ML18075A265

From kanterella
Revision as of 17:37, 17 June 2019 by StriderTol (talk | contribs) (Created page by program invented by StriderTol)
Jump to navigation Jump to search
Electronic Official Personnel Folder - Eopf Privacy Impact Assessment 2018
ML18075A265
Person / Time
Issue date: 03/15/2018
From: Anna Mcgowan
NRC/OCIO
To:
References
Download: ML18075A265 (15)


Text

Designed to collect the information necessary to make relevant determinations regarding the applicability of the Privacy Act, the Paperwork Reduction Act information collection requirements, and records management requirements.The Electronic Official Personnel Folder (eOPF) is a web-based external system owned by the Office of Personnel Management (OPM). The eOPF stores official personnel files and human resource records related to Federal civilian employees. The system is utilized by the NRC's human resource staff to manage employee electronic personnel records. Employees are able to access their individual Official Personnel Folder (OPF) in eOPF and view the documents, but they cannot modify the documents. No system components are housed on the NRC infrastructure. The eOPF supports the management of human resource management of official personnel files.

N/A The eOPF is an e-government initiative owned by the OPM and mandated by the Office of Management and Budget (OMB). What law, regulation, or Executive Order authorizes the collection and maintenance of the information necessary to meet an official program mission or goal? NRC internal policy is not a legal authority. 5 CFR 293.302 mandated that each agency shall establish an OPF for each employee to house paper records used by Federal government HR offices. These records establish an employment history that includes grades, occupations and pay, and records choices under Federal benefits programs and were maintained as paper in agency HR offices until they were converted to digital images as part of an e-Government initiative established in response to the E-Government Act of 2002. In general, OPM collects and maintains the information in eOPF pursuant to 5 U.S.C. §§ 1104, 1302, 2951, 3301, and 4315; E.O. 12107 (December 28, 1978), 3 CFR 1954-1958 Comp.; 5 U.S.C. 1104, and 1302; 5 CFR 7.2; Executive Orders 9830 and 12107; 3 CFR 1943-1948 Comp.; and 5 U.S.C. 2951(2) and 3301 authorize the maintenance of records the Government needs to make accurate employment decisions throughout an employee's career. 5 CFR Chapter 1 part 293 Personnel Records. The data will be used by HR personnel for human resource functions.

6.

Brendan Cain OCHCO/HCAB 301-287-0552 Brendan Cain OCHCO/HCAB 301-287-0552 Miriam Cohen OCHCO 301-287-0747 Yes A PIA was developed January 22, 2009. ML090550710 eOPF cybersecurity compliance will be managed under the Third Party System (TPS) and changes have been made to where the system is hosted.

These questions are intended to define the scope of the information requested as well as the reasons for its collection. Section 1 should be completed only if information is being collected about individuals. Section 2 should be completed for information being collected that is not about individuals.Yes Current and former NRC employees. HR data included in eOPF includes notification of personnel action (SF-50) and documents supporting the action taken; life insurance, Thrift Savings Plan, health benefits and related beneficiary forms; letters of disciplinary action; notices of reductions-in-force; and other records retained in accordance with the OPM's Guide to Personnel Recordkeeping. Records include employment information such as personal qualification statements, resumes, and related documents including information about an individual's birth date, social security number, veterans preference status, tenure, minority group designator, physical handicaps, past and present salaries, grades, position titles; employee locator information identifying home and work address, phone numbers and emergency contacts; and certain medical records related to initial appointment and employment. Records maintained in eOPF are collected from the individual and from HR professionals.Individuals provide resumes, birth date, social security number, veteran preference status, tenure, minority group designator, physical handicaps, past and present salaries, grades, position titles No YeseOPF collects existing Official Personnel Folder records. Yes eOPF collects information from Federal Personnel/Payroll System (FPPS), Workforce Transformation Tracking System (WTTS) and Employee Express (EEX). Employees have access to their records and can request an amendment, correction, or deletion of their records when the records are inaccurate, relevant, timely, or complete in accordance with the Privacy Act. Information will be collected from forms completed by the employee. Existing paper OPF records will be scanned into the e-OPF by OPM contractors. Data transfer also occurs via FPPS, WTTS and EEX. No

  • Making a decision when an NRC employee or former NRC employee questions the validity of a specific document in an individual's record;
  • Upon transfer of an employee to another Federal agency, the information is transferred to such agency;
  • Store and query all personnel actions and related documentation;
  • OPM investigations;
  • Office of the Inspector General investigations;
  • Security investigations;
  • Determine eligibility for Federal benefits;
  • Employment verification;
  • Update monthly Enterprise Human Resources Integration data repository;
  • Provide statistical reports to Congress, agencies, and the public on characteristics of the Federal work force;
  • Review, audit, or reporting purposes by OPM and/or MSPB;
  • Provide members of the public with the names, position titles, grades, *Salaries, appointments (temporary or permanent), and duty stations of employees; and
  • Provide information to the Public Health Service in connection with Health Maintenance Examinations and to other Federal agencies responsible for Federal benefit programs administered by the Department of Labor (Office of Workers= Compensation Programs) and the OPM. Yes HR Professionals and System Administrators Yes The data model can be found in the United States Office of Personnel Management Human Resources Line of Business Data Model Version 1: https://www.opm.gov/egov/documents/architecture/HRLOB_DM.pdf. No Derived data is obtained from a source for one purpose and then the original information is used to dedu ce/infer a separate and distinct bit of information that is aggregated to form information that is usually differen t from the source information.

Aggregation of data is the taking of various data elements and then turning it into a composite of all the data to form another type of data (i.e. tables or data arrays). controlsretrievedRecords are retrieved by name and/or social security number.

No

  • Active Documents- Created by HR Professionals
  • Active Documents - Modifications
  • Active Documents - Viewed
  • Documents Moved to Deleted Folder
  • Purged Documents- All Actions
  • Purged Documents
  • Inactive User
  • New Employee
  • eOPF Additional Access
  • eOPF Roles
  • eOPF User Information Active Documents - Created by HR Professionals
Allows the user to produce a report for either a specific individual's folder or to look at "create actions" performed by specific individuals that may span multiple folders. Using the "Filter by Viewer SSN," option you are looking for all actions performed by that individual. Active Documents - Modifications: Allows the user to produce a report for either a specific individual's folder or to look at modification actions performed by a specific individual that may span multiple folders. Active Documents - Viewed: Allows the user to produce a report for either a specific individual's folder or to look at "view actions" performed by a specific individual that may span multiple folders. Documents Moved to Deleted Folder: Allows the user to produce a report for either a specific individual's folder or to look at "documents moved" actions performed by specific individuals that may span multiple folders. Purged Documents- All Actions: Allows the user to produce a report for either a specific individual's folder "purged documents activities" or to look at all "purged documents activities" performed by specific individuals that may span multiple folders. Purged Documents: Allows the user to produce a report for either a specific individual's folder for purged documents or to look at purge document action performed by a specific individuals that may span multiple folders.

Inactive User: Lists the employee accounts that have been inactivated by the employee feed provided to eOPF. The report displays the employee's current eOPF folder status. NOTE: The employee feed is configured to allow a time frame to occur between receipt of an employee 'Inactive' status and the time the employee account is disabled. New Employee: Lists the eOPF accounts that have a folder and that have been created within a specified range of time. The following report uses the create date of the folder associated to the user account to determine if it falls within the specified date range.

eOPF Additional Access: Displays the user's additional access rights in the eOPF system. eOPF Roles: Lists the user's Group membership(s) and Role in eOPF system. eOPF User Information: Lists the user account information. Access to reports is role based assigned by the HR System Administrator. The administrator can create a group to assign report access to; for example, access could be granted to all HR Professionals, or to just a special group of HR ProfessionalsOffice of the Chief Human Capital Officer (OCHCO), regional HR staffs, and the Office of the Inspector General (OIG) have access to the data. To maintain employee personnel records. Yes, access will be limited to NRC HR professionals. No N/A N/A Yes OPM is the system owner and the data is hosted at OPM's data center. Yes, access will be limited through use of user logins and passwords or PIV/PIN, and role assignments. OPM is authorized access to all Federal OPF records. Data can be transmitted from FPPS to the eOPF server using Connect:

Direct or Connect: Direct Secure + Option. The National Archives and Records Administration (NARA), in collaboration with federal agencies, approves whether records are temporary (eligible at some point for destruction/deletion because they no longer have business value) or permanent (eligible at some point to be transferred to the National Archives because of historical or evidential significance). These determinations are made through records retention schedules and are required under 36 CFR 1234.10. The following questions are intended to determine whether the records in the system have an approved records retention schedule or if one will be needed.Yes GRS 2.2 Item 040 Official Personnel Folder / electronic OPF (eOPF) (Long Term Records): Destroy when survivor or retirement claims are adjudicated or when records are 129 years old, whichever is sooner, but longer retention is authorized if required for business use.

GRS 2.2 Item 041 Official Personnel Folder / electronic OPF (eOPF) (Short Term Records): Destroy when superseded or obsolete, or upon separation or transfer of employee, whichever is earlier. GRS 5.2 Item 020 Enterprise Human Resource Integration: Destroy upon verification of successful creation of the final document or file, or when no longer needed for business use, whichever is later. Access is limited through the use of user logins and passwords or PIV card and PIN. Employees can only view their own information. HR System administrators implement and maintain user access for HR staff and investigators. There are reports available for monitoring use of the system by each agency. Additional reports can be generated if needed. Yes The eOPF Solution System Design Document available by request.

No Users of NRC records (HR Professionals, employees, supervisors) and system administrators (NRC, OPM). Yes All activities performed are tracked; for example, adding a document, deleting a document, creating an employee OPF. Any time an employee OPF is accessed, the system tracks each document that was viewed, and the reason why the document was viewed. Yes If yes, and if this system will maintain information about individuals, ensure Privacy Act and/or PII cont ract clauses are inserted in their contracts.

  • FAR clause 52.224-1 and FAR clause 52.224-2 should be referenced in all contracts, when the design, development, or operation of a system of records on individuals is required to accomplish an agency function.
  • PII clause, "Contractor Responsibility for Protecting Personally Identifiable Information" (June 2009), in all cont racts, purchase orders, and orders against other agency contracts and interagency agreements that involve contractor access to NRC owned or controlled PII.There are reports available for monitoring use of the system by each agency. Additional reports can be generated if needed.

Yes eOPF was authorized by OPM.

(For Use by OCIO/GEMS/ISB Staff)

Copies of this PIA will be provided to:

Tom Rich, Director IT Services Development & Operation Division Office of the Chief Information Officer Jonathan Feibus Chief Information Security Officer (CISO) Governance & Enterprise Management Services Division Office of the Chief Information Officer