Privacy Impact Assessment for the FIRST (Firearms Information, Registration & Shooter Tracking) Application
Issued by: Christine M. Costello, Acting Privacy and Civil Liberties Officer
Reviewed by: Luke J. McCormack, Chief Information Officer, Department of Justice
Approved by: Joo Chung, Acting Chief Privacy and Civil Liberties Officer, Department of Justice
Date approved: July 18, 2013
(September 2012 DOJ PIA Form)
Section 1: Description of the Information System
To ensure that Special Agents (SAs) and other FBI personnel authorized to carry firearms remain proficient with their weapons, the FBI maintains a firearms qualification program managed by the Training Division’s Firearms Training Unit (FTU) at Quantico. FTU provides initial firearms training for New Agent Trainees and conducts regular qualification sessions for all armed personnel assigned to the various Headquarters Divisions. FTU also manages the FBI’s Field Firearms Program, a continuous training program designed to enable all armed FBI personnel to meet or exceed the firearms safety and proficiency level standards laid out in the Manual of Investigative Operations and Guidelines and other official corporate policy. Each FBI Field Division has a Principal Firearms Instructor (PFI) who provides training and qualification sessions for that office.
The Firearms Information, Registration & Shooter Tracking (FIRST) system is an Oracle Application Express (APEX) database application currently being constructed for FTU by the IT Services Division (ITSD) to facilitate the scheduling and registration for these firearms training events, record the results (firing range scores), and ultimately, provide a tool to monitor the FBI armed workforce’s compliance with all FBI firearms training and proficiency requirements. FIRST is replacing the Shoot Scoring System (SSS), a legacy Natural/ADABAS database application that is currently utilized to meet this need. FIRST will be accessed via FBINET and the database will reside on the Enterprise Server (Mainframe) located at Site 73. Access to FIRST will be granted to FTU personnel, PFIs in the field, and a select group of others with a valid need. In addition, FBI employees with a weapon charged out to them in the Asset Management System (AMS), a supply chain database which is replacing the Bureau’s Property Management Application (PMA), will be granted limited access to FIRST so they can register for upcoming training sessions, view their firing range scores, and monitor their progress toward meeting quarterly and yearly firearms training requirements.
The firearms training event registration component in FIRST will allow PFIs to announce upcoming training sessions and solicit registrants. Individuals with weapons assigned to them in AMS can then log into FIRST and register for available class slots. After the session is held, the PFI will load scores into FIRST and participants will be able to view their own individual results, track their qualification status, and register for additional training sessions as needed. A limited number of field administrative personnel will be able to retrieve and load/correct scores in FIRST for the personnel in their Division. A handful of FTU and ITSD system administrators will have access to retrieve and load/correct data for any Division.
FIRST provides a multi-level approach to compliance monitoring. The armed FBI workforce, who did not have access to the legacy SSS and therefore were unable to effectively track their own training progress/history, will be able to log into FIRST, view their firing range scores, and – by accessing the My Dashboard function in FIRST – monitor their own progress toward meeting quarterly and yearly qualification requirements. Automated e-mail notifications – to both the individual and, in some cases, the supervisor – will be sent out to anyone who falls behind in their firearms training, allowing individuals and/or supervisors to proactively address any qualification deficiencies prior to actual delinquency. Finally, a number of monitoring tools, including Deficiency Reports and Division/Enterprise Dashboards, will allow Division and/or FBI Executive Management and administrators at FTU to effectively monitor compliance at the individual, Division, and Enterprise level.
Data tracked in FIRST will include: names of the individuals who participate in firearms training events, PFI names, names of Firearms Instructors (FIs) who assist the PFI in administering training, dates, locations (firing ranges), courses/drills, weapon information (make, model, caliber, serial number, etc.), scores, and any qualifications earned by the various participants as a result of their performance. Names will originate from the Bureau Personnel Management System (BPMS), which FIRST will also utilize to capture Unique Employee-IDs (UEIDs) from BPMS to uniquely identify FBI personnel. Weapon data, along with the UEID of the employee the weapon has been charged out to, will be obtained thru an interface with the AMS. All Personally Identifiable Information (PII) in FIRST will originate from either BPMS or AMS.
Section 2: Information in the System
2.1 Indicate below what information is collected, maintained, or disseminated.
(Check all that apply.)
Identifying numbers |
|||||
---|---|---|---|---|---|
Social Security |
X |
Alien Registration |
|
Financial account |
|
Taxpayer ID |
|
Driver’s license |
|
Financial transaction |
|
Employee ID |
X |
Passport |
|
Patient ID |
|
File/case ID |
|
Credit card |
|
|
|
Other identifying numbers (specify): However, SSNs will only be available in the legacy SSS information. |
General personal data |
|||||
---|---|---|---|---|---|
Name |
X |
Date of birth |
|
Religion |
|
Maiden name |
|
Place of birth |
|
Financial info |
|
Alias |
|
Home address |
|
Medical information |
|
Gender |
|
Telephone number |
|
Military service |
|
Age |
|
Email address |
|
Physical characteristics |
|
Race/ethnicity |
|
Education |
|
Mother’s maiden name |
|
Other general personal data (specify): |
Work-related data |
|||||
---|---|---|---|---|---|
Occupation |
|
Telephone number |
|
Salary |
|
Job title |
|
Email address |
X |
Work history |
|
Work address |
X |
Business associates |
|
|
|
Other work-related data (specify): FIRST tracks lists of Firearms Instructors. FIRST also tracks Supervisor ID/Email so that Supervisors can get reports on the firearms compliance status of their employees and can receive e-mail notifications when one (or more) of the employees they directly supervise becomes deficient in firearms training. Supervisor information is not entered/created in FIRST – it is received from webTA. Work Address is not being tracked in FIRST, but will be retained along with the rest of the Shoot Scoring System data being converted into FIRST to satisfy record-keeping requirements. |
Distinguishing features/Biometrics |
|
||||
---|---|---|---|---|---|
Fingerprints |
|
Photos |
|
DNA profiles |
|
Palm prints |
|
Scars, marks, tattoos |
|
Retina/iris scans |
|
Voice recording/signatures |
Vascular scan |
Dental profile |
|||
Other distinguishing features/biometrics (specify): |
System admin/audit data |
|||||
---|---|---|---|---|---|
User ID |
X |
Date/time of access |
X |
ID files accessed |
|
IP address |
|
Queries run |
X |
Contents of files |
|
Other system/audit data (specify): |
Other information (specify) |
---|
Firearms Instruction (FI) Certification/Recertification Date – currently entered manually into the system and used to determine whether an individual should retain their FI status (and therefore be able to sign-up to instruct events in FIRST). In near future, it is hoped that this field would be obtained thru some sort of interface (likely a web service) with Virtual Academy (VA). |
2.2 Indicate sources of the information in the system. (Check all that apply.)
Directly from individual about whom the information pertains |
|||||
---|---|---|---|---|---|
In person |
|
Hard copy: mail/fax |
|
Online |
|
Telephone |
|
|
|
|
|
Other (specify): |
Government sources |
|||||
---|---|---|---|---|---|
Within the Component |
X |
Other DOJ components |
|
Other federal entities |
|
State, local, tribal |
|
Foreign |
|
|
|
Other (specify): |
Non-government sources |
|||||
---|---|---|---|---|---|
Members of the public |
|
Public media, internet |
|
Private sector |
|
Commercial data brokers |
|
|
|
|
|
Other (specify): New FBI Agents (who do not have to meet firearms qualification requirements while in new agent training) and law enforcement partners who have used FBI facilities in the past for shooter training (i.e., task force personnel, local police departments, etc.) sometimes had their scores recorded in the Shoot Scoring System (SSS). FIRST will not track shooting scores for these individuals. However, FIRST is required by Records Management Division (RMD) to maintain ALL of the historical SSS data to satisfy record-keeping requirements for records that have already been captured and maintained. See Section 2.3 for details about how access to the historical SSS data is severely restricted and not co-mingled with data that will be loaded into FIRST after its implementation. The scores and personally identifying information for these individuals who were tracked in SSS but will not be tracked in FIRST will be accessible by only a select few System Administrators (see 2.3). |
2.3 Analysis: Now that you have identified the information collected and the sources of the information, please identify and evaluate any potential threats to privacy that exist in light of the information collected or the sources from which the information is collected. Please describe the choices that the component made with regard to the type or quantity of information collected and the sources providing the information in order to prevent or mitigate threats to privacy. (For example: If a decision was made to collect less data, include a discussion of this decision; if it is necessary to obtain information from sources other than the individual, explain why.)
The most sensitive piece of identifying data in the system is the Social Security Number (SSN). It was the FIRST development team’s initial intent to eschew all use of the SSN in FIRST and use the Unique Employee ID (UEID) from Active Directory (AD) instead. However, in discussions with Records Management Division (RMD), it became apparent that since FIRST is replacing the Shoot Scoring System (SSS), FIRST is required to maintain historical SSS data. In SSS, individuals are uniquely identified w/the SSN and the UEID is not utilized. After consulting BPMS and AMS staff, it was determined that all current employees have a UEID, but not all historical employees do. So, since it will not be possible to convert SSN to UEID for historical SSS data, SSN must be retained for those records. However, it is important to note that new data loaded into FIRST will not contain SSN. Also, the historical SSS data is not being integrated with data being loaded into FIRST – the historical SSS data (and therefore the SSN) will only be accessible (and even then, only displayed in last-4-digits form) thru a few rudimentary queries that will only be made accessible to a select few System Administrators in the Firearms Training Unit (FTU) in Training Division (TD) and in the IT Services Division (ITSD). Additionally, this info will only be accessed on rare occasions that require an examination of an employee’s historical firearms training activities/results. FIRST will comply with the OMB regulation regarding Social Security Numbers (SSN), M-07-16. The FBI has taken all necessary steps to reduce and eliminate all unnecessary use of SSNs.
Access to an employee’s UEID in FIRST will be limited to a few individuals with the need to see that information: Primary Firearms Instructors (PFIs), a limited number of Division Administrative Personnel responsible for data entry, FTU System Administrators, and ITSD System Administrators.
Shooting scores, recorded by instructors and data-entry personnel for individuals who are assigned weapons in the FBI’s AMS (therefore by FBI policy must meet firearms qualification standards each Fiscal Year), are obviously also very sensitive. As such, scores are only accessible to the individual they belong to (by accessing the “My Scores” query in FIRST), to the PFIs and PFI-Designees responsible for providing and tracking the trainees for their Division, to a handful of Division administrative personnel charged with either loading the data or tracking training compliance for the Division, and by FTU and ITSD System Administrators.
Section 3: Purpose and Use of the System
3.1 Indicate why the information in the system is being collected, maintained, or disseminated. (Check all that apply.)
Purpose |
|||
For criminal law enforcement activities |
For civil enforcement activities |
||
For intelligence activities |
X |
For administrative matters |
|
To conduct analysis concerning subjects of investigative or other interest |
To promote information sharing initiatives |
||
To conduct analysis to identify previously unknown areas of note, concern, or pattern. |
For administering human resources programs |
||
For litigation |
|||
X |
Other (specify): To improve safety and proficiency in the use of firearms by FBI armed personnel through tracking, monitoring, and aiding in enforcing FBI policies covering firearms training and proficiency. |
3.2 Analysis: Provide an explanation of how the component specifically will use the information to accomplish the checked purpose(s). Describe why the information that is collected, maintained, or disseminated is necessary to accomplish the checked purpose(s) and to further the component’s and/or the Department’s mission.
FIRST records firearms training results so that compliance with training policies can be monitored at all levels – the individual, the Division, the Training Division, and FBIHQ executive management. By making results and training progress (and outstanding requirements) readily available to all parties responsible for ensuring that this activity occurs, FIRST will allow training and proficiency deficiencies to be addressed proactively. FIRST uses a 3-pronged approach to address compliance monitoring:
- Dashboards, which supply an at-a-glance visual representation of current compliance, allow compliance to be monitored at every level: by the individual, the Supervisor (though as noted on the previous page, a Supervisor can only check on the progress of one of his/her employees, and not on that employee’s actual scores), the Division (PFIs and Division Management), FBI Executive Management, and the FTU in Training Division. FIRST provides a great leap in this area over SSS, which did not provide a visual/graphical representation of compliance and did not allow individuals to view their own firearms training results or progress.
- Reports, which allow PFIs, Division and FBI Executive Management, and FTU personnel to identify individuals throughout the organization who are behind in their firearms training progress BEFORE disciplinary action is warranted and, more importantly, before the armed individual’s safety or proficiency skills erode to the point that it affects performance of duties.
- Email Notifications, which call training deficiencies to the attention of the individual (and, in some cases, the Supervisor), in the case where the individual (and/or Supervisor) do not take advantage of FIRST’s online monitoring/status capabilities.
FIRST uses the personally identifiable information contain within the system to uniquely identify individuals and their training results/status so that there is no doubt about the identity of the individual to whom the records belong and so that a clear picture of the individual’s training progress and firearms proficiency level is readily available to both the individual and those in the FBI responsible for monitoring these activities.
It is hoped that the implementation of FIRST will lead to an increase in compliance with firearms training/proficiency standards at the FBI. In turn, this should result in an overall increase in safety and proficiency levels, and potentially to a reduction in disciplinary action (for failing to comply with required training). Most importantly, better training of our personnel increases the chance of the best possible result whenever an armed FBI employee uses a weapon while performing his/her duties.
3.3 Indicate the legal authorities, policies, or agreements that authorize collection of the information in the system. (Check all that apply and include citation/reference.)
Authority |
Citation/Reference |
|
X |
Statute |
Title 28 U.S.C. Section 532 Title 5 U.S.C. Section 301 Taken together, these two sections authorize the Attorney General (and by delegation, the Director) to issue regulations governing FBI employees, such as those governing firearms qualifications for Special Agents (in this case, the regulations would be the CPD, CPN, MIOG or other document governing firearms qualifications). 5 U.S.C. Section 301 also authorizes the FBI to collect information from its employees documenting the performance of its business, such as scheduling and completion of firearms qualifications. |
Executive Order |
|
|
Federal Regulation |
|
|
Memorandum of Understanding/agreement |
|
|
Other (summarize and provide copy of relevant portion) |
|
3.4 Indicate how long the information will be retained to accomplish the intended purpose, and how it will be disposed of at the end of the retention period. (Reference the applicable retention schedule approved by the National Archives and Records Administration, if available.)
The Records Management Division will retain firearms training records in accordance with an appropriate records retention schedule.
3.5 Analysis: Describe any potential threats to privacy as a result of the component’s use of the information, and controls that the component has put into place to ensure that the information is handled, retained, and disposed appropriately. (For example: mandatory training for system users regarding appropriate handling of information, automatic purging of information in accordance with the retention schedule, etc.)
FIRST is only available via FBINET (the Secret enclave), so all individuals with access are already required to take annual IT Security and, when appropriate, Privileged User training. Banners developed by the Office of General Counsel will address privacy issues and remind users of their responsibilities regarding proper use of the system and the information contained within. The system contains a Privacy Act notice statement.
Accidental or careless disclosure of data derived from FIRST to parties without proper access to view the data, as with any application/system, is possible, however unlikely. FIRST will mitigate the risk of these disclosures by providing users with access to only the data their duties require, and by strictly limiting the presence of the most sensitive piece of personal information – the SSN. See Section 2.3. FIRST will employ UEID rather than SSN to uniquely identify individuals in the system. Also, for historical records from SSS, access will only be given (and only in last-4-digits form) to very few FTU and ITSD System Administrators, as needed, who are properly trained on an annual basis on their responsibilities as privileged users.
Section 4: Information Sharing
4.1 Indicate with whom the component intends to share the information in the system and how the information will be shared, such as on a case-by-case basis, bulk transfer, or direct access.
(N/A – FIRST will not share its data with – or make it otherwise accessible to - any other component or application w/in the component.)
Recipient |
How information will be shared |
|||
Case-by-case |
Bulk transfer |
Direct access |
Other (specify) |
|
Within the component |
|
|||
DOJ components |
|
|||
Federal entities |
|
|||
State, local, tribal gov’t entities |
|
|||
Public |
|
|||
Private sector |
|
|||
Foreign governments |
|
|||
Foreign entities |
|
|||
Other (specify): |
|
4.2 Analysis: Disclosure or sharing of information necessarily increases risks to privacy. Describe controls that the component has put into place in order to prevent or mitigate threats to privacy in connection with the disclosure of information. (For example: measures taken to reduce the risk of unauthorized disclosure, data breach, or receipt by an unauthorized recipient; terms in applicable MOUs, contracts, or agreements that address safeguards to be implemented by the recipient to ensure appropriate use of the information – training, access controls, and security measures; etc.)
MOUs and Interface Control Documents will be established, covering the systems that share data with (or provide a view of their data to) FIRST. FIRST does not currently share its data with any other internal or external application or entity.
Section 5: Notice, Consent, and Redress
5.1 Indicate whether individuals will be notified if their information is collected, maintained, or disseminated by the system. (Check all that apply.)
X |
Yes, notice is provided pursuant to a system of records notice published in the Federal Register and discussed in Section 7. |
|
Yes, notice is provided by other means. |
Specify how: |
|
No, notice is not provided. |
Specify why not: |
5.2 Indicate whether and how individuals have the opportunity to decline to provide information.
Yes, individuals have the opportunity to decline to provide information. |
Specify how: |
|
X |
No, individuals do not have the opportunity to decline to provide information. |
Specify why not: No information in FIRST is provided by the individual. The information is recorded at firearms training events and maintained to ensure that armed personnel keep up-to-date in their firearms training, in accordance with the MIOG and any other FBI policies covering this activity. Keeping records of training results is an established activity that is necessary to ensure compliance and thereby avoid shooting incidents (and potential subsequent litigation against the Bureau) that could have been prevented by adherence to policy. |
5.3 Indicate whether and how individuals have the opportunity to consent to particular uses of the information.
|
Yes, individuals have an opportunity to consent to particular uses of the information. |
Specify how:
|
X |
No, individuals do not have the opportunity to consent to particular uses of the information. |
Specify why not: The agency already has the right to capture and maintain this information. Consent is not needed. If individuals were permitted to opt-out, the FTU and field PFIs would be unable to properly administer the field firearms program or monitor compliance.
|
5.4 Analysis: Clear and conspicuous notice and the opportunity to consent to the collection and use of individuals’ information provides transparency and allows individuals to understand how their information will be handled. Describe how notice for the system was crafted with these principles in mind, or if notice is not provided, explain why not. If individuals are not provided the opportunity to consent to collection or use of the information, explain why not.
Individuals are not given the opportunity to consent to collection of this information. However, they are aware that their shooting scores are tracked as a regular part of their training and maintaining their qualification to carry firearms.
Section 6: Information Security
6.1 Indicate all that apply.
b7E |
||
---|---|---|
X |
Appropriate security controls have been identified and implemented to protect against risks identified in security risk assessment. Specify: Use of Active Directory to authenticate and establish the identity of each user who accesses the application. Security Groups that have been tested by ITSD developers, to ensure that each individual with access to the system has access to only the parts of the system (and therefore the data) that they need to perform their official duties. |
|
X |
Monitoring, testing, or evaluation has been undertaken to safeguard the information and prevent its misuse. Specify: All system activity is logged. Logs will be reviewed by the ISSO. Severe restrictions (discussed throughout this document) have been imposed on the most sensitive personal information, helping to prevent both its misuse and the effects of any misuse. |
|
X |
The information is secured in accordance with FISMA requirements. Provide date of most recent Certification and Accreditation: 10/11/12 |
|
X |
Auditing procedures are in place to ensure compliance with security standards. Specify, including any auditing of role-based access and measures to prevent misuse of information: Standard auditing procedures already examined and approved by SecD, and utilized in other Oracle APEX applications in the FBI. |
|
X |
Contractors that have access to the system are subject to provisions in their contract binding them under the Privacy Act. |
|
X |
Contractors that have access to the system are subject to information security provisions in their contracts required by DOJ policy. |
|
X |
The following training is required for authorized users to access or receive information in the system: |
|
X |
General information security training |
|
Training specific to the system for authorized users within the Department. |
||
Training specific to the system for authorized users outside of the component. |
||
X |
Other (specify): privacy training |
6.2 Describe how access and security controls were utilized to protect privacy and reduce the risk of unauthorized access and disclosure.
The application utilizes Active Directory for authentication. Passwords and logins are stored outside the application. Once authenticated, the UEID (obtained from Active Directory) is utilized to identify the individual to the application. This is then used to ensure that the individual sees only their own data/results.
A security/role table is maintained within the application. This table is accessible by only a few System Administrators. Anyone with special privileges (Firearms Instructors, System Administrators, FTU personnel, etc.) has his/her security role defined in this table. Access to each system function is provided only to the role(s) that require access to perform their duties. Roles are described in the Security Concept of Operations (SecConOps) document for the system, which has been reviewed by the Security Division and the ISSO.
Section 7: Privacy Act
7.1 Indicate whether a system of records is being created under the Privacy Act, 5 U.S.C. § 552a. (Check the applicable block below and add the supplementary information requested.)
X |
Yes, and this system is covered by an existing system of records notice. Provide the system name and number, as well as the Federal Register citation(s) for the most recent complete notice and any subsequent notices reflecting amendment to the system: FBI-008, Bureau Personnel Management System, 58 FR 51875, last modified 1/25/2007; see 72 FR 3410 (2007). |
Yes, and a system of records notice is in development. |
|
No, a system of records is not being created. |
7.2 Analysis: Describe how information in the system about United States citizens and/or lawfully admitted permanent resident aliens is or will be retrieved.
The historical information in FIRST that transferred over from SSS is retrieved by SSN. Going forward, information will only be retrieved by name or UEID.