U.S. Equal Employment Opportunity Commission
The following laws and regulations establish specific requirements for the confidentiality, integrity, and availability of the data processed, stored, and transmitted by the EEOC Public Portal:
The individual's right to privacy must be protected in Federal Government information activities involving personal information. This assessment addresses the privacy impact of the EEOC Public Portal. Some information was obtained from AINS' eCase SaaS Privacy Threshold Analysis and Privacy Impact Assessment, Version 1.1, January 18, 2014.
Data in the System
1. Generally describe the information to be used in the system in each of the following categories: Complainant, Company, EEOC Employee, Other.
The Public Portal is built on the eCase Software-as-a-Service (SaaS) platform provided by AINS, Inc. A Privacy Impact Assessment was conducted by AINS on January 18, 2014. For EEOC, the Public Portal provides users with different capabilities as follows:
2. What are the sources of the information in the system?
Primary sources of information are from the potential charging party, charging party, FOIA requestor, and EEOC staff.
2.1. What EEOC files and databases are used?
Most data is stored within the structure of the Integrated Mission System (IMS) Oracle DBMS to which administrative access is tightly restricted. Related documents are stored in Alfresco and linked to IMS records. For responses to FOIA request, files may be stored on EEOC network shared drives, employee laptop drives, or the EEOC Document Management System (DMS).
IMS allows for the insertion and management of records that track allegations of employment discrimination in both the private and Federal sectors from the point of initial contact through the investigation and litigation processes. The Public Portal interfaces with the Private Sector Charge Management component of IMS. For On-Line Charge Status, the portal retrieves status data from the IMS to display to the user. For On- Line Intake, information and documents that are provided by the user through the portal are downloaded to IMS for storage and follow-up activity.
2.2. What Federal Agencies are providing data for use in the system?
Data from other Federal Agencies are not part of the Public Portal.
2.3. What State and Local Agencies are providing data for use in the system?
EEOC's Fair Employment Practices Agency (FEPA) State and local government partners use the IMS system to enter and maintain their charges of employment discrimination. FEPAs may also create and maintain information on State and local charges that are outside of EEOC's federal jurisdiction. If the a charge file is with the FEPA, then a related FOIA requester is advised to submit their request for disclosure to the FEPA, and the federal FOIA request received by EEOC is closed.
2.4. What other third party sources will data be collected from?
None, except as detailed in section 2.5 below.
2.5. What information will be collected from the complainant or company?
The complainant, also referred to as the charging party, can provide the following information in IMS:
- Full name
- Phone information (Home, Work and/or Cell)
- Date of Birth
- National Origin
- Details related to the charge
FOIA Requester details:
- Requester's name (First Name, Middle Name, Last Name)
- Requester's organization
- Requester's category (e.g. Commercial Use, Educational Institution, News Media, Non-commercial Scientific Institution, Other
- Requester's address (Street, City, State, Zip, Country)
- Requester's phone numbers (home, work, mobile, fax)
- Requester's email
FOIA Request details:
- Shipping address (Street, City, State, Zip, Country)
- Other address (Street, City, State, Zip, Country)-if different from shipping address
- Billing address (Street, City, State, Zip, Country)-if different from shipping address
- Request description (e.g. what the requester is asking for in their FOIA/PA request)
- If fees/invoices and payment applies to a request, then the system may track the 'amount due', 'check#', 'bank name', credit card details('card type', 'card#', 'name on card', 'expiration month'
Additionally, eCase application FOIAXpress stores 'files' within the correspondence log for a request AND within the document management module (for responsive records), which may include but are not limited to the following:
- Correspondence from the requester (which may contain their name, address, phone#, etc.)
- Incoming request letter
- Clarification letter
- Fee agreement letter
- Correspondence to the requester (which may contain their name, address, phone #, etc.)
- Acknowledgement letter
- Final response letter
- Redacted responsive records
- Document management files
- Original (un-redacted) responsive records
- Redacted responsive records
3. How will data collected from sources other than EEOC records and the complainant or company be verified for accuracy?
All data is provided by the potential charging party or charging party is verified by an EEOC employee through direct communication as a part of the follow-up and investigation process.
3.1. How will data be checked for completeness?
Certain data fields are monitored as a part of the data entry functionality to ensure completeness of required fields.
3.2. Is the data current? How do you know?
Data currency is dependent on the status of the charge. It is validated and updated throughout the life cycle of the charge/complaint/case, however is no longer updated once the charge/case/complaint is resolved or closed. Charging party records may be updated after closure, if the individual files an additional charge/case/complaint with the EEOC or FEPA.
4. Are the data elements described in detail and documented? If yes, what is the name of the document?
Data elements are described in the module specifications for each functional area of the Public Portal.
5. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Other)?
Each application has a system owner who controls access authorization for individuals under their purview. Should these individuals need access, a request is forwarded to the EEOC's Office of Information Technology (OIT) and processed. In addition to EEOC staff users, IMS database administrators, and technical Help Desk support personnel have access to the Public Portal system.
AINS personnel will have direct access to any agency related information with the exception of those personnel who directly work with that agency to support the system such as analysts, SME, technical lead with the authorization of agency representative.
Members of the public will have access to Milestones, On-line Intake, and FOIAXpress to submit information to EEOC, and to check the status of charges and requests.
6. How is access to the data by a user determined? Are criteria, procedures, controls, and responsibilities regarding access documented?
Access through the Portal by members of the public will be controlled by secure interfaces. Applications log the name of the individual that last updated a record. All EEOC users must agree to and accept the Rules of Behavior prior to being granted any access to data within the applications. All EEOC users are required to take annual Information Security Awareness training.
7. Will users have access to all data on the system or will the users' access be restricted?
Access to data is first restricted by each application in the system and then by the access profile established for the user. Members of the public will be able to view only data directly related to their charge or FOIA request. Members of the public who have submitted an inquiry on-line will be able to view and/or add to information related only to their specific inquiry.
8. What controls are in place to prevent the misuse (e.g. browsing) of data by those having access?
The eCase system has multiple layers of security that protect content to the object level and can be applied to a user, group of users, or set as a general feature. Account access within the system is also limited in that users have a defined time period during which their access is actually active. This automatic feature will log out inactive users and disable their user account based on their access needs. The system can generate both usage and customized access reports that will report users who have been inactive or disabled from the system as needed.
Additionally, the audit trail feature, unique identification, authentication and password requirements, and mandatory security, privacy and records training requirements help prevent unauthorized access to data, browsing and misuse.
9. Do other systems share data or have access to data in this system? If yes, explain. Who will be responsible for protecting the privacy rights of the taxpayers and employees affected by the interface?
The Public Portal has access to IMS data for the purposes of provide charge status, submitting a charge inquiry, and flagging a charge record that has received a FOIA request. EEOC is responsible for protecting the privacy rights of the taxpayers and employees affected by the interface.
10. Will other agencies share data or have access to data in this system (International, Federal, State, Local, Other)?
Occasionally, research agencies contracted with EEOC receive extracted information for the purposes of conducting their research. All extracted data is requested through appropriate channels and output content is controlled by EEOC.
Annual FOIA reports are generated and provide to the Department of Justice.
11. How will the data be used by the agency? Who is responsible for assuring proper use of the data?
EEOC offices use inquiry data for the purposes of intake and investigation of charges of employment discrimination. EEOC offices use FOIA request data for the purpose of preparing appropriate responses to Freedom of Information Act requests. EEOC staff member are responsible for assuring proper use of the data, which is enforced by EEOC policies and laws.
12. How will the system ensure that agencies only get the information they are entitled to under applicable statutes or regulations?
Annual FOIA reports are generated following specific guidelines and provided to the Department of Justice.
Attributes of the Data
13. Is the use of the data both relevant and necessary to the purpose for which the system is being designed?
Yes, the data is necessary to process an inquiry on-line or a FOIA request.
14. Will the system derive new data or create previously unavailable data about an individual through aggregation from the information collected?
No. The data is not considered to be new because it is a repository for data collected through intake procedures, generally submission by the potential charging party. Data is not aggregated from numerous sources.
14.1. Will the new data be placed in the individual's record (complainant or company)?
Not applicable. Data placed in the records is data gathered from the parties themselves.
14.2. Can the system make determinations about complainants or companies that would not be possible without the new data?
14.3. How will the new data be verified for relevance and accuracy?
Not applicable. All data, however, are gathered or verified through formal investigative procedures following procedural guidelines for agency investigators.
15. If data is being consolidated, what controls are in place to protect the data from unauthorized access or use?
The application is hosted in a secure environment protected by the appropriate fire walls, security certificates, encryption, IT infrastructure, and internal operational and managerial controls. Intrusion detection, as well as other security controls, is implemented. Physical security to the room that houses the servers is tightly restricted, as is access to the building itself.
15.1. If processes are being consolidated, are the proper controls remaining in place to protect the data and prevent unauthorized access? Explain.
Access to the data is granted, based on business needs. The appropriate security controls are in place to protect the data and prevent unauthorized access. These controls have been verified through a third party risk assessment.
16. How will the data be retrieved? Can it be retrieved by personal identifier? If yes, explain. What are the potential effects on the due process rights of complainants or companies of: consolidation and linkage of files and systems; derivation of data; accelerated information processing and decision making; use of new technologies. How are the effects to be mitigated?
Outside individuals, including charging parties and respondents, are allowed access to the status of a charge that is retrieved from IMS data, or a FOIA request that is retrieved from FOIAXpress. Data retrieval is only allowed to authorized EEOC staff via correct entry of the login/password combination. EEOC staff may retrieve data by using search parameters that may include an individual's name.
There is no effect on due process rights when individual data is retrieved by staff. Decision-making at an individual or macro level is not controlled by technology tools. Rather, technology tools are utilized to enhance decision-making. Decision-making is controlled by agency-wide policy and regulations, as well as applicable laws and statutes through which the agency operates. Programmatic and managerial controls are in place to ensure due process rights for all individuals and companies/defendant agencies.
Maintenance of Administrative Controls
17. Explain how the system and its use will ensure equitable treatment of complainants or companies. If the system is operated in more than one site, how will consistent use of the system and data be maintained in all sites?
The Public Portal uses system-wide business rules based on agency work processes and laws governing discrimination, thereby ensuring equitable treatment of all individuals and entities. It is a web-based, centrally located system, with functions and rules centrally controlled and managed.
17.1. Explain any possibility of disparate treatment of individuals or groups.
To our knowledge, there is no possibility of disparate treatment of individuals or groups due to the use of Public Portal information.
18. What are the retention periods of data in this system?
Data maintained within the Public Portal is minimal, consisting of items such as user profiles and portal usage statistics. Data submitted through the portal is downloaded to IMS and therefore are covered by IMS retention periods. At present, IMS contains historical records for approximately the past 20 years.
Each FOIA request type has its own retention schedule configured within FOIAXpress, so depending on the request type and final disposition there are varying times. The FOIA database contains historical records for approximately the past 13 years which were migrated from the legacy system.
18.1. What are the procedures for eliminating the data at the end of the retention period? Where are the procedures documented?
The FOIAXpress Retention tool instructions are within the On-line Manual inside of FOIAXpress. The tool is not automatic and there are multiple steps needed to delete cases that have met their retention period. There is a multi-search and mark for deletion steps which prevents an accidental deletion. The Retention management action is also restricted by permissions to certain users.
18.2. While the data is retained in the system, what are the requirements for determining if the data is still sufficiently accurate, relevant, timely, and complete to ensure fairness in making determinations?
The life-cycle processes internal to all EEOC offices ensure "open" cases are updated throughout their lifetime.
19. Is the system using technologies in ways that the EEOC has not previously employed?
19.1. How does the use of this technology affect taxpayer/employee privacy?
Transmission of information employs secure technologies. Persistent cookies or tracking mechanisms are not employed. Data is handled in accordance with EEOC's policies and laws.
20. Will this system provide the capability to identify, locate, and monitor individuals? If yes, explain.
Voluntarily submitted information contains identifying and contact information. That information is used by agency staff to send official correspondence required for the proper processing of charges, FOIA requests, or to contact specific individuals and respondent companies/agencies on official business. The Public Portal systems, however, cannot be used to monitor an individual.
20.1. Will this system provide the capability to identify, locate, and monitor groups of people? If yes, explain.
20.2. What controls will be used to prevent unauthorized monitoring?
The system has an audit log that can be used to run reports on individual users' access to and actions within the system.
21. Under which Systems of Record notice (SOR) does the system operate? Provide number and name.
EEOC-1, Age and Equal Pay Act Discrimination Case Files
EEOC-3, Title VII and Americans with Disabilities Act Discrimination Case Files
EEOC-5, Correspondence and Communications, for FOIA records