Download:
pdf |
pdfPrivacy Impact Assessment (PIA): CDC - OCIO ISB INFR SVCS - Vessel Sanitation Program - QTR2 - 2024 - CDC8252187
Created Date: 5/9/2024 7:15 PM Last Updated: 5/9/2024 7:15 PM
Copy PIA (Privacy Impact Assessment)
Do you want to copy this PIA ?
Please select the user, who would be submitting the copied PIA.
Instructions
Review the following steps to complete this questionnaire:
1) Answer questions. Select the appropriate answer to each question. Question specific help text may be available via the
answer dictates an explanation, a required text box will become available for you to add further information.
icon. If your
2) Add Comments. You may add question specific comments or attach supporting evidence for your answers by clicking on the
each question. Once you have saved the comment, the icon will change to the
icon next to
icon to show that a comment has been added.
3) Change the Status. You may keep the questionnaire in the "In Process" status until you are ready to submit it for review. When you have
completed the assessment, change the Submission Status to "Submitted". This will route the assessment to the proper reviewer. Please note that
all values list questions must be answered before submitting the questionnaire.
4) Save/Exit the Questionnaire. You may use any of the four buttons at the top and bottom of the screen to save or exit the questionnaire. The
button allows you to complete the questionnaire. The button allows you to save your work and close the questionnaire. The button allows you to
save your work and remain in the questionnaire. The button closes the questionnaire without saving your work.
Acronyms
ATO - Authorization to Operate
CAC - Common Access Card
FISMA - Federal Information Security Management Act
ISA - Information Sharing Agreement
HHS - Department of Health and Human Services
MOU - Memorandum of Understanding
NARA - National Archives and Record Administration
OMB - Office of Management and Budget
PIA - Privacy Impact Assessment
PII - Personally Identifiable Information
POC - Point of Contact
PTA - Privacy Threshold Assessment
SORN - System of Records Notice
SSN - Social Security Number
URL - Uniform Resource Locator
Does this need
to migrate to a
SubComponent?:
No
Consolidated Parent Component
Component Name
No Records Found
�General Information
PIA Name:
CDC - OCIO ISB INFR SVCS - Vessel Sanitation
Program - QTR2 - 2024 - CDC8252187
PIA ID:
8252187
Name of
Component:
OCIO ISB Infrastructure Services
Name of ATO
Boundary:
OCIO ISB Infrastructure Services
Migrated Sub-Component PIA
PIA Name
No Records Found
Sub-Component
Software Name
Vessel Sanitation Program
Original Related PIA ID
PIA Name
CDC - VSP - QTR2 - 2023 - CDC6757208
Overall Status:
PIA Queue:
Submitter:
BOATENG, Alfred
# Days Open:
(289)
Submission
Status:
Re-Submitted
Submit Date:
6/21/2023
Next
Assessment
Date:
07/24/2026
Expiration Date: 7/24/2026
Office:
OD
OpDiv:
CDC
Make PIA
available to
Public?:
Yes
Security
Categorization:
Legacy PIA ID:
1:
Identify the Enterprise Performance Lifecycle Phase of the system
2:
Is this a FISMA-Reportable system?
3:
Does the system have or is it covered by a Security Authorization to
Operate (ATO)?
4:
ATO Date or Planned ATO Date
7/17/2023
Privacy Threshold Analysis (PTA)
PTA Name
CDC - OCIO ISB INFR SVCS - Vessel Sanitation Program - QTR2 - 2024 - CDC8252070
History Log:
View History Log
PTA
PTA
PTA - 2:
Indicate the following reason(s) for this PTA. Choose from the following
options.
PIA Validation (PIA Refresh)
PTA - 2A:
Describe in further detail any changes to the system that have occurred
since the last PIA.
No changes
PTA - 3:
Is the data contained in the system owned by the agency or contractor?
Agency
�PTA - 4:
Please give a brief overview and purpose of the system by describing
what the functions of the system are and how the system carries out
those functions.
The purpose of the system is to aid in reporting on
inspections of cruise ships and to collect and report
on any gastrointestinal illness outbreaks on said
ships. Prior to this system, inspections were tracked
on paper. The system eliminates paper both in the
field and on site at CDC, greatly improving inspector
efficiency in data collection and tracking.
Additionally, the system provides the ability for
cruise ships to submit GI reports via email or
through a web site, and have quick response time
regarding the acceptance and processing of said
reports. Neither of these abilities were available
when using paper forms, so the end user experience
has been significantly enhanced.
The system is also used to study trends, via
aggregate data, regarding disease outbreaks on
cruise ships.
PTA - 5:
List and/or describe all the types of information that are collected (into), The system collects, maintains, and shares the
following types of information:
maintained, and/or shared in the system regardless of whether that
information is PII and how long that information is stored.
Reports (date, ship name, cruise line name, number
of cases, types of illness,cruise dates, numbers of
passengers and crew on each voyage, numbers of ill
passengers and crew on each voyage, and
anonymous dates of illness onset for each GI case in
an outbreak)
Inspections (inspection scores, inspection violations,
inspector recommendations for correction of
violations)
Invoices (ship name, amount, date)
Ship Contacts (name, mailing address, email
address, phone number)
Internal users are authenticated by active directory,
a CDC authorized system. Active Directory is a
separate system with its own PIA. External users are
authenticated by username and password.
PTA - 5A:
Are user credentials used to access the system?
PTA - 5B:
Please identify the type of user credentials used to access the system.
�PTA - 6:
Describe why all types of information is collected (into), maintained,
and/or shared with another system. This description should specify
what information is collected about each category of individual.
The Vessel Sanitation Program (VSP) system is used
by CDC inspectors to record scores, violations, and
recommendations for correction of violations on
cruise ships and by cruise ships to report incidence
of gastrointestinal infections. The vessel’s captain
may report findings by fax, telephone, web site,
and/or by email to a dedicated VSP mailbox. The
system also posts the inspection information and
reports on the VSP public website.
The system collects, maintains, and shares the
following types of information:
Reports (date, ship name, cruise line name, number
of cases, types of illness,cruise dates, numbers of
passengers and crew on each voyage, numbers of ill
passengers and crew on each voyage, and
anonymous dates of illness onset for each GI case in
an outbreak)
Inspections (inspection scores, inspection violations,
inspector recommendations for correction of
violations)
Invoices (ship name, amount, date)
Ship Contacts (name, mailing address, email
address, phone number)
Reports and inspection information are needed to
assess whether ships are adequately protecting
passengers from gastrointestinal diseases. The
report information is collected from cruise ship
employees on any vessel that has a foreign itinerary
and carries 13 or more passengers and calls on a
U.S. port. CDC inspectors collect the inspection
information. Reports and inspection information is
shared with the public on the VSP website.
Ship contact information is provided to CDC by the
cruise lines. It is used to create invoices for ship
inspections and to contact each ship. Ship contact
information is about cruise ship employees (18 and
older) and is not shared.
Internal users are authenticated by active directory,
a CDC authorized system. Active Directory is a
separate system with its own PIA. External users are
authenticated by username and password.
PTA - 7:
Does the system collect, maintain, use or share PII?
Yes
PTA - 7A:
Does this include Sensitive PII as defined by HHS?
Yes
PTA - 8:
Does the system include a website or online application?
Yes
PTA - 8A:
Are any of the URLs listed accessible by the general public (to include
publicly accessible log in and internet websites/online applications)?
Yes
�PTA - 9:
Describe the purpose of the website, who has access to it, and how
users access the web site (via public URL, log in, etc.). Please address
each element in your response.
http://midrs.cdc.gov/admin/midrsmanagement.asp
x is CDC only web address for the login for the
administrative users for the system.
https://wwwn.cdc.gov/midrs/GILogin.aspx is the
web address for the log in page where cruise ships
with credentials can self report gastrointestinal
incidents.
https://wwwn.cdc.gov/InspectionQueryTool/Inspect
ionSearch.aspx is the web address for the publicly
available web page providing access to ship
inspection scores.
https://www.cdc.gov/nceh/vsp is the publicly
available home page for the Vessel Sanitation
Program (VSP).
PTA - 10:
Does the website have a posted privacy notice?
Yes
PTA - 11:
Does the website contain links to non-federal government websites
external to HHS?
No
PTA - 11A:
Is a disclaimer notice provided to users that follow external links to
websites not owned or operated by HHS?
PTA - 12:
Does the website use web measurement and customization
technology?
PTA - 12A:
Select the type(s) of website measurement and customization
technologies in use and if it is used to collect PII.
PTA - 13:
Does the website have any information or pages directed at children
under the age of thirteen?
No
PTA - 13A:
Does the website collect PII from children under the age thirteen?
No
PTA - 13B:
Is there a unique privacy policy for the website and does the unique
privacy policy address the process for obtaining parental consent if any
information is collected?
PTA - 14:
Does the system have a mobile application?
PTA - 14A:
Is the mobile application HHS developed and managed or a third-party
application?
PTA - 15:
Describe the purpose of the mobile application, who has access to it,
and how users access it. Please address each element in your response.
PTA - 16:
Does the mobile application/ have a privacy notice?
PTA - 17:
Does the mobile application contain links to non-federal government
website external to HHS?
PTA - 17A:
Is a disclaimer notice provided to users that follow external links to
resources not owned or operated by HHS?
PTA - 18:
Does the mobile application use measurement and customization
technology?
PTA - 18A:
Describe the type(s) of measurement and customization technologies or
techniques in use and what information is collected.
PTA - 19:
Does the mobile application have any information or pages directed at
children under the age of thirteen?
PTA - 19A:
Does the mobile application collect PII from children under the age
thirteen?
PTA - 19B:
Is there a unique privacy policy for the mobile application and does the
unique privacy policy address the process for obtaining parental
consent if any information is collected?
No
No
�PTA - 20:
Is there a third-party website or application (TPWA) associated with the
system?
No
PTA - 21:
Does this system use artificial intelligence (AI) tools or technologies?
No
PIA
PIA
PIA - 1:
Indicate the type(s) of personally identifiable information (PII) that the
system will collect, maintain, or share.
Name
Email Address
Phone numbers
Mailing Address
PIA - 2:
Indicate the categories of individuals about whom PII is collected,
maintained or shared.
Members of the public
PIA - 3:
Indicate the approximate number of individuals whose PII is maintained
in the system.
Above 2000
PIA - 4:
For what primary purpose is the PII used?
VSP contacts members (Name) of the cruise ship
industry via Phone Number, Email Address, and
regular Mail address regarding various business
matters those members conduct with VSP.
PIA - 5:
Describe any secondary uses for which the PII will be used (e.g. testing,
training or research).
VSP has no secondary use of PII.
PIA - 6:
Describe the function of the SSN and/or Taxpayer ID.
VSP does not collect SSN.
PIA - 6A:
Cite the legal authority to use the SSN.
VSP does not collect SSN.
PIA - 7:
Identify legal authorities, governing information use and disclosure
specific to the system and program.
Public Health Service Act 42 CFR § 71.21 - Report of
death or illness. 5 U.S.C. | Executive Orders
9397,1302, 2951, 3301, 3372, 4118, 8347 as
amended by 13478, 9830, and 12107
PIA - 8:
Are records in the system retrieved by one or more PII data elements?
No
PIA - 8A:
Please specify which PII data elements are used to retrieve records.
PIA - 8B:
Provide the number, title, and URL of the Privacy Act System of Records
Notice (SORN) that is being used to cover the system or indicate
whether a new or revised SORN is in development.
PIA - 9:
Identify the sources of PII in the system.
Directly from an individual about whom the
information pertains
Email
Non-Government Sources
Members of the Public
Private Sector
PIA - 10:
Is there an Office of Management and Budget (OMB) information
collection approval number?
Yes
PIA - 10A:
Provide the information collection approval number.
OMB Control No. 0920-1260, expiration date
03/31/2026
PIA - 10B:
Identify the OMB information collection approval number expiration
date.
3/31/2026
PIA - 10C:
Explain why an OMB information collection approval number is not
required.
OMB Control No. 0920-1260
�PIA - 11:
Is the PII shared with other organizations outside the system’s
Operating Division?
Yes
PIA - 11A:
Identify with whom the PII is shared or disclosed.
Other Federal Agency/Agencies
Within HHS
PIA - 11B:
Please provide the purpose(s) for the disclosures described in PIA - 11A.
Sometimes people within HHS have questions
regarding the cruise line industry that can only be
answered by members of that industry, so VSP will
share the business contact information for that
purpose.
There are times that people in other agencies have
questions regarding the cruise line industry that can
only be answered by members of that industry, so
VSP will share the business contact information for
that purpose.
PIA - 11C:
List any agreements in place that authorize the information sharing or
disclosure (e.g., Computer Matching Agreement (CMA), Memorandum
of Understanding (MOU), or Information Sharing Agreement (ISA)).
The system does not disclose PII. Therefore, no
agreements are in place.
PIA - 11D:
Describe process and procedures for logging/tracking/accounting for
the sharing and/or disclosing of PII. If no process or procedures are in
place, please explain why not.
None
PIA - 12:
Is the submission of PII by individuals voluntary or mandatory?
Voluntary
PIA - 12A:
If PII submission is mandatory, provide the specific legal requirement
that requires individuals to provide information or face potential civil or
criminal penalties.
None
PIA - 13:
Describe the method for individuals to opt-out of the collection or use
of their PII. If there is no option to object to the information collection,
provide a reason.
Individuals may opt out of the collection or use of
their PII by not providing PII to VSP. If they opt out,
they will lose access to the system and will not be
able to provide information to VSP. However, they
will still be able to access public information on the
VSP website.
PIA - 14:
Describe the process to notify and obtain consent from the individuals
whose PII is in the system when major changes occur to the system
(e.g., disclosure and/or data uses have changed since the notice at the
time of original collection). Alternatively, describe why they cannot be
notified or have their consent obtained.
Individuals are sent notifications by email if major
changes occur to the system.
PIA - 15:
Describe the process in place to resolve an individual's concerns when
they believe their PII has been inappropriately obtained, used, or
disclosed, or that the PII is inaccurate. If no process exists, explain why
not.
If an individual believes that their PII has been
inappropriately obtained, used, or disclosed or they
believe their PII is inaccurate, the process for
redress is the same.
The issue is handled by the Branch Chief.
The individual may contact the VSP via the
vsp@cdc.gov email address with any and all
concerns, and an admin will forward the email to
the Branch Chief for action.
The Branch Chief will investigate the issue and
determine whether or not the individual's concern is
valid, take appropriate action to redress the concern
if there is a problem, and notify the individual by
email of the results.
�PIA - 16:
Describe the process in place for periodic reviews of PII contained in the
system to ensure the data's integrity, availability, accuracy and
relevancy. Please address each element in your response. If no
processes are in place, explain why not.
The VSP Chief or designee conducts an annual
review of PII by examining each individual's PII. The
Chief reviews the information per the criteria below
and updates or deletes PII as necessary:
Only those records which are relevant and
necessary to
accomplish the system’s purpose as required by
statute are retained;
All records used to make a determination about an
individual
are verified to be sufficiently accurate, relevant,
timely, and complete to make;
Note that no records are disclosed outside the
federal government.
Also note that the records are not governed by a
Computer Matching Agreement.
PIA - 17:
Identify who will have access to the PII in the system.
Administrators
Developers
Contractors
PIA - 17A:
Select the type of contractor.
HHS/OpDiv Direct Contractors
PIA - 17B:
Do contracts include Federal Acquisition Regulation (FAR) and other
appropriate clauses ensuring adherence to privacy provisions and
practices?
Yes
PIA - 18:
Provide the reason why each of the groups identified in PIA - 17 needs
access to PII.
For creating reports that are sent to the contacts.
The VSP Chief, as an administrator, pulls PII from the
system as needed to provide business contact
details to HHS personnel and other federal agencies.
In development and testing of the application
software, the developer will sometimes need to
view PII to verify or enhance functionality.
Only direct contractors have access to the
information. Contractors are used exclusively for
development of the software applications, therefore
they fulfill the Developer role described above: In
development and testing of the application
software, the developer will sometimes need to
view PII to verify or enhance functionality.
�It is the job function of administrators to send
invoices and correspond with individuals whose PII
is stored in VSP systems. Therefore, it is inherent in
assigning staff to the administrator role that they
have access to PII. The Chief makes the
determination of who receives the administrator
role based on the workload of the VSP group.
Developers are required by VSP to maintain and
enhance VSP software applications, and to maintain
the database of PII. Developers cannot perform
their role without incidental exposure to PII and, in
some cases, direct exposure when software errors
or enhancements require it. The VSP Chief
determines which individuals receive the developer
role based on needs of the group.
Contractors comprise the entirety of the developer
role. Therefore, their access to PII is determined by
the same methodology detailed above for the
developer role.
PIA - 19:
Describe the administrative procedures in place to determine which
system users (administrators, developers, contractors, etc.) may access
PII.
PIA - 20:
Describe the technical methods in place to allow those with access to PII The VSP Chief grants individual VSP staff access to
software applications based on their need to
to only access the minimum amount of information necessary to
perform a specific job function. Those who need
perform their job.
access are assigned to an Active Directory account
whose sole purpose is to limit access to VSP
applications. The combination of a PIV card and
membership in the Active Directory group limit
access to PII.
PIA - 21:
Identify the general security and privacy awareness training provided to
system users (system owners, managers, operators, contractors and/or
program managers) using the system to make them aware of their
responsibilities for protecting the information being collected and
maintained.
All VSP personnel undergo Security Awareness
Training as provided by CDC. Training is refreshed
annually.
PIA - 22:
Describe training system users receive (above and beyond general
security and privacy awareness training).
None
PIA - 23:
Describe the process and guidelines in place with regard to the
retention and destruction of PII. Cite specific National Archives and
Records Administration (NARA) records retention schedule(s) and
include the retention period(s).
The VSP Chief reviews PII during the 3rd quarter of
each fiscal year. Contact information that is
outdated is removed at that time per GRS 1.1-011
for financial records, which indicates record
destruction is to take place when records are no
longer needed. This schedule is used because the PII
is related to invoicing.
�PIA - 24:
Describe how the PII will be secured in the system using administrative,
technical, and physical controls. Please address each element in your
response.
The administrative controls educate system users of
their responsibility to protect PII and legally bind
them to do so. These controls include signed rules
of behavior , non-disclosure agreements, CDC
privacy and security awareness training, and records
management training. Records are maintained
according to CDC record control policies and
procedures.
The technical controls, implemented by the system,
act to either allow access to system PII data only to
approved users or to make PII data unreadable
outside of the system. These controls include
encryption, authentication, firewalls, intrusion
detection systems, and anti-malware systems.
The physical controls, implemented by the system,
restrict access to CDC buildings and areas housing
computers used by this system. These controls
include guards, identification badges, key cards,
locked doors, cipher locks, fences, alarms and closed
circuit TV.
�Review & Comments
Privacy Analyst Review
OpDiv Privacy
Analyst Review
Status:
Approved
Privacy Analyst
Review Date:
Privacy Analyst
Comments:
6/28/2023
Privacy Analyst
Days Open:
SOP Review
SOP Review
Status:
Approved
SOP Comments:
SOP Signature:
JWO Signature.docx
SOP Review
Date:
6/29/2023
SOP Days Open: 8
Agency Privacy Analyst Review
Agency Privacy
Analyst Review
Status:
Approved
Agency Privacy
Analyst Review
Date:
7/25/2023
Agency Privacy
Analyst Review
Comments:
In the next iteration of the PTA, please spell out GI in
PTA-4
Agency Privacy
Analyst Days
Open:
26
SAOP Review
Status:
Approved
SAOP Signature:
SAOP
Comments:
Approved on behalf of Bridget Guenther
SAOP Review
Date:
7/25/2023
SAOP Days
Open:
0
SAOP Review
In the next iteration of the PTA, please spell out GI in
PTA-4
Supporting Document(s)
Name
Size
Type
Upload Date
Downloads
NOA 0920-1260 Rev 2023_OMB.pdf
100017
.pdf
5/9/2024 7:15 PM
0
Comments
Question Name
Submitter
Date
Comment
PIA - 10A
BANKS, Quentin
5/19/2023
Please confirm the expiration date as
the one given has already expired.
PIA - 10B
BANKS, Quentin
5/19/2023
Please confirm the expiration date as
the one given has already expired.
PIA - 20
OSHODI, Jarell
6/20/2023
What does AD stand for?
Attachment
�
| File Type | application/pdf |
| File Modified | 2025-02-27 |
| File Created | 2025-02-27 |