Human Resources System
· Name of project
Human Resources System
· Unique project identifier
016-00-SSA/DHR-G-103
· Privacy Impact Assessment (PIA) Contact
Deputy Commissioner
Office of Human Resources
Social Security Administration
6401 Security Boulevard
Baltimore, MD 21235
· System background description or purpose
The Human Resources System (HRS) is a Social Security Administration (SSA) certified and accredited General Support System consisting of several sub-systems that we describe within this assessment.
HRS is a computer-based, multi-file personnel records system designed to meet SSA's needs for data, statistics, and information on the characteristics of its workforce. The system serves as the database for staffing, promotion plan operations, personnel research and program evaluation, management information, planning and budgeting for training, position information, and performance management. The system may maintain personnel and employment information on both present and former SSA and Disability Determination Service (DDS) employees, volunteers, students, grantees, contract employees, and individuals, including current Federal employees, submitting applications for employment with SSA, and other individuals who perform services for SSA.
· Describe the information we collect, why we collect the information, how we use the information, and with whom we share the information.
HRS contains a variety of records relating to personnel actions and determinations made about an individual while seeking employment or being employed by SSA. These records may contain, but are not limited to any of the following: name; birth date; mailing address; telephone number; Social Security number (SSN); veterans preference; tenure; employment history; employment qualifications; past and present salaries, grades and position titles; training; awards and other recognition; approved suggestions; performance plan and rating of record; performance improvement plan; conduct; and data documenting reasons for personnel actions, decisions or recommendations made about an employee; and background data documentation leading to an adverse action or other personnel action being taken against an employee.
The HRS system uses the information identified above in personnel-related actions, including: SSA staffing; promotion plan operations; personnel research and program evaluation; equal opportunity statistics; management information; planning and budgeting for training; internal and external reporting; position control; workplace harassment prevention, and performance management. Information in the system’s files is available on both present and former employees, and those individuals described in the background section.
HRS has interconnections for sharing information resources to other organizations outside of the SSA firewall. For example, to process personnel actions and payroll, SSA uses the Department of the Interior's Federal Personnel/Payroll System (FPPS). FPPS is a mainframe-based, integrated, online system, and handles all personnel and pay processing for SSA.
HRS consists of the following subsystems and their corresponding technologies:
Subsystem Name: |
Summary of Subsystem Function: |
Agency Skills Inventory (ASI) |
ASI provides SSA supervisors the ability to take an inventory of their employees’ current competencies and skills for job series within their own organization. Additionally, SSA supervisors have the ability to indicate anticipated competencies and skills needed in the next two years to fulfill the expected workload for their employees. |
Anti-Harassment & Hostile Work Environment Case Tracking System (AHWECTS) |
AHWECTS provides SSA employees the ability to create, manage, track, and report on allegations of workplace harassment. |
Employee Data (EEData) |
EEData provides SSA employees the ability to view, update, and print their Human Resources records through a web-based interface. |
Equal Employment Opportunity Case Management System (EEOCMS) |
EEOCMS provides the ability for SSA employees to track Equal Employment Opportunity complaints. |
HR Portal is an intranet-based application that provides streamlined HR automation tools and a common framework for SSA employees and management staff throughout the agency to support personnel management and other human resource activities as part of the Office of Human Resources goal to provide a centralized delivery of services. |
|
Human Resource Operational Data Store (HRODS) |
The HRODS databaseStores human resources information about active and inactive SSA employees. |
Labor Relations/Employee Relations Workload Management System (LR/ER-WMS) |
LR/ER-WMS supports core LR/ER business processes. The application enables LR/ER Specialists to input, track, and manage LR/ER cases received in their offices, and update records/cases in real-time. |
Minority Serving Institutions Reporting System (MSIRS) |
MSIRS provides a web-based application for Agency contributions to Colleges/Universities and other organizations. The data collected in MSIRS is used to generate the Agency’s Minority Serving Institutions Report. |
Official Union Time Tracking System (OUTTS) |
OUTTS provides union official time tracking to Union Representatives performing representational activities. |
Performance Assessment and Communication System (PACS) |
PACS Provides SSA supervisors and other users with the ability to prepare employee Performance Plans, document Performance Discussions, and prepare Performance Appraisals. It also updates performance data to HRODS. |
Payroll Operational Data Store (PayODS) |
PayODS provides Component Budget Offices with online access to their Payroll Analysis Recap Reports (PARR) and Full Time Equivalency Tracking System (FTETS) Reports. |
Position Data Application (PDA) |
PDA provides certain SSA Human Resources (HR) Specialists the ability to add and modify position data, honor awards, and English Reference Tables. |
Social Security Administration Learning Management System (SSA LMS) |
SSA LMS provides submission, storage, and retrieval of learning opportunities for SSA employees. |
Training Online Nomination System (TONS) |
TONS provides SSA supervisors the ability to create, approve, and print training nominations for SSA employees. |
· Describe the administrative and technological controls that we have in place to secure the information we collect.
HRS has undergone authentication and security risk analyses. The latter includes an evaluation of security and audit controls proven effective in protecting the information collected, stored, processed, and transmitted by our information systems. These include technical, management, and operational controls that permit access to those users who have an official “need to know.” Audit mechanisms are in place to record sensitive transactions as an additional measure to protect information from unauthorized disclosure or modification.
We protect the information in the HRS by requiring authorized staff to authenticate to the SSA network using their SSA issued 6-digit PIN and password or their PIV Credential. In addition to authentication and access controls, HRS uses audit mechanisms to record sensitive transactions as an additional measure to protect information from unauthorized disclosure or modification.
SSA mandates annual information security awareness training, role-based training for personnel performing roles with significant cybersecurity responsibilities, and the reporting and retaining of completed training. All staff who has access to our information systems that maintain personal information must sign a sanction document annually that acknowledges penalties for unauthorized access to, or disclosure of, such information.
· Describe the impact on persons’ privacy rights.
We collect information only where we have specific legal authority to do so in order to administer our responsibilities under the Social Security Act. When we collect personal information from individuals, we advise them of our legal authority for requesting the information, the purposes for which we will use and disclose the information, and the consequences of their not providing any or all of the requested information. The individuals can then make informed decisions as to whether or not they should provide the information.
· Do we afford individuals an opportunity to consent to only particular uses of the information?
When we collect a person’s information, we advise that person of the purposes for which we will use the information. We further advise them that we will disclose this information without their prior written consent only when we have specific legal authority to do so (e.g., the Privacy Act).
· Does the collection of this information require a new system of records under the Privacy Act (5 U.S.C. § 552a) or an alteration to an existing system of records?
We have established systems that govern the information we collect through this system and its various sub-systems. The Privacy Act systems of records include several Federal government wide systems developed by the Office of Personnel Management (OPM) and the Equal Employment Opportunity (EEO) Commission, such as; General Personnel Records (OPM/GOVT-1), Employee Performance File System Records (OPM/GOVT-2), Personnel Investigation Records (OPM/Central-9), and Equal Employment Opportunity in the Federal Government Complaint and Appeal Records (EEO/GOVT-1). We have also developed several internal system of records to govern the information we generate and collect that is not covered by the government-wide notices.
The internal systems include systems such as; SSA’s internal Pay, Leave, and Attendance Records (60-0238), Personnel Records in Operating Offices (60-0239), Equal Employment Opportunity (EEO) Counselor and Investigator Personnel Records (60-0250), and Anti-Harassment & Hostile Work Environment Case Tracking and Records System (60-0380).
We are creating a new exempt system of records, which will maintain the suitability and security information that we generate during the investigation process but that we do not send to OPM. The new system is the Security and Suitability Files (60-0377), which is under agency review.
PIA CONDUCTED BY PRIVACY OFFICER, SSA:
/signed/ 9/13/2017
_____________________________ ___________________
Mary Ann Zimmerman DATE
Acting Executive Director
Office of Privacy and Disclosure
PIA REVIEWED BY SENIOR AGENCY PRIVACY OFFICIAL, SSA:
/signed/ 9/15/2017
_____________________________ ____________________
Asheesh Agarwal DATE
General Counsel
Senior Agency Official for Privacy