Human Resources Management Information System

·         Name of project.

Human Resources Management Information System

·         Unique project identifier.

016-00-SSA/DHR-G-103

·         Privacy Impact Assessment Contact.

Deputy Commissioner
Office of Human Resources
Social Security Administration
6401 Security Boulevard
Baltimore, MD 21235                  

·         Describe the information to be collected, why the information is being collected, the intended use of the information and with whom the information will be shared.

The Human Resources Management Information System (HRMIS) is a Social Security Administration (SSA) certified and accredited General Support System (GSS) consisting of several sub-systems that maintain SSA’s personnel actions, and time and attendance information for all SSA employees.  The HRMIS GSS has two major subsystems, the HRMIS subsystem, which we use to administer functions related to maintaining SSA’s personnel actions, and the Mainframe Time and Attendance System (MTAS) for time and attendance.

The HRMIS subsystem captures personnel actions received from the Federal Personnel and Pay System (FPPS) that is transmitted to SSA from the Department of Interior’s (DOI) National Business Center (NBC) and subsequently fed into a processing application designed to capture essential SSA employee personnel information.  DOI’s NBC is a Federal Agency responsible for processing SSA’s payroll and personnel actions.    A subset of HRMIS information is extracted to the Human Resources Operational Data Store for the generation of management information reports.

The MTAS subsystem supports the recording of daily time and attendance information for all SSA employees and enforces SSA policy for time and attendance.  The MTAS user population includes SSA timekeepers, certifiers, payroll liaisons and administrators.   MTAS, using data received from the HRMIS subsystem for personnel information (e.g., name, social security number), interfaces electronically with DOI NBC’s FPPS to support the computation of pay.  MTAS includes daily and pay period level accounting of all SSA employees’ time worked and absences.   MTAS data interfaces within SSA support numerous management information activities, and productivity accounting reporting and related uses. 

We disclose the information in the HRMIS GSS only as necessary to SSA officials and employees who require the information to perform their official duties, or to the individual that the information pertains as permitted by the Privacy Act, or as otherwise permitted by Federal law.  The HRMIS GSS is not accessible to members of the public.  

·         Describe the administrative and technological controls that are in place or that are planned to secure the information being collected.

The HRMIS GSS has undergone authentication and security risk analyses. The latter includes an evaluation of security and audit controls proven to be effective in protecting the information collected, stored, processed, and transmitted by our information systems.  These include technical, management, and operational controls that permit access to those users who have an official “need to know.”  Audit mechanisms are in place to record sensitive transactions as an additional measure to protect information from unauthorized disclosure or modification.  SSA uses “TOP SECRET” to restrict access to the data in the HRMIS GSS.

We protect the information in the HRMIS GSS by requiring individuals who are authorized to access the information system to use a unique Personal Identification Number.  In addition, we store the computerized records in secure areas that are accessible to those employees who require the information to perform their official duties.  Furthermore, all of the individuals who have access to our information systems that maintain personal information must sign a sanction document annually that acknowledges penalties for unauthorized access to, or disclosure of, such information.

·         Describe the impact on individuals’ privacy rights.

We collect information only where we have specific legal authority to do so in order to administer our responsibilities under the Social Security Act.  When we collect personal information from individuals, including employees and contractors, we advise them of our legal authority for requesting the information, the purposes for which we will use and disclose the information, and the consequences of their not providing any or all of the requested information.  The individuals can then make informed decisions as to whether or not they should provide the information.

Are individuals afforded an opportunity to consent to only particular uses of the information?

When we collect information from individuals, including employees and contractors, we advise them of the purposes for which we will use the information.  We further advise them that we will disclose this information without their prior written consent only when we have specific legal authority to do so (e.g., the Privacy Act).  

·         Does the collection of this information require a new system of records under the Privacy Act (5 U.S.C. § 552a) or an alteration to an existing system of records?

No.  The HRMIS GSS is covered by existing system of records such as the General Personnel Records (OPM/GOVT-1); Pay, Leave, and Attendance Records (60-0238); and the Personnel Records in Operating Offices (60-0239); and they do not require any alterations. 

PIA CONDUCTED BY PRIVACY OFFICER, SSA:

Privacy Officer Vince Dormarunno Signature                                       September 8, 2008__

SIGNATURE                                                             DATE

PIA REVIEWED BY SENIOR AGENCY PRIVACY OFFICIAL, SSA:

 /s/   David F. Black________                                    September 11, 2008__

SIGNATURE                                                             DATE