Privacy Impact Assessments (PIAs)

FRTIB complies with Section 208 of the E-Government Act of 2002, which requires federal agencies to conduct Privacy Impact Assessments (PIAs) that analyze how information in an identifiable form is collected, maintained, stored, and disseminated. A PIA analyzes the privacy risks as well as the protections and process for handling information to mitigate the privacy risks.

FRTIB has completed PIAs for the following systems:

• Application Development & Test Tools
• Business Process Services
• Virginia Call Center
• Core Recordkeeping Services
• Enterprise Unified Communications
• Financial and Reconciliation Services
• Maryland Call Center
• FRTIB Domain GSS
• Interfacing Services System (ISS)
• Participant Interaction Services (PIS)

  Overview

  Participant Interaction Services (PIS) contains three subsystems and seven applications that provide the following services: (1) account access through a secure website; (2) participant support software used by FRTIB employees and Participant Service Representatives (PSRs)¹; and (3) general Agency websites where the public can access information about the Thrift Savings Plan (TSP) and the Federal Retirement Thrift Investment Board (FRTIB).

  Through PIS, FRTIB employees and contractors are able to maintain and access records on participant and beneficiary TSP accounts; participants are able to manage financial aspects of their accounts and update account information through the secure website; and members of the public are able to obtain general information about the TSP and the FRTIB. Several of the applications within Participant Interaction Services System collect, use, and retain personally identifiable information.

  PIS includes the following: (1) Participant Service Representative (PSR²) Application; (2) TSP My Account Secure Web Application (My Account) and its supporting applications; (3) TSP.Gov Public Web Application; and (4) FRTIB.Gov Public Web Application. These applications are broken into subsystems below, focusing on: (1) online account access; (2) Participant support software; and (3) supported websites.

  1. Online Account Access

  Participants may access their account by logging into a secure portal on tsp.gov, My Account. My Account is the participant’s secure access portal that allows access to account information online. Participants gain access to their account through this secure site by entering their account number or participant-created User ID and password, and two-factor authentication. Using MyAccount, participants can view their account statements and manage and make changes to their TSP account.

  PIS also contains two web applications that support My Account: (1) Adaptive Authentication; and (2) Account Access Web Process Server (AAAPPS). Adaptive Authentication adds an extra layer of security by asking users challenge questions under certain circumstances in order to gain access to their account. AAAPPS provides technical support to My Account. AAAPPS sends email confirmations to participants acknowledging their requests for inter-fund transfers, contribution allocation changes, withdrawal requests, and acceptance of loan applications. It also helps detect fraudulent transactions, loads share price data, maintains the database, and provides web update status reports.

  2. PSR Support

  The PSR Application contains comprehensive account information on all TSP accounts and is used by FRTIB employees and contractors to assist participants and beneficiaries with their TSP accounts. Participants can access their TSP account information through a phone service called the ThriftLine. Upon calling the ThriftLine number, participants are directed to speak with Participant Service Representatives (PSR associates) at one of FRTIB’s contact centers. PSR associates use the PSR Application to provide callers with information about their accounts. Additionally, when participants speak with a PSR associate, any transactions and call notes are recorded in the PSR Application.

  3. Websites (tsp.gov and frtib.gov)

  The PIS system also includes two public-facing websites. The first, tsp.gov is a public-facing website that provides general information about TSP funds, Plan options, and general information about retirement. The FRTIB has also established frtib.gov, which is a public-facing website that provides information about the Agency, FRTIB’s Board members, meeting minutes, and other general information about the FRTIB.

  The Cascade Web Content Management System (CMS) tool is installed on a server and used in the development of the public portions of tsp.gov and frtib.gov. The CMS tool only administers the static content on the two public-facing websites. There is no PII in the CMS server environment. Since FRTIB’s two public-facing websites (tsp.gov and frtib.gov) do not collect, use, or retain PII, they are only referenced as a part of this PIA when relevant to communicating privacy-related information to participants and beneficiaries and to clarify the websites’ purposes.

  Authority

  FRTIB should only create, collect, use, process, store, maintain, disseminate, or disclose PII if it has authority to do so, and any such authority should be identified in the appropriate notice.

  The authorities that permit the collection and use of PII for PIS include:

  • Federal Records Act (44 U.S.C. § 3101);
  • Federal Employees’ Retirement System Act of 1986 (FERSA), as amended (5. U.S.C. Chapter 84); and
  • Federal Erroneous Retirement Coverage Corrections Act (FERCCA) (114 Stat. 770).

  Purpose Specification & Use Limitation

  FRTIB should provide notice of the specific purpose for which PII is collected and should only use, process, store, maintain, disseminate, or disclose PII for a purpose that is explained in the notice and is compatible with the purpose for which the PII was collected, or that is otherwise legally authorized.

  1. Purpose of the system
     PIS contains three subsystems and multiple applications that provide the following services: (1) account access through a secure web portal; (2) participant support software used by FRTIB employees and PSRs; and (3) general Agency websites where the public can access information about the TSP and FRTIB. Through PIS, FRTIB employees and contractors are able to maintain and access information on TSP participants; participants are able to manage their accounts and update account information through the secure website; and members of the public are able to obtain general information about the TSP and the FRTIB.
  2. Intended use of PII
     Applications within PIS use identifiable participant information to verify and authenticate the identity of participants and to administer and maintain information on participant accounts.
  3. Sharing of PII
     Information from PIS is not routinely shared outside the FRTIB. Any external sharing would be consistent with the applicable System of Records Notice. However, participants and beneficiaries may request information about their account information in the PSR Application by calling the ThriftLine, or by logging into MyAccount.

  Data Minimization

  FRTIB should only create, collect, use, process, store, maintain, disseminate, or disclose PII that is directly relevant and necessary to accomplish a legally authorized purpose, and should only maintain PII for as long as is necessary to accomplish that purpose.

  1. Types of PII collected
     My Account collects names, social security numbers (SSNs), contact information, financial information (i.e., bank routing and account numbers), and tax information from participants and beneficiaries necessary to manage their TSP accounts. Adaptive Authentication collects the IP address, browser information, and operating system used from computers accessing My Account. Additionally, answers to challenge questions are collected and may contain PII. AAAPPS collects the names, addresses, and financial information of participants and beneficiaries.

     PSR Application collects names, SSNs, dates of birth (DOB), dates of death (DOD), financial information, tax information, PINs, TSP account balance(s); fund balances, disbursements, employer contributions, loan information, and funds vested in and investment amounts.

  2. Records Retention
     TSP records must be retained for 99 years. Any records relating to the administration of a participant’s TSP account that are collected, used, or retained as part of PIS must comply with FRTIB’s retention schedule for TSP records.

  Individual Participation

  FRTIB should involve individuals in the process of using PII and, to the extent practicable, seek individual consent for the creation, collection, use, processing, storage, maintenance, dissemination, or disclosure of PII. FRTIB should also establish procedures to receive and address individuals’ privacy-related complaints and inquiries.

  1. Notice and Opportunities for Consent
     Before logging into the TSP Secure Web: My Account site that alerts participants that they are entering a United States Government website, and only TSP participants may access information within it. Additionally, the alert notifies participants that their use of the site may be monitored, recorded, and audited for security purposes, and that the participants’ use of the website represents their consent. Adaptive Authentication issues another warning banner notifying participants how their information will be collected and used as a part of the adaptive authentication tool (i.e., setting up security challenge questions for added identity verification).

     Finally, although PSR associates do not tell callers that call notes and other information is added and stored within the PSR Application, participants are informed that their calls into the ThriftLine are monitored and recorded for quality and security purposes.

  2. Inquiries & Redress
     Participants and beneficiaries have several options to access information regarding their accounts or the TSP generally. Participants may access their account information via My Account in order to view or make changes to their information. Participants may also call into FRTIB’s ThriftLine in order to speak with a PSR associate. Once the participant’s identity is authenticated, the PSR associate can assist with information about his or her account. Additionally, PSR associates can send account specific information to participants.

  Data Quality & Integrity

  FRTIB should create, collect, use, process, store, maintain, disseminate, or disclose PII with the accuracy, relevance, timeliness, and completeness reasonably necessary to ensure fairness.

  1. Sources of PII
     My Account collects PII from participants as they enter their information directly into the application in order to access their TSP accounts. The participant enters his or her account number or User ID and web password online before account access is granted to the participant via the TSP Secure Web – My Account website. They will be able to view account documents and review pending transactions and tasks, which are pulled from the Business Process Services (BPS) system boundary, as well as additional records from the Core Recordkeeping Services (CRS) system boundary.³

     Adaptive Authentication collects answers submitted by participants to challenge questions they prefer to use in order to add an additional layer of security to their TSP account.

     AAAPPS is a collection of processes with no user interface or user intervention. It supports the maintenance of TSP websites by facilitation movement of information from BPS applications, which includes automatically sending emails to participants acknowledging inter-fund transfers, contribution allocation changes, and acceptance of loan applications.

     The PSR Application pulls submitted forms from other TSP systems, BPS and TSP account information from CRS so that users may view these documents in order to assist participants and beneficiaries with their accounts.

  Security

  FRTIB should establish administrative, technical, and physical safeguards to protect PII commensurate with the risk and magnitude of the harm that would result from its unauthorized access, use, modification, loss, destruction, dissemination, or disclosure.

  1. Authorization to Operate
     PIS was assessed and has a current Authority to Operate (ATO).
  2. Safeguards
     PIS will only allow authorized users access to appropriate information and information systems. Access to the system is restricted to FRTIB employees and contractors whose responsibilities require access. Users are granted permission by system administrators or designated representatives in accordance with FRTIB’s policy regarding least privilege, need-to-know, and separation of duties. Access to all electronic records, including those maintained in PIS is limited to authorized users and is subject to network controls. FRTIB monitors and logs activity on FRTIB networks.

     Participants can access their account information through [www.tsp.gov](/) by entering their account number and password or through a participant-created User ID and password, and two-factor authentication.

  Transparency

  FRTIB should be transparent about information policies and practices with respect to PII, and should provide clear and accessible notice regarding creation, collection, use, processing, storage, maintenance, dissemination, and disclosure of PII.

  1. Applicable SORN(s)

     FRTIB-1: Thrift Savings Plan (TSP) Records, available at 9 Fed. Reg. 21246 (April 15, 2014).

     FRTIB-13: Fraud and Forgery Records, available at 80 Fed. Reg. 43428 (July 22, 2015).

  2. Availability of Privacy Notices
     Whenever possible, the FRTIB provides notice to individuals about its policies regarding the use and disclosure of PII at the time the FRTIB collects the information. The FRTIB forms that collect PII contain appropriate Privacy Act Notices. FRTIB provides additional notice to participants about how their information is used through its System of Records Notices, and at https://www.tsp.gov/PlanParticipation/index.html and www.tsp.gov/privacy.

     When hired, all FRTIB federal employees and contractors are required to sign Rules of Behavior as a condition of employment. The document explicitly notifies employees and contractors that they have no reasonable expectation of privacy while using FRTIB networks or devices and notifies employees and contractors that their activity is subject to monitoring.

  Accountability

  FRTIB should be accountable for complying with these principles and applicable privacy requirements, and should appropriately monitor, audit, and document compliance. FRTIB should also clearly define the roles and responsibilities with respect to PII for all employees and contractors, and should provide appropriate training to all employees and contractors who have access to PII.

  1. Roles and Responsibilities
     Access to PIS is limited to employees and contractors with a need-to-know whose job roles require them to have access to its applications. Employees and supporting contractors within FRTIB’s Office of Participant Services (OPS) are responsible for maintaining My Account and Adaptive Authentication, AAAPPS. Individuals in the Office of General Counsel, Office of External Affairs, and individuals in the Office of Participant Services and their supporting contractors also have access to the PSR Application.

     There are no external offices or agencies with assigned roles or responsibilities for PIS.

  2. Training
     All FRTIB employees and contractors with access to PIS must complete privacy awareness and security awareness trainings upon hire and annually thereafter. FRTIB’s privacy awareness training describes users’ responsibilities when handling PII and the penalties for mishandling privacy-sensitive data. FRTIB’s security awareness training describes information security best practices to be used when using FRTIB systems and processing sensitive data. Users who do not complete required training are denied access to all FRTIB information systems.
  3. Audit
     Activity on FRTIB networks, including PIS and its applications is monitored and logged to ensure information and information systems are used appropriately.

  Privacy Officials

  Megan Grumbine
  Senior Agency Official for Privacy
  Federal Retirement Thrift Investment Board

  Sarah Smith
  Chief Privacy Officer
  Federal Retirement Thrift Investment Board

  1. For additional information on ThriftLine and its use and collection of PII, please refer to the ThriftLine Infrastructure System (TLI) PIA.
  2. Within this PIA, the term “PSR” has two meanings. First, PSR can mean a Participant Service Representative Associate – an individual who assists participants and beneficiaries who call the ThriftLine with issues about their TSP accounts. Second, the term PSR can mean the PSR application―a recordkeeping service that documents participant account activity and transactions. For the purposes of this PIA, the term PSR associate shall have the former meaning, while PSR application shall have the latter meaning.
  3. Please refer to the BPS and CRS PIAs for additional information on the use and collection of PII within these systems.
• SharePoint 2013
• ThriftLine Infrastructure
• TSP Distributed Systems (TDS)