Privacy Impact Assessment (PIA) Biometrics-Reviewer Website/Database
December 21, 2004
This PIA is conducted pursuant to the E-Government Act of 2002, Public Law 107-347, the accompanying guidelines issued by the Office of Management and Budget (OMB) on September 26, 2003, and the FBI's PIA guidelines.
The proposed Biometrics-Reviewer Website/Database will provide a venue for individuals with expertise in the field of biometrics to volunteer to act as project reviewers. The website and database will provide participating agencies with a resource of knowledgeable individuals willing to act as reviewers for biometric projects.
A. What information is being collected? The database will contain information voluntarily submitted by individuals, including members of the general public, who are familiar with biometrics and interested in volunteering to serve on agency review panels. Specifically, the database will include name, employment type (government, private-sector, etc.) and employer, phone, fax, email, and years of biometric experience. The website will also request information on type of biometric experience (i.e., operational, research and development, test and evaluation, etc.) and modality (i.e., facial recognition, fingerprints, etc.).
B. Why is the information being collected? Agencies involved in biometric research and development often find it difficult to find individuals who are willing and knowledgeable to serve on proposal review panels. The website will provide a method by which individuals may volunteer and a ready resource for agencies seeking knowledgeable reviewers.
C. What is the intended use of the information? The information is compiled for the purpose of identifying individuals who are knowledgeable and willing to serve on agency review panels. Agencies will search the database when they are in need of reviewers to find individuals who could be of assistance to them with a particular matter. Agencies may then contact those individuals to ascertain their qualifications and willingness to participate in the agency project.
D. With whom will the information be shared? The database will be available to members of the National Science & Technology Council's Interagency Working Group on Biometrics, a White House-led interagency working group on biometric research and development. The working group members will have access to the data through a restricted access on-line resource which utilizes SSL encryption and is password-protected. The data will not be searched by name or personal identifier, but rather will be searched by those items most relevant for locating qualified reviewers (such as biometric experience).
The database will be maintained by and located at an FBI contractor facility.
E. What opportunities will individuals have to decline to provide information or to consent to particular uses of the information? The entry of information into the database is completely voluntary. Individuals will remain in the system for no more than two years before the system will require re-submission or updating of information. Individuals can update their information at any time by requesting a copy of their current information and sending changes to the developer via phone or email. An online method is also being developed which will allow individuals to amend their own information online.
F. How will the information be secured? The working group members will have access to the data through a restricted access on-line resource which utilizes SSL encryption and is password-protected.
G. Is this a system of records? No. As long as information is not retrieved by name or personal identifier, the database is not a Privacy Act system of records.
H. What choices did the FBI make regarding an IT system or collection of information as a result of performing the PIA? The system sponsor was instructed to post privacy policies on any information intake website in compliance with applicable Office of Management and Budget (OMB) guidance. The policy information must include a notice that providing information is strictly voluntary as well as obtain consent from the individual for appropriate disclosures. In addition, the program sponsor was instructed to ensure that any website tracking technology utilized on the website comply with applicable OMB guidance. In order to create a more transparent process and further minimize privacy concerns, the system sponsor was instructed to ensure the website describe how the voluntarily provided information will be used and to whom it will be disclosed and to provide a mechanism for the individual to expressly consent to such use and disclosure.
The system does not involve any new collection techniques or processes that may be controversial or invasive of personal privacy. In fact, the collection of personal information is purely voluntary and an individual can withdraw his/her name at any time.
The website/database involves limited use and access; as such, OMB guidance does not require the more extensive PIA analysis that must accompany the development of major information systems.
Based on the foregoing, the FBI Senior Privacy Official has determined that the proposed database presents no noteworthy privacy concerns and approves the system. A new Privacy Act system notice is not required. Completion of a full PIA and referral to the FBI Privacy Council also are not required.