Text

ADAMS ML17355A478 U.S. Nuclear Regulatory Commission Privacy Impact Assessment (Designed to collect the information necessary to make relevant determinations regarding the applicability of the Privacy Act, the Paperwork Reduction Act information collections requirements, and record management requirements.)

for the Government Retirement & Benefits (GRB Assist)

Date: October 20, 2017 A. GENERAL SYSTEM INFORMATION

1. Provide a detailed description of the system:

GRB Assist is a web based system that allows Federal Employees or Federal Benefits Specialists to access the system with a web browser client via the internet. GRB Assist provides benefits specialist tools to perform their day to day job (i.e., preparing service histories, creating retirement estimate reports, as well as various other related estimate reports.

2. What agency function does it support?

GRB Assist supports the Human Resources support of retirement benefit estimation.

3. Describe any modules or subsystems, where relevant, and their functions. l N/A

4. What legal authority authorizes the purchase or development of this system?

5 USC Titles 8415 and 8339

5. What is the purpose of the system and the data to be collected?

Calculating retirement benefit estimates and death benefit estimates.

6. Points of Contact:

Business Project Manager Office/Division/Branch Telephone Jason Shay OCHCO/ADHROP 301-287-0590 Technical Project Manager Office/Division/Branch Telephone Sally Wilding OCHCO/HCAB 301-287-0596 Executive Sponsor Office/Division/Branch Telephone Miriam Cohen OCHCO 301-287-0747.

Project Manager Office/Division/Branch Telephone Angela Jones OCHCO/ADHROP/OBB 301-287-0723

7. Does this privacy impact assessment (PIA) support a proposed new system or a proposed modification to an existing system?

a. New System X Modify Existing System Other (Explain)

b. If modifying an existing system, has a PIA been prepared before?

Yes (1) If yes, provide the date approved and ADAMS accession number.

ML12144A365 - Updated Points of Contact and NBC to IBC.

B. INFORMATION COLLECTED AND MAINTAINED These questions are intended to define the scope of the information requested as well as the reasons for its collection. Section 1 should be completed only if information is being collected about individuals. Section 2 should be completed for information being collected that is not about individuals.

1. INFORMATION ABOUT INDIVIDUALS

a. Does this system maintain information about individuals?

Yes.

(1) If yes, identify the group(s) of individuals (e.g.,

Federal employees, Federal contractors, licensees, general public).

Federal Employees

(2) IF NO, SKIP TO QUESTION B.2.

b. What information is being maintained in the system about an individual (be specific)?

The system collects Federal employees social security number, date of birth, address, telephone number and employee ID.

c. Is information being collected from the subject individual?

Yes (1) If yes, what information is being collected?

Information is collected from subject individuals, Federal Personnel Payroll System (FPPS), and Electronic Official Personnel Folder System (e-OPF). The system collects Federal employees telephone number and redeposit, military service, part- time/temp history information.

d. Will the information be collected from 10 or more individuals who are not Federal employees?

No.

(1) If yes, does the information collection have OMB approval?

(a) If yes, indicate the OMB approval number:

e. Is the information being collected from existing NRC files, databases, or systems?

No.

(1) If yes, identify the files/databases/systems and the information being collected.

f. Is the information being collected from external sources (any source outside of the NRC)?

Yes.

(1) If yes, identify the source and what type of information is being collected?

FPPS, which is operated by the Department of Interiors Interior Business Center (DOI/IBC) e-OPF, which is operated by the Office of Personnel Management

(OPM)

Type of information being collected from these sources: Last name, first name, middle initial, name suffix, date of birth, married status, SSN, current appointment date, current agency, current service type, retirement code

g. How will information not collected directly from the subject individual be verified as current, accurate, and complete?

Employee verifies accuracy and completeness.

h. How will the information be collected (e.g. form, data transfer)?

By form to employee using FPPS and Electronic Office Personnel Files (eOPF).

2. INFORMATION NOT ABOUT INDIVIDUALS Not applicable.

a. Will information not about individuals be maintained in this system?

(1) If yes, identify the type of information (be specific).

b. What is the source of this information? Will it come from internal agency sources and/or external sources? Explain in detail.

C. USES OF SYSTEM AND INFORMATION These questions will identify the use of the information and the accuracy of the data being used.

1. Describe all uses made of the data in this system.

Calculation of Federal Employees retirement benefit estimate, death benefit estimate, Service Computation Date calculation, deposit and redeposit requirements, and retirement plan determination.

2. Is the use of the data both relevant and necessary for the purpose for which the system is designed?

Yes.

3. Who will ensure the proper use of the data in this system?

OCHCO Professionals and System Administrators.

4. Are the data elements described in detail and documented?

Yes.

a. If yes, what is the name of the document that contains this information and where is it located?

GRB-Saas_RBS Data Dictionary located on the OCHCO G Drive Restricted Access for OCHCO only.

5. Will the system derive new data or create previously unavailable data about an individual through aggregation from the information collected?

No.

Derived data is obtained from a source for one purpose and then the original information is used to deduce/infer a separate and distinct bit of information that is aggregated to form information that is usually different from the source information.

Aggregation of data is the taking of various data elements and then turning it into a composite of all the data to form another type of data (i.e. tables or data arrays).

a. If yes, how will aggregated data be maintained, filed, and utilized?

b. How will aggregated data be validated for relevance and accuracy?

c. If data are consolidated, what controls protect it from unauthorized access, use, or modification?

6. How will data be retrieved from the system? Will data be retrieved by an individuals name or personal identifier? (Be specific.)

By Employee Name

7. Will this system provide the capability to identify, locate, and monitor (e.g., track, observe) individuals?

No.

a. If yes, explain.

(1) What controls will be used to prevent unauthorized monitoring?

8. List the report(s) that will be produced from this system.

Retirement benefit estimate reports.

Death benefit estimate reports.

a. What are the reports used for?

Estimating Federal Employee retirement benefits.

b. Who has access to these reports?

Access is limited to Benefits Specialists and System Administrators and report is provided to the individual employee on their information only.

D. ACCESS TO DATA

1. Which NRC office(s) will have access to the data in the system?

NRC OCHCO Professionals and/or Contractor (1) For what purpose?

Provide estimated retirement benefits reports to NRC Employees only.

(2) Will access be limited?

Yes, access is limited to Benefits Specialists and System Administrators

2. Will other NRC systems share data with or have access to the data in the system?

No.

(1) If yes, identify the system(s).

(2) How will the data be transmitted or disclosed?

3. Will external agencies/organizations/public have access to the data in the system?

No.

(1) If yes, who?

(2) Will access be limited?

(3) What data will be accessible and for what purpose/use?

(4) How will the data be transmitted or disclosed?

E. RECORDS RETENTION AND DISPOSAL The National Archives and Records Administration (NARA), in collaboration with federal agencies, approves whether records are temporary (eligible at some point for destruction/deletion because they no longer have business value) or permanent (eligible at some point to be transferred to the National Archives because of historical or evidential significance). These determinations are made through records retention schedules and are required under 36 CFR 1234.10. The following questions are

intended to determine whether the records in the system have an approved records retention schedule or if one will be needed.

1. Can you map this system to an applicable retention schedule in NUREG-0910, or the General Records Schedules at http://www.archives.gov/records-mgmt/grs ?

Yes.

a. If yes, please cite the schedule number, approved disposition, and describe how this is accomplished. For example, will the records or a composite thereof be deleted once they reach their approved retention or exported to a file for transfer based on their approved disposition?

GRS 2.5, item 020: Individual employee separation files.

It includes records not included in separating employees OPF, documenting individual employees transfer to another Federal agency of office or voluntary, involuntary, disability, early retirement, or death separation from career, temporary, and political appointment service; and legal and financial obligations of government to employee to government.

Retention is Temporary:

Destroy 1 year after date of separation or transfer, but longer retention is authorized if required for business use.

If the answer to question E.1 is yes, skip to F.1. If the response is no, complete question E.2 through question E.7.

2. If the records cannot be mapped to an approved records retention schedule, how long do you need the records? Please explain.

3. Would these records be of value to another organization or entity at some point in time? Please explain.

4. How are actions taken on the records? For example, is new data added or updated by replacing older data on a daily, weekly, or monthly basis?

5. What is the event or action that will serve as the trigger for updating, deleting, removing, or replacing information in the system? For example, does the information reside in the system for three years after it is created and then is it deleted?

6. Is any part of the record an output, such as a report, or other data placed in ADAMS or stored in any other location, such as a shared drive or MS SharePoint?

7. Does this system allow for the deletion or removal of records no longer needed and how will that be accomplished?

F. TECHNICAL ACCESS AND SECURITY

1. Describe the security controls used to limit access to the system (e.g., passwords).

Access is limited through use of user logins and passwords, and role assignment to those whose official duties require access.

2. What controls will prevent the misuse (e.g., unauthorized browsing) of system data by those having access?

Role assignment and log on password protection.

3. Are the criteria, procedures, controls, and responsibilities regarding access to the system documented?

Yes (1) If yes, where?

Documentation related to access has been provided by GRB and is stored on the G Drive with limited access for OCHCO only.

4. Will the system be accessed or operated at more than one location (site)?

No.

a. If yes, how will consistent use be maintained at all sites?

5. Which user groups (e.g., system administrators, project managers, etc.)

have access to the system?

OCHCO Professionals and System Administrators

6. Will a record of their access to the system be captured?

Yes.

a. If yes, what will be collected?

Events:

User logon/logoff Account Management Object Access Policy Change Privilege Use Process Tracking System Events

Information:

Date/Time Component Event Type User or Process ID Success or Failure Result

7. Will contractors be involved with the design, development, or maintenance of the system?

Yes.

If yes, and if this system will maintain information about individuals, ensure Privacy Act and/or PII contract clauses are inserted in their contracts.

• FAR clause 52.224-1 and FAR clause 52.224-2 should be referenced in all contracts, when the design, development, or operation of a system of records on individuals is required to accomplish an agency function.

• PII clause, Contractor Responsibility for Protecting Personally Identifiable Information (June 2009), in all contracts, purchase orders, and orders against other agency contracts and interagency agreements that involve contractor access to NRC owned or controlled PII.

8. What auditing measures and technical safeguards are in place to prevent misuse of data?

Audit records are reviewed weekly for suspicious activity and violations and findings are reported to CIO or assignee. Violations cause alert messages to be sent to Administrators. Audit review will be increased during time of high risk.

9. Are the data secured in accordance with FISMA requirements? Yes.

a. If yes, when was Certification and Accreditation last completed? Pursuing C&A for NRC.

PRIVACY IMPACT ASSESSMENT REVIEW/APPROVAL (For Use by OCIO/GEMS/ISB Staff)

System Name: GRB Assist Submitting Office: Office of the Chief Human Capital Officer A. PRIVACY ACT APPLICABILITY REVIEW Privacy Act is not applicable.

X Privacy Act is applicable.

Comments:

GRB Assist provides benefits specialist the tools to perform their day to day job (i.e., preparing service histories, creating retirement benefit estimate, death benefit estimate, service computation date calculation, deposit and redeposit requirements and retirement plan determination reports. GRB will not collect or maintain any PII on members of the public, only current federal employees.

Reviewers Name Title Date Sally A. Hardy Privacy Officer 1/22/2018 B. INFORMATION COLLECTION APPLICABILITY DETERMINATION X No OMB clearance is needed.

OMB clearance is needed.

Currently has OMB Clearance. Clearance No.

Comments:

Reviewers Name Title Date David Cullison Agency Clearance Officer 12/29/17

C. RECORDS RETENTION AND DISPOSAL SCHEDULE DETERMINATION No record schedule required.

Additional information is needed to complete assessment.

Needs to be scheduled.

X Existing records retention and disposition schedule covers the system - no modifications needed.

Comments:

Reviewers Name Title Date Marna B. Dove Sr. Program Analyst, Electronic Records Manager 1/16/18 D. BRANCH CHIEF REVIEW AND CONCURRENCE X This IT system does not collect, maintain, or disseminate information in identifiable form from or about members of the public.

This IT system does collect, maintain, or disseminate information in identifiable form from or about members of the public.

I concur in the Privacy Act, Information Collections, and Records Management reviews:

/RA/ Date January 23, 2018 Anna T. McGowan, Chief Information Services Branch Governance & Enterprise Management Services Division Office of the Chief Information Officer

TRANSMITTAL OF PRIVACY IMPACT ASSESSMENT/

PRIVACY IMPACT ASSESSMENT REVIEW RESULTS TO: Miriam Cohen, Director, Office of the Chief Human Capital Officer Name of System: Government Retirement & Benefits (GRB Assist)

Date ISB received PIA for review: Date ISB completed PIA review:

October 20, 2017 January 22, 2018 Noted Issues:

GRB will not collect or maintain any PII on members of the public, only current federal employees The information being collected in the GRB database is from 10 or more individuals that are all Federal employees and does not require OMB clearance.

Anna T. McGowan, Chief Signature/Date:

Information Services Branch Governance & Enterprise Management

/RA/ January 23, 2018 Services Division Office of the Chief Information Officer Copies of this PIA will be provided to:

Tom Rich, Director IT Services Development & Operation Division Office of the Chief Information Officer Jonathan Feibus Chief Information Security Officer (CISO)

Governance & Enterprise Management Services Division Office of the Chief Information Officer