UNITED STATES AGENCY FOR INTERNATIONAL DEVELOPMENT
Office of the Inspector General (OIG)
Internet Quorum (IQ)
Privacy Impact Assessment (PIA)
OVERVIEW
The Privacy Office, in conjunction with its Office of the Inspector General, conducted a PIA of the Internet Quorum System (IQ). IQ system is the Citizen Relationship Management (CRM) system used by the United States Agency for International Development, Office of the Inspector General to manage and track people, correspondence, and investigative case information.
Comments or questions about the IQ system should be addressed to: Naima Taylor, Director, Information Management, United States Agency for International Development, 1300 Pennsylvania Avenue, N.W., RRB, 8.08-024, Washington, D.C. 20523-2052, telephone (202) 712-5695.
INFORMATION COLLECTION (WHAT)
The IQ system contains personally identifiable information (PII). The PII data elements contained in the IQ system can be: name, date of birth, social security number, mailing address, telephone and/or other numbers. USAID considers the PII contained within IQ to be Sensitive But Unclassified (SBU) information, and has applied the security controls necessary for the protection of SBU information.
INFORMATION COLLECTION (WHY)
The PII maintained within the IQ system is used to manage and track people, correspondence, and investigative case information throughout the organization.
AGENCY INTENDED USE
The IQ system is a document tracking system that maintains authorizations, creates documents from templates, and stores completed documents. Documents processed include OIG/Investigations documents, travel forms, training forms, and human resources documents. USAID OIG staff access the IQ system when conducting investigations and audits on individuals employed or contracted by USAID.
INFORMATION SHARING
The IQ system does not share the PII that it maintains.
NOTICE OF OPPORTUNITIES FOR CONSENT
No notice of opportunity for consent will be provided.
INFORMATION SECURITY
The IQ System Owner has conducted a certification and accreditation, which is registered with the Chief Information Security Officer (CISO). The baseline security controls from NIST 800-53 have been implemented, and the security controls were last reviewed on July 31, 2007. The system has valid system security and contingency plans, and its files are regularly backed up and stored off-site. Users are trained in their responsibilities to protect the PII maintained within the system.
Physical access to the IQ system is secured by use of guards, identification badges, cipher locks, closed circuit television and restricted access to the facilities where the system is hosted.
Logical access to the IQ system is secured by the use of user ids and passwords and restricted access to the desktop workstations from which the system is accessed.
SYSTEM OF RECORDS NOTICE (SORN)
The IQ system does not require a system of records notice, as defined by the Privacy Act of 1974, as amended, 5 U.S.C. 552a. While the IQ system contains PII, the OIG staff do not use the IQ system indexing and retrieval capabilities to retrieve records using the stored identifying particulars. Such a capability would be required to establish a system of records under the Privacy Act.
Back to Top ^