APPENDIX 4 |
PRIVACY IMPACT ASSESSMENT |
|
06.3 HHS PIA Summary for Posting (Form) / NIH NCI Cancer Information
Service (CIS) PIA SUMMARY AND APPROVAL COMBINED
PIA Summary
Is this a new PIA 2011? No If this is an existing PIA, please provide a reason for revision: PIA Validation
Date of this Submission: 7/29/2011
OPDIV Name: NIH
Unique Project Identifier (UPI) Number: N/A
Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A
OMB Information Collection Approval Number: N/A
Other Identifying Number(s): N/A
System Name (Align with system Item name): NIH NCI CIS/Cancer.gov Sites
System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Robert Zablocki
Provide an overview of the system: The system includes several search interfaces accessible through the Cancer.gov site (National Organizations That Offer Cancer-related Services, Resources for Financial Assistance for Patients and Their Families, and National Cancer Institute-designated Cancer Centers database search interfaces), and the LiveHelp Welcome Page. These are information sites meant to provide them search capabilities to retrieve list of organizations concerned with helping cancer patients and their families/friends or provide the public with access to "chat" with the NCI‘s Cancer Information Service.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):
Yes
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):
N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this
description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The three search interfaces allows users to input their e-mail address in order to receive selected information via e-mail. E-mail addresses are not maintained or disseminated; e-mail addresses are provided voluntarily by users and are used only to provide requested information via this channel. Users have other print options available should they wish to have this information but not provide an e-mail address.
The LiveHelp Welcome Page provides users with access to the LiveHelp chat service manned by NCI‘s Contact Center staff, which is included in a separate PIA, NIH NCI CIS Extranet.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared.
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) E-mail address is not stored and so users cannot be contacted about major changes to the system. Online help files describe features/functions of the sites and are updated as changes are made.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):
Yes
37. Does the website have any information or pages directed at children under the age of thirteen?:
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: · Only authenticated, authorized systems staff have access to the database.
· Controlled access to production servers; only Web administrator has this level of access.
· There is a designated deployment team and deployments are handled from a secure gateway with no connection to the Internet. · Usernames and strong passwords are required for user access to production interface for
database.
· All production assets are in a central data center that has controlled and limited physical access. · Production environment is separate from development environment both logically and
physically. · Each application in the system has set user levels with different privileges assigned to each level.
PIA Approval
PIA Reviewer Approval: Promote _____________________________________________________________________________
PIA Reviewer Name: Suzy Milliard Sr. Official for Privacy Approval: Promote Sr. Official for Privacy Name: Karen Plá Sign-off Date: 9/19/2011 Approved for Web Publishing: Yes Date Published: February 13, 2012
File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
File Title | Privacy Impact Assessment |
Subject | FACEBOOK AND MOBILE CONTACT US FORMS |
Author | ilene Holly Burstyn |
File Modified | 0000-00-00 |
File Created | 2021-01-24 |