Privacy Impact Assessments (PIAs)
FRTIB complies with Section 208 of the E-Government Act of 2002, which requires federal agencies to conduct Privacy Impact Assessments (PIAs) that analyze how information in an identifiable form is collected, maintained, stored, and disseminated. A PIA analyzes the privacy risks as well as the protections and process for handling information to mitigate the privacy risks.
FRTIB has completed PIAs for the following systems:
-
Overview
Microsoft Azure Commercial Cloud (Azure or Microsoft Azure) serves as a host environment for the Federal Retirement Thrift Investment Board’s (FRTIB’s) applications, systems, and other tools. Azure supports Microsoft Intune (Intune), a cloud-based service FRTIB uses for mobile device management (MDM). Intune integrates with the Azure Active Directory (Azure AD or AAD), Microsoft’s cloud-based identity and access management service that syncs with FRTIB’s Active Directory services.1 This allows FRTIB to enable a broad set of access controls to manage mobile device authorizations and access. This ensures that mobile devices are compliant with organization standards before they can access network resources.
Authority
FRTIB should only create, collect, use, process, store, maintain, disseminate, or disclose PII if it has authority to do so, and any such authority should be identified in the appropriate notice.
The authorities that permit the collection and use of PII for Azure include:
- Federal Records Act, as amended (44 U.S.C. § 3101);
- Federal Employees Retirement System Act 1986 (FERSA), as amended (5. U.S.C. Chapter 84);
- Federal Erroneous Retirement Coverage Corrections Act (FERCCA) (114 Stat. 770); and
- Federal Information Security Modernization Act of 2014 (FISMA), as amended (44 U.S.C. § 3541, et seq.).
Purpose Specification & Use Limitation
FRTIB should provide notice of the specific purpose for which PII is collected and should only use, process, store, maintain, disseminate, or disclose PII for a purpose that is explained in the notice and is compatible with the purpose for which the PII was collected, or that is otherwise legally authorized.
-
Purpose of the system
Azure serves as a host environment for FRTIB’s applications, systems, and other tools. In addition to its platform services, Azure enables FRTIB to efficiently build, test, deploy, and manage customized applications, services, and product development across Microsoft-managed data centers. This includes the Intune MDM application and Azure AD. -
Intended use of PII
Azure AD is used to authenticate and grant users access and authorization to Azure system resources. Additional information such as IP address and device location may be cached in the Intune environment in order to ensure proper compliance with organization standards for any further access of network resources from those devices. -
Sharing of PII
Information contained within Azure is not shared outside of FRTIB as a part of normal agency operations.
Data Minimization
FRTIB should only create, collect, use, process, store, maintain, disseminate, or disclose PII that is directly relevant and necessary to accomplish a legally authorized purpose, and should only maintain PII for as long as is necessary to accomplish that purpose.
-
Types of PII collected
Services and applications within Azure may leverage Azure AD to utilize network login credentials, such as usernames and passwords. This information may also include work contact information. Additionally, assigned device IP addresses and device locations may be collected by Intune. -
Records Retention
The records created and stored within the applicable Azure services are covered by the following General Records Schedules (GRS) from the National Archives and Records Administration (NARA) as stated below:GRS 3.1, Item 20: Information technology operations and maintenance records; and
GRS 3.2, Item 30: System access records.The applicable records schedule for some of the records generated by Azure may depend on the subject matter and purpose of the record. Agency employees and contractors must therefore retain data in the manner that is consistent with the approved National Archives and Records Administration (NARA) retention schedule.
Individual Participation
FRTIB should involve individuals in the process of using PII and, to the extent practicable, seek individual consent for the creation, collection, use, processing, storage, maintenance, dissemination, or disclosure of PII. FRTIB should also establish procedures to receive and address individuals’ privacy-related complaints and inquiries.
-
Notice and Opportunities for Consent
Before users access Azure, they are notified by the Warning Banner on the login screen that any use of the FRTIB system constitutes consent. While Azure does not collect information directly from individuals, FRTIB provides general notice via its privacy policy, SORNS, and PIAs.When hired, all FRTIB federal employees and contractors are required to sign Rules of Behavior as a condition of employment. The document explicitly notifies employees and contractors that they have no reasonable expectation of privacy while using FRTIB networks or devices and notifies employees and contractors that their activity is subject to monitoring.
-
Inquiries & Redress
Microsoft Azure does not directly provide users any procedures to correct inaccurate information. If errors exist within Microsoft Azure that impacts information and access rights, employees and contractors are informed of steps to address such errors by contacting the service desk or by submitting a self-service ticket via ServiceNow.2 ServiceNow provides support to FRTIB employees automating certain repetitive processes involved with password resets, access right requests and changes, and user information updates.
Data Quality & Integrity
FRTIB should create, collect, use, process, store, maintain, disseminate, or disclose PII with the accuracy, relevance, timeliness, and completeness reasonably necessary to ensure fairness.
- Sources of PII
Azure AD syncs with FRTIB’s Active Directory to supply Microsoft Intune with the requisite credentials.
Security
FRTIB should establish administrative, technical, and physical safeguards to protect PII commensurate with the risk and magnitude of the harm that would result from its unauthorized access, use, modification, loss, destruction, dissemination, or disclosure.
-
Authorization to Operate
Azure was assessed and has a current Authority to Operate (ATO). -
Safeguards
Microsoft is responsible for Azure’s maintenance and the physical security of its datacenters. In addition, Microsoft Azure provides added levels of cloud security at the software layer that meets the security, privacy, and compliance needs of FRTIB.Azure only allows authorized users access to appropriate information and information systems. Access to the system is restricted to FRTIB employees and contractors whose responsibilities require access. Users are granted permission by system administrators or designated representatives in accordance with FRTIB’s policy regarding least privilege, need-to-know, and separation of duties. FRTIB monitors and logs activity on FRTIB networks.
Transparency
FRTIB should be transparent about information policies and practices with respect to PII, and should provide clear and accessible notice regarding creation, collection, use, processing, storage, maintenance, dissemination, and disclosure of PII.
-
Applicable SORN(s)
Microsoft Azure does not operate as a System of Records. -
Availability of Privacy Notices
Whenever possible, the FRTIB provides notice to individuals about its policies regarding the use and disclosure of PII at the time the FRTIB collects the information. The FRTIB forms that collect PII contain appropriate Privacy Act Notices. FRTIB provides additional notice to participants about how their information is used through its System of Records Notices, and at www.tsp.gov/privacy.When hired, and annually thereafter, all FRTIB federal employees and contractors are required to sign Rules of Behavior. The document explicitly notifies employees and contractors that they have no reasonable expectation of privacy while using FRTIB networks or devices and notifies employees and contractors that their activity is subject to monitoring. Users are also notified via a warning banner that their activity is monitored when logging into an FRTIB device.
Accountability
FRTIB should be accountable for complying with these principles and applicable privacy requirements, and should appropriately monitor, audit, and document compliance. FRTIB should also clearly define the roles and responsibilities with respect to PII for all employees and contractors, and should provide appropriate training to all employees and contractors who have access to PII.
-
Roles and Responsibilities
While all authorized employees and contractors within FRTIB may leverage Azure AD for limited directory information, only those with an Azure administrator role can access the system directly. -
Training
All FRTIB employees and contractors with access to Azure must complete privacy awareness and security awareness trainings upon hire and annually thereafter. FRTIB’s privacy awareness training describes users’ responsibilities when handling PII and the penalties for mishandling privacy-sensitive data. FRTIB’s security awareness training describes information security best practices to be used when using FRTIB systems and processing sensitive data. Users who do not complete required training are denied access to all FRTIB information systems. -
Audit
Activity on FRTIB networks, including Azure, is monitored and logged to ensure information and information systems are used appropriately.
Privacy Officials
Megan Grumbine
Senior Agency Official for Privacy
Federal Retirement Thrift Investment BoardSarah Smith
Chief Privacy Officer
Federal Retirement Thrift Investment Board- The Active Directory services are for authenticating and authorizing all users and computers in the Windows domain on the FRTIB network. It assigns and enforces security policies for all users and workstations in the FRTIB Domain. Please see the FRTIB Domain PIA for additional information.
- ServiceNow is a cloud-based suite of natively integrated applications designed to support FRTIB’s Information Technology service automation, resource management, and shared services. Please see FRTIB’s ServiceNow PIA for additional information.
-
Overview
Business Process Services (BPS) enables the FRTIB to perform essential mission activities. This system facilitates the following business functions: (1) Data Collection; (2) Legal and Death Benefits Processing; (3) Reporting and Correspondence; and (4) Detecting Fraudulent Activity. The subsystems and applications within BPS that collect, use, or retain personally identifiably information (PII) will be detailed within their respective business functions.
-
Data Collection
FRTIB collects participant data through a variety of methods. FRTIB collects participant information from employing Federal agencies through a payroll data feed. Participants who are actively employed may amend their information in two ways: (1) by working with the payroll offices of their respective agency; and (2) by submitting forms available on tsp.gov to TSP. Upon separation from Federal employment, participants must submit account-related changes through forms obtained from tsp.gov. These forms are scanned and stored within the BPS applications. BPS also has an external connection with the Office of Personnel Management’s (OPM) Demographics Mainframe application. -
Legal and Death Benefits Processing
BPS processes a variety of information pertaining to legal issues and death benefits. When FRTIB receives a court order, FRTIB opens a case file in its Case Management System (CaMS) to process the court order as it applies to a participant’s account. -
Reporting and Correspondence
This subsystem generates reports using participant data. The data generated is analyzed by authorized FRTIB employees and contractors and used to inform business decisions and respond to Executive Branch and Congressional Inquiries. -
Detecting Fraudulent Activity
Applications within BPS help review forms collected by the system for potential fraud. Each distribution is checked for the likelihood that it is a fraudulent request.
Authority
FRTIB should only create, collect, use, process, store, maintain, disseminate, or disclose PII if it has authority to do so, and any such authority should be identified in the appropriate notice.
The authorities that permit the collection and use of PII in BPS include:
- Federal Records Act, as amended (44 U.S.C. § 3101);
- Federal Employees’ Retirement System Act of 1986 (FERSA), as amended (5. U.S.C. Chapter 84);
- Federal Erroneous Retirement Coverage Corrections Act (FERCCA) (114 Stat. 770); and
- The Thrift Savings Plan Enhancement Act of 2009, Public Law 111-31.
Purpose Specification & Use Limitation
FRTIB should provide notice of the specific purpose for which PII is collected and should only use, process, store, maintain, disseminate, or disclose PII for a purpose that is explained in the notice and is compatible with the purpose for which the PII was collected, or that is otherwise legally authorized.
-
Purpose of the system
BPS enables FRTIB to properly receive, administer, and maintain participant and beneficiaries’ TSP accounts. Demographic information is used to comply with the TSP Enhancement Act. -
Intended use of PII
The applications and subsystems within BPS use PII to securely facilitate the collection and use of payroll data, TSP forms and reports, correspondence, and legal and death benefit processing in order to administer the TSP. Additionally, the forms collected by BPS may be used internally as reference for Participant Services Representatives (PSRs) to help when responding to participant inquiries about their accounts. -
Sharing of PII
BPS has an external connection with the Office of Personnel Management’s (OPM) Demographics Mainframe application to facilitate sharing accurate participant demographic information.
Data Minimization
FRTIB should only create, collect, use, process, store, maintain, disseminate, or disclose PII that is directly relevant and necessary to accomplish a legally authorized purpose, and should only maintain PII for as long as is necessary to accomplish that purpose.
-
Types of PII collected
BPS collects participant and beneficiary names, addresses, dates of birth, dates of death, email addresses, SSNs, employment related information (e.g., pay grade, service completion date, etc.), and financial information (e.g., salary, plan contributions, account numbers, etc.). BPS also uses FRTIB employee and contractor user IDs to assign access privileges. -
Records Retention
TSP records must be retained for 99 years. Any records relating to the administration of a participant’s TSP account that are collected, used, or retained as part of BPS must comply with FRTIB’s retention schedule for TSP records.
Individual Participation
FRTIB should involve individuals in the process of using PII and, to the extent practicable, seek individual consent for the creation, collection, use, processing, storage, maintenance, dissemination, or disclosure of PII. FRTIB should also establish procedures to receive and address individuals’ privacy-related complaints and inquiries.
-
Notice and Opportunities for Consent
Whenever possible, FRTIB provides notice to individuals about its policies regarding the use and disclosure of information at the time the information is collected. A Privacy Act Notice is provided on TSP forms that collect PII from participants or their beneficiaries. -
Inquiries & Redress
Although participants and their beneficiaries cannot directly access their information in BPS, they do have options to access information regarding their accounts or the TSP generally. Participants may access their account information via My Account in order to view their account information or make changes to their information. Participants may also call into FRTIB’s ThriftLine in order to speak with a PSR. Once the participant’s identity is authenticated, the PSR can provide a participant or beneficiary with information about his or her account.
Data Quality & Integrity
FRTIB should create, collect, use, process, store, maintain, disseminate, or disclose PII with the accuracy, relevance, timeliness, and completeness reasonably necessary to ensure fairness.
- Sources of PII
Participants or their beneficiaries, as necessary, provide information on TSP forms available on tsp.gov. The completed forms include PII and sensitive account information, which is collected and reviewed by BPS. Court orders sent to FRTIB are scanned and processed through BPS. Participant data, including PII, is also collected from OPM’s Demographics Mainframe for additional reporting metrics.
Security
FRTIB should establish administrative, technical, and physical safeguards to protect PII commensurate with the risk and magnitude of the harm that would result from its unauthorized access, use, modification, loss, destruction, dissemination, or disclosure.
-
Authorization to Operate
BPS was assessed and has a current Authority to Operate (ATO). -
Safeguards
BPS will only allow authorized users access to appropriate information and information systems. Access to the system is restricted to FRTIB employees and contractors whose responsibilities require access. Users are granted permission by system administrators or designated representatives in accordance with FRTIB’s policy regarding least privilege, need-to-know, and separation of duties. Access to all electronic records, including those maintained in BPS is limited to authorized users and is subject to network controls. FRTIB monitors and logs activity on FRTIB networks.
Transparency
FRTIB should be transparent about information policies and practices with respect to PII, and should provide clear and accessible notice regarding creation, collection, use, processing, storage, maintenance, dissemination, and disclosure of PII.
-
Applicable SORN(s)
FRTIB-1: Thrift Savings Plan (TSP) Records, available at 9 Fed. Reg. 21246 (April 15, 2014).
FRTIB-12: Debt Collections Records, available at 81 Fed. Reg. 7106 (Feb. 10, 2016).
FRTIB-13: Fraud and Forgery Records, available at 81 Fed. Reg. 7106 (Feb. 10, 2016).
-
Availability of Privacy Notices
Whenever possible, the FRTIB provides notice to individuals about its policies regarding the use and disclosure of PII at the time the FRTIB collects the information. The FRTIB forms that collect PII contain appropriate Privacy Act Notices. FRTIB provides additional notice to participants about how their information is used through its System of Records Notices, and at www.tsp.gov/privacy.When hired, and annually thereafter, all FRTIB federal employees and contractors are required to sign Rules of Behavior. The document explicitly notifies employees and contractors that they have no reasonable expectation of privacy while using FRTIB networks or devices and notifies employees and contractors that their activity is subject to monitoring. Users are also notified via a warning banner that their activity is monitored when logging into an FRTIB device.
Accountability
FRTIB should be accountable for complying with these principles and applicable privacy requirements, and should appropriately monitor, audit, and document compliance. FRTIB should also clearly define the roles and responsibilities with respect to PII for all employees and contractors, and should provide appropriate training to all employees and contractors who have access to PII.
-
Roles and Responsibilities
Authorized employees and contractors within the Office of Participant Services, Office of Enterprise Planning, Office of General Counsel, and Office of External Affairs have access to BPS when necessary to perform their official duties. -
Training
All FRTIB employees and contractors with access to BPS must complete privacy awareness and security awareness trainings upon hire and annually thereafter. FRTIB’s privacy awareness training describes users’ responsibilities when handling PII and the penalties for mishandling privacy-sensitive data. FRTIB’s security awareness training describes information security best practices to be followed when using FRTIB systems and processing sensitive data. Users who do not complete required training are denied access to all FRTIB information systems. -
Audit
Activity on FRTIB networks, including BPS and its applications is monitored and logged to ensure information and information systems are used appropriately.
Privacy Officials
Megan Grumbine
Senior Agency Official for Privacy
Federal Retirement Thrift Investment BoardSarah Smith
Chief Privacy Officer
Federal Retirement Thrift Investment Board -
-
Overview
Core Recordkeeping Services (CRS) provides the following services for the Federal Retirement Thrift Investment Board (FRTIB): Thrift Savings Plan (TSP) recordkeeping activities; summary reporting of daily TSP processing; reconciliation details reporting; participant transaction notices; and participant statements. CRS consists of multiple subsystems and applications that collect, use, and retain PII. Applications within CRS are grouped by subsystems based on technical functionality. CRS includes:
-
Correspondence Subsystem — The correspondence subsystem within CRS is responsible for formatting and printing account statements that FRTIB sends to TSP participants. These include reports of changes participants have made to their accounts; financial account statements, including fund balances and disbursements; information about loans; and other informational notices the Agency periodically sends to TSP participants.
-
Reports Subsystem — This subsystem generates reports used by FRTIB employees and contractors to oversee and administer the TSP. FRTIB regularly creates a variety of reports to track daily transactions; participant activities and projections; data related to administration of the G fund; and information used to balance and validate deliverables.
-
Omni Subsystem — This subsystem contains FRTIB’s primary recordkeeping applications for TSP account information, including participant PII. Omni contains the recordkeeping software that manages and stores participant data. It also retains data collected by other TSP applications and is designed to update participant account information, as well as to ensure the information is available for proper use in other applications. Omni Security is a component of Omni that enables authorized FRTIB employees and contractors to access participant data.
Authority
FRTIB should only create, collect, use, process, store, maintain, disseminate, or disclose PII if it has authority to do so, and any such authority should be identified in the appropriate notice.
The authorities that permit the collection and use of PII for CRS include:
- Federal Records Act, as amended (44 U.S.C. § 3101);
- Federal Employees’ Retirement System Act of 1986 (FERSA), as amended (5. U.S.C. Chapter 84); and
- Federal Erroneous Retirement Coverage Corrections Act (FERCCA) (114 Stat. 770).
- The Thrift Savings Plan Enhancement Act of 2009, Public Law 111-31
Purpose Specification & Use Limitation
FRTIB should provide notice of the specific purpose for which PII is collected and should only use, process, store, maintain, disseminate, or disclose PII for a purpose that is explained in the notice and is compatible with the purpose for which the PII was collected, or that is otherwise legally authorized.
-
Purpose of the system
CRS enables FRTIB to properly administer and track TSP account information, as well as regularly communicate account information and general updates with its participants. -
Intended use of PII
CRS applications use PII to administer participant accounts, generate reports, and to share data between FRTIB systems to validate data. -
Sharing of PII
Some CRS applications share PII outside FRTIB. CRS has an Interconnection Security Agreement (ISA) with the Agency’s print-mail vendor. The purpose of this interconnection is to enable FRTIB’s print-mail vendor to send statements and other communications to FRTIB participants.
Data Minimization
FRTIB should only create, collect, use, process, store, maintain, disseminate, or disclose PII that is directly relevant and necessary to accomplish a legally authorized purpose, and should only maintain PII for as long as is necessary to accomplish that purpose.
-
Types of PII collected
For participants and their beneficiaries, CRS collects and uses names, addresses, dates of birth, dates of death, email addresses, SSNs, employment related information (e.g., pay grade, service completion date, etc.), and financial information (e.g., salary, plan contributions, account numbers, etc.). CRS also uses FRTIB employee and contract user IDs to assign access privileges. -
Records Retention
TSP records must be retained for 99 years. Any records relating to the administration of a participant’s TSP account that are collected, used, or retained as part of CRS must comply with FRTIB’s retention schedule for TSP records.
Individual Participation
FRTIB should involve individuals in the process of using PII and, to the extent practicable, seek individual consent for the creation, collection, use, processing, storage, maintenance, dissemination, or disclosure of PII. FRTIB should also establish procedures to receive and address individuals’ privacy-related complaints and inquiries.
-
Notice and Opportunities for Consent
Federal employees in the FERS retirement system and members of the uniformed services who began serving on or after January 1, 2018 are automatically enrolled in the TSP. The participant’s employing agency or service provides participants with relevant information about the TSP.Federal employees in the CSRS retirement system and members of the uniformed services who began serving before January 1, 2018 are enrolled in the TSP after making a contribution election. The form used to make a contribution election contains a Privacy Act Notice.
-
Inquiries & Redress
Participants and beneficiaries have several options to access information regarding their accounts and the TSP. Participants may access their account information via My Account in order to view or make changes to their account and to view their information. Participants may also call into FRTIB’s ThriftLine in order to speak with a PSR associate. Once the participant’s identity is authenticated, the PSR associate can assist with information about his or her account. Additionally, PSR associates can mail account specific information to participants.
Data Quality & Integrity
FRTIB should create, collect, use, process, store, maintain, disseminate, or disclose PII with the accuracy, relevance, timeliness, and completeness reasonably necessary to ensure fairness.
- Sources of PII
CRS pulls and uses information from multiple internal and external sources. CRS connects with the other FRTIB systems, Interfacing Services System (ISS) and Business Process Services (BPS), in order to process and confirm information, including PII. CRS also collects information from the Office of Personnel Management (OPM) in order to generate demographics reports.
Security
FRTIB should establish administrative, technical, and physical safeguards to protect PII commensurate with the risk and magnitude of the harm that would result from its unauthorized access, use, modification, loss, destruction, dissemination, or disclosure.
-
Authorization to Operate
CRS was assessed has a current Authority to Operate (ATO). -
Safeguards
CRS will only allow authorized users access to appropriate information and information systems. Access to the system is restricted to FRTIB employees and contractors whose responsibilities require access. Users are granted permission by system administrators or designated representatives in accordance with FRTIB’s policy regarding least privilege, need-to-know, and separation of duties. FRTIB maintains controlled access to all electronic records within FRTIB, including those maintained within CRS, alongside its network controls. Furthermore, FRTIB monitors and logs activity on FRTIB networks.
Transparency
FRTIB should be transparent about information policies and practices with respect to PII, and should provide clear and accessible notice regarding creation, collection, use, processing, storage, maintenance, dissemination, and disclosure of PII.
-
Applicable SORN(s)
FRTIB-1: Thrift Savings Plan (TSP) Records, available at 9 Fed. Reg. 21246 (April 15, 2014).
-
Availability of Privacy Notices
Whenever possible, the FRTIB provides notice to individuals about its policies regarding the use and disclosure of PII at the time the FRTIB collects the information. The FRTIB forms that collect PII contain appropriate Privacy Act Notices. FRTIB provides additional notice to participants about how their information is used through its System of Records Notices, and at www.tsp.gov/privacy.When hired, and annually thereafter, all FRTIB federal employees and contractors are required to sign Rules of Behavior. The document explicitly notifies employees and contractors that they have no reasonable expectation of privacy while using FRTIB networks or devices and notifies employees and contractors that their activity is subject to monitoring. Users are also notified via a warning banner that their activity is monitored when logging into an FRTIB device.
Accountability
FRTIB should be accountable for complying with these principles and applicable privacy requirements, and should appropriately monitor, audit, and document compliance. FRTIB should also clearly define the roles and responsibilities with respect to PII for all employees and contractors, and should provide appropriate training to all employees and contractors who have access to PII.
-
Roles and Responsibilities
Multiple offices within FRTIB have roles within CRS processing and handling reports including: the Office of Communications and Education (OCE), the Office of Technology Services (OTS), the Office of Enterprise Planning (OEP), and the Office of Participant Services (OPS). Additionally, certain forms and mailings are externally shared with FRTIB’s print-mail vendor. -
Training
All FRTIB employees and contractors with access to CRS must complete privacy awareness and security awareness trainings upon hire and annually thereafter. FRTIB’s privacy awareness training describes users’ responsibilities when handling PII and the penalties for mishandling privacy-sensitive data. FRTIB’s security awareness training describes information security best practices to be used when using FRTIB systems and processing sensitive data. Users who do not complete required training are denied access to all FRTIB information systems. -
Audit
Activity on FRTIB networks, including CRS and its applications is monitored and logged to ensure information and information systems are used appropriately.
Privacy Officials
Megan Grumbine
Senior Agency Official for Privacy
Federal Retirement Thrift Investment BoardSarah Smith
Chief Privacy Officer
Federal Retirement Thrift Investment Board -
-
Overview
The Enterprise Network System (ENS) is a network system used by Federal Retirement Thrift Investment Board (FRTIB or the Agency) employees, contractors, and vendors to transport data to applications and other FRTIB-internal destination devices. The ENS devices function primarily to either: (1) support network functionality; or (2) monitor network activity. As a result, the ENS devices transport information among FRTIB’s major applications. ENS devices fall into two categories:
-
Network Support Devices
The ENS devices in this category provide the infrastructure system that transports data on FRTIB’s network. The devices in this section only collect and use account IDs for privileged and non-privileged users as part of the login process. The data is stored locally within audit logs and is then sent to FRTIB’s Security Incident and Event Monitoring application for long-term storage, to serve as a record of which administrative and privileged users accessed the devices. -
Network Monitoring Tools
The ENS devices in this category provided networking monitoring capabilities to protect the network and FRTIB information; prevent cyber-attacks; prevent unauthorized access to FRTIB’s network; and monitor network performance.
Authority
FRTIB should only create, collect, use, process, store, maintain, disseminate, or disclose PII if it has authority to do so, and any such authority should be identified in the appropriate notice.
The authorities that permit the collection and use of PII for ENS include:
- Federal Employees’ Retirement System Act of 1986 (FERSA), as amended (5. U.S.C. Chapter 84);
- Federal Erroneous Retirement Coverage Corrections Act (FERCCA) (114 Stat. 770); and
- Federal Information Security Modernization Act of 2014 (FISMA), as amended (44 U.S.C. § 3541, et seq.).
Purpose Specification & Use Limitation
FRTIB should provide notice of the specific purpose for which PII is collected and should only use, process, store, maintain, disseminate, or disclose PII for a purpose that is explained in the notice and is compatible with the purpose for which the PII was collected, or that is otherwise legally authorized.
-
Purpose of the system
ENS provides the support and infrastructure for the devices that transport data on FRTIB’s network. Additionally, devices within ENS monitor the data transported in order to protect the network and FRTIB information in order to prevent cyber-attacks; prevent unauthorized access to FRTIB’s network; and monitor network performance. - Intended use of PII
- Network Support
These devices only collect and use the following PII from FRTIB employees and contractors: name and User IDs. ENS uses this PII to authenticate users who log in to use the devices. This data is maintained within audit logs generated by the devices. - Network Monitoring Tools ENS collects name and User IDs for users who log into the network monitoring tools. ENS may also collect additional types of PII in the performance of the respective network monitoring or Network Access Control (NAC) functions (e.g., data loss prevention (DLP), capture IP addresses, etc.).
- Network Support
- Sharing of PII
No device within the ENS boundary shares PII outside of FRTIB.
Data Minimization
FRTIB should only create, collect, use, process, store, maintain, disseminate, or disclose PII that is directly relevant and necessary to accomplish a legally authorized purpose, and should only maintain PII for as long as is necessary to accomplish that purpose.
- Types of PII collected
- Network Support
These devices collect name and User IDs from FRTIB employees and contractors. - Network Monitoring Tools
ENS collects names and User IDs for users who log into the network monitoring tools. Furthermore, as these tools are used to analyze email and network traffic, there is a possibility that quarantined or blocked information may contain any type of PII, including but not limited to: name, Social Security Number (SSN); contact information; date of birth; and financial account information.
- Network Support
- Records Retention
The records created and stored in ENS are covered by the General Records Schedule (GRS). ENS records generally fall under GRS 3.2, items 30 and 31, with certain tools falling under GRS 3.1, item 20. Additionally, ENS devices send the Security Information and Event (SIEM) audit log information. Audit log data from ENS does not contain participant and beneficiary PII but does contain employee and contractor information related to administrative access (e.g., User ID). Currently, the SIEM is set to store audit log information for six (6) years.
Individual Participation
FRTIB should involve individuals in the process of using PII and, to the extent practicable, seek individual consent for the creation, collection, use, processing, storage, maintenance, dissemination, or disclosure of PII. FRTIB should also establish procedures to receive and address individuals’ privacy-related complaints and inquiries.
- Notice and Opportunities for Consent
ENS users: When employees and contractors log into an ENS application using their User ID and password, the user is notified by a warning banner that they have no implicit or explicit expectation of privacy and that use of the system may be monitored. The banner informs users that by continuing to use the system, they consent to the terms and conditions.Other users: ENS devices capture a variety of data that traverses the FRTIB network. All FRTIB employees and contractors receive notice that their activity on FRTIB is subject to monitoring through a warning banner when they log in to an FRTIB device. Notice and consent for other data that traverses the FRTIB network is addressed in the source system’s PIA.
- Inquiries & Redress
-
Network Support
ENS network support devices only use limited credentialing information for login purposes. If system access information is inaccurate or erroneous, users can contact the FRTIB Service Desk to correct this information. The audit logs associated with this function of ENS contain employee and contractor PII which is maintained for information security purposes. Individual employees and contractors cannot access audit logs unless they have a need-to-know and the job authority to do so. -
Network Monitoring Tools
Applications used for network monitoring use and retain PII as part of their security functions for the FRTIB network. Individuals are generally not able to access or amend records concerning network monitoring activity.
-
Generally, the Privacy Division has published regulations notifying individuals how they can access and amend records that FRTIB maintains about them in its Privacy Act Regulations at 5 C.F.R., Title VI, Part 1630.4-1630.9.
Data Quality & Integrity
FRTIB should create, collect, use, process, store, maintain, disseminate, or disclose PII with the accuracy, relevance, timeliness, and completeness reasonably necessary to ensure fairness.
- Sources of PII
-
Network Support Devices
Both privileged and non-privileged users directly input their User IDs as part of the login process. The data is stored locally within audit logs to serve as a record of which administrative and privileged users accessed the devices. -
Network Monitoring Tools
In addition to the PII collected during authentication, multiple types of PII may be collected by the network monitoring and data loss prevention tools. The Network Access Control (NAC) devices collect PII from endpoint devices attempting to connect to the FRTIB environment and queries Windows Active Directory for business information of the endpoint’s assigned user.
-
Security
FRTIB should establish administrative, technical, and physical safeguards to protect PII commensurate with the risk and magnitude of the harm that would result from its unauthorized access, use, modification, loss, destruction, dissemination, or disclosure.
-
Authorization to Operate
ENS was assessed and has a current Authority to Operate (ATO). -
Safeguards
Access to the system is restricted to FRTIB employees and contractors whose responsibilities require access. Users are granted permission by system administrators or designated representatives in accordance with FRTIB’s policy regarding least privilege, need-to-know, and separation of duties. FRTIB monitors and logs activity on FRTIB networks. Additionally, ENS contains a Data Loss Prevention (DLP) tool that helps to identify, monitor, and protect sensitive information.
Transparency
FRTIB should be transparent about information policies and practices with respect to PII, and should provide clear and accessible notice regarding creation, collection, use, processing, storage, maintenance, dissemination, and disclosure of PII.
-
Applicable SORN(s)
The following SORN applies for records relating to FRTIB employees and contractors utilized by ENS:GSA/GOVT-7: Personal Identity Verification Identity Management Systems (PIV IDMS), available at 80 Fed. Reg. 64416 (Nov 23, 2015).
-
Availability of Privacy Notices
Whenever possible, the FRTIB provides notice to individuals about its policies regarding the use and disclosure of PII at the time the FRTIB collects the information. The FRTIB forms that collect PII contain appropriate Privacy Act Notices. FRTIB provides additional notice to participants about how their information is used through its System of Records Notices, and at www.tsp.gov/privacy.When hired, and annually thereafter, all FRTIB federal employees and contractors are required to sign Rules of Behavior. The document explicitly notifies employees and contractors that they have no reasonable expectation of privacy while using FRTIB networks or devices and notifies employees and contractors that their activity is subject to monitoring. Users are also notified via a warning banner that their activity is monitored when logging into an FRTIB device.
Accountability
FRTIB should be accountable for complying with these principles and applicable privacy requirements, and should appropriately monitor, audit, and document compliance. FRTIB should also clearly define the roles and responsibilities with respect to PII for all employees and contractors, and should provide appropriate training to all employees and contractors who have access to PII.
-
Roles and Responsibilities
Employees in the Office of Technology Services and its supporting contractors have defined roles within the system. Users are granted permission by system administrators or designated representatives in accordance with FRTIB’s policies regarding least privilege, need-to-know, and separation of duties. -
Training
All FRTIB employees and contractors with access to ENS must complete privacy awareness and security awareness trainings upon hire and annually thereafter. FRTIB’s privacy awareness training describes users’ responsibilities when handling PII and the penalties for mishandling privacy-sensitive data. FRTIB’s security awareness training describes information security best practices to be used when using FRTIB systems and processing sensitive data. Users who do not complete required training are denied access to all FRTIB information systems. -
Audit
Activity on FRTIB networks, including within ENS, is monitored and logged to ensure information and information systems are used appropriately.
Privacy Officials
Megan Grumbine
Senior Agency Official for Privacy
Federal Retirement Thrift Investment BoardSarah Smith
Chief Privacy Officer
Federal Retirement Thrift Investment Board -
-
Overview
The Federal Retirement Thrift Investment Board (FRTIB) Enterprise Unified Communication (EUC) system is the implementation of Voice over Internet Protocol (VoIP) technology to provide voice telephony services to the organization. It also includes capabilities for voice and video calls (if webcam is present), a contact directory with availability information for colleagues, as well as tools for instant messaging (IM), voice messaging, desktop sharing, and conferencing provided by the Jabber application. The system collects Call Data Records (CDR) regarding the history of calls made and voice messages sent to a user. Call Data Records contain information about call origination, call destination, the date and time the call was started, the time it actually connected, and the time it ended. Additionally, the system uses FRTIB’s SANDD Active Directory to authenticate and to populate its user database.
Authority
FRTIB should only create, collect, use, process, store, maintain, disseminate, or disclose PII if it has authority to do so, and any such authority should be identified in the appropriate notice.
The authorities that permit the collection and use of PII for EUC include:
- Federal Records Act, as amended (44 U.S.C. § 3101);
- Federal Employees’ Retirement System Act of 1986 (FERSA), as amended (5. U.S.C. Chapter 84); and
- Federal Information Security Modernization Act of 2014 (FISMA), as amended (44 U.S.C. § 3541, et seq.).
Purpose Specification & Use Limitation
FRTIB should provide notice of the specific purpose for which PII is collected and should only use, process, store, maintain, disseminate, or disclose PII for a purpose that is explained in the notice and is compatible with the purpose for which the PII was collected, or that is otherwise legally authorized.
-
Purpose of the system
EUC provides telephony services for FRTIB, including the capabilities for voice and video calls, a contact directory with availability information for FRTIB employees and contractors, tools for instance messaging, voice messaging, and desktop sharing. -
Intended use of PII
The PII and other sensitive information within EUC is used by employees and contractors in the normal course of business to perform their job duties. EUC facilitates routine communication among FRTIB employees and contractors, and any PII collected and stored is limited to this purpose. For individuals using FRTIB’s VoIP features, EUC only collects information users voluntarily leave as a part of voicemails. The system further enables communications via IM, which is also limited to what is voluntarily sent between FRTIB employees and contractors. -
Sharing of PII
EUC does not directly share information externally.
Data Minimization
FRTIB should only create, collect, use, process, store, maintain, disseminate, or disclose PII that is directly relevant and necessary to accomplish a legally authorized purpose, and should only maintain PII for as long as is necessary to accomplish that purpose.
-
Types of PII collected
Services within EUC collect and process the following from FRTIB employees and contractors from Active Directory services: user name, business phone number, and email address. Additionally, CDRs are generated by the system automatically regarding the history of calls made by a user which include: call origin and destination, the date of the call, the time the call started, time of connection, and the time the call ended. -
Records Retention
NARA currently does not have a retention schedule for audio-recorded messages or for instant messages. Nevertheless, FRTIB retains voicemail messages for 31 days. After 31 days, a voicemail message is moved to a deleted folder. A voicemail message is then retained within this deleted folder for an additional 2 days before it is permanently deleted. CDRs are retained to preserve the call history details for 7 years. IMs are encrypted and stored locally on a user’s work station for up to 99 messages before being overwritten.
Individual Participation
FRTIB should involve individuals in the process of using PII and, to the extent practicable, seek individual consent for the creation, collection, use, processing, storage, maintenance, dissemination, or disclosure of PII. FRTIB should also establish procedures to receive and address individuals’ privacy-related complaints and inquiries.
-
Notice and Opportunities for Consent
Before users access their workstation, they are notified by the Warning Banner on the login screen that any use of the FRTIB system is subject to monitoring and that using the system constitutes consent. -
Inquiries & Redress
Voicemail users needs to enter their phone extension and associated PIN for voice messages. Instant messaging allows a user to re-login in the IM interfaces with the pre-established credentials. CDRs automatically collect the technical details of a call and no user specific or user provided information is collected in the CDs, which can only be accessed by the EUC administrators.
Data Quality & Integrity
FRTIB should create, collect, use, process, store, maintain, disseminate, or disclose PII with the accuracy, relevance, timeliness, and completeness reasonably necessary to ensure fairness.
- Sources of PII
Individuals who leave messages for FRTIB employees and contractors working at FRTIB’s headquarters are the source of information collected through voicemails and CDRs. FRTIB employees and contractors using the Jabber application within EUC for IM communication are another source of PII within the EUC system. Additionally, this system uses the SANDD Active Directory to authenticate and populate its systems.
Security
FRTIB should establish administrative, technical, and physical safeguards to protect PII commensurate with the risk and magnitude of the harm that would result from its unauthorized access, use, modification, loss, destruction, dissemination, or disclosure.
-
Authorization to Operate
EUC was assessed and has a current Authority to Operate (ATO). -
Safeguards
Only authorized users may access appropriate information and information systems. Access to the system is restricted to FRTIB employees and contractors whose responsibilities require access. Users are granted permission by system administrators or designated representatives in accordance with FRTIB’s policy regarding least privilege, need-to-know, and separation of duties. FRTIB monitors and logs activity on FRTIB networks. Additionally, EUC leverages FRTIB’s automated mechanisms to enforce access control, including the authentication of users via PINs, passwords, as well as leveraging public key infrastructure certificates.
Transparency
FRTIB should be transparent about information policies and practices with respect to PII, and should provide clear and accessible notice regarding creation, collection, use, processing, storage, maintenance, dissemination, and disclosure of PII.
-
Applicable SORN(s)
EUC does not operate as a Privacy Act system of records.
-
Availability of Privacy Notices
Whenever possible, the FRTIB provides notice to individuals about its policies regarding the use and disclosure of PII at the time the FRTIB collects the information. The FRTIB forms that collect PII contain appropriate Privacy Act Notices. FRTIB provides additional notice to participants about how their information is used through its System of Records Notices, and at www.tsp.gov/privacy.When hired, and annually thereafter, all FRTIB federal employees and contractors are required to sign Rules of Behavior. The document explicitly notifies employees and contractors that they have no reasonable expectation of privacy while using FRTIB networks or devices and notifies employees and contractors that their activity is subject to monitoring. Users are also notified via a warning banner that their activity is monitored when logging into an FRTIB device.
Accountability
FRTIB should be accountable for complying with these principles and applicable privacy requirements, and should appropriately monitor, audit, and document compliance. FRTIB should also clearly define the roles and responsibilities with respect to PII for all employees and contractors, and should provide appropriate training to all employees and contractors who have access to PII.
-
Roles and Responsibilities
EUC is used enterprise-wide by authorized FRTIB employees and contractors. Only authorized employees within FRTIB’s Office of Technology Services and the respective contractor personnel who work on EUC have full administrative access to EUC. FRTIB employees and contractors throughout the Agency have access to EUC’s call, voicemail, and IM services. -
Training
All FRTIB employees and contractors with access to EUC must complete privacy awareness and security awareness trainings upon hire and annually thereafter. FRTIB’s privacy awareness training describes users’ responsibilities when handling PII and the penalties for mishandling privacy-sensitive data. FRTIB’s security awareness training describes information security best practices to be used when using FRTIB systems and processing sensitive data. Users who do not complete required training are denied access to all FRTIB information systems. -
Audit
Activity on FRTIB networks, is monitored and logged to ensure information and information systems are used appropriately. Specifically, EUC administrators and FRTIB’s Security Operations Center (SOC) have access to CDR information for audit purposes.
Privacy Officials
Megan Grumbine
Senior Agency Official for Privacy
Federal Retirement Thrift Investment BoardSarah Smith
Chief Privacy Officer
Federal Retirement Thrift Investment Board -
Overview
Financial and Reconciliation Services (FRS) enables FRTIB to track and disburse funds from Thrift Savings Plan (TSP) accounts; maintains the TSP’s General Ledger; and interfaces with the United States Treasury. This system also interfaces with the TSP’s fund managers, calculates share prices and investment-level tracking and re-balancing; conducts financial reports; and generates annual 1099 tax forms mailed to participants, beneficiaries, and third party payees. This PIA will review the components of FRS that collect and use personally identifiable information (PII).
The following subsystems and applications within FRS collect and/or use PII: (1) Savantage Altimate; (2) Omni Pay; (3) Cash Management and Investment (CaMI); (4) Accounting Systems Interface (ASI); (5) Tax System Processing Reporting Interface System (TRIS); (6) Application Security Administrator (ASA); and (7) Obligation Tracking and Invoicing System (OTIS).
Savantage Altimate Accounting is a commercial off-the-shelf (COTS) product that has been customized to meet the requirements of FRTIB. It contains the General Ledger for the TSP. Prior to 2009, this application was used to process disbursements to participants, their beneficiaries, and third party payees, and to verify account information. Since 2009, Omni Pay has taken over most of the aforementioned roles, so this application is now limited to payroll office information. Historical participant data is retained by the application.
Omni Pay is a COTS accounting software package that has also been customized to accommodate the TSP/Treasury interface that allows FRTIB to manage the G Fund. This application also processes disbursements for participants, their beneficiaries, and third party payees. Participant Service Representatives (PSRs) are also able to pull information from Omni Pay in order to verify account information. Additionally, Omni Pay sends 1099R tax data to its 1099R Print application for printing and mailing preparation.
The CaMI application enables FRTIB to manage the balance within the G Fund. While CaMI does not process, share, or maintain participant PII, it does collect and store the names and SANDD IDs of authorized users to authenticate individuals using the application.
ASI moves financial data into Oracle database tables to be used by the General Ledger. ASI receives financial data, which includes PII, from Omni Plus/Omni Security (within the CRS system boundary) and the Omni Pay subsystem within FRS. ASI processes the data and sends data feeds to the US Treasury (for checks and electronic fund transfers), to FRTIB’s annuity provider, and to Savantage Altimate (for input into the General Ledger). It also receives data from the US Treasury and makes the appropriate updates to Omni Pay.
TRIS transmits and displays participant investment data sent to, and received from, the Treasury Department for research purposes. It also displays and transmits for reconciliation the participant payroll contribution data for Payroll Offices. In addition, it provides the reporting information needed to balance participant, Treasury, and system accounts for participant contribution activity.
OTIS serves as the web-based budgeting application for FRTIB to obligate FRTIB funds for purchase orders, travel, contracts, task orders, and other requisitions against the General Ledger. Additionally, it is used by Office Directors to create new and projected budgets for submission to and approval by the FRTIB Board.
FRS also includes, ASA, an access management application used to manage access within FRS.
Authority
FRTIB should only create, collect, use, process, store, maintain, disseminate, or disclose PII if it has authority to do so, and any such authority should be identified in the appropriate notice.
The authorities that permit the collection and use of PII for FRS include:
- Federal Records Act, as amended (44 U.S.C. § 3101);
- Federal Employees’ Retirement System Act of 1986 (FERSA), as amended (5. U.S.C. Chapter 84); and
- Federal Erroneous Retirement Coverage Corrections Act (FERCCA) (114 Stat. 770).
Purpose Specification & Use Limitation
FRTIB should provide notice of the specific purpose for which PII is collected and should only use, process, store, maintain, disseminate, or disclose PII for a purpose that is explained in the notice and is compatible with the purpose for which the PII was collected, or that is otherwise legally authorized.
-
Purpose of the system
FRS allows the Agency to track and disburse funds from TSP accounts, maintain the TSP’s General Ledger, and provide an interface with the United States Treasury. -
Intended use of PII
Applications within FRS use PII to ensure accurate disbursements, manage 1099R forms, and authenticate users in order to administer and maintain participant accounts. -
Sharing of PII1
Some FRS applications share PII outside FRTIB. Omni Pay shares a 1099R print connection with its vendor in order to print and mail 1099R statements to participants, beneficiaries, and payees.ASI has a connection with the US Treasury. After receiving financial data from Omni Plus/Omni Security and Omni Pay/Omni Filing 1099R, ASI processes the data and feeds it to the US Treasury to write checks and make electronic fund transfers on behalf of the TSP. Additionally, ASI has a connection with its annuity provider.
- FRTIB has entered into an Interconnection Security Agreement (ISA) and/or Memorandum of Understanding (MOU) to cover these connections where applicable.
Data Minimization
FRTIB should only create, collect, use, process, store, maintain, disseminate, or disclose PII that is directly relevant and necessary to accomplish a legally authorized purpose, and should only maintain PII for as long as is necessary to accomplish that purpose.
-
Types of PII collected
Savantage Altimate includes General Ledger accounting information, as well as employee and contractor numbers, names, usernames, and passwords. Historical data maintained by the application includes: participant SSNs, names, and bank account information.Omni Pay and its Omni Filing 1099R application maintains participant, beneficiary, and payee information within the system, including: SSNs, names, bank account information (e.g., checks, electronic fund transfers, etc.), mailing addresses, dates of birth, tax information, and historical payment information.
CaMI uses User IDs to manage user roles within the application. This system also collects and retains User IDs and passwords for service accounts to authenticate users.
ASI contains Treasury credits/debits; intra-government payment and collection transactions for processing, reconciliation, and General Ledger information. In addition, ASI also includes TSP participant and beneficiary names, SSNs, addresses, and bank account information.
ASA maintains User IDs, passwords, and usernames to manage access to FRS applications.
OTIS includes User IDs and passwords, electronic signatures, SSNs, names and addresses of FRTIB personnel and Board members, as well as vendor names, addresses, and tax IDs.
-
Records Retention
TSP records must be retained for 99 years. Any records relating to the administration of a participant’s TSP account that are collected, used, or retained as part of FRS must comply with FRTIB’s retention schedule for TSP documents. Additionally, FRTIB retains routine procurement files for 6 years and 3 months, in accordance with the General Records Schedule (GRS) 3, Item 3. Procurement files involving investments and other information concerning the TSP must be retained for 99 years.
Individual Participation
FRTIB should involve individuals in the process of using PII and, to the extent practicable, seek individual consent for the creation, collection, use, processing, storage, maintenance, dissemination, or disclosure of PII. FRTIB should also establish procedures to receive and address individuals’ privacy-related complaints and inquiries.
-
Notice and Opportunities for Consent
Federal employees in the FERS retirement system and members of the uniformed services who began serving on or after January 1, 2018 are automatically enrolled in the TSP. A participant’s employing agency or service provides participants with relevant information about the TSP. Federal employees in the CSRS retirement system and members of the uniformed services who began serving before January 1, 2018 are enrolled in the TSP after making a contribution election. The form used to make a contribution election contains a Privacy Act Notice. -
Inquiries & Redress
None of the applications within the FRS system allow participants to directly access their information. However, participants and their beneficiaries do have options to access their account information and information about the TSP by calling the ThriftLine or by logging into MyAccount.Generally, the Privacy Division has published regulations notifying individuals how they can access and amend records that FRTIB maintains about them in its Privacy Act Regulations at 5 C.F.R., Title VI, Part 1630.4-1630.9.
Data Quality & Integrity
FRTIB should create, collect, use, process, store, maintain, disseminate, or disclose PII with the accuracy, relevance, timeliness, and completeness reasonably necessary to ensure fairness.
- Sources of PII
FRTIB receives participant information from participants’ employing agencies. The individual agencies validate the accuracy of the participant data before transmitting any information to FRTIB.
Security
FRTIB should establish administrative, technical, and physical safeguards to protect PII commensurate with the risk and magnitude of the harm that would result from its unauthorized access, use, modification, loss, destruction, dissemination, or disclosure.
- Authorization to Operate
FRS was assessed and has a current Authority to Operate (ATO). - Safeguards
FRS will only allow authorized users access to appropriate information and information systems. Access to the system is restricted to FRTIB employees and contractors whose responsibilities require access. Users are granted permission by system administrators or designated representatives in accordance with FRTIB’s policy regarding least privilege, need-to-know, and separation of duties. Access to all electronic records within FRTIB, including those maintained within FRS, is controlled access and network controls. FRTIB monitors and logs activity on FRTIB networks.
Transparency
FRTIB should be transparent about information policies and practices with respect to PII, and should provide clear and accessible notice regarding creation, collection, use, processing, storage, maintenance, dissemination, and disclosure of PII.
-
Applicable SORN(s)
FRTIB-1: Thrift Savings Plan (TSP) Records, available at 9 Fed. Reg. 21246 (April 15, 2014).
FRTIB-7: Contractor and Consultant Records, available at 81 Fed. Reg. 7, 106 (Feb. 10, 2016)
FRTIB-12: Debt Collection Records, available at 81 Fed. Reg. 7, 106 (Feb. 10, 2016)
GSA/GOVT-4: Contracted Travel Services Program, available at 74 Fed. Reg. 26700 (July 6, 2009)
-
Availability of Privacy Notices
Whenever possible, the FRTIB provides notice to individuals about its policies regarding the use and disclosure of PII at the time the FRTIB collects the information. The FRTIB forms that collect PII contain appropriate Privacy Act Notices. FRTIB provides additional notice to participants about how their information is used through its System of Records Notices, and at www.tsp.gov/privacy.When hired, and annually thereafter, all FRTIB federal employees and contractors are required to sign Rules of Behavior. The document explicitly notifies employees and contractors that they have no reasonable expectation of privacy while using FRTIB networks or devices and notifies employees and contractors that their activity is subject to monitoring. Users are also notified via a warning banner that their activity is monitored when logging into an FRTIB device.
Accountability
FRTIB should be accountable for complying with these principles and applicable privacy requirements, and should appropriately monitor, audit, and document compliance. FRTIB should also clearly define the roles and responsibilities with respect to PII for all employees and contractors, and should provide appropriate training to all employees and contractors who have access to PII.
-
Roles and Responsibilities
FRS subsystems and applications facilitate the daily operations of the Office of the Chief Financial Officer (OCFO). As such, employees and contractors within the OCFO are assigned roles and duties within this system. No offices or agencies external to FRTIB have assigned roles or responsibilities within any FRS subsystem or application. -
Training
All FRTIB employees and contractors with access to FRS must complete privacy awareness and security awareness trainings upon hire and annually thereafter. FRTIB’s privacy awareness training describes users’ responsibilities when handling PII and the penalties for mishandling privacy-sensitive data. FRTIB’s security awareness training describes information security best practices to be used when using FRTIB systems and processing sensitive data. Users who do not complete required training are denied access to all FRTIB information systems. -
Audit
Activity on FRTIB networks, including FRS and its applications is monitored and logged to ensure information and information systems are used appropriately.
Privacy Officials
Megan Grumbine
Senior Agency Official for Privacy
Federal Retirement Thrift Investment BoardSarah Smith
Chief Privacy Officer
Federal Retirement Thrift Investment Board -
Overview
The Interfacing Services System (ISS) supports critical Thrift Savings Plan (TSP) recordkeeping operations, including: payroll contributions from employing Federal agencies; loan payments; data matching services; and reports distribution for the Federal Retirement Thrift Investment Board (FRTIB). ISS features are provided by the follow subsystems and their associated modules: (1) Agency Payroll Services; (2) Federal Reserve Bank; (3) Lockbox Services; (4) Federal Office of Child Support Enforcement; and (5) Death Master File. These subsystems of ISS process information, including PII, as described below:
-
Agency Payroll Services
This subsystem consists of applications that enable the payroll systems from other Federal agencies to submit their payroll data for TSP participants to FRTIB. -
Federal Reserve Bank
The Federal Reserve Bank (FRB) processing system enables payroll offices at employing Federal agencies to send loan payments as Automated Clearing House (ACH) credits to the TSP via the Federal Reserve. -
Lockbox Services
This application processes the following information: (1) participant rollover checks; (2) loan payments; and (3) miscellaneous payments and adjustments to participant accounts. -
Federal Office of Child Support Enforcement
FRTIB receives information from the Federal Office of Child Support Enforcement (FOSCE) application, which FRTIB uses to comply with court orders pertaining to any child supporting debts. -
Death Master File
The Death Master File (DMF) determines whether a TSP participant has died. If a participant’s account matches with this information, then FRTIB establishes a “death hold status” for the respective accounts and notifies the participant’s beneficiaries.
Authority
FRTIB should only create, collect, use, process, store, maintain, disseminate, or disclose PII if it has authority to do so, and any such authority should be identified in the appropriate notice.
The authorities that permit the collection and use of PII for ISS include:
- Federal Records Act, as amended (44 U.S.C. § 3101);
- Federal Employees’ Retirement System Act of 1986 (FERSA), as amended (5. U.S.C. Chapter 84); and
- Federal Erroneous Retirement Coverage Corrections Act (FERCCA) (114 Stat. 770).
Purpose Specification & Use Limitation
FRTIB should provide notice of the specific purpose for which PII is collected and should only use, process, store, maintain, disseminate, or disclose PII for a purpose that is explained in the notice and is compatible with the purpose for which the PII was collected, or that is otherwise legally authorized.
-
Purpose of the system
ISS enables FRTIB to properly receive, administer, and maintain TSP account information. -
Intended use of PII
ISS applications use PII to securely receive payroll information, administer participant accounts, and share data between FRTIB systems reliably by using PII to crosscheck identities and account status. -
Sharing of PII
ISS only shares information externally through Agency Payroll Services and FOCSE. Agency Payroll Services shares information with payroll offices of employing Federal agencies to verify and administer participant account information. For FOCSE, FRTIB obtains the SSNs of individuals who are delinquent in child support payments and matches them with the SSNs of those within the TSP database. FRTIB only shares matches made by this process with FOCSE in order to request and obtain a court order to garnish matching TSP accounts for child support payments owed.
Data Minimization
FRTIB should only create, collect, use, process, store, maintain, disseminate, or disclose PII that is directly relevant and necessary to accomplish a legally authorized purpose, and should only maintain PII for as long as is necessary to accomplish that purpose.
-
Types of PII collected
For participants and their beneficiaries, ISS collects and uses names, addresses, dates of birth, dates of death, email addresses, SSNs, employment related information (e.g., pay grade, service completion date, etc.), and financial information (e.g., salary, plan contributions, account numbers, etc.). ISS also uses FRTIB employee and contract user IDs to assign access privileges to the system. -
Records Retention
TSP records must be retained for 99 years. Any records relating to the administration of a participant’s TSP account that are collected, used, or retained as part of ISS must comply with FRTIB’s retention schedule for TSP records.
Individual Participation
FRTIB should involve individuals in the process of using PII and, to the extent practicable, seek individual consent for the creation, collection, use, processing, storage, maintenance, dissemination, or disclosure of PII. FRTIB should also establish procedures to receive and address individuals’ privacy-related complaints and inquiries.
-
Notice and Opportunities for Consent
Payroll Data: Federal employees in the FERS retirement and members of the uniformed services who began serving on or after January 1, 2018 are automatically enrolled in the TSP. A participant’s employing agency or service provides participants with relevant information about the TSP. Federal employees in the Civil Service Retirement System (CSRS) and members of the uniformed services who began serving before January 1, 2018 are enrolled in the TSP after making a contribution election. The form used to make a contribution election contains a Privacy Act Notice.LockBox: TSP forms used to initiate a loan or rollover transaction contain Privacy Act Notices.
FOSCE – FRTIB outlines the specific circumstances under which a participant may be required to make child support payments from their TSP account. Pursuant to 5 C.F.R. §1653.12, there must be a valid court order which expressly related to the TSP, and must either expressly require payment from the participant’s account, or require the TSP to freeze the account.
-
Inquiries & Redress
Although participants and their beneficiaries cannot directly access their information in ISS, they do have options to access information regarding their accounts or the TSP generally. Participants may access their account information via My Account in order to view or make changes to their information. Participants may also call into FRTIB’s ThriftLine in order to speak with a PSR representative. Once the participant’s identity is authenticated, the PSR representative can assist the caller with information about his or her account. Additionally, PSR associates can mail account specific information to participants.
Data Quality & Integrity
FRTIB should create, collect, use, process, store, maintain, disseminate, or disclose PII with the accuracy, relevance, timeliness, and completeness reasonably necessary to ensure fairness.
- Sources of PII
-
Agency Payroll Services
The employing Federal agencies collect information directly from eligible employees and submit the information to FRTIB on the participant’s behalf. -
Federal Reserve Bank
The payroll offices at employing Federal agencies send loan payments as ACH credits through the Federal Reserve, which are subsequently routed to FRTIB where they are then matched to the corresponding participant account. -
Lockbox Services
Participants initiate requests associated with this component of ISS and complete the required forms. -
Federal Office of Child Support Enforcement
The Federal Office of Child Support Enforcement, within Health and Human Services, sends a file to FRTIB which contains individual names and SSNs. -
Death Master File
Every month, FRTIB receives data from the Social Security Administration’s updated Death Master File (DMF) and compares it against participants contained within the TSP file.
-
Security
FRTIB should establish administrative, technical, and physical safeguards to protect PII commensurate with the risk and magnitude of the harm that would result from its unauthorized access, use, modification, loss, destruction, dissemination, or disclosure.
-
Authorization to Operate
ISS was assessed and has a current Authority to Operate (ATO). -
Safeguards
ISS will only allow authorized users access to appropriate information and information systems. Access to the system is restricted to FRTIB employees and contractors whose responsibilities require access. Users are granted permission by system administrators or designated representatives in accordance with FRTIB’s policy regarding least privilege, need-to-know, and separation of duties. Access to all electronic records, including those maintained in ISS is limited to authorized users and is subject to network controls. FRTIB monitors and logs activity on FRTIB networks.
Transparency
FRTIB should be transparent about information policies and practices with respect to PII, and should provide clear and accessible notice regarding creation, collection, use, processing, storage, maintenance, dissemination, and disclosure of PII.
-
Applicable SORN(s)
FRTIB-1: Thrift Savings Plan (TSP) Records, available at 9 Fed. Reg. 21246 (April 15, 2014).
-
Availability of Privacy Notices
Whenever possible, the FRTIB provides notice to individuals about its policies regarding the use and disclosure of PII at the time the FRTIB collects the information. The FRTIB forms that collect PII contain appropriate Privacy Act Notices. FRTIB provides additional notice to participants about how their information is used through its System of Records Notices, and at www.tsp.gov/privacy.When hired, and annually thereafter, all FRTIB federal employees and contractors are required to sign Rules of Behavior. The document explicitly notifies employees and contractors that they have no reasonable expectation of privacy while using FRTIB networks or devices and notifies employees and contractors that their activity is subject to monitoring. Users are also notified via a warning banner that their activity is monitored when logging into an FRTIB device.
Accountability
FRTIB should be accountable for complying with these principles and applicable privacy requirements, and should appropriately monitor, audit, and document compliance. FRTIB should also clearly define the roles and responsibilities with respect to PII for all employees and contractors, and should provide appropriate training to all employees and contractors who have access to PII.
-
Roles and Responsibilities
The Office of Participant Services (OPS) and employing agencies’ payroll offices (external) handle the administration of participant accounts that occurs through ISS. These offices also coordinate with the Federal Reserve to process loan payments for participant accounts. OPS and FRTIB’s Special Processing Unit handle rollover checks and additional loan information. OPS coordinates with FOCSE regarding compliance with court orders to garnish participant accounts owning child support. Finally, OPS and the Death Benefits Unit coordinate with the Social Security Administration to facilitate the Agency’s use of the Death Master File. -
Training
All FRTIB employees and contractors with access to ISS must complete privacy awareness and security awareness trainings upon hire and annually thereafter. FRTIB’s privacy awareness training describes users’ responsibilities when handling PII and the penalties for mishandling privacy-sensitive data. FRTIB’s security awareness training describes information security best practices to be used when using FRTIB systems and processing sensitive data. Users who do not complete required training are denied access to all FRTIB information systems. -
Audit
Activity on FRTIB networks, including ISS and its applications is monitored and logged to ensure information and information systems are used appropriately.
Privacy Officials
Megan Grumbine
Senior Agency Official for Privacy
Federal Retirement Thrift Investment BoardSarah Smith
Chief Privacy Officer
Federal Retirement Thrift Investment Board -
-
Overview
Microsoft Office 365 (Microsoft Office or O365) provides FRTIB with cloud versions of Exchange Online (EXO), SharePoint Online (SPO) (including Access Online, Project Online, and OneDrive for Business), and Microsoft Teams (Teams). EXO provides the back-end to an integrated system that facilitates email communications, calendaring, contacts, and tasks. SPO provides a collaborative platform in which FRTIB employees and contractors may create sites to share documents and information. The Access Online and Project Online components of SPO provide database development and project management support, respectively. The OneDrive for Business component provides a centralized cloud based file storage location where authorized users are able to save and access files. Teams is a communication service that offers instant messaging, audio/video calling, and online/broadcast meetings. In summary, these products aim to provide collaborative, highly available, and secure online services that improve business processes.
Authority
FRTIB should only create, collect, use, process, store, maintain, disseminate, or disclose PII if it has authority to do so, and any such authority should be identified in the appropriate notice.
The authorities that permit the collection and use of PII for O365 include:
- Federal Records Act, as amended (44 U.S.C. § 3101);
- Federal Employees’ Retirement System Act of 1986 (FERSA), as amended (5. U.S.C. Chapter 84);
- Federal Erroneous Retirement Coverage Corrections Act (FERCCA) (114 Stat. 770); and
- Federal Information Security Modernization Act of 2014 (FISMA), as amended (44 U.S.C. § 3541, et seq.).
Purpose Specification & Use Limitation
FRTIB should provide notice of the specific purpose for which PII is collected and should only use, process, store, maintain, disseminate, or disclose PII for a purpose that is explained in the notice and is compatible with the purpose for which the PII was collected, or that is otherwise legally authorized.
-
Purpose of the system
O365 provides FRTIB with cloud versions of various products that provide collaborative, highly available, and secure online services that improve on the Agency’s business processes. The adoption of O365 will also facilitate an Agency-wide administration of users and provide access to its various service offerings. Its overall purpose is to reduce the total cost of hardware and software development, maintenance, and operations. -
Intended use of PII
The collection and uses of information within O365 service offerings depends on the business needs of the office or group within FRTIB. O365 provides FRTIB with administrative support to support its mission and operations. Depending on an Office’s function, the intended use of PII will vary. Generally, authorized FRTIB users can create and upload information to folders within SPO or OneDrive, and can also send this information to the email of other users and third parties through EXO. Users can communicate via Teams, and any attachments sent through these services may also be collected and stored in the system. -
Sharing of PII
Due to the collaborative nature of the service offerings within the system environment, authorized users may share information outside of the agency via email communications.
Data Minimization
FRTIB should only create, collect, use, process, store, maintain, disseminate, or disclose PII that is directly relevant and necessary to accomplish a legally authorized purpose, and should only maintain PII for as long as is necessary to accomplish that purpose.
-
Types of PII collected
Within O365, users will have access to the variety of services and software available via O365, and will employ these tools in the course of their official duties. Due to the purpose of the system and the range of supported services, O365 applications may contain PII for a variety of reasons.EXO and its integrated email services will include the name and email addresses of employees and contractors, calendar and task information, and contact lists. These services also possess the ability to send and store attachments that could contain additional PII.
SPO and OneDrive for Business offer alternative ways to create and store data within a shared space. They serve as repositories for collaborative information that will be used by FRTIB employees and contractors to support activities related to administering the Thrift Savings Plan (TSP) and other Agency business. Thus, the information maintained in the system will depend on the business needs for which a SPO site or OneDrive for Business folder is established (i.e., administration; legal documents; contract management; human resources/personnel information; etc.). Accordingly, SPO and OneDrive for Business may store FRTIB documents containing sensitive agency information, as well as PII.
-
Records Retention
The records created and stored within the applicable O365 services are covered by the following General Records Schedules (GRS) from the National Archives and Records Administration (NARA) as stated below:- GRS 3.1, Item 20: Information technology operations and maintenance records;
- GRS 3.2, Item 30: System access records;
- GRS 5.1, Items 10-30: Common office records;
- GRS 5.2, Items 10-20: Transitory and intermediary records; and
- GRS 6.1, Items 10-11: Email managed under a capstone approach.
Additionally, the applicable records schedule for some of the records stored within O365 depend on the subject matter and purpose of the record. Agency employees and contractors must therefore retain data in the in a manner that is consistent with the approved National Archives and Records Administration (NARA) retention schedule.
Individual Participation
FRTIB should involve individuals in the process of using PII and, to the extent practicable, seek individual consent for the creation, collection, use, processing, storage, maintenance, dissemination, or disclosure of PII. FRTIB should also establish procedures to receive and address individuals’ privacy-related complaints and inquiries.
-
Notice and Opportunities for Consent
Before users log in to any FRTIB device and before users access O365, users are notified by a warning banner that their activities are subject to monitoring, and that using the system requires consent to such monitoring.In the case of participants and beneficiaries, consent for the use of their PII within documents maintained or created on the O365 service environment is provided at the point of data collection. This collection takes place outside the O365 environment and is addressed in the PIA for the system that collected the information. FRTIB also provides additional notice through its System of Records Notices, and at www.tsp.gov/privacy.
-
Inquiries & Redress
O365 is only available to FRTIB employees and contractors. O365 does not directly provide users any procedures to correct inaccurate information. If errors exist within the O365 environment that impacts profile information and access rights, employees and can address these errors by contacting the FRTIB Service Desk.
Data Quality & Integrity
FRTIB should create, collect, use, process, store, maintain, disseminate, or disclose PII with the accuracy, relevance, timeliness, and completeness reasonably necessary to ensure fairness.
-
Sources of PII
Information is collected from individuals interacting and using O365 services as part of the user credentials requirement and management for the O365 system. This is done through the on-premises Active Directory which is not a part of the O365 system boundary.In general, information contained within O365 is obtained and uploaded by authorized employees and contractors in connection with their various job responsibilities. These employees and contractors may collect or receive information created or provided by FRTIB staff and/or contractors via email or chat messages sent or received, participant information derived from forms or written correspondence, research information originally from various sources obtained as part of their official duties.
Security
FRTIB should establish administrative, technical, and physical safeguards to protect PII commensurate with the risk and magnitude of the harm that would result from its unauthorized access, use, modification, loss, destruction, dissemination, or disclosure.
-
Authorization to Operate
O365 was assessed and has a current Authority to Operate (ATO). -
Safeguards
O365 will only allow authorized users access to appropriate information and information systems. Access to the system is restricted to FRTIB employees and contractors whose responsibilities require access. Users are granted permission by system administrators or designated representatives in accordance with FRTIB’s policy regarding least privilege, need-to-know, and separation of duties. FRTIB monitors and logs activity on FRTIB networks. Additionally, O365 offers a Data Loss Prevention (DLP) service that helps to identify, monitor, and protect sensitive information via deep content analysis across O365’s services. The DLP service uses sensitivity labels and information types to identify potentially sensitive information such as PII.
Transparency
FRTIB should be transparent about information policies and practices with respect to PII, and should provide clear and accessible notice regarding creation, collection, use, processing, storage, maintenance, dissemination, and disclosure of PII.
-
Applicable SORN(s)
O365 will not operate as a Privacy Act system of records. The O365 cloud environment may be used to process and store information from existing FRTIB Privacy Act Systems of Records by authorized contributors (i.e., FRTIB employees and contractors) in connection with their various job responsibilities. These contributors are responsible for ensuring there is coverage under an appropriate SORN for the data collected and maintained, as well as ensuring that the appropriate procedures are followed. -
Availability of Privacy Notices
Whenever possible, the FRTIB provides notice to individuals about its policies regarding the use and disclosure of PII at the time the FRTIB collects the information. The FRTIB forms that collect PII contain appropriate Privacy Act Notices. FRTIB provides additional notice to participants about how their information is used through its System of Records Notices, and at www.tsp.gov/privacy.When hired, all FRTIB federal employees and contractors are required to sign Rules of Behavior as a condition of employment. The document explicitly notifies employees and contractors that they have no reasonable expectation of privacy while using FRTIB networks or devices and notifies employees and contractors that their activity is subject to monitoring.
Accountability
FRTIB should be accountable for complying with these principles and applicable privacy requirements, and should appropriately monitor, audit, and document compliance. FRTIB should also clearly define the roles and responsibilities with respect to PII for all employees and contractors, and should provide appropriate training to all employees and contractors who have access to PII.
-
Roles and Responsibilities
All assigned roles and responsibilities pertain to FRTIB employees and contractors. FRTIB’s Office of Technology Services (OTS) will provide management and oversight of O365 including system and user accounts administration, authentication, and system monitoring processes. FRTIB employees and contractors throughout the Agency have access to O365’s services. However, each O365 application ensures only authorized individuals may conduct business where they have an official need-to-know. -
Training
All FRTIB employees and contractors with access to O365 must complete privacy awareness and security awareness trainings upon hire and annually thereafter. FRTIB’s privacy awareness training describes users’ responsibilities when handling PII and the penalties for mishandling privacy-sensitive data. FRTIB’s security awareness training describes information security best practices to be used when using FRTIB systems and processing sensitive data. Users who do not complete required training are denied access to all FRTIB information systems. -
Audit
Activity on FRTIB networks, including O365 and its applications, is monitored and logged to ensure information and information systems are used appropriately.
Privacy Officials
Megan Grumbine
Senior Agency Official for Privacy
Federal Retirement Thrift Investment BoardSarah Smith
Chief Privacy Officer
Federal Retirement Thrift Investment Board -
Overview
Participant Interaction Services (PIS) contains three subsystems and seven applications that provide the following services: (1) account access through a secure website; (2) participant support software used by FRTIB employees and Participant Service Representatives (PSRs)1; and (3) general Agency websites where the public can access information about the Thrift Savings Plan (TSP) and the Federal Retirement Thrift Investment Board (FRTIB).
Through PIS, FRTIB employees and contractors are able to maintain and access records on participant and beneficiary TSP accounts; participants are able to manage financial aspects of their accounts and update account information through the secure website; and members of the public are able to obtain general information about the TSP and the FRTIB. Several of the applications within Participant Interaction Services System collect, use, and retain personally identifiable information.
PIS includes the following: (1) Participant Service Representative (PSR2) Application; (2) TSP My Account Secure Web Application (My Account) and its supporting applications; (3) TSP.Gov Public Web Application; and (4) FRTIB.Gov Public Web Application. These applications are broken into subsystems below, focusing on: (1) online account access; (2) Participant support software; and (3) supported websites.
-
Online Account Access
Participants may access their account by logging into a secure portal on tsp.gov, My Account. My Account is the participant’s secure access portal that allows access to account information online. Participants gain access to their account through this secure site by entering their account number or participant-created User ID and password, and two-factor authentication. Using MyAccount, participants can view their account statements and manage and make changes to their TSP account.
PIS also contains two web applications that support My Account: (1) Adaptive Authentication; and (2) Account Access Web Process Server (AAAPPS). Adaptive Authentication adds an extra layer of security by asking users challenge questions under certain circumstances in order to gain access to their account. AAAPPS provides technical support to My Account. AAAPPS sends email confirmations to participants acknowledging their requests for inter-fund transfers, contribution allocation changes, withdrawal requests, and acceptance of loan applications. It also helps detect fraudulent transactions, loads share price data, maintains the database, and provides web update status reports.
-
PSR Support
The PSR Application contains comprehensive account information on all TSP accounts and is used by FRTIB employees and contractors to assist participants and beneficiaries with their TSP accounts. Participants can access their TSP account information through a phone service called the ThriftLine. Upon calling the ThriftLine number, participants are directed to speak with Participant Service Representatives (PSR associates) at one of FRTIB’s contact centers. PSR associates use the PSR Application to provide callers with information about their accounts. Additionally, when participants speak with a PSR associate, any transactions and call notes are recorded in the PSR Application.
-
Websites (tsp.gov and frtib.gov)
The PIS system also includes two public-facing websites. The first, tsp.gov is a public-facing website that provides general information about TSP funds, Plan options, and general information about retirement. The FRTIB has also established frtib.gov, which is a public-facing website that provides information about the Agency, FRTIB’s Board members, meeting minutes, and other general information about the FRTIB.
The Cascade Web Content Management System (CMS) tool is installed on a server and used in the development of the public portions of tsp.gov and frtib.gov. The CMS tool only administers the static content on the two public-facing websites. There is no PII in the CMS server environment. Since FRTIB’s two public-facing websites (tsp.gov and frtib.gov) do not collect, use, or retain PII, they are only referenced as a part of this PIA when relevant to communicating privacy-related information to participants and beneficiaries and to clarify the websites’ purposes.
Authority
FRTIB should only create, collect, use, process, store, maintain, disseminate, or disclose PII if it has authority to do so, and any such authority should be identified in the appropriate notice.
The authorities that permit the collection and use of PII for PIS include:
- Federal Records Act (44 U.S.C. § 3101);
- Federal Employees’ Retirement System Act of 1986 (FERSA), as amended (5. U.S.C. Chapter 84); and
- Federal Erroneous Retirement Coverage Corrections Act (FERCCA) (114 Stat. 770).
Purpose Specification & Use Limitation
FRTIB should provide notice of the specific purpose for which PII is collected and should only use, process, store, maintain, disseminate, or disclose PII for a purpose that is explained in the notice and is compatible with the purpose for which the PII was collected, or that is otherwise legally authorized.
- Purpose of the system
PIS contains three subsystems and multiple applications that provide the following services: (1) account access through a secure web portal; (2) participant support software used by FRTIB employees and PSRs; and (3) general Agency websites where the public can access information about the TSP and FRTIB. Through PIS, FRTIB employees and contractors are able to maintain and access information on TSP participants; participants are able to manage their accounts and update account information through the secure website; and members of the public are able to obtain general information about the TSP and the FRTIB. - Intended use of PII
Applications within PIS use identifiable participant information to verify and authenticate the identity of participants and to administer and maintain information on participant accounts. - Sharing of PII
Information from PIS is not routinely shared outside the FRTIB. Any external sharing would be consistent with the applicable System of Records Notice. However, participants and beneficiaries may request information about their account information in the PSR Application by calling the ThriftLine, or by logging into MyAccount.
Data Minimization
FRTIB should only create, collect, use, process, store, maintain, disseminate, or disclose PII that is directly relevant and necessary to accomplish a legally authorized purpose, and should only maintain PII for as long as is necessary to accomplish that purpose.
-
Types of PII collected
My Account collects names, social security numbers (SSNs), contact information, financial information (i.e., bank routing and account numbers), and tax information from participants and beneficiaries necessary to manage their TSP accounts. Adaptive Authentication collects the IP address, browser information, and operating system used from computers accessing My Account. Additionally, answers to challenge questions are collected and may contain PII. AAAPPS collects the names, addresses, and financial information of participants and beneficiaries.PSR Application collects names, SSNs, dates of birth (DOB), dates of death (DOD), financial information, tax information, PINs, TSP account balance(s); fund balances, disbursements, employer contributions, loan information, and funds vested in and investment amounts.
-
Records Retention
TSP records must be retained for 99 years. Any records relating to the administration of a participant’s TSP account that are collected, used, or retained as part of PIS must comply with FRTIB’s retention schedule for TSP records.
Individual Participation
FRTIB should involve individuals in the process of using PII and, to the extent practicable, seek individual consent for the creation, collection, use, processing, storage, maintenance, dissemination, or disclosure of PII. FRTIB should also establish procedures to receive and address individuals’ privacy-related complaints and inquiries.
-
Notice and Opportunities for Consent
Before logging into the TSP Secure Web: My Account site that alerts participants that they are entering a United States Government website, and only TSP participants may access information within it. Additionally, the alert notifies participants that their use of the site may be monitored, recorded, and audited for security purposes, and that the participants’ use of the website represents their consent. Adaptive Authentication issues another warning banner notifying participants how their information will be collected and used as a part of the adaptive authentication tool (i.e., setting up security challenge questions for added identity verification).Finally, although PSR associates do not tell callers that call notes and other information is added and stored within the PSR Application, participants are informed that their calls into the ThriftLine are monitored and recorded for quality and security purposes.
-
Inquiries & Redress
Participants and beneficiaries have several options to access information regarding their accounts or the TSP generally. Participants may access their account information via My Account in order to view or make changes to their information. Participants may also call into FRTIB’s ThriftLine in order to speak with a PSR associate. Once the participant’s identity is authenticated, the PSR associate can assist with information about his or her account. Additionally, PSR associates can send account specific information to participants.
Data Quality & Integrity
FRTIB should create, collect, use, process, store, maintain, disseminate, or disclose PII with the accuracy, relevance, timeliness, and completeness reasonably necessary to ensure fairness.
-
Sources of PII
My Account collects PII from participants as they enter their information directly into the application in order to access their TSP accounts. The participant enters his or her account number or User ID and web password online before account access is granted to the participant via the TSP Secure Web – My Account website. They will be able to view account documents and review pending transactions and tasks, which are pulled from the Business Process Services (BPS) system boundary, as well as additional records from the Core Recordkeeping Services (CRS) system boundary.3Adaptive Authentication collects answers submitted by participants to challenge questions they prefer to use in order to add an additional layer of security to their TSP account.
AAAPPS is a collection of processes with no user interface or user intervention. It supports the maintenance of TSP websites by facilitation movement of information from BPS applications, which includes automatically sending emails to participants acknowledging inter-fund transfers, contribution allocation changes, and acceptance of loan applications.
The PSR Application pulls submitted forms from other TSP systems, BPS and TSP account information from CRS so that users may view these documents in order to assist participants and beneficiaries with their accounts.
Security
FRTIB should establish administrative, technical, and physical safeguards to protect PII commensurate with the risk and magnitude of the harm that would result from its unauthorized access, use, modification, loss, destruction, dissemination, or disclosure.
-
Authorization to Operate
PIS was assessed and has a current Authority to Operate (ATO). -
Safeguards
PIS will only allow authorized users access to appropriate information and information systems. Access to the system is restricted to FRTIB employees and contractors whose responsibilities require access. Users are granted permission by system administrators or designated representatives in accordance with FRTIB’s policy regarding least privilege, need-to-know, and separation of duties. Access to all electronic records, including those maintained in PIS is limited to authorized users and is subject to network controls. FRTIB monitors and logs activity on FRTIB networks.Participants can access their account information through www.tsp.gov by entering their account number and password or through a participant-created User ID and password, and two-factor authentication.
Transparency
FRTIB should be transparent about information policies and practices with respect to PII, and should provide clear and accessible notice regarding creation, collection, use, processing, storage, maintenance, dissemination, and disclosure of PII.
-
Applicable SORN(s)
FRTIB-1: Thrift Savings Plan (TSP) Records, available at 9 Fed. Reg. 21246 (April 15, 2014).
FRTIB-13: Fraud and Forgery Records, available at 80 Fed. Reg. 43428 (July 22, 2015).
-
Availability of Privacy Notices
Whenever possible, the FRTIB provides notice to individuals about its policies regarding the use and disclosure of PII at the time the FRTIB collects the information. The FRTIB forms that collect PII contain appropriate Privacy Act Notices. FRTIB provides additional notice to participants about how their information is used through its System of Records Notices, and at www.tsp.gov/privacy.When hired, all FRTIB federal employees and contractors are required to sign Rules of Behavior as a condition of employment. The document explicitly notifies employees and contractors that they have no reasonable expectation of privacy while using FRTIB networks or devices and notifies employees and contractors that their activity is subject to monitoring.
Accountability
FRTIB should be accountable for complying with these principles and applicable privacy requirements, and should appropriately monitor, audit, and document compliance. FRTIB should also clearly define the roles and responsibilities with respect to PII for all employees and contractors, and should provide appropriate training to all employees and contractors who have access to PII.
-
Roles and Responsibilities
Access to PIS is limited to employees and contractors with a need-to-know whose job roles require them to have access to its applications. Employees and supporting contractors within FRTIB’s Office of Participant Services (OPS) are responsible for maintaining My Account and Adaptive Authentication, AAAPPS. Individuals in the Office of General Counsel, Office of External Affairs, and individuals in the Office of Participant Services and their supporting contractors also have access to the PSR Application.There are no external offices or agencies with assigned roles or responsibilities for PIS.
-
Training
All FRTIB employees and contractors with access to PIS must complete privacy awareness and security awareness trainings upon hire and annually thereafter. FRTIB’s privacy awareness training describes users’ responsibilities when handling PII and the penalties for mishandling privacy-sensitive data. FRTIB’s security awareness training describes information security best practices to be used when using FRTIB systems and processing sensitive data. Users who do not complete required training are denied access to all FRTIB information systems. -
Audit
Activity on FRTIB networks, including PIS and its applications is monitored and logged to ensure information and information systems are used appropriately.
Privacy Officials
Megan Grumbine
Senior Agency Official for Privacy
Federal Retirement Thrift Investment BoardSarah Smith
Chief Privacy Officer
Federal Retirement Thrift Investment Board- For additional information on ThriftLine and its use and collection of PII, please refer to the ThriftLine Infrastructure System (TLI) PIA.
- Within this PIA, the term “PSR” has two meanings. First, PSR can mean a Participant Service Representative Associate – an individual who assists participants and beneficiaries who call the ThriftLine with issues about their TSP accounts. Second, the term PSR can mean the PSR application―a recordkeeping service that documents participant account activity and transactions. For the purposes of this PIA, the term PSR associate shall have the former meaning, while PSR application shall have the latter meaning.
- Please refer to the BPS and CRS PIAs for additional information on the use and collection of PII within these systems.
-
-
Overview
TSP Distributed Systems (TDS) is a General Support System which supports FRTIB’s six major applications: (1) Core Recordkeeping Services (CRS); (2) Participant Interaction Services (PIS); (3) Financial and Reconciliation Services (FRS); (4) Business Process Services (BPS); (5) Interfacing Services System (ISS); and (6) Application and Development Test Tools (ADTT)1. Although TDS does not collect, share, store, use, or process any PII within its defined boundaries, PII passes through the database and OS platforms as it is transported to and from FRTIB’s other internal information systems, such as when FRTIB’s major applications invoke processing services within TDS component servers and databases. PII also passes through TDS when databases for FRTIB’s major applications are backed-up.
TDS does not collect PII beyond limited credentialing (i.e., User IDs) for access and auditing purposes. Only platform services (e.g., processing and data transmission) provided as requested by FRTIB’s major applications collect PII.
Authority
FRTIB should only create, collect, use, process, store, maintain, disseminate, or disclose PII if it has authority to do so, and any such authority should be identified in the appropriate notice.
- Federal Employees’ Retirement System Act of 1986 (FERSA), as amended (5 U.S.C. Chapter 84); and
- Federal Erroneous Retirement Coverage Corrections Act (FERCCA) 114 Stat. 770).
Purpose Specification & Use Limitation
FRTIB should provide notice of the specific purpose for which PII is collected and should only use, process, store, maintain, disseminate, or disclose PII for a purpose that is explained in the notice and is compatible with the purpose for which the PII was collected, or that is otherwise legally authorized.
-
Purpose of the system
TDS provides infrastructure support for many of FRTIB’s systems. TDS supports the Agency’s mission by providing an operating system platform, as well as database, communication, and backup services for FRTIB’s major applications. -
Intended use of PII
TDS does not collect, use, disseminate, or maintain PII other than User IDs captured within audit logs to provide accountability on access to the system. However, other PII passes through the database and OS platforms as it is transported to and from FRTIB’s other internal information systems. For example, PII passes through TDS when the resident applications invoke processing services within TDS component servers and databases. -
Sharing of PII
TDS does not share PII externally.
Data Minimization
FRTIB should only create, collect, use, process, store, maintain, disseminate, or disclose PII that is directly relevant and necessary to accomplish a legally authorized purpose, and should only maintain PII for as long as is necessary to accomplish that purpose.
-
Types of PII collected
TDS only collects and uses User IDs for privileged users for maintaining audit logs on the system. -
Records Retention
TDS retains configuration and operational information required for the operation of the TDS components, which is not subject to a records retention schedule. Additionally, TDS does not collect or retain PII about individuals beyond what is required for auditing purposes.
Individual Participation
FRTIB should involve individuals in the process of using PII and, to the extent practicable, seek individual consent for the creation, collection, use, processing, storage, maintenance, dissemination, or disclosure of PII. FRTIB should also establish procedures to receive and address individuals’ privacy-related complaints and inquiries.
-
Notice and Opportunities for Consent
When hired, all FRTIB employees and contractors are required to review and sign the Rule of Behavior as a condition of employment. This document informs users that they have no reasonable expectation of privacy on FRTIB devices and states that user activity on FRTIB information systems is subject to monitoring. Additionally, before users access their workstation, they are notified by the Warning Banner on the login screen that any use of the FRTIB system constitutes consent to monitoring. -
Inquiries & Redress
TDS only collects and uses PII relating to user login credentials and logs associated with user activity. This system does not contain specific procedures to enable individuals to correct inaccurate or erroneous information captured as part of TDS.
Data Quality & Integrity
FRTIB should create, collect, use, process, store, maintain, disseminate, or disclose PII with the accuracy, relevance, timeliness, and completeness reasonably necessary to ensure fairness.
- Sources of PII
All PII that passes through TDS does so as a payload in transit or as part of a processing request from a major application that reside on the operating systems provided by TDS. The only PII collected (i.e., user login credentials and logs associated with user activity) is done so directly from the user logging into and out of the system directly.
Security
FRTIB should establish administrative, technical, and physical safeguards to protect PII commensurate with the risk and magnitude of the harm that would result from its unauthorized access, use, modification, loss, destruction, dissemination, or disclosure.
-
Authorization to Operate
TDS has been assessed and has a current Authority to Operate (ATO). -
Safeguards
Only authorized users may access appropriate information and information systems. Access to the system is restricted to FRTIB employees and contractors whose responsibilities require access. Users are granted permission by system administrators or designated representatives in accordance with FRTIB’s policy regarding least privilege, need-to-know, and separation of duties. FRTIB monitors and logs activity on FRTIB networks. Additionally, TDS maintains encryption services for all PII transmitted in order to provide confidentiality and integrity services to the major applications residing on its platform.
Transparency
FRTIB should be transparent about information policies and practices with respect to PII, and should provide clear and accessible notice regarding creation, collection, use, processing, storage, maintenance, dissemination, and disclosure of PII.
-
Applicable SORN(s)
Information contained within TDS is not retrieved by a unique identifier and, accordingly, a SORN is not required. -
Availability of Privacy Notices
Whenever possible, the FRTIB provides notice to individuals about its policies regarding the use and disclosure of PII at the time the FRTIB collects the information. The FRTIB forms that collect PII contain appropriate Privacy Act Notices. FRTIB provides additional notice to participants about how their information is used through its System of Records Notices, and at www.tsp.gov/privacy.When hired, all FRTIB federal employees and contractors are required to sign Rules of Behavior as a condition of employment. The document explicitly notifies employees and contractors that they have no reasonable expectation of privacy while using FRTIB networks or devices and notifies employees and contractors that their activity is subject to monitoring.
Accountability
FRTIB should be accountable for complying with these principles and applicable privacy requirements, and should appropriately monitor, audit, and document compliance. FRTIB should also clearly define the roles and responsibilities with respect to PII for all employees and contractors, and should provide appropriate training to all employees and contractors who have access to PII.
-
Roles and Responsibilities
Only limited employees within FRTIB’s Office of Technology Services and contractor personnel who work on TDS systems have access to the system. Individuals with access to TDS are limited to those who have a need-to-know as part of their official job responsibilities. -
Training
All FRTIB employees and contractors with access to TDS must complete privacy awareness and security awareness trainings upon hire and annually thereafter. FRTIB’s privacy awareness training describes users’ responsibilities when handling PII and the penalties for mishandling privacy-sensitive data. FRTIB’s security awareness training describes information security best practices to be used when using FRTIB systems and processing sensitive data. Users who do not complete required training are denied access to all FRTIB information systems. -
Audit
Activity on FRTIB networks, including within TDS, is monitored and logged to ensure information and information systems are used appropriately.
Privacy Officials
Megan Grumbine
Senior Agency Official for Privacy
Federal Retirement Thrift Investment BoardSarah Smith
Chief Privacy Officer
Federal Retirement Thrift Investment Board- Please see the respective PIA for each listed major application for additional information regarding PII collection and use.
-
Overview
The ThriftLine Infrastructure System (TLI) provides key support to the Federal Retirement Thrift Investment Board’s ThriftLine application. The ThriftLine is a toll-free number provided to Thrift Savings Plan (TSP) participants and their beneficiaries. The ThriftLine enables participants and their beneficiaries to access and manage their accounts, to conduct account transactions and to speak with Participant Service Representative (PSR) associates to answer their questions. While most participant data is processed by applications which are a part of the Participant Interaction Services (PIS) system boundary, the TLI system stores records of calls made to the ThriftLine and e-messages sent between participants and PSR associates.
Authority
FRTIB should only create, collect, use, process, store, maintain, disseminate, or disclose PII if it has authority to do so, and any such authority should be identified in the appropriate notice.
Specific legal authorities and/or agreements permitting and defining the collection of information by the information system include:
- Federal Employees’ Retirement System Act of 1986 (FERSA), as amended (5 U.S.C. Chapter 84);
- Federal Erroneous Retirement Coverage Corrections Act (FERCCA) 114 Stat. 770); and
- Federal Records Act, as amended (44 U.S.C. § 3101).
Purpose Specification & Use Limitation
FRTIB should provide notice of the specific purpose for which PII is collected and should only use, process, store, maintain, disseminate, or disclose PII for a purpose that is explained in the notice and is compatible with the purpose for which the PII was collected, or that is otherwise legally authorized.
-
Purpose of the system
TLI enables participants and their beneficiaries to access and manage their accounts, to conduct account transactions, and to communicate with PSR associates to answer their questions both over the phone and via the MyAccount1 e-message tool. -
Intended use of PII
FRTIB records the content of all interactions between ThriftLine callers and PSR associates. The agency uses these call recordings to ensure PSR associates provide secure and high quality service to callers and to train PSR associates. The Agency may also access stored recordings to resolve account-related questions or discrepancies, and to address Congressional inquiries. Additionally, data collected through the e-messaging service is used to send and respond to participant and beneficiary inquiries through their MyAccount page. -
Sharing of PII
The Office of Participant Services (OPS) may provide participants copies of their call recordings if the participant submits a formal request.
Data Minimization
FRTIB should only create, collect, use, process, store, maintain, disseminate, or disclose PII that is directly relevant and necessary to accomplish a legally authorized purpose, and should only maintain PII for as long as is necessary to accomplish that purpose.
-
Types of PII collected
As a part of routine operations, TLI uses and collects call recordings of interactions between callers to the ThriftLine and PSR associates, as well as from e-messages through MyAccount. Most of the call recordings or messages contain sensitive PII about participant and beneficiary accounts. This data may include, but is not limited to: the caller’s name; authentication information (e.g., SSN); TSP account number; home address and contact information; IP address; date of birth; and specific financial information related to or contained within his or her TSP account. -
Records Retention
TSP records, including the records in TLI, must be retained for 99 years. Any records relating to the administration of participant accounts that are collected, retained, or used by TLI must comply with FRTIB’s retention schedule for TSP documents.
Individual Participation
FRTIB should involve individuals in the process of using PII and, to the extent practicable, seek individual consent for the creation, collection, use, processing, storage, maintenance, dissemination, or disclosure of PII. FRTIB should also establish procedures to receive and address individuals’ privacy-related complaints and inquiries.
-
Notice and Opportunities for Consent
When calling the ThriftLine, callers are notified that their calls may be monitored for quality assurance purposes. By subsequently providing information to the PSR associate during the course of the call, the caller consents to the system collecting information. Participants and beneficiaries access the e-messaging service by logging into their MyAccount on www.tsp.gov. When logging into MyAccount, there is a notice that alerts users that their activity is subject to monitoring. Furthermore, participants and beneficiaries are aware that their PII is being collected because they affirmatively provide it when composing the message. -
Inquiries & Redress
Participants and other authorized individuals may amend their account information by logging into their accounts through MyAccount on the TSP website. Additionally, participants and beneficiaries may also contact the ThriftLine again and speak with a PSR associate to verify the accuracy of their information and make any necessary changes to their account.
Data Quality & Integrity
FRTIB should create, collect, use, process, store, maintain, disseminate, or disclose PII with the accuracy, relevance, timeliness, and completeness reasonably necessary to ensure fairness.
- Sources of PII
Information may be gathered from participants and beneficiaries directly as they call into ThriftLine or send inquiries via the MyAccount e-messaging service. TLI also pulls data from other FRTIB systems to access participant account information.
Security
FRTIB should establish administrative, technical, and physical safeguards to protect PII commensurate with the risk and magnitude of the harm that would result from its unauthorized access, use, modification, loss, destruction, dissemination, or disclosure.
-
Authorization to Operate
TLI was assessed and has a current Authority to Operate (ATO). -
Safeguards
FRTIB will only allow authorized users access to appropriate information and information systems. Access to TLI is restricted to FRTIB employees and contractors whose responsibilities require access. Users are granted permission by system administrators or designated representatives in accordance with FRTIB’s policy regarding least privilege, need-to-know, and separation of duties. FRTIB maintains controlled access to all electronic records within FRTIB, including those maintained within TLI, alongside its network controls. Furthermore, FRTIB monitors and logs activity on its networks.
Transparency
FRTIB should be transparent about information policies and practices with respect to PII, and should provide clear and accessible notice regarding creation, collection, use, processing, storage, maintenance, dissemination, and disclosure of PII.
-
Applicable SORN(s)
FRTIB-1: Thrift Savings Plan (TSP) Records, available at 9 Fed. Reg. 21246 (April 15, 2014).
FRTIB-13: Fraud and Forgery Records, is available at 80 Fed. Reg. 43428 (July 22, 2015).
-
Availability of Privacy Notices
Whenever possible, the FRTIB provides notice to individuals about its policies regarding the use and disclosure of PII at the time the FRTIB collects the information. The FRTIB forms that collect PII contain appropriate Privacy Act Notices. FRTIB provides additional notice to participants about how their information is used through its System of Records Notices, and at www.tsp.gov/privacy.When hired, all FRTIB federal employees and contractors are required to sign Rules of Behavior as a condition of employment. The documents explicitly notifies employees and contractors that they have no reasonable expectation of privacy while using FRTIB networks or devices and notifies employees and contractors that their activity is subject to monitoring.
Accountability
FRTIB should be accountable for complying with these principles and applicable privacy requirements, and should appropriately monitor, audit, and document compliance. FRTIB should also clearly define the roles and responsibilities with respect to PII for all employees and contractors, and should provide appropriate training to all employees and contractors who have access to PII.
-
Roles and Responsibilities
Office of Technology Services (OTS), and its supporting contractors who have duties related to supporting TLI have access to the system. Office of Participant Services (OPS) employees and its supporting contractors whose job duties require access to call recordings and e-messages also have access to the recordings and messages. -
Training
All FRTIB employees and contractors with access to TLI must complete privacy awareness and security awareness trainings upon hire and annually thereafter. FRTIB’s privacy awareness training describes users’ responsibilities when handling PII and the penalties for mishandling privacy-sensitive data. FRTIB’s security awareness training describes information security best practices to be used when using FRTIB systems and processing sensitive data. Users who do not complete required training are denied access to all FRTIB information systems. -
Audit
Call recordings are routinely monitored to ensure the PSR associates adhere to security guidelines and provide appropriate service. The TLI system is regularly monitored and audit logs capture records of who has accessed recordings.
Privacy Officials
Megan Grumbine
Senior Agency Official for Privacy
Federal Retirement Thrift Investment BoardSarah Smith
Chief Privacy Officer
Federal Retirement Thrift Investment Board- Participants may access their account by logging into a secure website called MyAccount. MyAccount is a secure access portal that allows participants to access account information online. The e-messaging tool in MyAccount is in the TLI boundary, but other information in MyAccount is in the Participant Interactive Services (PIS) boundary.
-
Overview
The Virtual Infrastructure General Support System (VIGSS) is a general support system used to support mission critical applications and infrastructure services for the Federal Retirement Thrift Investment Board (FRTIB) in the development, test, and production environments. VIGSS provides processing, storage, and network services to all virtual machines and virtual databases within the FRTIB distributed system. VIGSS also provides data backup, disaster recovery, and continuity of operations functionality for FRTIB’s major applications. The overview of VIGSS subsystems is divided by the following three main functions of VIGSS: (1) management of virtual environments; (2) disaster recovery and continuity of operations; and (3) backup storage and replication.
-
Management of Virtual Environment
Associated services and server management software support the hosting and management of all FRTIB virtual machines. The suite of products for this subsystem provide the functionality of a physical computer to host guest operating systems for FRTIB applications. This includes a hypervisor suite to manager server resources as efficiently as possible. -
Disaster Recovery and Continuity of Operations
Recovery management services are employed to efficiently mobilize FRTIB data between its data centers to ensure proper disaster recovery and the continuity of operations. -
Storage and Replication
Applications within VIGSS facilitate backup storage and replication for three purposes: (1) development and test data storage; (2) audit log related functions; and (3) back-end storage for all FRTIB major applications, virtual servers, and FRTIB databases.
Authority
FRTIB should only create, collect, use, process, store, maintain, disseminate, or disclose PII if it has authority to do so, and any such authority should be identified in the appropriate notice.
PII is collected by other FRTIB applications that rely on VIGSS for facilitation and backup services. Specific legal authorities and/or agreements permitting and defining the collection of information by the information system include the following:
- Federal Employees’ Retirement System Act of 1986 (FERSA), as amended (5 U.S.C. Chapter 84); and
- Federal Erroneous Retirement Coverage Corrections Act (FERCCA) 114 Stat. 770).
Purpose Specification & Use Limitation
FRTIB should provide notice of the specific purpose for which PII is collected and should only use, process, store, maintain, disseminate, or disclose PII for a purpose that is explained in the notice and is compatible with the purpose for which the PII was collected, or that is otherwise legally authorized.
-
Purpose of the system
VIGSS provides infrastructure support for many of FRTIB’s systems. VIGSS supports the Agency’s mission by providing processing, storage, and network services to all virtual machines and databases within FRTIB, as well as backup services and continuity of operations for FRTIB’s major applications. - Intended use of PII
-
Management of Virtual Environment & Disaster Recovery and Continuity of Operations
All VIGSS devices use employee and contractor PII (User IDs for privileged and non-privileged users) as part of the authentication process and the data is stored locally within audit logs to serve as a record of which administrative and privileged users accessed the devices. -
Backup Storage and Replication
These services facilitate the backup of all major FRTIB applications by passing data through to backup storage. This includes PII collected from participants and beneficiaries. Detailed information about the sources and methods of collection of FRTIB’s major applications is contained in the respective PIAs for each major application. While VIGSS does not use PII collected by FRTIB’s applications, it does provide data storage to facilitate backup services and business continuity.
-
- Sharing of PII
VIGSS does not share PII externally.
Data Minimization
FRTIB should only create, collect, use, process, store, maintain, disseminate, or disclose PII that is directly relevant and necessary to accomplish a legally authorized purpose, and should only maintain PII for as long as is necessary to accomplish that purpose.
-
Types of PII collected
FRTIB employee and contractor privileged and non-privileged User IDs are collected within audit logs generated by all VIGSS devices. Additionally, participant and beneficiary PII is collected by other FRTIB applications and is passed through the VIGSS for backend storage. The data stored includes, but is not limited to: name; date of birth; Social Security Number (SSN); address; email; phone number; TSP account number; and other financial account information. -
Records Retention
The log data in the VIGSS boundary is retained for: (1) Monitoring of system performance; (2) Monitoring for malicious activity; (3) Retention of records related to security related incidents; and (4) Retention for TSP account maintenance (by backing up applications). Currently, audit log information is retained for six (6) years as a default setting. Additionally, each FRTIB major application that collects data, including PII from participants and beneficiaries, has a separate records retention schedule maintained by the responsible office, which is detailed within their respective PIA.
Individual Participation
FRTIB should involve individuals in the process of using PII and, to the extent practicable, seek individual consent for the creation, collection, use, processing, storage, maintenance, dissemination, or disclosure of PII. FRTIB should also establish procedures to receive and address individuals’ privacy-related complaints and inquiries.
-
Notice and Opportunities for Consent
When hired, all FRTIB employees and contractors are required to review and sign the Rules of Behavior as a condition of employment. This document informs users that they have no reasonable expectation of privacy on FRTIB devices and states that user activity on FRTIB information systems is subject to monitoring. Additionally, before users access their workstation, they are notified by the Warning Banner on the login screen that any use of the FRTIB system constitutes consent.VIGSS merely stores information collected from each of FRTIB’s major applications for backup purposes. Those major applications each have separate mechanisms for notifying participants and beneficiaries about how the information is collected and used, which is explained in each of the major application’s PIAs.
-
Inquiries & Redress
As noted earlier, VIGSS does not directly collect or use PII beyond that relating to user login credentials and logs associated with user activity. Therefore, there are no system-specific procedures enabling individuals to access or amend their information.Generally, individuals may access information collected and maintained by FRTIB through FRTIB’s System of Records Notices (SORNs). Additional information about this process, individuals may refer to FRTIB’s Privacy Act regulations, located at 5 C.F.R. Part 1630 and at www.tsp.gov/privacy.
Data Quality & Integrity
FRTIB should create, collect, use, process, store, maintain, disseminate, or disclose PII with the accuracy, relevance, timeliness, and completeness reasonably necessary to ensure fairness.
- Sources of PII
-
Management of Virtual Environment & Disaster Recovery and Continuity of Operations
VIGSS collects both FRTIB employee and contractor privileged and non-privileged User IDs for individuals who use the system., The system also retains audit logs that capture these User IDs. These IDs are authenticated by FRTIB’s Active Directory, which links the ID to an individual user’s name and other business contact information. Active Directory is managed in the TSP Distributed Systems (TDS) boundary. -
Backup Storage and Replication
FRTIB’s Major Applications collect PII from participants and beneficiaries, for which VIGSS facilitates backup storage. Detailed information about the sources and methods of collection of FRTIB’s major applications is contained in the respective PIAs for each major application.
-
Security
FRTIB should establish administrative, technical, and physical safeguards to protect PII commensurate with the risk and magnitude of the harm that would result from its unauthorized access, use, modification, loss, destruction, dissemination, or disclosure.
-
Authorization to Operate
VIGSS has been assessed and has a current Authority to Operate (ATO). -
Safeguards
Only authorized users may access appropriate information and information systems. Access to the system is restricted to FRTIB employees and contractors whose responsibilities require access. Users are granted permission by system administrators or designated representatives in accordance with FRTIB’s policy regarding least privilege, need-to-know, and separation of duties. FRTIB monitors and logs activity on FRTIB networks. Additionally, VIGSS maintains encryption services for all PII stored to provide confidentiality and integrity services to the major applications residing on its platform.
Transparency
FRTIB should be transparent about information policies and practices with respect to PII, and should provide clear and accessible notice regarding creation, collection, use, processing, storage, maintenance, dissemination, and disclosure of PII.
-
Applicable SORN(s)
While the VIGSS devices do collect PII, data contained in VIGSS is not retrieved by a unique identifier. Therefore, a SORN is not required for devices implemented within the VIGSS boundary. -
Availability of Privacy Notices
Whenever possible, the FRTIB provides notice to individuals about its policies regarding the use and disclosure of PII at the time the FRTIB collects the information. The FRTIB forms that collect PII contain appropriate Privacy Act Notices. FRTIB provides additional notice to participants about how their information is used through its System of Records Notices, and at www.tsp.gov/privacy.When hired, all FRTIB federal employees and contractors are required to sign Rules of Behavior as a condition of employment. The document explicitly notifies employees and contractors that they have no reasonable expectation of privacy while using FRTIB networks or devices and notifies employees and contractors that their activity is subject to monitoring.
Accountability
FRTIB should be accountable for complying with these principles and applicable privacy requirements, and should appropriately monitor, audit, and document compliance. FRTIB should also clearly define the roles and responsibilities with respect to PII for all employees and contractors, and should provide appropriate training to all employees and contractors who have access to PII.
-
Roles and Responsibilities
Only limited employees within FRTIB’s Office of Technology Services (OTS) and contractor personnel who work on VIGSS systems have access to the system. Individuals with access to VIGSS are limited to those who have a need-to-know as part of their official job responsibilities. -
Training
All FRTIB employees and contractors with access to VIGSS must complete privacy awareness and security awareness trainings upon hire and annually thereafter. FRTIB’s privacy awareness training describes users’ responsibilities when handling PII and the penalties for mishandling privacy-sensitive data. FRTIB’s security awareness training describes information security best practices to be followed when using FRTIB systems and processing sensitive data. Users who do not complete required training are denied access to all FRTIB information systems. -
Audit
Activity on FRTIB networks, including within VIGSS, is monitored and logged to ensure information and information systems are used appropriately.
Privacy Officials
Megan Grumbine
Senior Agency Official for Privacy
Federal Retirement Thrift Investment BoardSarah Smith
Chief Privacy Officer
Federal Retirement Thrift Investment Board -