Privacy Impact Assessment

ANSS DI-4001 PIA 2017-07-10.docx

Did You Feel It? Earthquake Questionnaire

Privacy Impact Assessment

OMB: 1028-0048

Document [docx]
Download: docx | pdf


U.S. Department of the Interior

PRIVACY IMPACT ASSESSMENT



Introduction


The Department of the Interior requires PIAs to be conducted and maintained on all IT systems whether already in existence, in development or undergoing modification in order to adequately evaluate privacy risks, ensure the protection of privacy information, and consider privacy implications throughout the information system development life cycle. This PIA form may not be modified and must be completed electronically; hand-written submissions will not be accepted. See the DOI PIA Guide for additional guidance on conducting a PIA or meeting the requirements of the E-Government Act of 2002. See Section 6.0 of the DOI PIA Guide for specific guidance on answering the questions in this form.


NOTE: See Section 7.0 of the DOI PIA Guide for guidance on using the DOI Adapted PIA template to assess third-party websites or applications.



Name of Project: U.S. Geological Survey - Advanced National Seismic System - Earthquake Hazards Program Earthquake Information

Date: June 19, 2017


Bureau/Office: U.S. Geological Survey/Geologic Hazards Science Center


Bureau/Office Contact Title: Associate Director, Geologic Hazards Science Center


Point of Contact

Email: lkpratt@usgs.gov

First Name: Linda

M.I.: K

Last Name: Pratt

Phone: (303) 273-8507

Address Line 1: P.O. Box 25046

Address Line 2: Mail Stop 966

City: Denver

State/Territory: Colorado

Zip: 80225-0046



Section 1. General System Information


  1. Is a full PIA required?


Yes, information is collected from or maintained on

Members of the general public

Federal personnel and/or Federal contractors

Volunteers

All


No: Information is NOT collected, maintained, or used that is identifiable to the individual in this system. Only sections 1 and 5 of this form are required to be completed.


  1. What is the purpose of the system?


The Earthquake Hazards Program (EHP) and the Advanced National Seismic System (ANSS) are comprised of tools and processes that provide rapid, authoritative information on earthquakes and their impact to emergency responders, governments, facilities managers, and researchers across the country. This supports the National Earthquake Hazards Reduction Program mission to “Improve understanding, prediction, and monitoring of natural hazards to inform decisions by civil authorities and the public to plan for, manage, and mitigate the effects of hazards events on people and property.” Each of the components below is a part of the larger EHP/ANSS System.


The EHP website “Contact Us” form allows Internet users to contact the Web Team regarding earthquake questions, website problems, or other feedback. The “Contact Us” form uses email address to generate an email communication to the USGS.


Email list servers that are managed by the USGS allow interested Internet users to subscribe to an email announcement service, or receive earthquake products after an earthquake.


The Earthquake Notification Services (ENS) is a free service that provides earthquake information in the form of an email to subscribers right after an earthquake occurs. This system is managed by the USGS. Users may voluntarily subscribe for automated notification emails on earthquake events within their geographic area. The website provides detailed instructions to users on the management of their accounts for the ENS service. Users may unsubscribe at any time.


Did You Feel It? (DYFI) collects information about an Internet user’s location, the time the earthquake occurred, and their experience of an earthquake, and creates a map of the shaking distribution caused by the earthquake. Optional information provided includes name, email address, and phone number.


Volunteers for seismic instruments allow individuals to volunteer their property for installation of a USGS seismic instrument. USGS staff determine whether or not to install the instruments based on location/scientific needs and instrument availability. There are web-based forms collecting mailing address information from individuals who want to request that information be mailed to them.


The Twitter Earthquake Dispatch (TED) provides earthquake information in the form of a “tweet” for users subscribing to the service.


The Workshop Registration Form collects information from workshop registrants for workshop planning, and to communicate with the registrant regarding information they need in order to participate.


  1. What is the legal authority?


The National Earthquake Hazards Reduction Program, which was first authorized in 1977, Public Law 95–124, 42 U.S.C. 7701 et. seq.; and the National Earthquake Hazards Reduction Program Reauthorization Act of 2004, PL 108–360).


  1. Why is this PIA being completed or modified?


New Information System

New Electronic Collection

Existing Information System under Periodic Review

Merging of Systems

Significantly Modified Information System

Conversion from Paper to Electronic Records

Retiring or Decommissioning a System

Other: Describe      


  1. Is this information system registered in CSAM?


Yes: Enter the UII Code and the System Security Plan (SSP) Name UII: 010-000000987; System Security Plan (SSP) for Advanced National Seismic System


No


  1. List all minor applications or subsystems that are hosted on this system and covered under this privacy impact assessment.


Subsystem Name

Purpose

Contains PII

(Yes/No)

Describe

If Yes, provide a description.

Did You Feel It? (DYFI) Website

Collects information about an Internet user’s location and their experience of an earthquake, and creates a map of the shaking distribution caused by the earthquake.

Yes

Depending on how much the user wants to enter, email address, in others a name and email address, and only in a few, additional data such as address, phone number, and affiliation.

Twitter Earthquake Dispatch

This service provides earthquake information in the form of a “tweet” for users subscribing to the service.

No

N/A

Earthquake Notification System

Allows interested users to sign up to receive earthquake alert messages.

Yes

Users provide their email address in order to receive real-time notifications of earthquakes. Username and password is required to register and manage subscription settings.

Volunteers for Seismic Instruments

Allows individuals to volunteer their property for installation of a seismic instrument.

Yes

Users provide their name, affiliation, address, and phone number.

Workshop Registration

Collects information from workshop registrants.

Yes

Registrants provide their name, affiliation, address, phone number, and citizenship.


  1. Does this information system or electronic collection require a published Privacy Act System of Records Notice (SORN)?


Yes: List Privacy Act SORN Identifier(s) USGS – 2, Earthquake Hazards Program Earthquake Information; 74 FR 34033, July 14, 2009


No


  1. Does this information system or electronic collection require an OMB Control Number?


Yes: Describe DYFI Earthquake Questionnaire, OMB Control Number 1028-0048. Expires 05/31/2018.


No



Section 2. Summary of System Data


  1. What PII will be collected? Indicate all that apply.


Name

Citizenship

Gender

Birth Date

Group Affiliation

Marital Status

Biometrics

Other Names Used

Truncated SSN

Legal Status

Place of Birth

Religious Preference

Security Clearance

Spouse Information

Financial Information

Medical Information

Disability Information

Credit Card Number

Law Enforcement

Education Information

Emergency Contact

Driver’s License

Race/Ethnicity

Social Security Number (SSN)

Personal Cell Telephone Number

Tribal or Other ID Number

Personal Email Address

Mother’s Maiden Name

Home Telephone Number

Child or Dependent Information

Employment Information

Military Status/Service

Mailing/Home Address

Other: Specify the PII collected. Username and password to register for ENS automated email notifications and manager user subscription settings. Other personally identifiable information (PII) may be contained in communications provided by individuals via the "Contact Us" form.


  1. What is the source for the PII collected? Indicate all that apply.


Individual

Federal agency

Tribal agency

Local agency

DOI records

Third party source

State agency

Other: Describe      


  1. How will the information be collected? Indicate all that apply.


Paper Format

Email

Face-to-Face Contact

Web site

Fax

Telephone Interview

Information Shared Between Systems

Other: Describe      


  1. What is the intended use of the PII collected?


The PII is collected on the EHP website “Contact Us” form, which allows the USGS to respond to Internet users who contact the Web Team regarding earthquake questions, website problems, or other feedback.


The PII collected from the email list servers is to send email announcements, such as an occurrence of an earthquake, to users who subscribe to the list server. The ENS uses PII to manage the subscription service and provide automated email notifications to users after an earthquake event occurs. Users can manage their subscription settings and may unsubscribe at any time.


Did You Feel It? collects information about an Internet user’s location and their experience of an earthquake, and creates a map of the shaking distribution caused by the earthquake. The information collected (primarily location) is used to help identify the geospatial location of the shaking, and from there a map of local shaking intensity is created. Other optional information collected (name, phone number, and email) are used if it is necessary to contact the user for more information or clarification on the user’s experience.


Volunteers for seismic instruments allow individuals to volunteer their property for installation of a USGS seismic instrument. USGS staff determine whether or not to install the instruments based on location/scientific needs and instrument availability. There are forms collecting mailing address information from individuals who want to request information be mailed to them.


The PII collected from the workshop registrants is used to plan the workshop and to communicate with the registrant before and after the workshop. If the workshop is to be held at a location that requires citizenship information at the security checkpoint, citizenship will be requested on the form. Group affiliation is requested for the nametag.


  1. With whom will the PII be shared, both within DOI and outside DOI? Indicate all that apply.


Within the Bureau/Office: Describe the bureau/office and how the data will be used.


PII may be shared for research purposes in studying earthquake effects. Only data collected by DYFI is made publicly available, and then, it is only earthquake location data that the individual may provide with as much or as little detail has they choose. Individuals have several options for how much information to provide.


Other Bureaus/Offices: Describe the bureau/office and how the data will be used.



Other Federal Agencies: Describe the federal agency and how the data will be used.



Tribal, State or Local Agencies: Describe the Tribal, state or local agencies and how the data will be used.



Contractor: Describe the contractor and how the data will be used.



Other Third Party Sources: Describe the third party source and how the data will be used.



  1. Do individuals have the opportunity to decline to provide information or to consent to the specific uses of their PII?


Yes: Describe the method by which individuals can decline to provide information or how individuals consent to specific uses.


Individuals have the option not to provide the PII. Additionally, individuals are informed that they are not required to provide personal contact information.


No: State the reason why individuals cannot object or why individuals cannot give or withhold their consent.



  1. What information is provided to an individual when asked to provide PII data? Indicate all that apply.


Privacy Act Statement: Describe each applicable format.


The DYFI Earthquake Questionnaire requests name, phone, email address, and information related to individual experience immediately after an earthquake and contains the following Privacy Act Statement. The Workshop Registration form requests name, affiliation, address, phone number, and citizenship, and contains the following Privacy Act Statement.


Authority
The National Earthquake Hazards Reduction Program (NEHRP), which was first authorized in 1977, Public Law (PL) 95–124), and most recently reauthorized in 2004 (NEHRP Reauthorization Act of 2004, PL 108–360).


Principal Purpose
The Earthquake Hazards Program provides rapid, authoritative information on earthquakes and their impact to emergency responders, governments, facilities managers and researchers across the country.


Routine Use
Used to allow users to report shaking intensity of earthquake events, to allow users to receive notifications of earthquake events, to allow users to volunteer to have seismic instrumentation installed on their property, and to allow users to register for a workshop.


Disclosure is Voluntary
If the individual does not furnish the information requested, there will be no adverse consequences. However, if you do not provide contact information, we may be unable to contact you for additional information to verify your responses.


Privacy Act Statement
You are not required to provide your personal contact information in order to submit your survey. However, if you do not provide contact information, we may be unable to contact you for additional information to verify your responses. If you do provide contact information, this information will only be used to initiate follow-up communications with you. The records for this collection will be maintained in the appropriate Privacy Act System of Records identified as Earthquake Hazards Program Earthquake Information (INTERIOR/USGS-2) published at 74 FR 34033 (July 14, 2009).


Privacy Notice: Describe each applicable format.


Notice is also provided through publication of this Privacy Impact Assessment (PIA) and the USGS – 2, Earthquake Hazards Program Earthquake Information System of Records Notice.


Other: Describe each applicable format.



None


  1. How will the data be retrieved? List the identifiers that will be used to retrieve information (e.g., name, case number, etc.).


Data is retrieved by the location information input and email address provided by the users.


  1. Will reports be produced on individuals?


Yes: What will be the use of these reports? Who will have access to them?


No



Section 3. Attributes of System Data


  1. How will data collected from sources other than DOI records be verified for accuracy?


The data collected from the public is voluntarily provided, and it is up to the user to provide the correct contact information if he or she wishes to be notified by email of areas of interest. The USGS presumes that the contact information provided by users is accurate.


  1. How will data be checked for completeness?


The data collected from the public is voluntarily provided, and it is up to the user to provide the correct contact information if he or she wishes to be notified by email of areas of interest. The USGS presumes that contact information provided by users is complete.


  1. What procedures are taken to ensure the data is current? Identify the process or name the document (e.g., data models).


The data collected from the public is voluntarily provided, and it is up to the user to provide the correct contact information if he or she wishes to be notified by email of areas of interest. The USGS presumes that the contact information provided by users for notice and email subscriptions is current.


  1. What are the retention periods for data in the system? Identify the associated records retention schedule for the records in this system.

All data is kept indefinitely from the Did You Feel It? questionnaire since this is raw scientific data. These are covered under the USGS Geology Discipline Research Records Schedule 1900-01a. Many of these records have permanent or long-term temporary values. Permanent records will be transferred to NARA when the USGS has no further use for them. Records are cutoff after the completion of the project or when the USGS has no expected research, business, or other purposes for the records, whichever is later.


  1. What are the procedures for disposition of the data at the end of the retention period? Where are the procedures documented?


Electronic data not subject to permanent retention requirements is deleted from the database at the end of the retention period. Procedures are documented in the USGS Geology Discipline Research Records Schedule. The USGS is not collecting or generating paper records.


Permanent records are cutoff after the completion of the project or when the USGS has no expected research, business, or other purposes for the records, whichever is later, and records are transferred to NARA.


  1. Briefly describe privacy risks and how information handling practices at each stage of the “information lifecycle” (i.e., collection, use, retention, processing, disclosure and destruction) affect individual privacy.


There is a risk to individual privacy as the system contains personal contact information, and in some cases location data. The most significant risk is that the identity, contact information, and location of an individual at the time an event is reported through DYFI could be discovered. However, only general location information is available publicly, and it is not associated with any other PII (name, email, and phone). Location information is specific to where an individual was at the time of an earthquake and is not necessarily traceable back to an individual’s residence. When DYFI data sets are requested by outside users, location information is truncated to redact specific street addresses so as to reduce its precision and help protect user-provided PII.


Users are given multiple options for how to report their location information during an event. Also, they have the option to report no location at all (bottom left hand corner on screen print).



Internal developers and system administrators have access to name, email, and phone number information. Location information is collected and made available (along with information about shaking and intensity) and can be viewed by the general public.


The ANSS has undergone a formal assessment and authorization in accordance with the Federal Information Security Modernization Act of 2014 and is rated as a moderate system. ANSS requires strict security and privacy controls to protect the confidentiality, integrity, and availability of the information contained in the system. The USGS has implemented a series of administrative, technical, and administrative controls to mitigate any risk.


Access to system data is restricted to authorized personnel on a need-to-know basis. User actions are monitored for authorized access and use, and unauthorized access attempts. The systems are protected by firewalls. The Information Security Office runs intrusion detection software to ensure that the systems are only accessed by authorized users. The Audit and Accountability Standard Operating Procedure for ANSS contains specific details about audit logs and reviewing access privileges on a yearly basis. ANSS maintains an up-to-date Assessment and Authorization, and all required documents are updated.


Interactions with the public on the USGS website are protected by secure connections via HTTPS protocol in compliance with Federal government mandates for the secure transmission of information on Federal agency websites. HTTPS allows for secure encrypted communications over the Internet and ensures the protection and privacy of information provided by individuals interacting with USGS.


ANSS safeguards also include a firewall, encryption, and audit logs to ensure protection of sensitive information. DOI employees must complete initial and annual privacy, security and records management training, and sign the DOI Rules of Behavior prior to accessing the system.



Section 4. PIA Risk Review


  1. Is the use of the data both relevant and necessary to the purpose for which the system is being designed?


Yes: Explanation


Data about user location is particularly important in the DYFI system, as that helps provide geographic location information about earthquake intensity and shaking in different places.


No


  1. Does this system or electronic collection derive new data or create previously unavailable data about an individual through data aggregation?


Yes: Explain what risks are introduced by this data aggregation and how these risks will be mitigated.

     

No


  1. Will the new data be placed in the individual’s record?


Yes: Explanation      


No


  1. Can the system make determinations about individuals that would not be possible without the new data?


Yes: Explanation      


No


  1. How will the new data be verified for relevance and accuracy?


There is no new data being derived.


  1. Are the data or the processes being consolidated?


Yes, data is being consolidated. Describe the controls that are in place to protect the data from unauthorized access or use.

     

Yes, processes are being consolidated. Describe the controls that are in place to protect the data from unauthorized access or use.

     

No, data or processes are not being consolidated.


  1. Who will have access to data in the system or electronic collection? Indicate all that apply.


Users

Contractors

Developers

System Administrator

Other: Describe      


  1. How is user access to data determined? Will users have access to all data or will access be restricted?


This is not an open system. The system uses access-control lists to limit access to sensitive data. The system uses the principle of least-privilege. Access Control methods are documented in the Access Control (AC) Standard Operating Procedure (SOP) for ANSS.


  1. Are contractors involved with the design and/or development of the system, or will they be involved with the maintenance of the system?


Yes. Were Privacy Act contract clauses included in their contracts and other regulatory measures addressed?


Yes, the USGS information technology (IT) contracts and purchase orders include the required Privacy Act clauses.


No


  1. Is the system using technologies in ways that the DOI has not previously employed (e.g., monitoring software, SmartCards or Caller ID)?


Yes. Explanation      


No


  1. Will this system provide the capability to identify, locate and monitor individuals?


Yes. Explanation


Audit logs can be used by system administrators and IT Security personnel to identify file access and developer actions.


No


  1. What kinds of information are collected as a function of the monitoring of individuals?


Logs on all systems are retained for 90 days. User actions, such as user ID, log-on date and time, log-off date and time, and user actions, are recorded in the system audit logs, and the system is monitored for unauthorized access attempts.


  1. What controls will be used to prevent unauthorized monitoring?


User actions are monitored for authorized access and use, and unauthorized access attempts. The systems are protected by firewalls. The Information Security Office runs intrusion detection software to ensure that the systems are only accessed by authorized users. The Audit and Accountability Standard Operating Procedure for ANSS contains specific details about audit logs and reviewing access privileges on a yearly basis. ANSS maintains an up-to-date Assessment and Authorization, and all required documents are updated.


  1. How will the PII be secured?


  1. Physical Controls. Indicate all that apply.


Security Guards

Key Guards

Locked File Cabinets

Secured Facility

Closed Circuit Television

Cipher Locks

Identification Badges

Safes

Combination Locks

Locked Offices

Other. Describe      


  1. Technical Controls. Indicate all that apply.


Password

Firewall

Encryption

User Identification

Biometrics

Intrusion Detection System (IDS)

Virtual Private Network (VPN)

Public Key Infrastructure (PKI) Certificates

Personal Identity Verification (PIV) Card

Other. Describe Website is HTTPS-compliant


  1. Administrative Controls. Indicate all that apply.


Periodic Security Audits

Backups Secured Off-site

Rules of Behavior

Role-Based Training

Regular Monitoring of Users’ Security Practices

Methods to Ensure Only Authorized Personnel Have Access to PII

Encryption of Backups Containing Sensitive Data

Mandatory Security, Privacy and Records Management Training

Other. Describe      


  1. Who will be responsible for protecting the privacy rights of the public and employees? This includes officials responsible for addressing Privacy Act complaints and requests for redress or amendment of records.


The USGS Director of the Geologic Hazards Science Center serves as the Earthquake Hazards Program Earthquake Information program Information System Owner and the official responsible for oversight and management of the Earthquake Hazards Program Earthquake Information security and privacy controls, including the protection of information processed and stored by the Earthquake Hazards Program Earthquake Information program.  The Information System Owner and the Earthquake Hazards Program Earthquake Information Privacy Act System Manager are responsible for ensuring adequate safeguards are implemented to protect individual privacy in compliance with Federal laws and policies for the data managed and stored by the Earthquake Hazards Program Earthquake Information program. The System Manager is responsible for protecting the privacy rights of the public and employees for the information collected, maintained, and used in the system of records, and for meeting the requirements of the Privacy Act, including providing adequate notice, making decisions on Privacy Act requests for notification, access, and amendments, as well as processing complaints, in consultation with the USGS Privacy Officer.


  1. Who is responsible for assuring proper use of the data and for reporting the loss, compromise, unauthorized disclosure, or unauthorized access of privacy protected information?


The Earthquake Hazards Program Earthquake Information program Information System Owner is responsible for oversight and management of the Earthquake Hazards Program Earthquake Information program security and privacy controls and for ensuring, to the greatest possible extent, that Earthquake Hazards Program Earthquake Information program agency data is properly managed and that all access to agency data has been granted in a secure and auditable manner.  The Information System Owner is also responsible for ensuring that any loss, compromise, unauthorized access, or disclosure of PII is reported to the DOI-Computer Incident Response Center and appropriate officials within one hour of discovery in accordance with Federal policy and established procedures.


Section 5. Review and Approval


PIAs for Bureau or Office level systems must be signed by the designated Information System Owner, Information System Security Officer, and Bureau Privacy Officer, and approved by the Bureau Assistant Director for Information Resources as the Reviewing Official. Department-wide PIAs must be signed by the designated Information System Owner, Information System Security Officer, and Departmental Privacy Officer, and approved by the DOI Chief Information Officer/Senior Agency Official for Privacy as the Reviewing Official.


Information System Owner


Name: Jill McCarthy

Title: Center Director

Bureau/Office: U.S. Geological Survey/Geologic Hazards Science Center

Phone: (303) 273-8579 Email: jmccarthy@usgs.gov     


Signature: __________________________ Date: __________________________


Information System Security Officer


Name: Linda K. Pratt

Title: Associate Director

Bureau/Office: U.S. Geological Survey/Geologic Hazards Science Center

Phone: (303) 273-8507 Email: lkpratt@usgs.gov


Signature: __________________________ Date: __________________________


Privacy Officer


Name: James Piyavansuthi

Title: Associate Privacy Officer (Acting)

Bureau/Office: U.S. Geological Survey/Office of Enterprise Information

Phone: (703) 648-7017 Email: jpiyavansuthi@usgs.gov


Signature: __________________________ Date: __________________________


Reviewing Official


Name: Teri Barnett

Title: Departmental Privacy Officer

Bureau/Office: Department of the Interior/Office of the Chief Information Officer

Phone: (202) 208-1943 Email: teri_barnett@ios.doi.gov


Signature: __________________________ Date: ___________________________  


File Typeapplication/vnd.openxmlformats-officedocument.wordprocessingml.document
AuthorKaiser Vany P
File Modified0000-00-00
File Created2021-03-05
© 2024 OMB.report | Privacy Policy