Privacy Impact Assessment for the Enforcement Superfund Tracking System
On this page:
- I. Data in the System
- II. Access to the Data
- III. Attributes of the Data
- IV. Maintenance of Administrative Controls
I. Data in the System
Describe what data/information will be collected in the system.
SAIC uses ESTS to perform business activities in support of these cost-recovery efforts (address research, waste records management, mailings, etc.). EPA uses ESTS (through SAIC's secure public web site) to interact with ongoing ESTS work being performed by SAIC (e.g., address-research approvals and/or comments, etc.).
What are the sources and types of the information in the system?
SAIC collects publicly available information from California Secretary of State website, Fictitious Business Name filings, State Board of Equalization records, Uniform Commercial Code filings, bankruptcy records, Dun & Bradstreet reports, Hoover's D&B website, Hoover's online, Internet Yellow Pages, Internet White Pages, and corporate websites. Additionally, SAIC collects information from Accurint, Choicepoint, and Westlaw searches.
How will the data be used by the Agency?
The data is used by the EPA to make and document liability determinations for potentially responsible parties at Superfund sites.
Why is the information being collected? (Purpose)
As part of the cost recovery efforts at Superfund sites, EPA is required to document the sources of liability prior to apportioning costs. This data helps to determine liability for volumetric sites and percentage of waste deposited by each party. The address verification research data helps to determine which corporate entity is currently responsible for liability based on the chain of corporate successorship.
II. Access to the Data
Who will have access to the data/information in the system (internal and external parties)? If contractors, are the Federal Acquisition Regulations (FAR) clauses included in the contract (24.104 Contract clauses; 52.224-1 Privacy Act Notification; and 52.224-2 Privacy Act)?
The data is accessible to EPA case developers, remedial project managers, and Office of Regional Counsel attorneys. Additionally, the data is available to SAIC personnel (contractor) who enter the data, perform research, suggest liability relationships, and manage the data. SAIC's contract does not contain either of these clauses, but it does contain the following:
"The contractor shall adhere to:
• EPAAR 1552.211-79 concerning compliance with EPA policies for Information Resources Management.
• New regulations:
o NIST 800-53: Recommended Security Controls for Federal Information Systems (2007)*.
o NIST 800-18: Guide for Developing Security Plans for Federal Information Systems (2006)*.
o FIPS 199 (Federal Information Processing Standards Publication) System Categorization*
o Annual Risk assessment through Assert (Automated System Security Evaluation and Remediation Tracking)*
* FISMA (Federal Information Security Management Act-2002): that applies to federal and contractor systems:"The establishment of a level of security due diligence for federal agencies and contractors supporting the federal government"
What controls are in place to prevent the misuse of data by those having authorized access?
Each user of the system is assigned an individual password for logging through the demilitarized zone (DMZ) server for entrance within the SAIC firewall. After the user is authenticated through the firewall, a separate login is required for access to specific databases. The DMZ passwords are only assigned by network administrators and never sent via email. The accounts are reviewed a minimum of annually and closed when requested. The database passwords are encrypted.
Do other systems share or have access to data/information in this system? If yes, explain who will be responsible for protecting the privacy rights of the individuals affected by the interface? (i.e., System Administrators, System Developers, System Managers)
No other applications (beyond those designed to interface with ESTS) connect to any ESTS database. No other server connects to any ESTS database. There are no other interdependencies between an ESTS database and any non-ESTS application. No data in any form is shared from any ESTS database outside of SAIC and EPA (unless at EPA's request to a third party).
Will other agencies, state or local governments share data/information or have access to data in this system (includes any entity external to EPA.)?
EPA directs SAIC regarding which individuals can have access to ESTS. No access is available without technical direction in writing from EPA.
Do individuals have the opportunity to decline to provide information or to consent to particular uses of the requested information? If yes, how is notice given to the individual? (Privacy policies must clearly explain where the collection or sharing of certain information may be optional and provide users a mechanism to assert any preference to withhold information or prohibit secondary use.)
III. Attributes of the Data
Explain how the use of the data is both relevant and necessary to the purpose for which the system is being designed.
The volumetric data stored in ESTS comes from waste records provided by EPA to SAIC. These waste records may include Uniform Hazardous Waste Manifests, Liquid Waste Hauler reports, Invoices, and weigh tickets. This data is recorded in the system (with references to the original data but no copies of the actual volumetric evidence) and used to determine the total amount of waste disposed of at a site as well as the percentage allotted to each party.Address verification data is stored in the system to assist in the determination of current responsible corporate party for each party that deposited waste or released waste. This address and corporate successorship information is used to assist EPA in making liability determinations regarding the potentially responsible parties at each site.
If data are being consolidated, what controls are in place to protect the data from unauthorized access or use? Explain.
ESTS is only accessible to authorized users. ESTS is accessed either through a desktop application loaded on SAIC computers located within the SAIC corporate firewall with full disk encryption or through a browser via https. The internet login is directed to a DMZ computer located behind an SAIC-managed firewall device and upon authentication sends the user through SAIC's primary firewall on a specific port to a database login. The database stores all passwords encrypted for either type of access.
If processes are being consolidated, are the proper controls remaining in place to protect the data from unauthorized access? Explain.
A system security plan per the requirements of the National Institute of Standards and Technology (NIST) 800-53, Revision 1 was submitted for ESTS on April 30, 2008. This plan was certified by EPA's Region 9 Information Management Officer and SAIC's ESTS Security Manager. Additionally, an Authorization to Operate the system was received from EPA's Region 9 Senior Information Resource Management Official and SAIC's SESS Remedial Program Manager.
How will data be retrieved? Can it be retrieved by personal identifier? If yes, explain. (A personal identifier is a name, Social Security Number, or other identifying symbol assigned to an individual, i.e. any identifier unique to an individual.)
The data in ESTS is retrievable by name of liable company. This is accomplished by a search by name that is part of the application. No other personal identifier search capability is available.
- Is the web policy machine readable? Where is the policy stated? (Machine readable policy enables visitors to easily identify privacy policies and make an informed choice about whether to conduct business with that site.)
IV. Maintenance of Administrative Controls
Has a record control schedule been issued for the records in the system? If so, provide the schedule number. What are the retention periods for records in the system? What are the procedures for eliminating the records at the end of the retention period? (You may check with the record liaison officer (RLO) for your AA-ship or Tammy Boulware (Headquarters Records Officer) or Judy Hutt, Agency Privacy Officer, to determine if there is a retention schedule for the subject records.)
No record control schedule plan has been issued for the records in the system.
While the data are retained in the system, what are the requirements for determining if the data are still sufficiently accurate, relevant, timely, and complete to ensure fairness in making determinations?
EPA Case Developers are responsible for determining if data in the system is still relevant and timely. Each address verification report once completed is marked in the system with the approval date by the EPA individual and can be used to determine age of the information.
Will this system provide the capability to identify, locate, or monitor individuals? If yes, explain.
Does the system use any persistent tracking technologies?
- Under which System of Records (SOR) notice does the system operate? Provide the name of the system and its SOR number if applicable. For reference, please view this list of Agency SORs. (A SOR is any collection of records under the control of the Agency in which the data is retrieved by a personal identifier. The Privacy Act Officer will determine if a SOR is necessary for your system.)
NOT KNOWN AT THIS TIME, I HAVE REQUESTED GUIDANCE FROM AL BELBAHRI.