Privacy Impact Assessment for the Application for Tips and Complaints
On this page:
- I. Data in the System
- II. Access to the Data
- III. Attributes of the Data
- IV. Maintenance of Administrative Controls
I. Data in the System
-
Generally describe what data/information will be collected in the system.
The Tips and Complaints application collects information necessary to investigate potential environmental violations. URL reference\ information to Regional files containing facility reviews or actions may also be contained in the applications, but not the facility review or action itself.
-
What are the sources and types of the information in the system?
The information in the system is provided by the public via web form and can include, if the public user elects, the public users name and the potential violators name along with a description of the act in question. Additionally, the Regions may also enter Regional reference information denoting the occurrence of a facility review and/or action and the documents location on the Regions Intranet site as a part of their tip conclusion process. No actual facility review reports, or facility action documents will be included in the application.
-
How will the data be used by the Agency?
The information provided is used to review the potential environmental violation and assess whether the tip or lead should be investigated as an environmental violation. The data is also used in the form of summary statistics only - for the purpose evaluating the success of the tips and complaints application and effort and its usefulness in meeting Agency priorities.
-
Why is the information being collected? (Purpose)
The information is being collected to provide the public with a more efficient means of providing potential environmental violations to EPA and to provide EPA with a more efficient way of addressing the publics concerns about potential violations in their geographic area.
II. Access to the Data
-
Who will have access to the data/information in the system (internal and external parties)? If contractors, are the Federal Acquisition Regulations (FAR) clauses included in the contract (24.104 Contract clauses; 52.224-1 Privacy Act Notification; and 52.224-2 Privacy Act)?
Internal EPA personnel such as Criminal Investigators, Regional Tip Administrators and their management for the purpose of coordinating criminal and civil investigations will have access. Additionally, a small number of senior information technology specialist will have access to the application for the purpose of providing technical direction to contracted development and maintenance support staff. The contractors who have developed or maintain the application will also have access and are covered by the FAR listed above and have the clause in their contract.
-
What controls are in place to prevent the misuse of data by those having authorized access?
Authorized access is monitored by ID and password control by the Application System Administrators. Additionally, all application users are provided EPA's Information Security training which makes them aware that they are responsible for ensuring that these resources are protected from:
- loss
- misuse
- unauthorized access
- disclosure
- modification
- intentional compromise of the integrity of the data
All users are responsible for protecting sensitive data from unauthorized or accidental disclosure and are responsible and can be held accountable for their use of this resource.
-
Do other systems share data or have access to data/information in this system? If yes, explain who will be responsible for protecting the privacy rights of the individuals affected by the interface? (i.e., System Administrators, System Developers, System Managers)
No, other systems do not have access to this application or share data.
-
Will other agencies, state or local governments share data/information or have access to data in this system? (Includes any entity external to EPA.)
No, other agencies, state or local governments share data, or have access to this system.
-
Do individuals have the opportunity to decline to provide information or to consent to particular uses of the information? If yes, how is notice given to the individual? (Privacy policies must clearly explain where the collection or sharing of certain information may be optional and provide users a mechanism to assert any preference to withhold information or prohibit secondary use.)
Yes, individuals have the opportunity to decline to provide information and are required to check a box as acknowledgement that they have read the use statement as provided on the web form.
III. Attributes of the Data
-
Explain how the use of the data is both relevant and necessary to the purpose for which the system is being designed.
The data is used to investigate tips on potential environmental violations. The data is necessary to identify, investigate and contact, if necessary, the potential violators under review. Additional, data provided by Regional Tip Administrator's is used to coordinate between civil and criminal investigators, with respect to tips or leads and their relation to tips already received.
-
If data are being consolidated, what controls are in place to protect the data from unauthorized access or use? Explain.
Data access is ID and Password protected and not shared with other systems. Additionally, the application is only accessible by authorized EPA personnel, through Secure Socket Layer (SSL) technology, employing 128 bit encryption.
-
If processes are being consolidated, are the proper controls remaining in place to protect the data and prevent unauthorized access? Explain.
Data is not consolidated
-
How will data be retrieved? Can it be retrieved by personal identifier? If yes, explain. (A personal identifier is a name, Social Security Number, or other identifying symbol assigned to an individual, i.e. any identifier unique to an individual.)
Each Tip received is assigned a lead number. Data is retrieved by a combination of lead number, geographic location and date. However, the alleged violator's name and the tipsters name, although suspect until investigated are contained in the data - if the tipster chooses to provide the information. Records are not retrieved by violator's or tipster's name.
-
What achievements of goals for machine readability have been incorporated into this system? Where is the policy stated? (Machine readable technology enables visitors to easily identify privacy policies and make an informed choice about whether to conduct business with that site.)
Our site states that "You are not required to provide your contact information in order for EPA to review your tip or complaint" and that the EPA Privacy act and Security Policy can be reviewed.
IV. Maintenance of Administrative Controls
-
Has a record control schedule been issued for the records in the system? If so, provide the schedule number. What are the retention periods for records in this system? What are the procedures for eliminating the records at the end of the retention period? (You may check with the record liaison officer (RLO) for your AA-ship, Tammy Boulware (Headquarters Records Officer) or Judy Earle, Agency Privacy Act Officer, to determine if there is a retention schedule for the subject records.)
Investigations are retained based on EPA Schedule 1016
General Complaint records are retained bases on NARA Schedule 14, Item 5 -
While the data are retained in the system, what are the requirements for determining if the data are still sufficiently accurate, relevant, timely and complete to ensure fairness in making determinations?
Criminal Investigators review each criminal tip to independently verify its accuracy and relevancy for the purpose of prosecuting environmental crimes. Regional Tip Administrators review each civil tip to independently verify its accuracy and relevancy for the purpose of further environmental sanctions. In the event there is a potential for further environmental sanctions a full investigation of the allegations provided in the tip are authorized before a determination is made.
-
Will this system provide the capability to identify, locate and monitor individuals? If yes, explain.
No, the system does not provide the capability to monitor individuals. The information provided is based on a perceived or alleged environmental violation, not any individual.
-
Does the system use any persistent tracking technologies?
No, persistent tracking technology is used.
-
Under which System of Records (SOR) notice does the system operate? Provide the name of the system and its SOR number if applicable. For reference, please view this list of Agency SORs. (A SOR is any collection of records under the control of the Agency in which the data is retrieved by a personal identifier. The Privacy Act Officer will determine if a SOR is necessary for your system.)
No SORN is necessary. Because the information is not retrieved by name or other identifying information the Privacy Act doesn't apply.