Privacy Impact Assessments (PIAs) are required by Section 208 of the E-Government Act of 2002 for all federal government agencies that develop or procure new technology involving the collection, maintenance, or dissemination of information in identifiable form or that make substantial changes to existing technology for managing information in identifiable form.
Date: March 29, 2007
Contact Point
David J. Bonski
Chief, Technical Services Branch and Chief Information Officer
National Drug Intelligence Center
319 Washington Street, 5th Floor
Johnstown, PA 15901
(814) 532-4795
Reviewing Official
Kenneth P. Mortensen
Acting Chief Privacy Officer and Civil Liberties Officer
Department of Justice
(202) 353-8878
Printable copy (88 KB pdf)
Section 1.0 - The System and the Information Collected and Stored within the
System.
1.1
What information is to be collected?
1.2
From whom is the information collected?
Section 2.0 - The Purpose of the System and the Information Collected and Stored
within the System
2.1 Why is the information being collected?
Section 3.0 - Uses of the System and the Information
3.1 Describe all uses of the information.
Section 4.0 - Internal Sharing and Disclosure of Information within the System
4.1 With which internal components of the Department of Justice (DOJ)
is the information shared?
Section 5.0 - External Sharing and Disclosure
5.1 With which external (non-DOJ) recipient(s) is the information
shared?
Section 6.0 - Notice
6.2 Do individuals have an opportunity and/or right to decline to
provide information?
6.3 Do individuals have an opportunity to consent to particular uses
of the information, and if so, what is the procedure by which an individual
would provide such consent?
Section 8.0 - Technical Access and Security
8.1 Which user group(s) will
have access to the system?
8.2 Will contractors to the Department
have access to the system? If so, please submit a copy of the contract describing
their role with this PIA.
8.3
Does the system use "roles" to assign privileges to users of the system?
8.4
What procedures are in place to determine which users may access the system
and are they documented?
8.5 How are the actual assignments of roles and rules verified according
to established security and auditing procedures
8.6 What auditing measures and technical safeguards are in place to
prevent misuse of data?
8.7
Describe what privacy training is provided to users, either generally or specifically
relevant to the functionality of the program or system?
8.8
Is the data secured in accordance with FISMA requirements? If yes, when was
Certification & Accreditation last completed?
8.9 Privacy Impact Analysis: Given access and security controls, what
privacy risks were identified and describe how they were mitigated.
The National Drug Intelligence Center (NDIC) SENTRY System is an Internet-based collection and dissemination system designed to help identify new, synthetic drug-related behaviors at an early stage, evaluate their importance, and track their development. The SENTRY application is a component of the NDIC eGov Initiative (NEI). SENTRY will focus on synthetic drugs that are primarily produced via a chemical process, such as LSD (lysergic acid diethylamide), MDMA (3,4-methylenedioxymethamphetamine, also known as ecstasy), and methamphetamine. The system also will monitor prescription drugs, over-the-counter medications, botanical substances and extracts, and chemicals and products involved in the manufacturing of synthetic drugs. The ultimate goal of SENTRY is to inform and alert the counterdrug community to address problems at an early stage.
SENTRY is operated by NDIC in coordination with the Office of National Drug Control Policy (ONDCP) and the National Institute on Drug Abuse (NIDA). SENTRY supports the ONDCP National Synthetic Drugs Action Plan.
SENTRY consist of an external public-facing web site used to collect and disseminate information on emerging synthetic drug issues form registered users and an internal relational database used to process and analyze information obtained through the external web site.
Section 1.0 - The System and the Information Collected and Stored within the System.
1.1 What information is to be collected?
Two types of information are collected through SENTRY: User registration information and descriptions of new or unusual synthetic drug-related activity provided by registered users.
User Registration Information - Agencies interested in becoming an authorized SENTRY user must provide agency contact information, including agency name, contact/user name, contact/user position, address, telephone number, and e-mail address.
Drug Activity Information - Approved authorized SENTRY users provide anecdotal information describing new or unusual synthetic drug-related activity.
1.2 From whom is the information collected?
It is anticipated that a network of correctional officers, drug diversion investigators, emergency medical personnel, forensic chemists, juvenile detention officers, law enforcement officers, medical toxicologists, school nurses, school resource officers, teachers, school administrators, physicians, emergency medical personnel, medical examiners, and treatment providers will become approved, authorized users and provide information through SENTRY.
Section 2.0 - The Purpose of the System and the Information Collected and Stored within the System
2.1 Why is the information being collected?
SENTRY is an Internet-based collection and dissemination system designed to help identify new synthetic drug-related behaviors at an early stage, evaluate their likely importance, and track their development. Information collected through SENTRY also will be shared, in aggregate form, with federal, state, and local counterdrug agencies to assist proactive responses to emerging synthetic drug-related behaviors and trends.
Section 3.0 - Uses of the System and the Information
3.1 Describe all uses of the information.
NDIC will use information obtained through SENTRY, combine it with additional information, and produce and disseminate Drug Alert Watch and Drug Alert Warning reports. A Drug Alert Watch report will be issued when a pattern of synthetic drug-related activity is first identified. The Drug Alert Watch report relies heavily on qualitative (nonnumeric anecdotal) information obtained from NDIC's wide network of partners. Once a pattern is established, NDIC will continue collecting and evaluating additional information. If and when a trend is detected, a Drug Alert Warning will combine this same qualitative information collected in the Drug Alert Watch phase with additional quantitative information collected by NDIC analysts and partner agencies.
Section 4.0 - Internal Sharing and Disclosure of Information within the System
4.1 With which internal components of the Department of Justice (DOJ) is the information shared?
Within DOJ, SENTRY information will likely be shared with the Drug Enforcement Administration (DEA), although no formal data-sharing agreement currently exists with DEA. SENTRY information also may be shared with other DOJ components involved in drug enforcement activities that request the information.
Section 5.0 - External Sharing and Disclosure
5.1 With which external (non-DOJ) recipient(s) is the information shared?
Outside of DOJ, SENTRY information will be shared with the ONDCP in the Executive Office of the President and NIDA in the Department of Health and Human Services. Other federal agencies involved in drug enforcement, treatment, or research that request SENTRY data may also be given access to SENTRY information. SENTRY information will be shared with local agencies on a case-by-case basis when an authorized user requests that NDIC facilitate contact with another user.
6.2 Do individuals have an opportunity and/or right to decline to provide information?
Agencies voluntarily become authorized SENTRY users and are under no obligation to use the system to report information.
6.3 Do individuals have an opportunity to consent to particular uses of the information, and if so, what is the procedure by which an individual would provide such consent?
Information provided through SENTRY will be available, in aggregate form, through the Geographical Information System (GIS) capabilities of SENTRY. NDIC does, however, only use the first three digits of the zip code to generate this information to prevent identification of specific respondents. SENTRY information will be shared with state and local agencies on a case-by-case basis when an authorized user requests that NDIC facilitate contact with another user. NDIC will telephone the submitter of the information and inform them that another user of the system would like to speak with them. If this is agreeable, NDIC will supply the submitter's contact information to the requester via telephone. Only with the consent of the SENTRY user who provides the data will PII obtained through SENTRY be provided to the requester.
Section 8.0 - Technical Access and Security
8.1 Which user group(s) will have access to the system?
The SENTRY system consists of a public-facing web site and an Intranet-based web site. The purpose of the external site is to collect information from known registered users, and the purpose of the internal site is for the analytical processing of information submitted from the external site.
The public-facing web site will contain the following user groups or roles:
- General User - NDIC will maintain (create, update,
delete) all accounts, and only those people who have submitted the proper information
to NDIC will be granted access. These users have the ability to submit information
and view NDIC news items and bulletins.
- Web Administrator - This group/role consists of NDIC
employees who have been granted the ability to create, modify, and delete site
content (bulletins and news items).
- User Administrator - This group/role consists of
NDIC employees who have been granted the ability to create, modify, and delete
external user accounts.
- Administrator - This group/role consists of NDIC employees who manage users and content.
Access to the internal site will be limited to NDIC employees. The internal site will contain the following user groups or roles:
- Analyst - NDIC employee (Intelligence Analyst) who
creates, updates, and deletes content related to the information submitted from
the external site.
- Administrator - NDIC employee who has the ability to create, update, and delete all site content.
8.2 Will contractors to the Department have access to the system? If so, please submit a copy of the contract describing their role with this PIA.
Contractors will not have access to the system from a user standpoint. Contractors will help Government staff design, develop and test the SENTRY application. Once the Government conducts final acceptance testing and formally receives the application, Government support staff will deploy the external and internal web sites. Government employees will provide general support and life-cycle maintenance. All maintenance support decisions will be made by Government employees. NDIC does have a general support subcontract for technical services, and some system administration support by a contractor may be required. The scope of the support subcontract includes software development and life-cycle technical support.
8.3 Does the system use "roles" to assign privileges to users of the system?
Yes. See question 8.1.
8.4 What procedures are in place to determine which users may access the system and are they documented?
The internal web site will use Operating System authentication and NDIC will follow NDIC documented Account Administration Policy for adding, modifying, and creating users in addition to granting and denying access to resources.
To the general user community, NDIC will explain the process for participating in the SENTRY application. To participate as a General User on the public-facing web site, the requester must provide the following information typed on agency letterhead:
- Name of agency or organization
- Name and title of requester
- Requester's role within the agency
- Complete mailing address
- E-mail address
- Telephone number
- Fax number
This information should be faxed to NDIC (FAX No: 814-532-4690) and an NDIC employee will contact the requester within 7 business days with their login information.
8.5 How are the actual assignments of roles and rules verified according to established security and auditing procedures?
For the Internal web site we follow our Account Management Policy, in which each request for access must be signed off by the requester's supervisor and access granted by NDIC's Security Office account representative. For the external public-facing web site, please see the response to question 8.4 above.
8.6 What auditing measures and technical safeguards are in place to prevent misuse of data?
NDIC uses levels of safeguards to prevent the misuse of data.
- First, user access is limited and must be approved before any access to
the system is granted for either the Internal or External web sites.
- Second, users will be granted only the access required to perform their
job functions. Privileges are grouped into roles, and these roles are assigned
based on job function.
- Third, the application segregates information access--there are two web
sites and two databases--external users are only granted access to a small portion
of data in one database only.
- Fourth, all records are stamped with the date/time and user who created
the record and the date/time and user who modifies the record.
- Fifth, important information is audited. For example, an audit log tracks login and logout events. Finally, the audit information will be periodically reviewed.
8.7 Describe what privacy training is provided to users, either generally or specifically relevant to the functionality of the program or system?
Being a DOJ component, all NDIC employees and contractors are required to complete Computer Security Awareness Training (CSAT) annually. Incorporated into the CSAT training is privacy training.
NDIC employees will be involved in the development, testing, and deployment of the SENTRY system. Privacy-related information will be addressed in all stages. NDIC users will receive training prior to the release of the system.
8.8 Is the data secured in accordance with FISMA requirements? If yes, when was Certification & Accreditation last completed?
NDIC will support design, development and testing of the SENTRY system on our Justice Network Segment (JNS). The Internal web site will be hosted on this network. This network is Certified and Accredited and has a Certification and Accreditations (C&A) status of Authority to Operate (ATO). The ATO for JNS was issued on March 7, 2006.
NDIC will deploy the public-facing web site on our NEI network. This network is Certified and Accredited and has a C&A status of Authority to Operate (ATO). The ATO for NEI was issued on February 24, 2005.
8.9 Privacy Impact Analysis: Given access and security controls, what privacy risks were identified and describe how they were mitigated.
Potential Privacy Risk: Unauthorized Access to the SENTRY system
Risk Level: Low
Risk Mitigation:
- Physical and Logical Access Control - Information
in the SENTRY system is safeguarded in accordance with NDIC's Information Technology
(I.T.) Security policies. Records and computer systems are maintained in buildings
with restricted access. Passwords and password-protection mechanisms also restrict
access to information in this system. Only personnel who develop and maintain
the system and other users who are intelligence analysts will be permitted access
to the system. This access is limited to those individuals who have an official
need for access in order to perform their duties.
- Authentication Controls - Access to the SENTRY system
is limited to authorized users with active SENTRY accounts on a closed Sensitive
But (SBU) network called the NDIC NEI.
NEI is fully Certified and Accredited (C&A) in accordance with DOJ‘s FISMA guidelines. Administrative and technical controls are described in more detail in the C&A package for the NEI network.
- Role-Based Controls - Access to specific data is restricted by user classification. This enforces access control to information with privacy considerations given to registered users, NDIC analysts, technical staff, and users from other participating agencies.
Potential Privacy Risk: Compromise of Information As a Result of Information Sharing with Other Participating Agencies
Risk Level: Low
Risk Mitigation: The sharing of information collected by the SENTRY system with other government agencies will be done in accordance with Memorandums of Understanding (MOUs) that will be established with these agencies. The protection of information collected and shared will be delineated as a condition in these MOUs. All users, technical staff, and other individuals from participating agencies will be responsible for protecting the privacy interest of information collected by this system.
Privacy considerations for the SENTRY system are protected through the fundamental design of the system. There is an external web site with its own community of users and protections, and there is an internal web site with a different community of users and protections. The business rules for each group of users are based on specified roles and on what individual users are required to do with the information that is collected.
David J. Bonski Signature 4/6/07 Date
David J. Bonski
Chief, Technical Service Branch
Chief Information Officer
National Drug Intelligence Center
Thomas W. Padden Signature 4/10/07 Date
Thomas W. Padden
Acting Chief Counsel
Chief Privacy Official
National Drug Intelligence Center
Kenneth P. Martensen Signature 5/2/08 Date
Kenneth P. Mortensen
Acting Chief Privacy and Civil Liberties Officer
Department of Justice
