Privacy Impact Assessment for the Training Registration and Administration Records for the Office of Criminal Enforcement, Forensics and Training and the National Enforcement Training Institute
On this page:
- I. Data in the System
- II. Access to the Data
- III. Attributes of the Data
- IV. Maintenance of Administrative Controls
I. Data in the System
Generally describe what data/information will be collected in the system.
The National Enforcement Training Institute (NETI) is responsible for supporting the national environmental enforcement and compliance program through various training scenarios. NETI uses its online university, NETI Online, to collect and store information for students, classes, statistics, and to deliver some web-based training courses.
NETI Online supports different user interactions: students, faculty, course managers and administrator roles. Students can only manage their own account information, view their transcripts and register for classes. NETI staff that are identified as Administrators can manage other user's accounts and privileges, register people for classes, create classes and class deliveries, and monitor site activity. Faculty can administer their course/delivery information.
What are the sources and types of the information in the system?
Student data is provided by the user and includes name, mailing address, e-mail address, and employer/organizational information. New user applications are reviewed by a NETI Administrator to ensure that the applicant is a member of the audience serviced by NETI (i.e., Federal, State, Local, and tribal environmental enforcement personnel.)
NETI Online is also used to store course information and delivery details. Students register for courses. Instructors are provided with aids, such as Rosters, Sign-in sheets, Name Tags, Table Tents and Certificates of Course Completion.
How will the data be used by the Agency?
Students can obtain a transcript of NETI sponsored courses they have attended.
Year-end summary level statistical reports are produced (number of courses presented, total number of participants, etc.) to satisfy a variety of OECA internal management reporting requirements.
Why is the information being collected? (Purpose)
Student information is used to provide a record of course attendance and to track progress through modules of the web-based training courses.
Course information is used in advertising and promoting training opportunities.
Summary level statistical information is reported to satisfy internal management reporting requirements.
II. Access to the Data
Who will have access to the data/information in the system (internal and external parties)? If contractors, are the Federal Acquisition Regulations (FAR) clauses included in the contract (24.104 Contract clauses; 52.224-1 Privacy Act Notification; and 52.224-2 Privacy Act)?
NETI Online provides for varied access authorizations. For example, students are given limited authorization to only their own records, while instructors are given permission to manage their courses. NETI personnel have administrative authority for system maintenance and data integrity. NETI Online is contractor operated and all appropriate FAR clauses were included in the awarded contract.
What controls are in place to prevent the misuse of data by those having authorized access?
Data tables are locked to restrict access to authorized users. Access is controlled by user roles through the application. The role determines the level of data access available. EPA employees are required to receive annual security training.
Do other systems share data or have access to data/information in this system? If yes, explain who will be responsible for protecting the privacy rights of the individuals affected by the interface? (i.e., System Administrators, System Developers, System Managers)
Will other agencies, state or local governments share data/information or have access to data in this system? (Includes any entity external to EPA.)
Do individuals have the opportunity to decline to provide information or to consent to particular uses of the information? If yes, how is notice given to the individual? (Privacy policies must clearly explain where the collection or sharing of certain information may be optional and provide users a mechanism to assert any preference to withhold information or prohibit secondary use.)
No - No pii data is requested.
III. Attributes of the Data
Explain how the use of the data is both relevant and necessary to the purpose for which the system is being designed.
NETI Online provides the infrastructure to support both faculty and students in participating in training events. Through the use of automated services and processing, students can quickly and efficiently register for courses and obtain course material. Instructors can post/communicate course details (from class location, agenda, course prerequisites) which saves a tremendous amount of administrative time.
If data are being consolidated, what controls are in place to protect the data from unauthorized access or use? Explain.
No data are consolidated.
If processes are being consolidated, are the proper controls remaining in place to protect the data and prevent unauthorized access? Explain.
No processes are consolidated.
How will data be retrieved? Can it be retrieved by personal identifier? If yes, explain. (A personal identifier is a name, Social Security Number, or other identifying symbol assigned to an individual, i.e. any identifier unique to an individual.)
Data are retrieved by individuals using a unique log-in name and individually selected password.
What achievements of goals for machine readability have been incorporated into this system? Where is the policy stated? (Machine readable technology enables visitors to easily identify privacy policies and make an informed choice about whether to conduct business with that site.)
No pii data is requested or collected.
IV. Maintenance of Administrative Controls
Has a record control schedule been issued for the records in the system? If so, provide the schedule number. What are the retention periods for records in this system? What are the procedures for eliminating the records at the end of the retention period? (You may check with the record liaison officer (RLO) for your AA-ship, Tammy Boulware (Headquarters Records Officer) or Judy Hutt, Agency Privacy Act Officer, to determine if there is a retention schedule for the subject records.)
Yes - Records Control Schedule #200
While the data are retained in the system, what are the requirements for determining if the data are still sufficiently accurate, relevant, timely, and complete to ensure fairness in making determinations?
No - see #1 above.
Will this system provide the capability to identify, locate, and monitor individuals? If yes, explain.
The NETI Administrator through the use of the "APP - Administrative Power Page" can select the option of "Who is on?" to identify the web page that a currently logged-on user is at, as well as the IP address of the user's computer.
Does the system use any persistent tracking technologies?
Under which System of Records (SOR) notice does the system operate? Provide the name of the system and its SOR number if applicable. For reference, please view this list of Agency SORs. (A SOR is any collection of records under the control of the Agency in which the data is retrieved by a personal identifier. The Privacy Act Officer will determine if a SOR is necessary for your system.)
EPA-47 OCEFT/NETI Training Registration and Administration Records