Privacy Impact Assessment (PIA)
Executive Office for the U.S. Trustees
August 24, 2006
Privacy Impact Assessment (PIA), as defined by the E-Government Act of 2002, is an analysis of how information is handled:
(i) to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy,
(ii) to determine the risks and effects of collecting, maintaining and disseminating information in identifiable form in an electronic information system, and
(iii) to examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks.
To ensure the DOJ accounts for the privacy concerns of individuals as systems are developed, it is DOJ policy (per DOJ Order 2880.1B) that components have been mandated to develop and utilize PIA processes. Therefore, the Executive Office for the U.S. Trustees has prepared this assessment to address this requirement for the United States Trustee Program (USTP) system.
What information is being collected?
The USTP system is comprised of several data collections which share key case management data where appropriate. The primary system is the Automated Case Management System (ACMS). ACMS is a legacy system comprised of 21 regional IBM RPG data files resident on a central IBM server accessible by Program staff for analysis and reporting. ACMS provides the information necessary for the USTP to manage bankruptcy cases filed under chapters 7, 11, 12, and 13 of Title 11 of the United States Bankruptcy Code. ACMS stores relevant case information including case number, debtor name, debtor social security number(s), company EIN, debtor alias names, debtor addresses, and debtor attorney information as well as relevant case status information such as courts orders, opinions, hearings, reports, pleadings, appointments, and fees along with associated dispositions.
ACMS serves as the primary information system to support the USTP's congressional mandate to provide review and oversight of the bankruptcy system in order to protect against fraud and abuse, and ensure a just and speedy resolution to all matters. ACMS is a legacy system that is being modernized to keep pace with the tracking of over 1 million new cases per year. ACMS helps the USTP to efficiently review the case administration of bankruptcy cases and trustees, and assists with the USTP civil enforcement efforts.
In addition, ACMS drives the following USTP collections:
The automated Chapter 11 Quarterly Fee Information and Collection System (FICS). FICS is an accounts receivable system that assists the USTP with the noticing and collection of fees from Chapter 11 debtors and tracks this activity throughout the life of the case. Chapter 11 data originates from the U.S. Bankruptcy Courts. It is sent to one of 95 USTP offices where it is initially added into ACMS. ACMS is then augmented by USTP staff as the case progresses. ACMS data is transferred monthly to the FICS database. Once a month, FICS generates noticing (or delinquency as appropriate) information for each debtor and electronically transmits the data to a noticing contractor. The noticing contractor generates invoices and mails them to the debtors (approximately 20,000 monthly). In addition, FICS provides USTP field offices online access to case status, financial transactions, disbursements, and event history information through the FICS Intranet Browser application.
Significant Accomplishments Reporting System (SARS). SARS allows USTP staff to record both informal and formal actions in the areas of civil enforcement, case administration and other significant activities. Basic case information, case number, debtor name and chapter are shared between ACMS and SARS. (No social security numbers or other personal information is stored in SARS.) The system also generates reports reflecting Significant Actions reported. The actions recorded in SARS closely correlate to the Program’s civil enforcement efforts and provide part of the basis for the USTP annual report of significant accomplishments.
Criminal Enforcement Tracking System (CETS). CETS facilitates the accurate tracking of criminal enforcement efforts within the USTP such as preliminary investigations by Program staff, referrals to United States Attorney’s offices and other law enforcement agencies (FBI, SSA-OIG, IRS, HUD-OIG, Postal Inspector, U.S. Secret Service), final dispositions and any assists with investigative efforts initiated by other DOJ components or outside law enforcement agencies. Basic bankruptcy case information, case number, debtor name and chapter, where applicable, are shared between ACMS and CETS. The subject name(s), name of who initially contacted the USTP (if an non-USTP employee), name of referring USTP employee, and name of contact person at recipient agency is also stored in CETS. (No social security numbers or other personal information is stored in CETS.)
Section 110 Petition Prepares Database (Section 110 Database) - The Section 110 database monitors petition preparers who are suspected of violating Section 110 of the US Bankruptcy Code. Related case numbers are tracked as well as the petition preparer name, address, social security number, company name, company address and EIN.. The USTP staff can use the database to share effective enforcement techniques; provide sample pleadings and other court filings; and provide status updates on pending actions.
Means Test Review Management System - The Means Test Review Management System (MTR) was developed to support the Program’s review of the new bankruptcy current monthly income forms required under BAPCPA. As of October 17, 2005, Chapter 7, 11 and 13 debtors are required to file current monthly income forms along with their petitions and schedules within 45 days of filing for bankruptcy. The MTR System tracks the filing of all Chapter 7 cases and facilitates the review of the currently monthly income and Means Test calculation forms data to verify the results. In addition, the MTR System tracks 341 dates and associated due dates for required UST Presumption of Abuse Statements and related motions. The MTR System shares data with the USTP Case Management System (ACMS) to ensure case data is current and accurate and to streamline data entry. Basic case information, case number, debtor name, address, chapter, debtor attorney name, and judge name are shared between ACMS and MTR. (No social security numbers or other personal information is stored in MTR.)
The program also has the following data collections:
Professional Timekeeping System (PTS) - The Program tracks various defined categories of professionals time. Certain positions within the Program report time spent on certain activities. This allows the Program to correlate time expended against program goals and priorities. Employees names are not captured in the database; however, they are recorded on the submitted time sheets. No other personal information is captured.
Trustee Oversight Tracking Systems – There are a few miscellaneous database tables that track the appointment of private trustees, private trustee name, length of appointment, performance reviews, audit results, annual budget reviews, and various other oversight related items.
Chapter 7 Tracking System - The Chapter 7 Tracking system currently provides national statistics of chapter 7 financial/estate data.
Fee Application Review (Fee App) – The Fee App program allows USTP staff to electronically review professional fee applications submitted in mega-cases. Program staff can quickly ascertain whether a professional is billing too many hours in a day or for a non-approved category. This allows the Program to formally object to certain fees which ultimately may result in more funds available for distribution to creditors. Employee names of the firms submitting fee applications are captured in these data collections. All information is also filed with the courts.
Credit Counseling/Debtor Education Tracking System - The Credit Counseling/Debtor Education Tracking System was developed to support the Program’s approval process of those agency and vendor applications submitted for consideration as credit counselors or debtor education providers under BAPCPA. The System facilitates the tracking of the receipt of the application, the review process and final determination, as well as notification to the courts and general public of the approved agencies/providers. For the approved agencies/providers, the System allows for the tracking of the associated renewal process and any complaints received regarding any of the agencies/providers. Basic applicant information is captured in the system, applicant name, title, company name, address, email address, phone number, fax number, social security number, and EIN. Names and address of all owners, officers, directors, partners, or trustees. The System also captures the name, title, company name, address, email address, and phone number of complainants, along with any names of individuals perceived to be harmed by an agency’s actions other than the complainant.
Credit Counseling/Debtor Education Certificate Issuance System - The Credit Counseling/Debtor Education Certificate Issuance System is a web-based system that enables the approved providers of credit counseling under 11 U.S.C. Section 521(b)(1), and providers of personal financial management instruction, to issue certificates of completion to their clients. Agency and Provider information is captured in the system, counselor name and company name. Debtor name and case number are captured when issuing debtor education certificates only. No personal information regarding any individual receiving credit counseling is captured. No social security numbers are stored in the system.
The majority of the information collected above in the USTP system is obtained from the United States Bankruptcy court filings. With the exception of the full social security number, any external referrals, professional time data, private trustee data, and personal data collected as part of the credit counseling and debtor education application process, all information is publically available from the courts. Under the E-Government Act of 2002, the courts updated their systems to no longer display to the general public the full social security number. However, the courts provide the full social security number to the Program in order to properly administer the bankruptcy case.
The above data collections are stored on servers connected to the USTP office automation network (JCON). The USTP Justice Office Consolidated Network - JCON provides the infrastructure to support email, internet/intranet, word processing and file/print services nationwide. In the normal course of business, search results or reports form the above data collections may be saved to a JCON file server, where appropriate, which may contain personal identifying information about the debtor. In addition, Human Resource Specialists/Administrative Officers/Personnel Security Specialists/Managers/Supervisors may save personnel security or personnel files, where appropriate. This info may contain personnel identifying information about government employees and contractors and is restricted to those who need to know.
Why the information is being collected?
The USTP is a component of the Department of Justice that seeks to promote the efficiency and protect the integrity of the Federal bankruptcy system. To further the public interest in the just, speedy and economical resolution of cases filed under the Bankruptcy Code, the Program monitors the conduct of bankruptcy debtors, parties in interest, and private estate trustees, oversees related administrative functions, and acts to ensure compliance with applicable laws and procedures. It also identifies and helps investigate bankruptcy fraud and abuse in coordination with United States Attorneys, the Federal Bureau of Investigation, and other law enforcement agencies.
The Program was established by the Bankruptcy Reform Act of 1978 (11 U.S.C. § 101, et seq.) as a pilot effort encompassing 18 districts. It was expanded to 21 Regions nationwide, covering all Federal judicial districts except Alabama and North Carolina, by enactment of the Bankruptcy Judges, U.S. Trustees, & Family Farmer Bankruptcy Act of 1986 (Pub. L. 99-554, 100 Stat. 3088, reprinted in part at 28 U.S.C. § 581, note). The Program is funded by the United States Trustee System Fund, which consists primarily of fees paid by individuals and businesses invoking Federal bankruptcy protection.
The primary role of the USTP is to serve as the "watchdog over the bankruptcy process." As stated in the USTP Mission Statement:
The USTP Mission is to promote integrity and efficiency in the nation’s bankruptcy system by enforcing bankruptcy laws, providing oversight of private trustees, and maintaining operational excellence.
What opportunities individuals will have to decline to provide information or to consent to particular uses of the information and how individuals grant consent?
Except for individual Chapter 11 filers, once an individual enters the bankruptcy system, the USTP is required by statute to appoint a trustee and review the case accordingly. In these instances, the USTP only collects personal identifier information on those individuals filing for bankruptcy protection. For the additional oversight duties regarding private trustees, credit counseling agencies, and debtor education providers, the individuals are providing this information knowingly as part of the application process or as part of the annual review process. For the individuals submitting referrals or complaints, they may chose to do so anonymously, otherwise, they are also knowingly providing their personal information.
Intended use of the Information?
As stated above, the primary role of the USTP is to serve as the “watchdog over the bankruptcy process”. Therefore, the Program is using the information gathered from the bankruptcy courts to perform this function.
Access to Data
With whom the information will be shared?
The personal information collected and maintained by the USTP system will be accessed by the USTP government staff and cleared contractor staff. Additionally, the information may be shared with other law enforcement agencies as well as the private case trustees and other parties as appropriate. These routine uses are specifically covered under the USTP Systems of Records as published in the Federal Register on March 4, 2004 at 69 FR 10255 and on June 15, 2004 at 69 FR 33403.
How the information will be secured?
The USTP will secure information and the system on which that information resides per the relevant Department of Justice IT Security Policies. The Department requires that all systems be certified and accredited. Each certification and accreditation package contains a systems security plan, requirements traceability matrix, system test and evaluation report, risk management report, plan of action and milestones, security policy, contingency plan, awareness training, rules of behavior, incident response plan, configuration management plan, scan results, hardware and software listings, accreditation statement, boundary and certification level.
Except for the Certificate Issuance System, the USTP systems are only accessible within the USTP Justice Consolidated Office Network. This means no outside, non-USTP direct access to the system is provided. Any data shared outside of the USTP with other law enforcement agencies or private trustees is provided as data files or hard copies.
For the Certificate Issuance System, the USTP provides internet access to this system to the approved credit counseling agencies and approved debtor education providers. All users are authenticated to this system. This system physically resides on external servers in a secure approved DOJ zone that is not on the internal USTP Justice Consolidated Office Network.
In addition, the bankruptcy case information is downloaded daily from the U.S. Bankruptcy Courts to the USTP system via a secured (HTTPS) connection utilizing the existing Department Internet connection.
How the information will be verified for accuracy?
The USTP has established a Data Integrity Group (DIG) to ensure the appropriate data entry and review protocols exist for the data collections comprising the USTP system. The DIG also conducts periodic reviews in addition to the periodic certifications required by the USTP field management. SARS data is verified and submitted quarterly to the Department. CETS data is verified bi-annually. ACMS, MTR, Private Trustee and Credit Counseling/Debtor Education data is reviewed daily. FICS and Professional Time data is verified monthly. Fee Application data is reviewed in accordance with the case deadlines set by the court. In addition, all information is vetted annually prior to publication of the USTP Annual Report of Significant Accomplishments.
Summary and Conclusions
Since it is the mission of the USTP to secure the just, speedy, and economical resolution of bankruptcy cases; monitor the conduct of parties and take action to ensure compliance with applicable laws and procedures; identify and investigate bankruptcy fraud and abuse; and oversee administrative functions in bankruptcy cases; it is critical that the USTP continue to receive the relevant bankruptcy case information, including personal identifiers, in a timely and expeditious manner. Without this information, the USTP would be unable to fulfill its statutory requirements. The USTP reviewing officials feel that substantial measures are in place to protect the personal information collected and proper education has been and will continue to be provided to ensure this data is treated as “limited official use” by all Program staff, contractor staff, private trustees and associated law enforcement agencies.
Point of Contact
If you have any questions regarding this document, please send your questions to:
Executive Office for U.S. Trustees
20 Massachusetts Avenue, NW
Washington, DC 20530
Attn: Privacy Officer
or submit via Email to firstname.lastname@example.org