Privacy Impact Assessment for the Registration and Tracking System for SunWise
On this page:
- I. Data in the System
- II. Access to the Data
- III. Attributes of the Data
- IV. Maintenance of Administrative Controls
I. Data in the System
Generally describe what information will be collected in the system.
Educator contact information (no home addresses will be saved, only school or organization information)
What are the sources and types of the information in the system?
Sources: Self-reported contact information, as well as Department of Education-verified school addresses and names.Types of information: contact information and basic demographics about each educator.
How will the data be used by the Agency?
Mailing materials and tracking program performance.
Why is the information being collected? (Purpose)
In order to mail out the SunWise Tool Kit we need mailing addresses for educators requesting a kit. Additionally, we send periodic updates once or twice a year to provide the educator with research updates on sun-related health topics and alert them to the availability of new sun safety resources and success stories. Finally, we use the number of unique schools signed up to measure the success of the program.
II. Access to the Data
Who will have access to the data/information in the system (internal and external parties)? If contractors, are the Federal Acquisition Regulations (FAR) clauses included in the contract (24.104 Contract clauses; 52.224-1 Privacy Act Notification; and 52.224-2 Privacy Act)?
Access is only available through the EPA Intranet. Individuals with access include SunWise staff and grantees, as well as a Lockheed Martin contractor. The contract clauses for Lockheed Martin include the FAR 52.224-1, Privacy Act Information (APR 1984) , and FAR 52.224-2, Privacy Act (APR 1984) clauses.
What controls are in place to prevent the misuse of data by those having access?
Frequent monitoring of the SunWise email box is the best way to determine use. If someone receives an email or contact from us that they feel is inappropriate, they email or call us. Additionally, staff frequently discuss how they are using the tracking system's data. If something seems out of the ordinary, additional steps are taken to discern if misuse is occuring.Additionally, the Agency Security Awareness Training has a privacy component that all program staff are required to take.
Do other systems share data or have access to data/information in this system? If yes, explain who will be responsible for protecting the privacy rights of the individuals affected by the interface? (i.e., System Administrators, System Developers, System Managers)
Will other agencies, state or local governments share data/information or have access to data in this system? (Includes any entity external to EPA.)
Do individuals have the opportunity to decline to provide information or to consent to particular uses of the information? If yes, how is notice given to the individual? (Privacy policies must clearly explain where the collection or sharing of certain information may be optional and provide users a mechanism to assert any preference to withhold information or prohibit secondary use.)
III. Attributes of the Data
Explain how the use of the data is both relevant and necessary to the purpose for which the system is being designed.
Information is necessary for mailing, and allows the program to track its success. Our PART measures are based on the number of new and unique schools we sign up annually. We get this information from our tracking system. Additionally, it allows us to estimate the program's health and economic impacts. We plug the number of schools into a peer-reviewed model that determines how many skin cancer cases and deaths are averted between SunWise teaching and the year 2100.
If data are being consolidated, what controls are in place to protect the data from unauthorized access or use? Explain.
Application rules have been defined for all personnel accessing the SCORPIOS application. These application rules are distributed to all SCORPIOS sites, along with the SCORPIOS user's guide. Application rules are also distributed when a user requests access to SCORPIOS. Current versions of the rules and the Guides are available electronically on each SCORPIOS server. OEI and OCFO, as part of the OCFO Information Security Program (InfoSec Program), provide general security awareness training.
If processes are being consolidated, are the proper controls remaining in place to protect the data and prevent unauthorized access? Explain.
How will data be retrieved? Can it be retrieved by personal identifier? If yes, explain. (A personal identifier is a name, Social Security Number, or other identifying symbol assigned to an individual, i.e. any identifier unique to an individual.)
There is a search form available to SunWise staff, contractors and grantees that allows us to search by any piece of information recorded including name, school address, etc. We use this information to better serve our customers and to determine if a teacher has already signed up and received a kit previously preventing duplicate registrations.
Yes. The policy is linked to from the registration page in a prominently placed location.
IV. Maintenance of Administrative Controls
Has a record control schedule been issued for the records in the system? If so, provide the schedule number. What are the retention periods for records in this system? What are the procedures for eliminating the records at the end of the retention period? (You may check with the record liaison officer (RLO) for your AA-ship, Tammy Boulware (Headquarters Records Officer) or Judy Hutt, Agency Privacy Act Officer, to determine if there is a retention schedule for the subject records.)
There is no defined record control schedule since teachers are theoretically using the materials until they retire. If program staff find that a teacher has retired, moved to a new school, or passed away, the record is updated accordingly and either inactivated or deleted. If possible, staff try to determine if someone else at the school is using the kit, or if they would like a new kit so as to keep the information accurate.
While the data are retained in the system, what are the requirements for determining if the data are still sufficiently accurate, relevant, timely, and complete to ensure fairness in making determinations?
Whenever SunWise sends out a periodic update, we review the mail that is returned to sender and determine if the educator has left their institution. If we find that he/she has, we update the system. Additionally, the US Postal Service requires mailing list reviews and validation before sending out information to 1,000 or more individuals. We verify addresses at this time as well.
Will this system provide the capability to identify, locate, and monitor individuals? If yes, explain.
It allows us to associate an individual with a school or other institution, and contact them via post, telephone and/or email. We do not track any teacher-specific use of the program, only when we send them materials.
Does the system use any persistent tracking technologies?
Under which System of Records (SOR) notice does the system operate? Provide the name of the system and its SOR number if applicable. For reference, please view this list of Agency SORs. (A SOR is any collection of records under the control of the Agency in which the data is retrieved by a personal identifier. The Privacy Act Officer will determine if a SOR is necessary for your system.)
There are no laws/regulations/policies applicable specifically to the SunWise application, but the following laws and regulations have general applicability.
- Federal Information Security Management Act (FISMA) of 2002
- E-Government Act of 2002
- Privacy Act of 1974
These laws apply to information that identifies an individual in a recognizable form, including name, address, telephone number, and e-mail address. The SunWise application collects those items through its registration form and stores them in its database.