Privacy Impact Assessment WebTA
WebTA is replacing the FBI’s current paper-based collection system with a commercial off-the-shelf (COTS) product providing Bureau employees with an online, web-based system to record their time and attendance data. It will interface with several legacy FBI systems, as well as generate an automated interface with the National Finance Center (NFC).
The following are the primary goals of FBI's WebTA project:
- Provide an online, easy-to-use, intranet-based time and attendance system, deployed world-wide to every FBI facility, with which all Bureau employees will record their time and attendance information, including Time Utilization and Record Keeping (TURK) information.
- Give supervisors the capability to review and certify their employees' electronic timesheets online;
- Eliminate paper-based timecards;
- Eliminate the need for entry clerks to enter employees' time and attendance data;
- Retire the current Automated Time Capture System (ATCS);
- Interface with the existing Mainframe TURK System; and,
- Interface with the National Finance Center (NFC) for offsite payroll processing.
Below is an assessment of the privacy impact of WebTA.
Section 1.0 Information collected and maintained
1.1 What information is to be collected?
WebTA will collect time and attendance (T&A) and time utilization and recordkeeping (TURK) data for FBI personnel. The personally identifiable information being collected includes: name; social security number; date of birth; Bureau and home addresses; and employee telephone numbers. To assist agents with entering their TURK data, the system stores the activity classification types and major case types so that agents can correlate their work hours to the workload of the Bureau. These categories are pre-defined by the Director's staff and are provided from the legacy system.
1.2 From whom is information collected?
All FBI employees and detailees who receive a direct salary from the Bureau must provide the information. Non-FBI employees under contract are not included.
Section 2 The Purpose of the System and the Information Collected and Stored within the System
2.1 Why is the information being collected?
The information is collected to ensure an accurate payroll distribution and to collect TURK data required for Congressional reporting of agent resource utilization.
2.2 What specific legal authorities/arrangements/agreements define the collection of information?
The collection of data is required by general recordkeeping statutes, 5 U.S.C. 301 and 44 U.S.C. 3101, and is in accordance with 5 U.S.C. Chapters 61 and 63 as well as 5 C.F.R. Part 630. TURK data is collected under the authority of 31 U.S.C. 66a.
Section 3.0 Uses of the system and the information
3.1 Describe all the uses of information.
The information collected supports two principle functions: (1) Payroll Administration (that is, pay and leave administration); and (2) TURK Congressional reporting provided annually to Congress on special agent resource utilization and workload activity. The data may also be used to perform aggregate workforce analyses and to provide details in individual instances involving internal investigations or other personnel management matters.
3.2 Does the system analyze data to assist users in identifying previously unknown areas of note, concern, or pattern (sometimes referred to as data mining)?
The primary function of WebTA is to support pay and leave administration and facilitate TURK reporting. No tools to perform data mining are specifically built into the system. As noted in the previous response, however, aggregate workforce analyses can be performed using WebTA and external analytical tools.
3.3 How will the information collected from individuals or derived from the system be checked for accuracy?
Because employees enter their own data, and because pay and benefits depend on accuracy, there is an incentive to ensure that the information is correct. The data are also verified by a supervisor or designated time administrator. In addition, the data are screened by the NFC for anomalies to ensure data integrity required for payments. Similarly, TURK data relies on individual reporting for accuracy, but can be verified at the supervisor level.
3.4 What is the retention period for the data in the system. Has the applicable retention schedule been approved by the National Archives and Records Administration (NARA)?
For T&A data electronically transmitted to the NFC, the Bureau must maintain the certified T&A report (printout and worksheet) and all appropriate supporting documentation for a six-year period in compliance with the National Archives and Records Administration (NARA) General Records Schedule (GRS)-2, Item 8, and the Government Accountability Office audit requirements. The NFC will maintain the personal payment history required in Fair Labor Standard Act cases and court ordered restorations as cited in the supplemental authorization NC1-16-79-5 to GRS-2. WebTA will not be storing and retaining TURK data; after collection, it is transferred to the TURK system each pay period. In that system, electronic records are retained for a period of three years and hard copy records are retained in accordance with GRS 8, Items 7 and 8.
3.5 Privacy Impact Analysis: Describe any types of controls that may be in place to ensure that information is handled in accordance with the above described uses and describe why the information is being retained for the indicated period. For example, is appropriate use of information covered in training for all users of system? Are strict disciplinary programs in place if an individual is found to be inappropriately using the information?
WebTA will be subject to periodic audits to ensure that the data are being handled in accordance with established protocols. Procedures are in place to discipline individuals who misuse the data in the legacy T&A system and these procedures will apply to WebTA. Because the system is built on role-based access, individual employees should not have access to more than their own information and timekeepers and supervisor access will be strictly on a need-to-know basis.
Section 4.0 Internal Sharing and Disclosure of Information within the System
4.1 With which internal organizations of the Department is the information shared?
The information is shared internally where there is a need to know. Accordingly, it is shared each pay period with the Payroll Administration and Processing Unit (Finance Division) and the Human Resources Management Section (Human Resources Division) depending on need. The Inspection Division and Office of Professional Responsibility may also obtain access on an ad hoc basis. As the primary office that provides administrative support services to the Department of Justice (DOJ), the DOJ Justice Management Division also has access to the data.
4.2 For each component or office, what information is shared and for what purpose?
All data in WebTA is available to the Payroll Administration and Processing Unit staff for the purpose of providing employee customer service regarding error corrections and reconciliation of leave balances at NFC, should a processing error occur. The Human Resource Management Section employees need the data to perform their core functions supporting personnel line of business practices. The Inspection Division and Office of Professional Responsibility may obtain access to individual accounts to conduct inquiries or for oversight purposes. The Justice Management Division has access to support its overall administrative functions.
4.3 How is the information transmitted or disclosed?
The information is transmitted each pay period as an electronic file. Other reports may be transmitted by printout or in electronic format.
4.4 Privacy Impact Analysis: Considering the extent of internal information sharing, discuss what privacy risks were identified and how they were mitigated. For example, if another Departmental component, office, or organization has access to the system that your office controls, discuss how access controls have been implemented and whether audit logs are regularly reviewed to ensure appropriate sharing of information.
The T&A data in WebTA has been determined to be sensitive but unclassified information (SBU). The data for TURK are classified at the secret level. The data are entered, processed and stored on a secret level system due to the TURK interface. To ensure the privacy of the information, role-based access is employed so that only those who need access to the information have access to it. Audit logs will be generated and periodically reviewed to ensure compliance.
Section 5.0 External sharing and disclosure
5.1 With which external (non-DOJ) recipients is the information shared?
The T&A data are shared with the US Department of Agriculture, National Finance Center, Personnel and Payroll Center. The TURK data are shared primarily through aggregate, non-identifying reports to the Congress, the Government Accountability Office and the Office of Management and Budget.
5.2 What information is shared and for what purpose?
The T&A data are shared with NFC for the purpose of processing and disbursing employee payroll. The data consists of time codes that represent different T&A work hour activities used over one pay period of time (two weeks) and personally identifiable information to associate the codes with an individual employee or detailee. The shared TURK data consist of hours spent on specific case-related activities and are shared for reporting and oversight purposes. These data are not sent to NFC.
5.3 How is the information transmitted or disclosed?
The T&A data are transmitted via a secure virtual private network (VPN) established between the FBI and the DOJ Justice Data Center (JDC). The JDC is connected to the NFC. The FBI data is transmitted using an automated feature called "Direct Connect" that delivers data files directly to the NFC in a secure manner. TURK data are not transmitted. Information dissemination is primarily in written reports.
5.4 Are there any agreements concerning the security and privacy of the data once it is shared? If possible, include a reference to and quotation from any MOU, contract, or other agreement that defines the parameters of the sharing agreement.
The DOJ has an Interagency Agreement with the NFC for the purposes of processing all DOJ personnel and T&A data. As a component of the DOJ, the FBI is not required to establish a separate agreement. The sharing of TURK data that occurs does not require an MOU. Information security is governed by the following NFC security policies and standards:
a. External Laws and Regulations
1. Public Law 100-235, “Computer Security Act of 1987”
2. Public Law 93-579, “Privacy Act of 1974”
3. Public Law 93-502, “Freedom of Information Act”
4. Public Law 99-474, “Computer Fraud and Abuse Act”
5. OMB Circular No. A-130 Appendix III, “Security of Federal Automated
6. OMB Circular No. A-123, “Management Accountability and Control,” June 29,1995
b. USDA Internal Regulations
1. R 3140-001, “USDA Information Systems Security Policy” dated may 15, 1996
c. NFC Title: VII, Management and Administrative Directives Manual
1. Chapter: 11 – “Information Systems Management”
5.6 What type of training is required for users from agencies outside the FBI prior to receiving access to the information?
NFC employees must attend mandatory information security training and attain FBI trusted-partner security clearances. They also are required to attend training on subjects prescribed in their individual development plans (IDP). The IDP varies per employee depending on the employee's knowledge, skill and ability to perform payroll functions.
5.7 Privacy Impact Analysis: Given the external sharing, what privacy risks were identified and describe how they were mitigated. For example, if a decision was made to limit external sharing, include such a discussion.
Development of the WebTA system aligns with the President's E-Payroll Initiative to standardize and consolidate government-wide Federal civilian payroll services and processes to better integrate payroll, human resources, and finance functions. Risks from the external sharing of data have been identified and mitigated by development of appropriate architecture to permit secure transmission of the data to the NFC and by protocols at the NFC for handling the data. Because the TURK data are shared externally primarily through aggregate reporting, the impact on privacy is minimal.
Section 6.0 Notice
6.1 Was any form of notice provided to the individual prior to collection of information?
A communication plan has been developed to ensure that employees are fully aware of the implementation of the WebTA system. The plan includes dissemination of printed material and email communications.
6.2 Do individuals have an opportunity and/or right to decline to provide information?
Individuals can decline to provide information in WebTA, but in consequence, their paychecks, leave balances and other administrative accounts may be inaccurate. Because it is generally agreed that some form of workload measurement system is necessary, providing information in TURK for those employees covered by that system is mandatory.
6.3 Do individuals have an opportunity to consent to particular uses of the information? If such an opportunity exists, what is the procedure by which an individual would provide such consent?
Participation in WebTA signifies consent on the part of an individual that the information can be shared for payroll and related purposes. Acceptance of a position covered by TURK reporting requirements signifies consent to provide timekeeping information.
6.4 Privacy Impact Analysis: Conspicuous and transparent notice allows individuals to understand how their information will be used and disclosed. Describe how notice for the system was crafted with these principles in mind or if notice is not provided, what was the basis for this decision.
There is little risk to employees based on lack of notice because a comprehensive communication plan has been developed to ensure that employees are adequately apprised of the system and their role in participating in it.
Section 7.0 Individual Access, Redress and Correction
7.1 What are the procedures that allow individuals the opportunity to seek access to or redress of their own information?
All relevant recorded information is made available to employees in their bi-weekly pay stubs. Individuals have access to their data via a secure connection using personal identification and passwords. Any discrepancies in the data are reported to the individual’s supervisor; the timekeeper can submit a corrected record if necessary. The TURK data is similarly available to employees for input, verification and correction purposes.
7.2 How are individuals notified of the procedures for seeking access to or amendment of their information?
Notification is part of the communications plan and training that will be provided to employees as part of the deployment of the system. New employees will be informed at the time of their hiring.
7.3 If no opportunity to seek amendment is provided, are any other redress alternatives available to the individual?
7.4 Privacy Impact Analysis: Discuss any opportunities or procedures by which an individual can contest information contained in this system or actions taken as a result of agency reliance on information in the system.
As the foregoing indicates, individual employees have ample opportunity to ensure the accuracy of their T&A and TURK data and can make corrections as necessary. It is in the interest of individual employees and the Bureau as a whole to have accurate data in this system.
Section 8.0 Technical Access and Security
8.1 Which user group(s) will have access to the system? (For example, FBI program managers, IT specialists, analysts, task force members, etc.)
Each FBI employee will have access only to his or her own data in the system, and user IDs and passwords will be required to prevent unauthorized access. Timekeepers and supervisors will also have access to the data for verification purposes. The Payroll Administration and Processing Unit staff will have access for the purpose of providing employee customer service and the Human Resource Management Section will have access in order to accomplish their personnel functions. The Inspection Division and Office of Professional Responsibility may also obtain access to individual accounts to conduct inquiries or for oversight purposes.
8.2 Will FBI contractors have access to the system? If so, please submit a copy of the contract describing their role along with this PIA.
8.3 Does the system use “roles” to assign privileges to users of the system?
8.4 What procedures are in place to determine which users may access the system and are those procedures documented?
Role-based access following the doctrine of least privilege is documented in the concept of operations for WebTA.
8.5 How are the actual assignments of roles and rules verified according to established security and auditing procedures?
The WebTA system resides on the Application Server Farm (ASP) and assigned roles and access controls for individuals are described in the ASP System Security Plan, dated February 16, 2005. User profiles are employed to ensure appropriate assignment of roles and are updated as necessary to accommodate personnel and system changes.
8.6 What auditing measures and technical safeguards are in place to prevent misuse of data?
A daily audit log is maintained by the WebTA application and reviewed by the Information System Security Officer (ISSO) of the application. The ISSO will alert the Information System Security Manager (ISSM) of any abnormal consequences when monitoring the logs. Audit logs can be maintained until no longer needed, according to NARA, GRS 20. While the data will be retained for six years, the logs will be kept for one year, or pending system administration review, whichever is later.
8.7 Describe what privacy training is provided to users either generally or specifically relevant to the functionality of the program or system?
Privacy and security training is provided to all FBI employees as a condition of employment and specific training is provided for FBI employees with access to sensitive data.
8.8 Is the data secured in accordance with FISMA requirements? If yes, when was Certification & Accreditation last completed?
Yes. The initial Certification and Accreditation is in process and will be completed before the system is implemented.
8.9 Privacy Impact Analysis: Given access and security controls, what privacy risks were identified and describe how they were mitigated. For example, if a decision was made to tighten access controls by restricting access to specific users, include such a discussion.
Both T&A data and TURK information is sensitive and highly personal. Rules have therefore been established to limit access strictly to those with a need-to-know. Sharing is permitted primarily to facilitate payroll business processes.
Section 9.0 Technology
9.1 Was the system built from the ground up or purchased and installed?
The WebTA system is a modified commercial-off-the-shelf (COTS) product acquired from Kronos Software; it was purchased and installed by the FBI Office of Information Technology Program Manager.
9.2 Describe how data integrity, privacy, and security were analyzed as part of the decisions made for your system.
Because data integrity, privacy and security are integral to the successful operation of WebTA, the decision to use Kronos Software, as modified for Bureau use, was guided by these factors. The COTS product, WebTA used for the collection of T&A data, uses an Oracle database to store the data. The Oracle database, under the control of the FBI is a secure data center. All data transfers to or from the Oracle database must be certified and accredited and granted "Authority to Operate" before being enabled.
9.3 What design choices were made to enhance privacy?
To enhance privacy, the system design was required to provide role-based security and user ID and password access in a configuration that would be under the control of the FBI. In addition, the creation of a secure VPN to transmit data to the FBI was added to ensure the privacy and security of the information.
Section 10.0 Data flow map
Provide a data flow map which depicts the information collected and how it is maintained, used, and disseminated by the system and/or program.
See Appendix A.
Conversion of the Bureau's paper-based time and attendance and TURK reporting systems to a secure and easy-to-use web-based system will streamline internal Bureau business processes and simplify payroll, finance and reporting requirements. In developing WebTA, the FBI was mindful of the sensitivity of the data at issue and the privacy and security concerns attendant to the data. WebTA was structured in ways to mitigate any adverse effects on privacy and security.