Contact Us Search: All EPA Privacy Act

• You are here: EPA Home
• Privacy Act
• Impact Assessments
• Time Sharing Services Management System (TSSMS)

Time Sharing Services Management System (TSSMS)

I. Data in the System

1. Generally describe what data/information will be collected in the system.

   User name, office, room/mail code, address, telephone, employee type, email address.

2. What are the sources and types of the information in the system?

   EPA ADP Coordinators, EPA ADP BackUps, and EPA Account Managers

3. How will the data be used by the Agency?

   To grant access to various EPA platforms (i.e., UNIX servers, IBM mainframe, etc).

4. Why is the information being collected? (Purpose)

   To grant access to various EPA platforms.

II. Access to the Data

1. Who will have access to the data/information in the system (internal and external parties)? If contractors, are the Federal Acquisition Regulations (FAR) clauses included in the contract (24.104 Contract clauses; 52.224-1 Privacy Act Notification; and 52.224-2 Privacy Act)?

   ADP Coordinator, ADP BackUps, Account Managers (only EPA except where EPA has approved contractors to serve as an Account Manager), TSSMS staff. The Privacy Act clauses (FAR 52.224-1, Privacy Act Notification and FAR 52.224-2, Privacy Act) are included in the Millennia contract at Section I, Section 1.1.1.

2. What controls are in place to prevent the misuse of data by those having authorized access?

   Controls are established according to the Standard Rules of Conduct as well as the IBM mainframe Resource Access Control Facility (RACF) Security Database. Data is RACF protected, access file within system determines type of access such as ADP Coordinators and their BackUps authorized to establish billable accounts and Account Managers can only add/delete users on their accounts.

3. Do other systems share data or have access to data/information in this system? If yes, explain who will be responsible for protecting the privacy rights of the individuals affected by the interface? (i.e., System Administrators, System Developers, System Managers)

   No.

4. Will other agencies, state or local governments share data/information or have access to data in this system? (Includes any entity external to EPA.)

   No.

5. Do individuals have the opportunity to decline to provide information or to consent to particular uses of the information? If yes, how is notice given to the individual? (Privacy policies must clearly explain where the collection or sharing of certain information may be optional and provide users a mechanism to assert any preference to withhold information or prohibit secondary use.)

   Yes. If declined, access is not granted.

III. Attributes of the Data

1. Explain how the use of the data is both relevant and necessary to the purpose for which the system is being designed.

   Provides access to EPA platforms and provides billing information.

2. If data are being consolidated, what controls are in place to protect the data from unauthorized access or use? Explain.

   N/A

3. If processes are being consolidated, are the proper controls remaining in place to protect the data and prevent unauthorized access? Explain.

   N/A

4. How will data be retrieved? Can it be retrieved by personal identifier? If yes, explain. (A personal identifier is a name, Social Security Number, or other identifying symbol assigned to an individual, i.e. any identifier unique to an individual.)

   System function is solely for granting access to various EPA platforms and is not a system available for data retrieval. ADP Coordinators, BackUps, and Account Managers can only browse/print the registration information by logging onto the registration system. Data is not available for retrieval for other applications/functions.

5. Is the Web privacy policy machine readable? Where is the policy stated? (Machine readable technology enables visitors to easily identify privacy policies and make an informed choice about whether to conduct business with that site.)

   N/A - not web based application.

IV. Maintenance of Administrative Controls

1. Has a record control schedule been issued for the records in the system? If so, provide the schedule number. What are the retention periods for records in this system? What are the procedures for eliminating the records at the end of the retention period? (You may check with the record liaison officer (RLO) for your AA-ship, Tammy Boulware (Headquarters Records Officer) or Judy Hutt, Agency Privacy Act Officer, to determine if there is a retention schedule for the subject records.)

   Nightly processing archives daily transactions on the IBM mainframe for seven years.

2. While the data are retained in the system, what are the requirements for determining if the data are still sufficiently accurate, relevant, timely, and complete to ensure fairness in making determinations?

   ADP Coordinators are responsible for maintaining their data integrity and nightly processing verifies all data according to EPA requirements (i.e., inactive EPA Employee access is removed, etc.)

3. Will this system provide the capability to identify, locate, and monitor individuals? If yes, explain.

   All transactions within system include the individuals identity (i.e., name and user-id).

4. Does the system use any persistent tracking technologies?

   No.

5. Under which System of Records (SOR) notice does the system operate? Provide the name of the system and its SOR number if applicable. A list of Agency SORs are posted at http://www.epa.gov/privacy/notice/. (A SOR is any collection of records under the control of the Agency in which the data is retrieved by a personal identifier. The Privacy Act Officer will determine if a SOR is necessary for your system.)

   43 - Time Sharing Services Management System

Local Navigation

• Privacy Act Home
• Submit a Request
• Policy
• Laws & Statutes
• Systems of Records
• Impact Assessments
• Frequent Questions
• Related Links

• EPA Home
• Privacy and Security Notice
• Contact Us