Privacy Impact Assessment for the Atlanta Division’s Bank Robbery Database - September 7, 2006
Microsoft Access is a relational database management system widely used by computer programmers to create databases in which data can be easily manipulated for multiple purposes. Using data derived from FBI reports, the Atlanta Division, Field Intelligence Group (FIG), intends to create a Microsoft Access database to enhance its information resources for investigations and analysis. The database will facilitate the work of the Atlanta Division in tracking bank robbery trends and patterns of activity and in preparing statistical analyses. Because the information to be included in the database is derived from data already maintained by the FBI, and because the database will be used for internal purposes only, there are no significant privacy risks associatedwith the creation of this database.
The System and the Information Collected and Stored within the System.
1.1 What information is to be collected?
The database will store data derived from FD-430s and “Letter Head Memorandums” (LHM) prepared by Special Agents (SA) as part of bank robbery investigation. More specifically, the information to be collected includes: bank name and type, street address, and city; modus operandi; day of the week; time of day; robbery subject description, name if available, weapon description, method of escape; note contents and characteristics (as applicable), loss amount, and case file number.
1.2 From whom is the information collected
FBI Special Agents are required to complete FD-430s and LHMs in connection withthe investigation of bank robberies. These forms document all relevant facts of the robbery and would be used as the primary source of data entered into the Access database.
The Purpose of the System and the Information Collected and Stored within the System.
2.1 Why is the information being collected?
The data stored in the Access database will be used to support bank robbery investigations. The information/data, otherwise maintained in the Central Records Systems primarily in the 91 classification, and accessible internally through the Automated Case Support system, is derived from FD-430s and LHMs and is entered into the Access database for investigatory and statistical reporting purposes. For example, the data could be used to identify serial bank robbers by linking similar modus operandi, similar physical descriptions, and similar “get-away” vehicle descriptions.
Uses of the System and the Information.
3.1 Describe all uses of the information.
The Access database will provide the ability to conduct data inquiries pertaining to:
- Bank name, street address, and city;
- Modus Operandi (Day of the week, time of day, subject’s actions, method of escape)
- Verbal statements made by robbery subject;
- Note contents and characteristics;
- Robbery subject description, number of subjects, or subject name(s);
- Weapon description;
- Case file number; and
- Loss amount.
The database will also provide a variety of reports for statistical purposes. For example, reports could be produced on the number of cases assigned to a specific SA; number of robberies that have occurred in a specific year, month, or day, as well as the number of robberies that have occurred to a specific bank or in a specific city.
Internal Sharing and Disclosure of Information within the System.
4.1 With which internal components of the Department is the information shared?
The database will be accessible by those individuals who have authorized access to the “Bank Robbery Squad’s” (Squad 7) file located on the Atlanta Division’s “S-Drive.” Reports resulting from analyses may be shared internally with those who have a need for the information in the performance of their duties.
External Sharing and Disclosure
5.1 With which external (non-DOJ) recipient(s) is the information shared?
Notice Section 6.0 Notice
6.2 Do individuals have an opportunity and/or right to decline to provide information?
Information about individuals involved in bank robberies, to the extent is available, is collected in order to complete FBI reports. The same data is used to populate this database. There is no opportunity or right to decline to provide the information except, of course, by declining to participate in a bank robbery. .2 Do individuals have an opportunity and/or right to decline to provide information?
6.2.1 Can the person from or about whom information is collected decline to provide the information and if so, is there any penalty or denial of service that is the consequence of declining to provide the information?
6.3 Do individuals have an opportunity to consent to particular uses of the information, and if so, what is the procedure by which an individual would provide such consent?
8.9 Privacy Impact Analysis: Given access and security controls, what privacy risks were identified and describe how they were mitigated. For example, were decisions made to encrypt certain data sets and not others?
The Atlanta Division’s Bank Robbery relational database management system uses an FBI-approved, common computer software program, “Microsoft Access.” The data that will be entered and stored on this system is derived from approved FBI documents -- FD-430s and “Letter Head Memorandums” (LHM) -- which are completed in all bank robbery investigations and which are otherwise maintained in the Central Records System under the appropriate classification(s). Information about bank robberies is accessible within the FBI through the “Automated Case Support” system for which security controls are in place. The Access database at issue in this PIA, therefore, does not significantly change the privacy risks associated with the data. Instead, it simply allows Atlanta Division personnel to use that data in a manner that is more efficient and permits improved analysis.