Created
March 4, 2025 20:40
-
-
Save harrisj/015099f054032fd87c0840b055b7e645 to your computer and use it in GitHub Desktop.
Diff of GWES PIA text
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 4c4 | |
| < February 5, 2025 | |
| --- | |
| > February 28, 2025 | |
| 41,43c41,43 | |
| < disseminates only the information of federal government employees. | |
| < Therefore, no PIA is required. OPM has nevertheless chosen to conduct this | |
| < PIA in its discretion. | |
| --- | |
| > disseminates information about federal government employees. Therefore, | |
| > no PIA is required. OPM has nevertheless chosen to conduct this PIA in its | |
| > discretion. | |
| 48c48 | |
| < these duties, OPM internally developed the GWES to enable widespread and | |
| --- | |
| > these duties, OPM internally developed the GWES to enable widespread, | |
| 56,58c56,59 | |
| < simultaneous communication with federal government employees. The | |
| < GWES maintains only the names and government email addresses of federal | |
| < government employees, as well as voluntary responses to mass emails. | |
| --- | |
| > rapid email communication with federal government employees. The GWES | |
| > is designed to maintain the names and government email addresses of | |
| > federal government employees, as well as emails sent from the system and | |
| > responses to those emails. | |
| 63,66c64,67 | |
| < government-wide emails to federal government employees. This system | |
| < increases efficiency and transparency by allowing simultaneous | |
| < communication with the federal workforce OPM has been tasked with | |
| < overseeing. | |
| --- | |
| > government-wide emails to federal government employees and receive | |
| > responses. This system increases efficiency and transparency by allowing | |
| > fast and widespread communication with the federal workforce OPM has | |
| > been tasked with overseeing. | |
| 68,80c69,84 | |
| < Microsoft mailboxes. OPM uses this system to communicate with federal | |
| < employees, a capacity which is within its statutory authority. The only | |
| < information collected, maintained, or used by the GWES are (1) names of | |
| < federal employees, (2) their government email addresses, and (3) short, | |
| < voluntary email responses. | |
| < The information in the GWES is accessible by a handful of individuals within | |
| < OPM, overseen by the Chief Information Officer. | |
| < The GWES is built upon employee contact information found in the | |
| < Enterprise Human Resources Integration (EHRI) and Official Personnel Folder | |
| < (OPF) record systems. Additional contact data is collected from the | |
| < employing agencies of federal workers, which is received through email. The | |
| < GWES is subject to existing OPM security plans and the data is stored in | |
| < secure mailboxes or on government computers requiring PIV access. | |
| --- | |
| > Microsoft applications procured in the normal course. OPM uses this system | |
| > to communicate with federal employees, in a capacity within its statutory | |
| > authority. The GWES is designed to collect, maintain, and use the (1) names | |
| > of federal employees, (2) their government email addresses, and (3) email | |
| > messages and responses, which may include additional information about | |
| > the employee provided by that employee. The GWES blocks responses from | |
| > emails that do not have government domains. | |
| > The information in the GWES is accessible by a limited number of individuals | |
| > within OPM who have a need for the information in the performance of their | |
| > duties, overseen by the Chief Information Officer. | |
| > The GWES is built largely upon employee email contact information found in | |
| > the Enterprise Human Resources Integration (EHRI) and Official Personnel | |
| > Folder (OPF) record systems. Additional email contact data is collected from | |
| > the employing agencies of federal workers. OPM applies filters to these | |
| > various sources to remove erroneous domains before emails are sent. The | |
| > GWES is subject to existing and approved OPM security plans and the data is | |
| 87a92,94 | |
| > stored in secure Microsoft applications and on government computers | |
| > requiring PIV access. | |
| > | |
| 98,99c105,108 | |
| < §§ 301, 2951, 3301, 6504, 8347, and 8461. These authorities permit OPM to | |
| < maintain and request information regarding federal employees. | |
| --- | |
| > §§ 301, 2951, 3301, 4302, 6504, 8347, and 8461. These authorities permit | |
| > OPM to maintain and request information regarding federal employees. The | |
| > President may also, from time to time, direct OPM to collect information or | |
| > communicate with the federal workforce on particular subject matters. | |
| 102,105c111,115 | |
| < Email systems are not generally subject to the Privacy Act of 1974, but to | |
| < the extent that records pertaining to individuals are retrieved for purposes of | |
| < making decisions about individuals, the records relevant to this project are | |
| < covered by the OPM GOVT-1 and OPM/Central-21 SORNs. | |
| --- | |
| > Email systems are not generally subject to the Privacy Act of 1974. | |
| > However, to the extent the GWES contain records subject to the Privacy Act, | |
| > or information stored on secure government computers, the information in | |
| > this system is covered by various OPM SORNs, including but not limited to | |
| > OPM GOVT-1, GOVT-2, Central-21, and Internal-21 SORNs. | |
| 108,117c118,120 | |
| < The Office 365 mailbox has been granted an Authorization to Operate (ATO) | |
| < that includes a system security plan. The government computer storing the | |
| < data is subject to standard security requirements, including limited PIV | |
| < access. | |
| < 1.4. Does a records retention schedule approved by the National | |
| < Archives and Records Administration (NARA) exist? | |
| < To the extent that email records in the system are used for personnel | |
| < decisions, records in the system are governed by GRS 6.1 Capstone E-mail | |
| < Retention. Item 040 (DAA-GRS-2017-0007-0004) covers any eOPF records | |
| < and requires that they be destroyed when survivor or retirement claims are | |
| --- | |
| > The GWES is located within Microsoft applications and on secure government | |
| > computers. These Microsoft Applications have been granted an Authorization | |
| > to Operate (ATO) that includes an approved system security plan. The | |
| 125,128c128,134 | |
| < adjudicated or when records are 129 years old, whichever is sooner, but | |
| < longer retention is authorized if required for business use. Item 080 (DAAGRS2017-0007-0012) covers other personnel contact information and | |
| < requires destroying remaining documents 1 year after employee separation | |
| < or transfer. | |
| --- | |
| > government computers storing the data are subject to standard security | |
| > requirements, including limited PIV access. | |
| > 1.4. Does a records retention schedule approved by the National | |
| > Archives and Records Administration (NARA) exist? | |
| > Depending on the nature and type of record within the GWES, various NARAapproved records schedules may apply. Item 040 (DAA-GRS-2017-00070004) covers any eOPF records and item 080 (DAA-GRS2017-0007-0012) | |
| > covers other personnel contact information. Email records are governed by | |
| > GRS 6.1, Capstone E-mail Retention. | |
| 133,134c139,140 | |
| < Information contained in GWES is not subject to the PRA because it is not | |
| < collected from the public. | |
| --- | |
| > Information contained in the GWES is not subject to the PRA because it is | |
| > not collected from the public. | |
| 139,143c145,148 | |
| < GWES collects, maintains, and uses the names and government email | |
| < addresses of federal government employees. GWES also collects and | |
| < redistributes responses to emails sent to those addresses, which are limited | |
| < to short, voluntary, non-identifying information. Specifically, GWES contains | |
| < the following: | |
| --- | |
| > The GWES is designed to collect, maintain, and use the names and | |
| > government email addresses of federal government employees. The GWES | |
| > also maintains emails sent to those addresses, and collects and maintains | |
| > responses to those emails. Specifically, the GWES contains the following: | |
| 146,148c151,153 | |
| < Employee Contact Data: GWES collects, maintains, and uses the | |
| < names and government email addresses of federal government | |
| < employees. Other identifying information is not used. | |
| --- | |
| > Employee Contact Data: The GWES is designed to collect, maintain, | |
| > and use the names and government email addresses of federal | |
| > government employees. Other identifying information is not used. | |
| 153,155c158,159 | |
| < Contact Data, GWES collects, maintains, and redistributes short, | |
| < voluntary responses. | |
| < | |
| --- | |
| > Contact Data, the GWES stores that email and may collect and | |
| > maintain responses. In some circumstances, responses may also be | |
| 161a166,168 | |
| > sent directly to or redistributed to employing agencies or other | |
| > agencies consistent with applicable restrictions on the particular data | |
| > at issue and using authorized means of transmission. | |
| 165,167c172,176 | |
| < systems. Additionally, some data is collected from the employing agencies of | |
| < federal workers, which is received through email. | |
| < The Employee Response Data is sent to OPM by email. | |
| --- | |
| > systems. Additionally, some email contact data is collected from the | |
| > employing agencies of federal workers. The system applies filters to remove | |
| > erroneous domains before emails are sent. | |
| > The Employee Response Data is sent by federal government employees to | |
| > OPM by email. | |
| 171,172c180,181 | |
| < Many of the names and email addresses of federal government employees | |
| < are publicly available. | |
| --- | |
| > No, although many names and email addresses of federal government | |
| > employees are publicly available. | |
| 174,180c183,189 | |
| < OPM has a high degree of confidence in the accuracy of the Employee | |
| < Contact Data because it comes from the EHRI and OPF systems, which are | |
| < subject to their own accuracy measures as outlined in their respective PIAs, | |
| < as well as directly from the employing agencies. | |
| < OPM has a high degree of confidence in the accuracy of the Employee | |
| < Response Data because OPM receives the information directly from | |
| < employees through their secure government email addresses. | |
| --- | |
| > The Employee Contact Data comes from the EHRI and OPF systems, which | |
| > are subject to their own accuracy measures as outlined in their respective | |
| > PIAs, as well as directly from the employing agencies. | |
| > The Employee Response Data comes directly from employees through their | |
| > secure government email addresses. OPM anticipates that the responses will | |
| > cover information within employees’ personal knowledge or information | |
| > provided to them in the course of their official duties. | |
| 185,188d193 | |
| < Mitigation: This risk has been mitigated by compiling the Employee Contact | |
| < Data only through the EHRI and OPF systems, and directly from the | |
| < employing agencies. GWES only uses email addresses with government | |
| < domains. | |
| 195a201,205 | |
| > Mitigation: This risk has been mitigated by compiling the Employee Contact | |
| > Data through the EHRI and OPF systems, and directly from the employing | |
| > agencies. The GWES uses email addresses with government domains and | |
| > uses a filtering mechanism to remove contact data erroneously captured | |
| > before emails are sent. | |
| 198c208 | |
| < Mitigation: Because OPM uses GWES to send emails only to employees’ | |
| --- | |
| > Mitigation: Because OPM uses the GWES to send emails to employees’ | |
| 201,205c211,213 | |
| < Additionally, GWES has implemented procedures for employees to correct | |
| < any erroneous responses by working with the human capital officer in their | |
| < employing agency. If an erroneous response is sent, it can easily be | |
| < corrected in GWES when the human capital officer notifies OPM. GWES | |
| < blocks all responses from emails that do not have government domains. | |
| --- | |
| > Additionally, employees have the ability to correct any erroneous responses | |
| > by working with the human capital officer or manager in their employing | |
| > agency. | |
| 209,210c217,218 | |
| < GWES enables OPM to communicate directly with federal government | |
| < employees simultaneously and help OPM fulfill its statutory and delegated | |
| --- | |
| > The GWES enables OPM to communicate directly and quickly with federal | |
| > government employees and help OPM fulfill its statutory and delegated | |
| 212,213c220,223 | |
| < workforce. OPM further communicates employee responses to employing | |
| < agencies to facilitate those agencies’ own personnel management. | |
| --- | |
| > workforce. OPM may also further communicate employee responses to | |
| > employing agencies to facilitate those agencies’ own personnel management, | |
| > or other agencies as appropriate to facilitate government-wide workforce | |
| > initiatives. | |
| 218,222c228,229 | |
| < GWES programmatically evaluates responses to verify the quality of the | |
| < system and the substance of the Employee Response Data. | |
| < 3.3. Are there other programs or offices with assigned roles and | |
| < responsibilities within the system? | |
| < No. | |
| --- | |
| > OPM employees programmatically evaluate responses to verify the quality of | |
| > the system and analyze the substance of the Employee Response Data. OPM | |
| 229a237,243 | |
| > anticipates enhancing and refining its response analyses over time. OPM | |
| > may also query specific responses or emails to evaluate them as needed. | |
| > Responses may be used to assist in making personnel decisions and to | |
| > inform broader workplace initiatives. | |
| > 3.3. Are there other programs or offices with assigned roles and | |
| > responsibilities within the system? | |
| > No. | |
| 233,236c247,250 | |
| < Mitigation: This risk is mitigated by restricting access to a limited number | |
| < of individuals assigned to access the GWES information and blocking others | |
| < from access. The data is stored only in secure Microsoft mailboxes, and on | |
| < secure government computers requiring a PIV card to access. | |
| --- | |
| > Mitigation: This risk is mitigated by restricting disclosure to a limited | |
| > number of individuals who have a need to know the GWES information. The | |
| > data is stored in secure Microsoft applications, and on secure government | |
| > computers requiring a PIV card to access. | |
| 245,257c259,263 | |
| < collection of Employee Contact Data. All individuals are provided advance | |
| < notice of the Employee Response Data, as it is voluntarily provided by the | |
| < individuals themselves in response to an email. | |
| < 4.2. What opportunities are available for individuals to consent to | |
| < uses, decline to provide information, or opt out of the project? | |
| < The Employee Response Data is explicitly voluntary. The individual federal | |
| < government employees can opt out simply by not responding to the email. | |
| < 4.3. Privacy Impact Analysis: Related to Notice | |
| < Privacy Risk: There is a risk that individuals will not realize their response | |
| < is voluntary. | |
| < Mitigation: This risk is mitigated by ensuring that any email sent using | |
| < GWES is clear, by explicitly stating that the response is voluntary, and by | |
| < including specific instructions for a response. | |
| --- | |
| > collection of Employee Contact Data. Employees are provided notice of | |
| > collection of the Employee Response Data in the emails disseminated using | |
| > the GWES. Employees provide the data themselves in response to the email. | |
| > This PIA also serves as a public resource explaining the purpose of the | |
| > GWES, applicable SORNs, and other privacy-related information. | |
| 264a271,282 | |
| > 4.2. What opportunities are available for individuals to consent to | |
| > uses, decline to provide information, or opt out of the project? | |
| > Individual federal government employees can decline to provide information | |
| > by not responding to the email. The consequences for failure to provide the | |
| > requested information will vary depending on the particular email at issue. | |
| > 4.3. Privacy Impact Analysis: Related to Notice | |
| > Privacy Risk: There is a risk that individuals will not know their information | |
| > is being collected, maintained, and distributed through the GWES. | |
| > Mitigation: This risk is mitigated by the publication of this PIA and through | |
| > various statements provided to government employees explaining the | |
| > information collection at issue. | |
| > | |
| 268,272c286,287 | |
| < The Employee Contact Data will be retained indefinitely so that OPM can use | |
| < GWES to contact federal government employees. The Employee Response | |
| < Data will be retained consistent with GRS 6.1 Capstone E-mail Retention, | |
| < which establishes retention at 7 years for most users and 15 years, followed | |
| < by permanent retention with NARA, for Capstone officials. | |
| --- | |
| > The records in the GWES are maintained according to the retention | |
| > schedules identified in Section 1.4. | |
| 274c289 | |
| < Privacy Risk: There is a risk that GWES information will be retained for | |
| --- | |
| > Privacy Risk: There is a risk that the GWES information will be retained for | |
| 276c291 | |
| < Mitigation: The risk is mitigated because OPM can delete all GWES | |
| --- | |
| > Mitigation: The risk is mitigated because OPM can delete all the GWES | |
| 278a294,299 | |
| > OPM Form 5003 | |
| > | |
| > | |
| Privacy Impact Assessment | |
| > Government-Wide Email System (GWES) | |
| > Page 9 | |
| > | |
| 283,286c304,309 | |
| < The GWES information of any particular individual may be shared outside of | |
| < OPM with that employee’s employing agency, consistent with applicable laws | |
| < and policies. Emails sent using GWES inform the employee that he consents | |
| < to OPM’s sharing of his response in this way by replying to the email. | |
| --- | |
| > OPM anticipates regularly sharing GWES information relating to particular | |
| > employees with their employing agency. In certain situations, data may also | |
| > be shared with other agencies. Any data sharing will be undertaken | |
| > consistent with applicable laws and policies, including pursuant to routine | |
| > uses of applicable SORNs or employee consent. Data will be shared via | |
| > authorized systems hosted either by OPM or the receiving agency. | |
| 290,291c313,327 | |
| < consistently with applicable provisions of the Privacy Act, including through | |
| < employee consent. | |
| --- | |
| > consistent with applicable provisions of the Privacy Act, including through | |
| > the routine uses of pertinent SORNs. The principal personnel SORN, GOVT-1, | |
| > is owned by OPM but information may be accessed by employing agencies as | |
| > needed. | |
| > 6.3. Does the project place limitations on re-dissemination? | |
| > Government agencies that receive GWES information are generally subject | |
| > to both the government-wide SORNs referenced in Section 1.2 as well as | |
| > their own SORNs. Their use or disclosure of the information may occur only | |
| > as consistent with applicable legal limitations. | |
| > 6.4. Describe how the project maintains a record of any disclosures | |
| > outside of OPM. | |
| > OPM keeps a record of distributions to the employing agencies in Microsoft | |
| > applications. All actions taken by a user in Microsoft systems are logged, | |
| > monitored, and accessed by those with a need to know for the performance | |
| > of their official duties. | |
| 297c333 | |
| < Page 9 | |
| --- | |
| > Page 10 | |
| 299,308d334 | |
| < 6.3. Does the project place limitations on re-dissemination? | |
| < Government agencies that receive GWES information are generally subject | |
| < to the government-wide SORN referenced in Section 1.2 and their use or | |
| < disclosure of the information may occur only as consistent with the Privacy | |
| < Act, applicable SORNs, and any inter-agency agreements. | |
| < 6.4. Describe how the project maintains a record of any disclosures | |
| < outside of OPM. | |
| < The GWES keeps a record of all email distributions to the employing | |
| < agencies in mailbox. All actions taken by a user in the mailbox system are | |
| < logged, monitored, and accessed by those with a need to know. | |
| 312,315c338,340 | |
| < Mitigation: This risk is mitigated by disseminating GWES information only | |
| < as consistent with relevant SORNs or as otherwise permitted by the Privacy | |
| < Act, and by requiring receiving agencies to adhere to relevant legal | |
| < requirements and inter-agency agreements. | |
| --- | |
| > Mitigation: This risk is mitigated by limiting access to the GWES and | |
| > disseminating GWES information only as consistent with relevant SORNs or | |
| > as otherwise permitted by applicable law. | |
| 320,321c345,348 | |
| < The federal government employees in GWES have access to their own | |
| < individual information. | |
| --- | |
| > The federal government employees in the GWES have access to their own | |
| > individual information. Employees will have a copy of any email that is sent, | |
| > as well as their response. In addition, access procedures are outlined in each | |
| > relevant SORN referenced in 1.2. | |
| 325,326c352,362 | |
| < employee in GWES is directed to inform the human capital officer in their | |
| < employing agency. The employing agency will correct the inaccurate or | |
| --- | |
| > employee covered by the GWES may inform the human capital officer or a | |
| > manager in their employing agency, who can work with the employee and | |
| > OPM as necessary to correct the problem. | |
| > 7.3. How does the project notify individuals about the procedures for | |
| > correcting their information? | |
| > Emails sent through the GWES, or related guidance disseminated through | |
| > agency human capital officers or managers, may inform individual federal | |
| > employees of the procedures for correcting erroneous information through | |
| > their employing agency. Also, employees may follow the publicly accessible | |
| > access and amendment procedures outlined in the relevant SORNs | |
| > referenced in 1.2. | |
| 332c368 | |
| < Page 10 | |
| --- | |
| > Page 11 | |
| 334,341d369 | |
| < erroneous information. The erroneous information can also be corrected in | |
| < GWES when the human capital officer notifies OPM. | |
| < 7.3. How does the project notify individuals about the procedures for | |
| < correcting their information? | |
| < Any email sent through GWES, or related guidance disseminated through | |
| < agency human capital officers, will inform individual federal employees of the | |
| < procedures for correcting erroneous information through their employing | |
| < agency. | |
| 345,347c373,376 | |
| < Mitigation: Lodging the corrective mechanism in the human capital officer | |
| < at the employing agency gives each employee intuitive and easy access to | |
| < the corrective mechanism. | |
| --- | |
| > Mitigation: Lodging the primary corrective mechanism in the human capital | |
| > officer or manager at the employing agency gives each employee intuitive | |
| > and easy access to the corrective mechanism. Also, each SORN has clear | |
| > access and amendment procedures that employees may follow. | |
| 352,354c381,383 | |
| < GWES information is captured by OPM’s auditing tools and retained in the | |
| < tools archive. The Office of the Chief Information Security Officer reviews for | |
| < suspicious or unusual activity and suspected violations, and appropriate | |
| --- | |
| > GWES information is captured by OPM’s auditing tools and retained in an | |
| > auditing archive. The Office of the Chief Information Security Officer reviews | |
| > for suspicious or unusual activity and suspected violations, and appropriate | |
| 358,359c387,397 | |
| < All OPM employees are required to take IT Security and Privacy Awareness | |
| < training on an annual basis, and sign OPM’s Rules of Behavior. | |
| --- | |
| > OPM employees are required to take IT Security and Privacy Awareness | |
| > training on an annual basis, and agree to OPM’s Rules of Behavior before | |
| > accessing the system. | |
| > 8.3. What procedures are in place to determine which users may | |
| > access the information and how does the project determine who has | |
| > access? | |
| > Only a limited number of OPM employees with a need to know will have | |
| > access to the full extent of the GWES data. No employee has access unless | |
| > specifically authorized by the system owner and the authorizing official. Data | |
| > sharing outside OPM is permitted only insofar as consistent with applicable | |
| > law and as described above. | |
| 365c403 | |
| < Page 11 | |
| --- | |
| > Page 12 | |
| 367,373d404 | |
| < 8.3. What procedures are in place to determine which users may | |
| < access the information and how does the project determine who has | |
| < access? | |
| < Only a limited number of employees with a need to know will have access to | |
| < the full extent of GWES data. As necessary, and with consent of the | |
| < individual federal employee, GWES information will be shared with those | |
| < who need to know at that individual’s employing agency. | |
| 378,379c409,411 | |
| < Understanding (MOUs) would need to be reviewed and approved by all | |
| < appropriate OPM stakeholders consistent with applicable law. | |
| --- | |
| > Understanding (MOUs) would need to be reviewed and approved by the | |
| > system owner in coordination with the Office of the Chief Information | |
| > Officer, as consistent with applicable law. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment