Download:
pdf |
pdfSave
Privacy Impact Assessment Form
v 1.21
Status
Form Number
Form Date
Question
Answer
1
OPDIV:
CDC
2
PIA Unique Identifier:
TBD
2a Name:
07/19/21
Environmental Health Specialists Network (EHS-net)
General Support System (GSS)
Major Application
3
The subject of this PIA is which of the following?
Minor Application (stand-alone)
Minor Application (child)
Electronic Information Collection
Unknown
3a
Identify the Enterprise Performance Lifecycle Phase
of the system.
Operations and Maintenance
Yes
3b Is this a FISMA-Reportable system?
4
Does the system include a Website or online
application available to and for the use of the general
public?
5
Identify the operator.
6
Point of Contact (POC):
7
Is this a new or existing system?
8
Does the system have Security Authorization (SA)?
No
Yes
No
Agency
Contractor
POC Title
Principal Investigator
POC Name
Laura Brown
POC Organization NCEH/DEHSP
POC Email
lrg0@cdc.gov
POC Phone
770-488-4332
New
Existing
Yes
No
8b Planned Date of Security Authorization
Not Applicable
Page 1 of 4
Save
8c
9
Briefly explain why security authorization is not
required
Indicate the following reason(s) for updating this PIA.
Choose from the following options.
The study will use multiple CDC authorized systems for the
collection, storage, and analysis of data.
PIA Validation (PIA
Refresh/Annual Review)
Anonymous to NonAnonymous
New Public Access
Internal Flow or Collection
Significant System
Management Change
Alteration in Character of
Data
New Interagency Uses
Conversion
Commercial Sources
Other...
10
Describe in further detail any changes to the system
that have occurred since the last PIA.
11 Describe the purpose of the system.
None
The purpose of the study is to identify and help to understand
environmental factors associated with foodborne illness and
outbreaks associated with retail food establishments.
The system will collect, maintain, store, and share the following
types of information:
Manager Interview (restaurant and staff characteristics, food
safety policies and practices, etc.)
Restaurant Observation (kitchen equipment, food safety
practices, etc.)
Describe the type of information the system will
Information is collected by study staff employed at health
collect, maintain (store), or share. (Subsequent
12
questions will identify if this information is PII and ask departments receiving funding through the CDC EHS-Net
cooperative agreement. Anonymous data will be collected;
about the specific data elements.)
Restaurant information such as name, address, phone number,
etc. will be collected and used by the cooperative agreement
partners, but it will not be shared with CDC. No data will be
collected that could identify restaurant staff.
Study staff will be authenticated by CDC's active directory, a
CDC authorized system.
Provide an overview of the system and describe the
13 information it will collect, maintain (store), or share,
either permanently or temporarily.
14 Does the system collect, maintain, use or share PII?
The study is a collaborative project of the CDC, multiple federal
agencies and eight state and local public health departments.
Restaurants are randomly selected for studies and the
managers are contacted by telephone to determine if the
restaurant is willing to participate in the study. If so, then a
face to face visit, including manager interviews/surveys and a
kitchen observation, is scheduled at the restaurant. The intent
of the study will be to gather information on restaurant policies
and practices related to food safety.
Manager interview and restaurant observation information is
collected from staff at the restaurants who are over the age of
18. Verbal consent will be obtained from participating
restaurant staff.
Manager interview and restaurant observation information will
be shared in aggregate in publications. Restaurant level data
will be released with each publication (as per CDC mandate).
Yes
No
Page 2 of 4
Save
Reviewer Questions
Answer
REVIEWER QUESTIONS: The following section contains Reviewer Questions which are not to be filled out unless the user is an OPDIV
Senior Officer for Privacy.
Reviewer Questions
1
Are the questions on the PIA answered correctly, accurately, and completely?
Answer
Yes
No
Reviewer
Notes
2
Does the PIA appropriately communicate the purpose of PII in the system and is the purpose
justified by appropriate legal authorities?
Yes
Do system owners demonstrate appropriate understanding of the impact of the PII in the
system and provide sufficient oversight to employees and contractors?
Yes
No
Reviewer
Notes
3
No
Reviewer
Notes
4
Does the PIA appropriately describe the PII quality and integrity of the data?
Yes
No
Reviewer
Notes
5
Is this a candidate for PII minimization?
Yes
No
Reviewer
Notes
6
Does the PIA accurately identify data retention procedures and records retention schedules?
Yes
No
Reviewer
Notes
7
Are the individuals whose PII is in the system provided appropriate participation?
Yes
No
Reviewer
Notes
8
Does the PIA raise any concerns about the security of the PII?
Yes
No
Reviewer
Notes
9
Is applicability of the Privacy Act captured correctly and is a SORN published or does it need
to be?
Yes
No
Reviewer
Notes
10
Is the PII appropriately limited for use internally and with third parties?
Yes
No
Page 3 of 4
Save
Reviewer Questions
Answer
Reviewer
Notes
11
Does the PIA demonstrate compliance with all Web privacy requirements?
Yes
No
Reviewer
Notes
12
Were any changes made to the system because of the completion of this PIA?
Yes
No
Reviewer
Notes
General Comments
OPDIV Senior Official
for Privacy Signature
Laura G.
Brown -S
Digitally signed by Laura
HHS Senior
G. Brown -S
Agency Official
Date: 2021.07.19
for Privacy
18:59:48 -04'00'
Page 4 of 4
File Type | application/pdf |
File Modified | 2021-07-19 |
File Created | 2013-03-29 |