Privacy Impact Assessment for EZHire
On this page:
- I. Data in the System
- II. Access to the Data
- III. Attributes of the Data
- IV. Maintenance of Administrative Controls
I. Data in the System
Describe the information(data elements and the fields)available in the system in the following categories:
- Social Security Number
- Date of Birth
- Military Status
- Educational background
- Prior employment data
What are the sources and types of the information in the system?
The information that is being collected includes personal information about the applicants; to include names, addresses and social security numbers among other pieces of personal information. In addition, the applicants will provide information about their employment history including their resume and detailed information about current and previous employers and educational background, among other pieces of employment history, educational information, Veterans preference and disability information. Information stored and processed by the EZ-Hire application also includes employment related data such as job vacancies, position descriptions, position requirements and necessary qualifications, applicant questions, and various other factual data.
How will the data be used by the Agency?
EZ-Hire will collect information on individuals who are seeking employment with EPA with the sole intent of placing qualified individuals into current job openings. This includes individuals who are current employees of the federal government and individuals who are not currently employees of the federal government.
Why is the information being collected? (Purpose)
The overall purpose of EZ-Hire is to improve the hiring management process for Human Resources and customers. EZ-Hire does this through several functions, including posting and managing vacancies, displaying those vacancies to potential employees via the Internet, collecting and processing employment application and applicant personal data (i.e. contact information), and ranking applicants' qualifications based on such data. In addition, the system provides mailing list functionality so that employment candidates once enrolled can be notified of the respective hiring decisions and interested parties can be notified of future job vacancies.
II. Access to the Data
Who will have access to the data in the system (internal and external parties) if contractors, are the Federal Acquisition Regulations (FAR) clauses included in the contract (24.104 Contract clauses; 52.224-1 Privacy Act Notification; and 52.224-2 Privacy Act)?
EPA's designated employees including support personnel teams will have access to EZ-Hire applications and databases. Their access is necessary to provide on going software and hardware observation and maintenance access. The applicant will have very limited access to their own data for updating their profile, adding missing information and the ability to review their file as desired. With regard to the Department, access, authorizations and permissions will be granted to systems administrators, HR specialists and hiring managers at a level commensurate with their need to know and database management responsibilities. QuickHire grants initial access to EPA personnel designated as the system administrators. Subsequently the administrators will tie down access by reissuing credentials. EPA and QuickHire systems administrators will be the only ones to retain full access.
Contract vehicles include FAR (48CFR) clauses 24.104 and 52.223 clauses 1 and 2.
What controls are in place to prevent the misuse of data by those having access?
The Access Control Lists (ACL) and Standard Rules of Conduct are the preventative means in place to stop unauthorized access and misuse of the data. Other detective types of control that are in place include such things as; auditing records which help control unauthorized access and misuse of data.
Do other systems share data or have access to data in this system?
No. Even though QuickHire is used across several agencies the data and database belongs exclusively to EPA and to EPA's user group consisting of HR specialists. They are the only users that have access to it. The exceptions are the QuickHire system administrators and helpdesk personnel in direct support of EPA.
Will other agencies, state or local governments share data or have access to data in this system?
Do individuals have the opportunity to decline to provide information or to consent to particular uses of the information? If yes, how is notice given to the individual?
Individuals have the opportunity to decline data that is not a requirement by the agency. Certain fields within EZHire require an answer to continue with the application process while other fields may be skipped, or declined, by the applicant. EPA determines which fields are required and how the notice is to be given.
III. Attributes of the Data
Explain how the use of the data is both relevant and necessary to the purpose for which the system is being designed?
The use of the data is relevant for the fact that the information the applicant provides through the EZHire Web based application is used for the purpose of determining eligibility and qualifications of an individual for the position being advertised and for which they are applying. The data is being used for EPA hiring process only.
If data are being consolidated, what controls are in place to protect the data from unauthorized access or use?
N/A; data is not to be consolidated within this application.
If processes are being consolidated, are the proper controls remaining in place to protect the data and prevent unauthorized access? Explain.
N/A; data is not to be consolidated within this application. Any necessary change would go through the QuickHire Configuration Management/Change Management Process in which EPA would be notified and included on.
How will data be retrieved? Can it be retrieved by personal identifier? If yes, explain.
Access to the applicant data is protected and controlled by a User ID, and Password function. There are various levels of authorization to the data and the application functionality depending on the job function of the authorized user and applicant themselves. The list is controlled and administered by designated System Administrators and Help Desk Personnel representing both EPA and QuickHire. All data is primarily retrieved via the vacancy to which the applicant applied. Each applicant's record can be retrieved by the applicant's name or social security number or by a numerical key internal to the system such as the vacancy number of the position to which they applied.
What achievements of goals for machine readability have been incorporated into this system?
Our current Citrix product is not compatible with machine readers.
IV. Maintenance of Administrative Controls
Has a record control schedule been issued for the records in the system?
While the data are retained in the system, what are the requirements for determine if the data are still sufficiently accurate, relevant, timely, and complete to make fairness in making determination?
Contractor hosts the data but does not manipulate it or manage it. Data is back-up nightly in the event of a system failure. Other than that QuickHire is content delivery, and EPA is responsible for any data changes that occur and the management of that data.
Will this system provide the capability to identify, locate, and monitor individuals?
Does the system use any persistent tracking technologies?
Under which System of Records (SOR) notice does the system operate?