Competitive Status” means a person’s basic eligibility for assignment (for example, by transfer,
promotion, reassignment, demotion, or reinstatement) to a position in the competitive service without having to
compete with members of the general public in an open competitive examination. Once acquired, status belongs to
the individual, not to the position. (5 U.S.C. § 3304(a)).
3
Section 3301 of title 5, United States Code, directs consideration of “age, health, character, knowledge, and ability
for the employment sought.” E.O. 10577 (codified in relevant part at 5 CFR 1.1, 2.1(a) and 5.2) directs OPM to
examine “suitability” for competitive federal employment. “Suitability,” refers to those determinations based on a
person’s character or conduct that may have an impact on the integrity or efficiency of the service. (5 CFR pt. 731).
1
Privacy Impact Assessment
DHS-Wide, Hiring and On-Boarding Process PIA
Page 3
In accordance with the authority granted to DHS hiring authorities by OPM as the delegated
examination authority for the Department, all hiring authorities must fulfill the civil service hiring
requirements of DHS. To accomplish this mission, DHS leverages existing information technology
resources from OPM. For non-Executive candidates for employment with DHS, a typical hiring
and on-boarding interaction has several stages.
Vacancy Announcement Process
First, a hiring manager submits a request to fill or create a position through his or her
assigned HR Specialist. HR Specialists work with the hiring manager to determine the appropriate
position classification (title, series, grade level), qualification requirements, and pay plan (General
Schedule or other pay system) prior to the development of the vacancy announcement. The
announcement is created in OPM’s USA Staffing or the Monster Government Solutions
application and then posted on USAJOBS.gov. USAJOBS.gov is the U.S. Government’s official
system for federal jobs and employment information and is owned and operated by OPM.
USAJOBS.gov delivers a service by which federal agencies meet their legal obligation to provide
public notice of federal employment opportunities to federal employees and U.S. citizens. HR
Specialists use USAJOBS.gov to advertise DHS jobs, locate candidates for employment
consideration, and manage the recruitment and hiring process through the web interface.
Additionally, the USAJOBS system gives job seekers the ability to create and advertise their
resumes, search government jobs, and apply for a job directly through the web interface.
All applicants for federal employment must create a profile within USAJOBS.gov. To
apply for a position with DHS, potential applicants must also create a profile and upload their basic
contact information and supporting documents (which include PII), such as resume or proof of
veteran’s preference, to Application Manager. Application Manager is a standalone, browserbased online tool owned and managed by OPM that is used exclusively by applicants to apply for
federal jobs. DHS uses Application Manager, but federal agencies may opt to use other systems.
Applicants may upload resumes, as well as create profiles containing their PII using Application
Manager, for review by the hiring agency. Application Manager is used to collect information
directly from individuals applying for federal jobs to determine if their qualifications meet the
minimum qualification requirements for the vacancies for which they have applied.
USA Staffing and Monster Government Solutions is used by the HR Specialists to create
and post the job announcement on USAJOBS.gov and to access the information collected by
Application Manager to analyze and rate job applicants. Applicant information uploaded into
Application Manager is made available to HR specialists via secure login to the USA
Staffing/Monster Government Solutions application. Information uploaded into Application
Manager, either as the applicant profile or supporting documents, are then accessed by HR
Specialists through the USA Staffing tool to rank and rate eligible candidates for the position.
Privacy Impact Assessment
DHS-Wide, Hiring and On-Boarding Process PIA
Page 4
Selection Process
Candidates are rated and ranked by HR Specialists based on their answers to questions
specific to each job posting, their previous experience, special qualification, and entitlements (such
as Interagency Career Transition Assistance Program (ICTAP) Eligibles) to determine the
Certificate of Referral.4 The Certificate of Referral is generated from the criteria publicized in the
job announcement such as: job series, grade, whether the position is temporary or part-time, and
duty location(s). These criteria are part of the screening process used by HR Specialists in
identifying who will be on the Certificate of Referral sent to the hiring manager.
The Certificates of Referral, application question answers, and applicant resumes are then
made available to the recruiting administrative points of contact (POC) and hiring managers via
Selection Manager,5 a module of USA Staffing, also owned by OPM. Of note, not all components
use Selection Manager, however their processes are the same. HR Specialists alert the
administrative POCs and hiring managers via email that their selections are ready and available
for download by the hiring manager. The hiring manager is able to view the applicant profile
created in Application Manager (or component staffing solution) and applicant resumes. Hiring
managers have access to all documents submitted as part of the application process, and may either
print the application materials or view them online, schedule and conduct interviews, and then
indicate their candidate choices via Selection Manager (or component staffing solution). After the
hiring manager conducts the interview process and selects a candidate, the HR Specialist confirms
the hiring selection complies with OPM-issued federal hiring guidelines.
Non-Selectees
Information submitted by non-selected applicants is maintained on a rankings list, which
includes the applicant’s name, phone number, and address. This information is retained by the
hiring authorities for both internal and OPM audits for a period of no more than three years from
the date of collection.
Suitability Determination Process: Background Investigation, Drug Testing, and Security
Check
When a candidate has been selected by the hiring manager and the HR Specialist completes
his or her confirmation of hiring guidelines, DHS sends a Pre-Employment Notification email to
the candidate, informing him or her of the pre-selection and requesting the completion of the
background questionnaire within the Electronic Questionnaires for Investigations Processing
Also referred to as “Certificate of Eligibles” in the Delegated Examining Operations Handbook: A Guide for
Federal Agency Examining Offices (May 2007), available at
http://www.opm.gov/deu/handbook_2007/deo_handbook.pdf.
5
Selection Manager is an application that is part of the USA Staffing program. It is an online, browser-based tool
provided and managed by OPM.
4
Privacy Impact Assessment
DHS-Wide, Hiring and On-Boarding Process PIA
Page 5
system (eQIP)6, and the attached DHS 11000-5, Pre-screen for Clearance Form. A separate email
is sent to the candidate containing the password to open the attachment.
Five items are required from the candidate to initiate the background investigation and
security check:
1. SF-86, Questionnaire for National Security Positions (or the SF-85P, in the alternative);
2. DHS 11000-9, DHS Credit Release Form;
3. Form (OF) 306, Declaration for Federal Employment;
4. Copy of resume; and
5. Fingerprint receipt from the respective Personnel Security Office (received after the
fingerprinting appointment has been completed), or Form FD258 or two SF-87
fingerprint cards completed by a local police department.
The candidate is requested to complete the SF-86 or the SF-85P in electronic format in eQIP. An
eQIP account is created in advance by the applicable Personnel Security Office on behalf of the
candidate (using Form 11000-5 prepared by the HR Specialist based on information within USA
Staffing or Monster Government Solutions), and a candidate must log into eQIP within a specified
timeframe (usually 3 days, but in some instances up to 10 days) after receiving the notification
email or the account will be deleted. After the candidate has filled out eQIP, the information is
submitted via eQIP to the respective component Personnel Security Offices so they may perform
background checks on the selected candidates. Further, the candidate is requested to either be
fingerprinted on Form FD258 or SF-87 fingerprint cards through the component Personnel
Security Offices or with his or her local police department.
In addition to the five items cited in this section, DHS components may have additional
requirements for selectees such as fitness and medical standards, or oral board interviews
depending on the requirements of that particular position. See the Appendix for more details
concerning additional requirements of DHS component covered by this PIA. Most DHS
components also require employee drug testing in accordance with Executive Order 12564, Drug
Free Federal Workplace.7
Hiring authorities throughout DHS have their own procedures for interaction with the
respective Personnel Security Offices. Regardless of hiring authority, any PII sent from the
Personnel Security Office or hiring authority must be a password-protected and encrypted PDF
6
eQIP is a secure website managed by OPM that is designed to automate the common security questionnaires used
to process federal background investigations. For additional information, please see
http://www.opm.gov/privacy/PIAs/eQIP.pdf.
7
Executive Order 12654, Drug Free Workplace, 51 Fed. Reg. 32889 (Sept. 15, 1986), also available at
http://www.archives.gov/federal-register/codification/executive-order/12564.html.
Privacy Impact Assessment
DHS-Wide, Hiring and On-Boarding Process PIA
Page 6
file within an email. When candidates return information to hiring offices, it is returned via email.
The candidate may choose to password protect and encrypt the PII he or she returns to DHS.
Entry on Duty (EOD)
Pending the completion of their background check, selected applicants receive a final offer
email or letter from DHS confirming their official position, grade, salary, and job locale. Any terms
and conditions of employment are also stated in the final offer email or letter, as well as their
scheduled EOD date. Candidates also receive blank benefits and payroll forms via this email
attachment or letter. These forms are detailed in Section 1.5. Candidates are instructed to bring
completed forms to DHS orientation for the on-boarding process.
During orientation, selected candidates are required to complete and submit these onboarding forms to the HR Specialists and respective benefits specialists. These on-boarding forms
are collected, with the requisite information entered into U.S. Department of Agriculture’s
(USDA) National Finance Center (NFC)’s payroll system, “EmpowHR” 8 or sent to the health
insurer as required. Of note, some DHS components are still using NFC’s older payroll system:
Entry, Processing, Inquiry and Correction (EPIC) System. The original forms are either uploaded
to Electronic Official Personnel Folders (eOPF) or destroyed, in keeping with OPM’s Guide to
Personnel Record Keeping (GPR)9 and DHS records retention policies.
Executive Hiring
There may be different processes for Executive Hiring within DHS, depending on the
component. However, all component hiring authorities and processes collect the same PII on
individuals within their respective processes. The following example is used at DHS HQ, and the
procedure is similar throughout DHS components:
OCHCO Executive Resources (ER) division conducts Senior Executive Service (SES) and
political staffing and develops SES, Senior Level (SL) and Scientific and Professional (ST)
position policy for the Department. In its efforts to further the Department’s mission, OCHCO ER
collects and uses PII from prospective and current employees whose hiring and ongoing tracking
8
Human Capital Management System (EmpowHR) is owned and operated by the U.S. Department of Agriculture
(USDA) National Finance Center. EmpowHR provides web-based management functions to allow USDA and its
customers to access federal employee, applicant, contractor, and affiliate information from a centralized database
maintained by their human resources and/or contracting departments. System functionality includes recruitment,
position classification, HR processing, strategic workforce reporting, training and employee development, employee
and labor relations, employee benefits administration, succession planning, employee performance and
accountability, and organizational management. Employees can view their own personal information, and
supervisors can review useful information about their employees.
9
The Guide to Personnel Recordkeeping, The Office of Personnel Management, (June 1, 2011, Version 13),
available at http://www.opm.gov/policy-data-oversight/data-analysis-documentation/personneldocumentation/personnel-recordkeeping/recguide2011.pdf.
Privacy Impact Assessment
DHS-Wide, Hiring and On-Boarding Process PIA
Page 7
is within ER’s purview. The executive hiring process is functionally similar to the competitive
service process for civil service applicants, but is managed by Executive Resources HR Specialists.
For Senior Executives, PII is collected in the same manner as for the civil service applicants
via Application Manager. ER HR Specialists download this information from the USA Staffing
tool. ER HR Specialists use the PII to create screening panel packages and Certificates of Referral
and present these to administrative POCs and hiring managers via their secure DHS email.
Interviews for SES candidates are conducted via structured interview panels. Once hiring
managers make their selections, the PII is managed internally within ER to make tentative and
final job offers.
Benefits Processing
During orientation, new employees are required to complete and submit on-boarding forms
either in person, by fax, or via an official DHS IT system or application management system to
the respective employee processing divisions and the employee benefits divisions of their
respective hiring authorities. On-boarding forms are collected by the benefits specialists, who
manually key in the information from the forms into one of USDA’s front end payroll systems
(either EmpowHR or EPIC). The original forms are uploaded to eOPF (if appropriate) and internal
DHS hiring authority IT systems (detailed in the Appendix) and the original paper forms are
destroyed, in accordance with OPM and DHS records retention policies.
On-boarding forms are processed by benefits specialists to enroll new employees in the
following programs: Federal Employees Health Benefits (FEHB), Federal Employees’ Group Life
Insurance (FEGLI), and Thrift Savings Plan (TSP). Benefits specialists also process forms to assist
employees in their transition from civil service to retirement or separation from federal service.
Benefit specialists do not process employee elections for Flexible Spending Accounts (FSAFEDS)
and Long Term Care Insurance; employees enroll in these programs online directly.
All of the above programs may impact an employee’s payroll deductions. Therefore, the
enrollment forms are processed through the USDA frontend payroll systems. Benefits specialists
manually enter the information from the submitted forms into EmpowHR or EPIC to be processed
as payroll deductions by NFC. Forms are also scanned and uploaded into eOPF, maintained by
OPM, for the employee’s permanent file. Forms are also scanned and uploaded into internal DHS
hiring authority IT systems (detailed in the Appendix). Designation of beneficiary forms are not
input to EmpowHR or EPIC (since they do not impact payroll deductions) but are reviewed for
accuracy, certified, and scanned into eOPF. Once paper copies are scanned into the respective
hiring authority IT system, all paper copies of forms must be destroyed by HR Specialists within
one pay period of the new employee’s joining DHS.
Privacy Impact Assessment
DHS-Wide, Hiring and On-Boarding Process PIA
Page 8
Section 1.0 Authorities and Other Requirements
1.1
What specific legal authorities and/or agreements permit and
define the collection of information by the project in question?
Under 5 U.S.C. § 1104, OPM has delegated to agencies the authority to conduct
competitive examinations for positions in the competitive service, except for administrative law
judge positions. DHS hiring authorities receive their delegation authority from OPM and have two
fundamental responsibilities: to ensure that the agency’s vacant positions are filled with the bestqualified persons from a sufficient pool of well-qualified eligible candidates; and to uphold the
laws, regulations, and policies of merit selection (see 5 U.S.C. §§ 2301 and 2302).
1.2
What Privacy Act System of Records Notice(s) (SORN(s)) apply to
the information?
Information collected, maintained, used, and disseminated by DHS during the hiring and
on-boarding process is covered by several government-wide SORNs developed and managed by
OPM, and a Department-wide SORN managed by DHS:
OPM/GOVT-1 General Personnel Records 71 Fed. Reg. 35356 (June 19, 2006)
OPM/GOVT-5 Recruiting, Examining, and Placement Records 71 Fed. Reg. 35351 (June
19, 2006)
OPM/GOVT-6 Personnel Research and Test Validation Records 71 Fed. Reg. 35354 (June
19, 2006)
OPM/GOVT-7 Applicant Race, Sex, National Origin and Disability Status Records 71 Fed.
Reg. 35356 (June 19, 2006)
DHS/ALL-022 Department of Homeland Security Drug Free Workplace 73 Fed. Reg.
64974 (October 31, 2008)
1.3 Has a system security plan been completed for the information
system(s) supporting the project?
The primary IT security systems supporting the hiring and on-boarding process within
DHS are managed by OPM, USDA, or the individual DHS hiring authorities. DHS is not
responsible for the system security of the OPM and USDA IT systems. Each DHS component
manages the system security and compliance of its respective HR IT systems. These IT systems
are detailed in the Appendix.
Privacy Impact Assessment
DHS-Wide, Hiring and On-Boarding Process PIA
Page 9
1.4
Does a records retention schedule approved by the National
Archives and Records Administration (NARA) exist?
During the course of the DHS hiring and on-boarding process, various types of records are
created and maintained to assist in the entrance of an employee into the federal civil service. Types
of records that are covered by the SORNs listed in Section 1.2 include: general, testing, standing
inventory of jobs, employee eligibility, case examining, and examinations under litigation. Each
of these record types has their own NARA-approved retention and disposal schedule.10 Records
that are maintained by OPM have longer retention schedules, detailed in NARA’s General Records
Schedule 1 “Civilian Personnel Records.”11
General retention requirements in the Delegated Examining Operations Handbook: A
Guide for Federal Agency Examining Offices (May 2007), Appendix C - Records Retention and
Disposition Schedule include:
Records of information about the certificate or internal log system (e.g., receipt date,
series and grade of position, duty station) are retained for 3 years.
Certificate case file consisting of the vacancy announcement, public notice
documentation, position description, rating schedule, record of selective and quality
ranking factors used, job analysis documentation, list of eligibles screened for the
vacancy, rating sheet with the assignment of ratings, processing documents (e.g., OPM
Forms 1203), availability statements, the certificate of eligibles issued to the selecting
official, the annotated certificate of eligibles returned from the selecting official, and
other documentation upon which the certificate of eligibles was based are retained for
3 years.
Eligible Applications that are not referred to the selecting official, including the OF612, resume or equivalent, are still included in the case examining file and are retained
for 3 years.
Ineligible Applications consisting of the OF-612, resume, or equivalent and OPM
Forms 1203-AW (Form C) with rating sheet are included in the case examining file
and are retained for 3 years.
1.5
10
If the information is covered by the Paperwork Reduction Act
(PRA), provide the OMB Control number and the agency number
For a detailed description of all NARA retention and disposal schedules for records maintained and used during
the hiring and on-boarding process of federal employees, please see the Delegated Examining Operations
Handbook: A Guide for Federal Agency Examining Offices (May 2007), Appendix C - Records Retention and
Disposition Schedule, available at http://www.opm.gov/deu/handbook_2007/deo_handbook.pdf.
11
For additional information, please see http://www.archives.gov/records-mgmt/grs/grs01.html.
Privacy Impact Assessment
DHS-Wide, Hiring and On-Boarding Process PIA
Page 10
for the collection. If there are multiple forms, include a list in an
appendix.
During the on-boarding process, new DHS employees must submit the following forms
during their orientation sessions to their hiring authority:
Processing:
Appointment Affidavit, SF-61
Employment Eligibility Verification, I-912
Employee Address, AD-349
Direct Deposit Sign-Up Form, SF-1199A
Federal Tax Withholding, W-4
State Tax Withholding Certificate
Ethnicity and Race Identification, SF-181
Self-Identification of Reportable Handicap, SF-256
Statement of Prior Federal Service, SF-144
Declaration of Federal Employment, OF-306
Benefits:
12
Designation of Beneficiary (Unpaid Compensation), SF-1152
Civil Service Retirement System (CSRS) Designation of Beneficiary, SF-2808
Employee Health Benefits Registration (FEHB), SF-2809
Life Insurance Election (FEGLI), SF-2817
Designation of Beneficiary (FEGLI), SF-2823
During the on-boarding process, HR Specialists will verify employment eligibility by confirming the information
submitted on the I-9 through DHS’ E-Verify system. E-Verify is a free, and in most cases voluntary, Department of
Homeland Security (DHS) program implemented by the United States Citizenship and Immigration Services
(USCIS) and operated in collaboration with the Social Security Administration (SSA). It allows employers to
compare information provided by employees on the Employment Eligibility Verification, Form I-9, against
information in SSA and DHS databases in order to verify that an employee is authorized to work in the U.S., either
because he is a U.S. citizen or is a non-citizen whom the United States has granted work authorization. E-Verify was
mandated by the Illegal Immigration Reform and Immigrant Responsibility Act of 1996 (IIRIRA). For a detailed
description of DHS’ E-Verify program, please see the DHS/USCIS/PIA-030(d) - E-Verify Program Privacy Impact
Assessment, available at http://www.dhs.gov/uscis-pias-and-sorns.
Privacy Impact Assessment
DHS-Wide, Hiring and On-Boarding Process PIA
Page 11
Thrift Savings Plan Election, TSP-1
Thrift Savings Plan Election for Catch-Up Contribution, TSP-1-C
Designation of Beneficiary (Federal Employees Retirement System) SF-3102
Transit Subsidy Forms (such as DHS Form 1540-1 Mass Transit Attachment and
Expense Worksheets)
Section 2.0 Characterization of the Information
The following questions are intended to define the scope of the information requested and/or collected, as
well as reasons for its collection.
2.1
Identify the information the project collects, uses, disseminates, or
maintains.
Information is submitted directly to DHS, via OPM staffing systems, from prospective
applicants and new hire selectees who apply to positions within DHS. Prospective applicants may
also submit personal/professional character references. New hire selectees may also submit
dependent or familial PII on various forms, which may include TSP, Federal Employees Health
Benefit (FEHB) form SF-2809, resume, beneficiary forms for life insurance, and unpaid
compensation.
Categories of information collected during the hiring and on-boarding process may include,
but are not limited to:
Full name;
Date of birth;
Mailing address;
Telephone number;
Birth certificate;
Social Security number (SSN);
E-mail address;
Zip code;
Facsimile number;
Mother’s maiden name;
Medical record number;
Privacy Impact Assessment
DHS-Wide, Hiring and On-Boarding Process PIA
Page 12
Bank account number;
Health plan beneficiary number;
Professional certificate/licensing information;
Veteran’s preference;
Disability information;
Marriage record;
Education record.
Additional information is also collected by the respective Personnel Security Office during the
background investigation after the pre-employment notification is sent to a potential new
employee; however hiring authorities do not have access to this information. The only information
that hiring authorities receive from the Personnel Security Office upon completion of the
background investigation is the finding, i.e., cleared or not cleared.
Information collected for the purposes of employee drug testing may include:
Individual’s name;
Social Security number;
Date of birth;
Addresses;
Telephone numbers;
E-mail addresses;
Job title and grade;
Supervisor’s, senior management’s and leadership’s full name, addresses, phone
numbers, and email addresses;
Supervisor’s, senior management’s and leadership’s notes and records regarding an
employee’s suspected and/or confirmed illegal use, possession, distribution, or
trafficking of controlled substances;
Records related to any criminal conviction for illegal drug use or evidence obtained
from any arrest or criminal conviction;
Correspondence related to the suspected and/or confirmed illegal use, possession,
distribution, or trafficking of controlled substances of a current or former DHS
employee, including electronic mail and other electronic documents;
Privacy Impact Assessment
DHS-Wide, Hiring and On-Boarding Process PIA
Page 13
Verified positive and negative test results for illegal use of controlled substances;
Evidence of possession, distribution, or trafficking of controlled substances;
Lists of controlled substances verified as positive;
Substance abuse assessment, aftercare, and substance use monitoring results;
Employee records of attendance at treatment, types of treatment, and counseling
programs related to illegal use, possession, distribution, or trafficking of controlled
substances;
Records of treatment and counseling referrals related to testing for illegal use,
possession, distribution, or trafficking of controlled substances;
Prognosis of treatment information related to testing for illegal use, possession,
distribution, or trafficking of controlled substances;
Individual’s name, address, work/cell/home phone numbers, email addresses, and other
basic identification data for insurance purposes;
Name, address, telephone numbers, email addresses of treatment facilities;
Name, address, telephone numbers, email addresses of individuals providing treatment;
and
Written consent forms.
2.2
What are the sources of the information and how is the information
collected for the project?
Information is collected directly from applicants as they complete the required forms for
the position to which they are applying. DHS does not store interview questions or notes from the
selection managers during the hiring process. Rankings and ratings developed by DHS HR
specialists used to create a Certificate of Referral are stored in USA Staffing, which is owned and
operated by OPM, or Monster Enterprise Hiring Management (MEHM) system, which is owned
by Monster Government Solutions.
New hire selectees submit their on-boarding processing and benefits forms either through
DHS’s application management portals or in-person at the two-day welcome orientation for new
employees. All forms are scanned and uploaded into application management systems following
orientation and the paper copies are destroyed, unless DHS is required to submit them to OPM or
USDA.
Information regarding employee drug testing is collected directly from individuals who
submit to drug and alcohol testing and the subsequent testing facilities.
Privacy Impact Assessment
DHS-Wide, Hiring and On-Boarding Process PIA
Page 14
2.3
Does the project use information from commercial sources or
publicly available data? If so, explain why and how this
information is used.
No commercial sources or publicly available data is used by DHS during the on-boarding
process. Commercial sources or publically available data sources may be used by the Personnel
Security Office during the background investigation process.13
2.4
Discuss how accuracy of the data is ensured.
Applicant information is collected directly from the individual applicants via OPM’s
Application Manager or Monster’s MEHM system. These tools allow DHS to access the forms
and biographic information submitted directly by applicants.
New hire employee information is collected directly from the individual employee during
the on-boarding process, typically done in-person at orientation during the first days an employee
reports for duty. If new employees believe their information was entered incorrectly by an HR
Specialist, they may contact their respective hiring authority to contest inaccurate data. An
example includes federal employees transferring from another agency whose leave was not
computed properly. If pay or position is not affected, these are easily corrected by an HR Specialist.
If pay or position is affected, the employee (or former agency) must provide supporting documents.
Previous work history information that is submitted by the applicant is verified by
assessment questions and a resume. Additionally, physical documents (i.e., passport, driver’s
license, birth certificate, Social Security card) are used to verify identity. Documentation is also
required when claiming any veteran’s preference or disability status. Any further actions taken or
based on submitted information must be properly vetted and researched through appropriate
channels (such as the Personnel Security Office) once it has been disseminated by DHS or received
from the applicant directly via eQIP.
2.5
Privacy Impact Analysis: Related to Characterization of the
Information
Privacy Risk: There is a privacy risk that DHS will collect and retain more PII than is
needed for the processing of the applicant.
Mitigation: All information collected during the application process is essential for the
selection and hiring decision process. Though there is an inherent privacy risk of over-collection
due to the large volume of information collected from potential employees, different information
13
For a detailed description of the personnel security process at DHS, please see the DHS/ALL/PIA-038 Integrated
Security Management System (ISMS) PIA (March 22, 2011) and the DHS/ALL-023 - Department of Homeland
Security Personnel Security Management SORN (February 23, 2010), 75 Fed. Reg. 8088.
Privacy Impact Assessment
DHS-Wide, Hiring and On-Boarding Process PIA
Page 15
is collected throughout the stages of the hiring and on-boarding process to decrease the overcollection of information from individuals who are not selected for a position within DHS.
Privacy Risk: There is a privacy risk that PII may be emailed, either by the candidate or
the HR specialist, without appropriate encryption safeguards.
Mitigation: This risk is mitigated by the fact that HR Specialists must password-protect or
encrypt any sensitive PII they may transmit via email outside of the Department, per the DHS
Handbook for Protecting Sensitive Personally Identifiable Information.14 Additionally, candidates
are encouraged not to submit their PII directly via email but through the use of numerous online
browser-based tools run by OPM and supported by DHS, such as Application Manager.
Privacy Risk: There is a privacy risk that DHS will maintain inaccurate information about
applicants.
Mitigation: Records DHS collects, maintains, uses, and disseminates during the hiring and
on-boarding process are covered by the Privacy Act. Individuals may file a Privacy Act request
with DHS or OPM to access their personnel records. In addition, individuals may update and
change their profiles within USAJOBs and Application Manager at any time to ensure data quality
and integrity of their application profiles.
Privacy Risk: There is a privacy risk that HR specialists may use social media or thirdparty online search engines to verify the accuracy of previous work history.
Mitigation: HR Specialists verify the previous work history of applicants in accordance
with existing government and Department policy, including DHS Management Directive 110-01
Privacy Policy for Operational Use of Social Media (June 8, 2012).
Section 3.0 Uses of the Information
The following questions require a clear description of the project’s use of information.
3.1
Describe how and why the project uses the information.
DHS hiring authorities coordinate the on-boarding process for all current and prospective
DHS employees. The hiring authorities use this information to fill vacancy announcements,
produce certificates of referral for hiring managers, and extend tentative and final job offers.
14
DHS Handbook for Safeguarding Sensitive Personally Identifiable Information, (Revised March 2012). This
handbook sets minimum standards for how Department personnel should handle Sensitive PII in paper and
electronic form during their everyday work activities at the Department, available at
http://www.dhs.gov/sites/default/files/publications/privacy/Guidance/handbookforsafeguardingsensitivePII_march_
2012_webversion.pdf.
Privacy Impact Assessment
DHS-Wide, Hiring and On-Boarding Process PIA
Page 16
To complete their missions, DHS hiring authorities require applicants to submit their PII,
including SSNs. SSNs are necessary to verify employment eligibility and to allow applicants to
receive pay, pay taxes, and obtain benefits. SSNs are collected in the first instance by USA Staffing
or Monster Government Solutions as part of the verification process of the applicant.
New hire employee information is used by benefits specialists to enroll new employees in
government benefit and direct deposit programs. This information is used to complete employee
financial and benefit forms within the employee’s first pay period as a DHS employee.
3.2
Does the project use technology to conduct electronic searches,
queries, or analyses in an electronic database to discover or locate
a predictive pattern or an anomaly? If so, state how DHS plans to
use such results.
No, the program does not use technology to conduct electronic searches, queries, or
analyses.
3.3
Are there other components with assigned roles and responsibilities
within the system?
The DHS on-boarding process is conducted in conjunction with OPM and the various
online, browser-based tools that it provides to federal agencies to determine the eligibility of
applicants for federal employment. DHS hiring authorities are separated by component, with their
own respective IT systems for hiring and on-boarding. Data is not shared between components,
for example TSA HR Specialists can only access TSA applicant and employee data. All HR
Specialists can access Monster Government Solutions (if applicable) or OPM’s USA Staffing and
eOPF systems and USDA NFC’s payroll and personnel processing system, but can only access the
data of their component applicants and employees. If a component is using an application
management system, these application management systems cannot be accessed by external
entities (other than potential new employees who upload their forms and only have access to their
personal data in the system).
3.4
Privacy Impact Analysis: Related to the Uses of Information
Privacy Risk: There is a privacy risk that applicant and new employee information that
contains PII may be used in a manner inconsistent with its original purpose for collection.
Mitigation: Applicant and new employee information may only be used consistent with
the purpose for collection. All files and records are maintained by DHS in accordance with OPM
regulations and instructions. They are used to provide the basic source of factual data about a
person’s federal employment while in the service and after his or her separation. Records are only
used to meet OPM personnel requirements, including screening qualifications of employees;
Privacy Impact Assessment
DHS-Wide, Hiring and On-Boarding Process PIA
Page 17
determining status, eligibility, and employee’s rights and benefits under pertinent laws and
regulations governing federal employment; computing length of service; and other information
needed to provide personnel services.
Privacy Risk: There is a privacy risk that information on benefit forms will be manually
entered into USDA’s EmpowHR inaccurately. There is also a risk of employees including
inaccurate information on the forms, most likely inadvertently.
Mitigation: There is always a risk of inaccuracy when information is manually keyed into
a system from paper originals. To mitigate the risk of inaccurate data in EmpowHR, HR Specialists
upload an original copy of the employee forms in DHS IT systems and eOPF (as appropriate), to
which the employee has access, in case of contest. Employees are able to file a ticket within these
systems and application managers to request that an HR Specialist review their profile within
USDA NFC’s payroll system if they suspect an inaccuracy. HR Specialists verify the information
on the paper forms during the orientation with new hire selectees in person.
Privacy Risk: There is a privacy risk that information collected by DHS will be accessed
or used by someone without a “need to know.”
Mitigation: Hiring authorities throughout DHS maintain partitioned shared drives for the
different divisions and teams within their organization. Processing specialists cannot access
benefits information on the benefits shared drive and benefits specialists cannot access processing
information. In addition, hiring authorities continue to work with their respective component
privacy officers in their development of a “culture of privacy.”
Section 4.0 Notice
The following questions seek information about the project’s notice to the individual about the information
collected, the right to consent to uses of said information, and the right to decline to provide information.
4.1
How does the project provide individuals notice prior to the
collection of information? If notice is not provided, explain why
not.
This PIA serves as notice of the DHS hiring and on-boarding process. Additionally, notice
is provided at the time of the collection of information from the applicant and new hire employees,
via Privacy Act statements, which are included on all forms where required. These statements are
available on the USAJOBS.gov website, as well as on the forms that are completed by the applicant
for background investigations and security clearance checks.
Privacy Impact Assessment
DHS-Wide, Hiring and On-Boarding Process PIA
Page 18
4.2
What opportunities are available for individuals to consent to uses,
decline to provide information, or opt out of the project?
Applicants are given the opportunity to decline to provide their own information by not
submitting their information for the employment opportunity. Declining to provide their
information simply means that the individual chooses not to participate in the hiring process for
that employment opportunity.
New hire employees are also given the opportunity to decline to provide their own
information or by opting to participate in only benefit programs of their choosing. Declining to
provide their information will prevent the new hire employee from enrolling in that benefit
program.
4.3
Privacy Impact Analysis: Related to Notice
Privacy Risk: There is a privacy risk that applicants or new hire employees will not receive
adequate notice detailing the purpose for the collection of their information, as well as its use,
maintenance, and dissemination.
Mitigation: This privacy risk is mitigated by the notice provided through this PIA.
Additionally, a Privacy Act statement is provided to the applicants and new hire employees at the
time they submit their information through USAJOBS or the benefits forms process. By providing
notice when collecting information, DHS mitigates the privacy risks associated with notice, including
the lack of understanding on the part of individuals regarding the collection and use of their PII, their
rights to refuse to participate in the information collection, and their ability to correct inaccurate
information.
Section 5.0 Data Retention by the project
The following questions are intended to outline how long the project retains the information after the initial
collection.
5.1
Explain how long and for what reason the information is retained.
DHS hiring authorities have strict records retention and disposal requirements, set by
NARA and reiterated in the Delegated Examining Operations Handbook (DEOH).15 DHS must
retain and dispose of records in accordance with the DEOH Records Retention and Disposition
Schedule. DHS must also ensure that the records used to implement the delegation of authority are
maintained in a manner that is consistent with OPM’s Government-wide system of records
(OPM/GOVT-005) and the Privacy Act.
15
See FN 2, Appendix C.
Privacy Impact Assessment
DHS-Wide, Hiring and On-Boarding Process PIA
Page 19
Record retention and disposal schedules vary by the type of record maintained. Types of
records maintained by DHS-wide entities include: general, testing, standing inventory of jobs,
employee eligibility, case examining, and examinations under litigation. Each of these record types
has its own NARA-approved retention and disposal schedule.
General retention requirements in the Delegated Examining Operations Handbook: A
Guide for Federal Agency Examining Offices (May 2007), Appendix C - Records Retention and
Disposition Schedule include:
Records of information about the certificate or internal log system (e.g., receipt date,
series and grade of position, duty station) are retained for 3 years.
Certificate case file consisting of the vacancy announcement, public notice
documentation, position description, rating schedule, record of selective and quality
ranking factors used, job analysis documentation, list of eligibles screened for the
vacancy, rating sheet with the assignment of ratings, processing documents (e.g., OPM
Forms 1203), availability statements, the certificate of eligibles issued to the selecting
official, the annotated certificate of eligibles returned from the selecting official, and
other documentation upon which the certificate of eligibles was based are retained for
3 years.
Eligible Applications that are not referred to the selecting official, including the OF612, resume or equivalent, are still included in the case examining file and are retained
for 3 years.
Ineligible Applications consisting of the OF-612, resume, or equivalent and OPM
Forms 1203-AW (Form C) with rating sheet are included in the case examining file
and are retained for 3 years.
5.2
Privacy Impact Analysis: Related to Retention
Privacy Risk: There is a risk that DHS will maintain records, especially paper records, for
a longer period of time than is necessary to complete their mission.
Mitigation: Though DHS handles a considerable volume of employee records, all of these
records have specific record retention schedules on file with NARA and catalogued within the
Delegated Examining Operations Handbook.
Hiring authorities within DHS follow security requirements to store all electronic
information in IT systems with security authorizations if appropriate, and refrain from storage of
information in “shadow systems” (such as duplicate systems, data extracts, or unofficial copies)
or on shared drives whenever possible.
Privacy Impact Assessment
DHS-Wide, Hiring and On-Boarding Process PIA
Page 20
Section 6.0 Information Sharing
The following questions are intended to describe the scope of the project information sharing external to the
Department. External sharing encompasses sharing with other federal, state and local government, and private sector
entities.
6.1 Is information shared outside of DHS as part of the normal agency
operations? If so, identify the organization(s) and how the information is
accessed and how it is to be used.
Information collected and maintained by DHS during the hiring and on-boarding process
may be shared outside of DHS consistent with 5 U.S.C. § 552a(b), including the following
purposes:
1. To obtain and disclose information to OPM as part of the candidate selection process
through their various staffing tools: USAJOBS.gov, Monster Government Solutions,
USA Staffing, and Selection Manager;
2. To disclose information to the Department of Agriculture National Finance Center as
part of the payroll/personnel system to process payroll and benefit payroll deduction
information for employees;
3. To disclose information to Government training facilities (federal, state, and local) and
to non-Government training facilities (private vendors of training courses or programs,
private schools, etc.) for training purposes;
4. To disclose information to education institutions on appointment of a recent graduate
to a position in the federal service, and to provide college and university officials with
information about their students working in the Pathways Program, Volunteer Service,
or other similar programs necessary to a student's obtaining credit for the experience
gained;
5. To disclose information necessary to the Office of Federal Employees Group Life
Insurance to verify election, declination, or waiver of regular and/or optional life
insurance coverage or eligibility for payment of a claim for life insurance;
6. To disclose, to health insurance carriers contracting with OPM to provide a health
benefits plan under the Federal Employees Health Benefits Program, information
necessary to identify enrollment in a plan, to verify eligibility for payment of a claim
for health benefits, or to carry out the coordination or audit of benefit provisions of
such contracts;
Privacy Impact Assessment
DHS-Wide, Hiring and On-Boarding Process PIA
Page 21
7. To disclose information to a federal, state, or local agency for determination of an
individual’s entitlement to benefits in connection with Federal Housing Administration
programs;
8. To consider and select employees for incentive awards and other honors and to
publicize those granted. This may include disclosure to other public and private
organizations, including news media, that grant or publicize employee recognition;
9. To consider employees for recognition through quality-step increases, and to publicize
those granted. This may include disclosure to other public and private organizations,
including news media, that grant or publicize employee recognition;
10. To disclose information to officials of labor organizations recognized under 5 U.S.C.
chapter 71 when relevant and necessary to their duties of exclusive representation
concerning personnel policies, practices, and matters affecting working conditions.
11. To disclose information to officials from agencies that have oversight as appropriate
these agencies include, but are not limited to: OPM, the Merit Systems Protection
Board (MSPB), the Federal Labor Relations Authority (FLRA), the Government
Accountability Office (GAO), and the Equal Employment Opportunity Commission.
12. To disclose the results of a drug test of a federal employee pursuant to an order of a
court of competent jurisdiction when required by the United States Government to
defend against any challenge against any adverse personnel action.16
6.2
Describe how the external sharing noted in 6.1 is compatible with
the SORN noted in 1.2.
Information collected, maintained, used, and disseminated by DHS during the hiring and
on-boarding process is covered by several government-wide SORNs maintained by OPM. All
sharing of information outside of DHS is consistent with the conditions of disclosure in 5 U.S.C.
§ 552a(b), including the routine uses in these published SORNs:
OPM/GOVT-1 General Personnel Records 71 Fed. Reg. 35356 (June 19, 2006)
Records related to an applicant’s examination for use of illegal drugs under provisions of Executive Order 12564
are maintained within the OPM/GOVT-5 - Recruiting, Examining, and Placement Records, 71 Fed. Reg. 35351
(June 19, 2006) SORN. Such records may be retained by the agency (e.g., evidence of confirmed positive test
results) or by a contractor laboratory (e.g., the record of the testing of an applicant, whether negative, or confirmed
or unconfirmed positive test result). Only Routine Use “P” identified for this system of records is applicable to
records relating to drug testing under Executive Order 12564. Further, such records shall be disclosed only to a very
limited number of officials within the agency, generally only to the agency Medical Review Official (MRO), the
administrator of the agency Employee Assistance Program, and any supervisory or management official within the
employee’s agency having authority to take the adverse personnel action against the employee.
16
Privacy Impact Assessment
DHS-Wide, Hiring and On-Boarding Process PIA
Page 22
OPM/GOVT-5 Recruiting, Examining, and Placement Records 71 Fed. Reg. 35351
(June 19, 2006)
OPM/GOVT-6 Personnel Research and Test Validation Records 71 Fed. Reg. 35354
(June 19, 2006)
OPM/GOVT-7 Applicant Race, Sex, National Origin and Disability Status Records 71
Fed. Reg. 35356 (June 19, 2006)
OPM/GOVT-10 Employee Medical File System Records 71 Fed. Reg. 35360 (June
19, 2006)
DHS/ALL-022 Department of Homeland Security Drug Free Workplace 73 Fed. Reg.
64974 (October 31, 2008)
6.3
Does the project place limitations on re-dissemination?
All information collected, maintained, used, and disseminated by DHS during the hiring
and on-boarding process is covered by the Privacy Act. As such, information may only be
disseminated consistent with the routine uses in the above SORNs. DHS does not share
information externally in a manner inconsistent with these Privacy Act protections.
6.4
Describe how the project maintains a record of any disclosures
outside of the Department.
DHS, OPM, and USDA systems use auditing tools and procedures to ensure accountability
of access by users, reconstruct events, detect intrusion, and identify problems. All of the hiring and
on-boarding systems have a moderate security categorization and implement the associated
National Institutes of Standards and Technology (NIST) Special Publication (SP) 800-53 Revision
3 security controls. All systems have audit trail records that are maintained online for a brief period,
are periodically reviewed by system personnel, and are preserved for a number of years as
prescribed in the associated record retention schedule. Suspected or confirmed security or privacy
issues are elevated to the Security Operations Center and the applicable Information System
Security Manager/Officer of the system and Privacy Officer are notified as incidents are reported,
worked, and resolved.
6.5
Privacy Impact Analysis: Related to Information Sharing
Privacy Risk: There is a risk that information will be shared outside of DHS for a purpose
inconsistent with one of the published OPM SORNs.
Mitigation: All information collected, maintained, used, and disseminated by DHS during
the hiring and on-boarding process is covered by the Privacy Act. As such, information may only
Privacy Impact Assessment
DHS-Wide, Hiring and On-Boarding Process PIA
Page 23
be disseminated consistent with the routine uses in the above SORNs. DHS does not share
information externally in a manner inconsistent with these Privacy Act protections.
Section 7.0 Redress
The following questions seek information about processes in place for individuals to seek redress which may
include access to records about themselves, ensuring the accuracy of the information collected about them, and/or
filing complaints.
7.1
What are the procedures that allow individuals to access their
information?
Records collected, maintained, used, and disseminated by DHS during the hiring and onboarding processes are covered by the Privacy Act. Applicants and new hire employees may file
a Privacy Act request with DHS or OPM to access their personnel records.
Applicants are notified during the hiring process when a negative determination is made
regarding their application. They are encouraged to follow up via email if they are not satisfied
with the negative determination that was made regarding their application. Additionally, the
Personnel Security Office notifies applicants with a certified letter when their background
investigation has concluded.17
7.2
What procedures are in place to allow the subject individual to
correct inaccurate or erroneous information?
Individuals may update and change their profiles within USAJOBs and Application
Manager at any time. Once an employee joins DHS, they are able to access and update their
employee profiles consistent with their individual hiring authority IT systems.
7.3
How does the project notify individuals about the procedures for
correcting their information?
Applicants are made aware at the time that they receive their login information that they
may correct or update any erroneous information that may have been submitted prior to the
application being processed or the expiration of the employment opportunity. Privacy Act notices
are also posted on personnel forms and applications during each stage of the hiring process.
17
For a detailed description of the redress available to prospective employees undergoing the security background
check process, please see the DHS/ALL/PIA-038 Integrated Security Management System (ISMS) PIA (March 22,
2011) and the DHS/ALL-023 - Department of Homeland Security Personnel Security Management SORN (February
23, 2010), 75 Fed. Reg. 8088.
Privacy Impact Assessment
DHS-Wide, Hiring and On-Boarding Process PIA
Page 24
7.4
Privacy Impact Analysis: Related to Redress
Privacy Risk: There is a privacy risk that candidates and new employees will not know
how to access, correct, or amend their personnel records.
Mitigation: All government personnel records are covered by the Privacy Act and fall
under the general personnel record SORNs managed and maintained by DHS and OPM. There are
Privacy Act notices on all OPM applications and DHS IT systems/application management
systems to alert candidates and new employees that their records are afforded Privacy Act
protections.
Section 8.0 Auditing and Accountability
The following questions are intended to describe technical and policy based safeguards and security
measures.
8.1
How does the project ensure that the information is used in
accordance with stated practices in this PIA?
Access to each system is determined by the role to be performed by the user. Applicable
permissions are associated with the role. The information viewed by the privileged or general user
is based on the role being performed and the “need to know” principle. Audit trails are reviewed
to ensure the appropriate handling of information.
8.2
Describe what privacy training is provided to users either generally
or specifically relevant to the project.
All DHS employees and contractors receive annual security and privacy training. In
addition, DHS must conduct annual audits, and employees must complete DHS certification
training consistent with the Delegated Examining Operations Handbook. DHS hiring authorities
must also establish an internal accountability system, and conduct annual self-audits of delegated
examining activities.
8.3
What procedures are in place to determine which users may access
the information and how does the project determine who has
access?
All DHS hiring authorities manage their own employee access to OPM and USDA systems,
as well as user accounts for their internal HR IT systems. Users are required to attend role-based
security training and sign Rules of Behavior and a DHS Non-Disclosure Agreement prior to being
granted access to the system, and are required to annually attend Privacy and IT Security
Awareness Training.
Privacy Impact Assessment
DHS-Wide, Hiring and On-Boarding Process PIA
Page 25
8.4
How does the project review and approve information sharing
agreements, MOUs, new uses of the information, new access to the
system by organizations within DHS and outside?
All information sharing agreements are reviewed and approved by the individual hiring
authority for consistency with applicable laws, regulations, and policies governing the appropriate
sharing of PII outside of the Department.
Responsible Official
Catherine V. Emerson
Chief Human Capital Officer
Department of Homeland Security
Approval Signature
Original signed copy on file with DHS Privacy Office
________________________________
Jonathan R. Cantor
Acting Chief Privacy Officer
Department of Homeland Security
Privacy Impact Assessment
DHS-Wide, Hiring and On-Boarding Process PIA
Page 26
APPENDIX
(last updated April 26, 2017)
The following IT systems are used by DHS hiring authorities for the collection, use,
dissemination, and maintenance of information from members of the public during the hiring and
on-boarding process in addition to the standard systems mentioned above and are covered by this
Privacy Impact Assessment.
DHS Headquarters (DHS HQ)
FHR Navigator: FHR Navigator is a DHS-owned and operated HR system that automates
human resources functions for DHS HQ components. It is a suite of web-based software tools
complimented by a centralized database to support the strategic management of human capital
within the federal workplace. The tools contained within FHR Navigator support simultaneous
database access by employees and HR personnel. The Forms Manager feature allows employees
and HR personnel access to over 150 electronic federal forms for use in on-boarding, employee
separation and transfer, processing deposit and redeposit payments, and completing benefits
elections. Employees can fill out forms electronically and the data flows automatically into the
central database.
In the final email containing the offer information, DHS HQ candidates are also provided
the website address for FHR Navigator. Candidates create their own username and password by
self-registration via the login page at https://fhrnavigator.dhs.gov. The system allows selfregistration based on an applicant’s last name, date of birth, and SSN. Candidates may log in, select
MyForms, complete all forms shown in the On-boarding folder, and click the Submit link.
U.S. Customs and Border Protection (CBP)
CBP Jobs Mobile Application (CBP Jobs): provides updates on application status to
users who have applied to and have been tentatively selected for Frontline positions at CBP.
Frontline positions include Border Patrol Agents, CBP Officers, Agricultural Specialists, Air
Interdiction Agents, and Marine Interdiction Agents. The CBP Jobs Mobile Application provides
the status of the Frontline applicant’s: 1) eQIP Questionnaire, 2) Fitness Tests, 3) Medical Exam,
4) Structured Interview, 5) Polygraph, 6) Background Investigation, 7) Drug Test, and 8) Final Job
Offer during his or her pre-employment process.
After downloading the CBP Jobs Mobile Application and upon their initial access to the
CBP Jobs screen, applicants are redirected to Login.gov, a third-party system operated by the
General Services Administration, in order to register and login. To complete the registration
Privacy Impact Assessment
DHS-Wide, Hiring and On-Boarding Process PIA
Page 27
process via Login.gov, the applicant must provide his or her name, phone number, email address,
and a password created by the applicant. Once logged in, the user is redirected to CBP Jobs, which
does not collect the user’s contact information used for login.
CBP Jobs was introduced to replace the Central Application Self-Service and the systems
will run concurrently for a period of time once CBP Jobs is operational.
Central Application Self-Service (CASS): resides on the CBP.gov internet website and
provides the job application process status for CBP conditional employees, who have passed the
entrance exam and have been issued a Tentative Selection Letter for an entry-level position.
Occupations include: Agricultural Specialist, Border Patrol Agent, or Border Patrol Officer. CASS
provides a status on the following requirements: pre-employment forms, medical exam fitness test,
drug screening, structured interview, background investigation, qualifications, and scheduled
report date. Login into CASS requires the last four digits of the applicant’s SSN and his/her date
of birth (DOB). CBP will gradually phase out CASS once the CBP Jobs Mobile Application is
fully operational.
Cornerstone: Cornerstone is a workflow tool and centralized repository that contains the
consolidated data from background check requests and results for CBP applicants and employees
to determine their suitability, or continued suitability, for employment or for a security clearance.
Human Resources Business Engine (HRBE): HRBE is a web-based unified workflow
database for CBP human resources management to track entry-level and non-entry level hiring
processes. The human resources processes in HRBE include information about hiring and preemployment processing, labor and employee relations, performance management, random drug
testing, issue tracking, safety tracking, and change management.
Information that could be maintained includes, but is not limited to:
Employee ID;
First Name;
Middle Initial;
Last Name;
SSN;
Date of Birth;
Race and national origin;
Gender;
Credentials;
Privacy Impact Assessment
DHS-Wide, Hiring and On-Boarding Process PIA
Page 28
Employee Status;
Grade;
Step
Entry-on-Duty (EOD) Date;
Training Class;
Recruitment Method;
Projected Location;
Projected Title;
Position ID;
Application ID;
Main Office;
Sub-office;
Title and occupational series;
Contact information (address, phone, email, etc.);
Assessment vehicles (written or oral examination results);
Dates and results of background check;
Dates and results of medical tests;
Dates and results of fitness for duty tests;
Dates and results of language tests; and
Dates and results of drug tests.
Due to the collection of medical and polygraph information, both Cornerstone and HRBE
are currently undergoing their own PIA processes within CBP.
Federal Emergency Management Agency (FEMA)
CareerConnector: FEMA utilizes CareerConnector, the Department of Treasury’s
automated staffing solution, for hiring individuals into Reservist positions. This system is used to
create vacancy announcements, review resumes and supporting documentation, and notify
applicants of their status.
Privacy Impact Assessment
DHS-Wide, Hiring and On-Boarding Process PIA
Page 29
Immigration and Customs Enforcement (ICE)
Hiring Information Tracking System (HITS): HITS is a tracking system used by U.S.
Immigration and Customs Enforcement (ICE) to track current and prior hiring actions. It maintains
information about individuals who are selected for vacant positions at ICE and tracks them to the
various stages of the hiring process. Once selected, ICE hiring personnel manually enter the
following selectee information in HITS: name, SSN, date selected, and selection grade. Additional
information about the selectee may be entered into the system depending on whether the selectee
is currently an ICE employee, holds an active security clearance, or if the position requires a higher
level of fitness proficiency than the one in which the selectee is certified. This additional
information consists of the following:
Date Oral Board interview was scheduled and the results, i.e., passed or failed.
Dates of Fitness and Medical Reviews/Exams: initiation date, follow-up date, and dates
successfully completed.
Date drug testing was requested and completed.
Dates security forms were sent to and received from selectee.
Date fingerprint cards were sent and received by ICE
Date personnel security investigation was initiated and cleared.
Projected EOD date.
Electronic System for Personnel (ESP): ESP is an automated web-based system used to
process ICE personnel actions known as Standard Form 52s (SF‐52s). SF‐52s are used to establish
and maintain data pertaining to employment and payroll administrative functions. During the
initial recruitment stage, a personnel action is created in ESP for the vacancy and a copy is sent to
HITS. When the selectee has completed the hiring process and received an official position offer
from ICE, ICE hiring personnel enter the selectee’s name and SSN into ESP to close the
recruitment process. This is the only time that information about non-DHS employees is entered
into the system. Once the selectee enters on duty and becomes an employee, the following
additional information will be entered into the system: date of birth, address and phone number
information, employment information to include department, location, pay, and supervisor
information along with other work related information, citizenship information, education level,
handicap information, and race and national origin.
OrangeHRM: OrangeHRM is a human resource management system used by the ICE
Health Service Corps (IHSC). OrangeHRM provides a single system for all IHSC human resource
functions – personnel information management, recruiting, on/off boarding, and applicant
Privacy Impact Assessment
DHS-Wide, Hiring and On-Boarding Process PIA
Page 30
tracking/recruitment. It is also used to track competencies, skills, certifications, and training of
IHSC personnel (both federal employees and contractors) who support the delivery of healthcare
services to ICE detainees. OrangeHRM collects information about IHSC job applicants as well as
employees and contractors. The information collected by OrangeHRM could include:
Name;
Date of birth;
Gender;
Physical address;
Phone number;
Email address;
Education information;
Salary;
Employment dates;
Position information (position grade, job series);
Supervisory information (name and contact information of supervisor);
Hiring status;
Duty station assigned;
Employment history; and
Officer rank/grade.
Documents that show proof of training, education, certification, and licensure are also uploaded
into the individual’s personnel record in OrangeHRM. While some of these original documents
may contain an individual’s Social Security number (SSN), IHSC personnel will redact the SSN
before the document is uploaded to the system.
Information contained in OrangeHRM is collected from recruitment documents (e.g.
resumes, CVs, cover letters); other human resource management systems; and IHSC employees
themselves. Information from the following human resource management systems may be entered
into OrangeHRM by IHSC staff members who have administrative access to these systems:
The employee’s Electronic Official Personnel Folder (eOPF);
The Commissioned Corps Management Information System (CCMIS);
Direct Access (DA); and
Privacy Impact Assessment
DHS-Wide, Hiring and On-Boarding Process PIA
Page 31
Lyceum.
OrangeHRM only contains information about IHSC applicants, employees, and contractors, and
does not replace any other DHS or government-wide system that stores either applicant or
employee information.
Workforce Management (WM) Module within the Resource and Asset Management
System (RAMS): WM is the module within RAMS, an information management and analysis
system, used by the ICE Office of Homeland Security Investigations (HSI) to coordinate and track
all aspects of HSI recruitment and hiring. WM collects, processes, and maintains information
about: (1) applicants for ICE-HSI positions; (2) newly hired employees and employees already onboard; (3) former employees of ICE-HSI; (4) the dependents of employees of HSI-International
who are serving on a foreign duty station; and (5) foreign nationals who are locally hired by
overseas ICE offices. Information that could be maintained includes, but is not limited to:
Employee ID;
First Name;
Middle Initial;
Last Name;
SSN;
Credentials;
Employee Status;
Grade;
Step;
EOD Date;
Recruitment Method;
Projected Location;
Projected Title;
Position ID;
Main Office;
Sub-office;
Title;
Contact information (address, phone, email, etc.);
Privacy Impact Assessment
DHS-Wide, Hiring and On-Boarding Process PIA
Page 32
Name of immediate past incumbent of the position;
Personal information, including name and contact information, for dependents
accompanying ICE employees working on foreign stations. Information is used to
determine per-diem allocations; and
Personal information, including name and contact information, for non-U.S. nationals
locally employed by ICE offices located outside the U.S.
The information is provided initially by applicants and employees, and corroborated by other
human resources and financial systems, namely: ICE Table of Organization Position System
(TOPS) for information about the vacant position; ICE HITS to track hiring actions; USDA NFC
for updated pay period information; CBP HRBE to verify completion of required drug tests; and
ICE Federal Financial Management System (FFMS) for financial accounting information. Any
additional information obtained from these systems is entered manually by the appropriate
Workforce Management staff.
U.S. Citizenship and Immigration Services (USCIS)
Fast Acquisition of Superior Talent Hire (FASTHire) (added June 25, 2015): FASTHire
is a USCIS database that tracks and measures the length of time each step in the hiring process
takes, as well as the volume of hiring actions across USCIS. The tool enables managers to track
hiring timelines for each stage in the hiring process in relation to the Office of Personnel
Management (OPM) timeline goals.
Data is entered into the FASTHire database by USCIS Human Resources Operations
Center (HROC) staff during the hiring process, documenting the SF-52, Request for Personnel
Action, as it moves through the hiring process. The FASTHire database also receives data from
the ICE Electronic System for Personnel (ESP) and Office of Personnel Management’s (OPM)
USA Staffing program.
FASTHire retains the following PII: first name, last name, home phone, cell phone, city of
birth, date and place of birth, gender, home address, and full social security number (SSNs) of
individuals.
Student Volunteer Employment Program (SVEP) (added June XX, 2016): USCIS
SVEP provides students an opportunity to gain work experience while in school. To qualify, each
prospective intern must be a U.S. Citizen, 16 years of age, and enrolled in at least half-time
academic or vocational and technical course load in an accredited educational institution.
Prospective interns email USCIS with his/her preferred location(s) desired area(s) of interest,
attach a copy of his/her resume as well as his/her school transcripts to verify his/her enrollment as
a student.
Privacy Impact Assessment
DHS-Wide, Hiring and On-Boarding Process PIA
Page 33
The USCIS Office of Human Capital and Training created a recruitment mailbox to support
offices who wish to hire non-paid interns under SVEP. The recruitment mailbox lists students by
location as well as area of interest, making it easy to identify prospective interns. If students are
contacted via email for a volunteer opportunity, the USCIS hiring manager guides the student
through the next steps that need to be taken, which includes sending in the proper paperwork to
the HR Specialist to onboard. SVEP retains the following PII: first name, middle initial, last name,
date of birth, home address, phone number, email address, credentials, geographic area in which
consideration was requested, title and occupational series, EOD date, and end date.
File Type | application/pdf |
File Modified | 0000-00-00 |
File Created | 0000-00-00 |